Title: Virtual Devices for Virtual Machines
1Virtual Devices for Virtual Machines
orBuilding Extensible Deviceswith a Chainsaw
and some Duct Tape
2Despite being a coarse-grained tool, VMMs are a
great substrate forlow-level extensibility.
Take-home message
VMMs Theyre boxy, but theyre good!
3Why do we want to extend devices?
- Add new device-level systems features.
- Versioning storage, encryption, checksum offload.
- Manage I/O for VMs in a cluster.
- They move around!
- I/O looks a lot like a service.
Soft Device
VM (OS Apps)
Physical Device (e.g. disk)
Extension (e.g. encryption)
4What are the challenges
- Performance.
- Fast enough to be useful.
- Safety.
- Extensions shouldnt cause system to melt.
- Software Engineering.
- Extension writers shouldnt have to piece
together the internals of an OS, learn
undocumented interfaces and locking disciplines,
or spend all their time tracking versions.
Extensions should be portable across OSes.
5The rest of this talk
- Why VMMs are a good platform for device
extensions. - a.k.a. how devices work in Xen.
- An extension interface for Xen.
- Case Packet symmetry enforcement.
- Case The Parallax storage service.
- New and somewhat crazy stuff.
- Conclusion.
6Devices in Xen.
Problem 1 Maintenance. VMM is now in the driver
trap has to support new hardware, is
constantly chasing driver evolution.
Problem 2 Stability. Drivers are a huge amount
of (often buggy) code. We dont want to count
on them for reliability. Sometimes they crash.
Web
Mail
OS
OS
DD
VD.D
VD.D
VMM
HW
Switch from single OS to VMM Web and mail
servers are now isolated (or consolidated), but
how to share devices?
Option 1 VMM runs physical device driver. VM
drivers for virtual device. Either real
(emulated) HW, or idealized.
7A digression
- Chainsaw
- (Somewhat imprecise surgical instrument)
- The OS is a component.
- OSes work, have lots of tools, and know how to
talk to other OSes. - Maintained by other people.
- Duct Tape
- (Simple yet effective connective mechanism.)
- No generalized IPC in the VMM
- Event notification (virtual irqs)
- Memory sharing primitives
8Devices in Xen.
Web
Mail
OS
OS
OS (Device VM)
VD.D
VD.D
VD.S
VMM
DD
HW
Option 2 VMM exports physical hardware to a
device VM. Use OS driver, OS mechanisms (e.g.
packet forwarding)
9Devices in Xen.
1. Coarse-grained sharing
1. Coarse-grained sharing 2. Simple
one-bit notification
Mail
OS
OS (Device VM)
R
R
R
DD
VD.D
VD.S
VMM
HW
Option 2 VMM exports physical hardware to a
device VM. Use OS driver, OS mechanisms (e.g.
packet forwarding)
10Devices in Xen.
1. Coarse-grained sharing
1. Coarse-grained sharing 2. Simple
one-bit notification
Mail
OS
OS (Device VM)
R
R
R
DD
VD.D
VD.S
R
R
R
VMM
HW
Option 2 VMM exports physical hardware to a
device VM. Use OS driver, OS mechanisms (e.g.
packet forwarding)
11Devices in Xen.
1. Coarse-grained sharing
1. Coarse-grained sharing 2. Simple
one-bit notification
Mail
- Point of discussing that in (some) detail
- There is a fast, general mechanism for moving
requests around. - Classes of drivers use simple protocols for
requests. - VMM is largely uninvolved in the details.
- Device driver is an extension.
OS
OS (Device VM)
R
R
R
DD
VD.D
VD.S
VMM
HW
Option 2 VMM exports physical hardware to a
device VM. Use OS driver, OS mechanisms (e.g.
packet forwarding)
12Extending Devices
Logging. e.g. debug/analysis Redirecting. e.g.
add versioning Rewriting. e.g. encryption
Mail
Extension App.
OS
OS (Device VM)
OS (Extention VM)
Dev. Tap
DD
VD.D
VD.S
VMM
HW
The device tap acts as a switch. In addition to
interposing All messages, requests may be
terminated or passed through.
13Devices in Xen.
Mail
OS
OS (Device VM)
DD
VD.D
VD.S
VMM
HW
14Extending Devices
Logging. e.g. debug/analysis Redirecting. e.g.
add versioning Rewriting. e.g. encryption
- Extension Goals
- Safety. ?
- Software Engineering. ?
- Performance. ?
Extension App.
OS (Device VM)
OS (Extention VM)
Dev. Tap
DD
VD.S
VMM
HW
The device tap acts as a switch. In addition to
interposing All messages, requests may be
terminated or passed through.
Trading isolation for performance. We may move
the tap And extension code onto the device VM.
15Extension Case Study Packet Symmetry
- DoS is a big concern in virtual hosting
facilities. - Well-connected servers, paying for bandwidth.
- exploited into a botnet not good!
- But provider can offer protection
- Enforce a symmetry on RXTX packet counts.
- See our HotNets paper (Kreibich et al)
- Interesting extension bits
- Extension written in python.
- Never drops packets.
16Extension Case Study Parallax
- Managing storage in VM clusters.
- Storage service owns local disks, and the OSes
that manage them. - Parallax virtualizes storage, fast snapshots,
etc. - Initially proposed as HotOS05 paper.
- Ongoing, with NetApp and Google.
- Local disks as persistent caches.
- Candidate selection for migration.
- Support explicit snapshot request from OSs.
- Not using a big filer.
17Despite being a coarse-grained tool, VMMs are a
great substrate forlow-level extensibility.
Pre-conclusion
Take-home message
now the fun new part...
18Full-system extensions.
Qemu
Control VM
DD
ND
VMM
Disk
Net
1. Inbound pages are marked as tainted.
Fine-grained taint Details in extension,
page-granularity bitmap in VMM.
2. VM traps on access to a tainted page. Tainted
pages Marked not-present. Throw VM to emulation.
3. VM runs in emulation, tracking tainted data.
Qemu microcode modified to reflect tainting
across data movement.
4. Taint markings are propagated to disk. Disk
extension marks tainted data, and re-taints
memory on read.
19Full-system extensions.
Qemu
Control VM
DD
ND
VMM
Disk
Net
1. Inbound pages are marked as tainted.
Fine-grained taint Details in extension,
page-granularity bitmap in VMM.
2. VM traps on access to a tainted page. Tainted
pages Marked not-present. Throw VM to emulation.
3. VM runs in emulation, tracking tainted data.
Qemu microcode modified to reflect tainting
across data movement.
4. Taint markings are propagated to disk. Disk
extension marks tainted data, and re-taints
memory on read.
20Despite being a coarse-grained tool, VMMs are a
great substrate forlow-level extensibility.
Conclusion
- VMM is a good base for device extensions.
- With device tap, can write extensions in
user-space, in any OS, without messing with
individual kernels. - Treating devices as services seems to be a good
approach to managing I/O in clusters. - V2E/E2V is very cool.
21Fin.