Intel Virtualization Technology Roadmap and VT-d Support in Xen

Similar documents

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

COSC6376 Cloud Computing Lecture 14: CPU and I/O Virtualization

Nested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation

KVM for IA64. Anthony Xu

Making Nested Virtualization Real by Using Hardware Virtualization Features

Intel Virtualization Technology for Directed I/O Architecture Specification

Intel Virtualization Technology for Directed I/O

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3


Intel Virtualization Technology for Directed I/O

Hardware-Assisted Mediated Pass-Through with VFIO. Kevin Tian Principal Engineer, Intel

Intel Atom Processor Based Platform Technologies. Intelligent Systems Group Intel Corporation

KVM as The NFV Hypervisor

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Intel Virtualization Technology for Directed I/O

SR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian

Practical Xen Testing at Intel

Towards More Power Friendly Xen

Intel Desktop Board DZ68DB

Intel Transparent Computing

TLBs, Paging-Structure Caches, and Their Invalidation

VT-d Posted Interrupts. Feng Wu, Jun Nakajima <Speaker> Intel Corporation

Runtime VM Protection By Intel Multi-Key Total Memory Encryption (MKTME)

Nested Virtualization and Server Consolidation

Intel Desktop Board D945GCLF2

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Evolving Small Cells. Udayan Mukherjee Senior Principal Engineer and Director (Wireless Infrastructure)

Interrupt Swizzling Solution for Intel 5000 Chipset Series based Platforms

Enhancing pass through device support with IOMMU. Haitao Shan Yunhong Jiang Allen M Kay Eddie (Yaozu) Dong

Virtualization. Pradipta De

Intel Server Board S2600CW2S

Intel Virtualization Technology for Directed I/O

Graphics Pass-through with VT-d

Intel Graphics Virtualization Technology. Kevin Tian Graphics Virtualization Architect

Virtualization and memory hierarchy

Intel G31/P31 Express Chipset

Extending Energy Efficiency. From Silicon To The Platform. And Beyond Raj Hazra. Director, Systems Technology Lab

Programmed I/O accesses: a threat to Virtual Machine Monitors?

The Transition to PCI Express* for Client SSDs

Intel Unite Plugin Guide for VDO360 Clearwater

Intel Desktop Board D102GGC2 Specification Update

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Intel s Architecture for NFV

Hardware assisted Virtualization in Embedded

Live Migration of vgpu

Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI

Intel Server Board S2400SC

Intel Server Board S1200BTS

Design of Vhost-pci - designing a new virtio device for inter-vm communication

Intel 848P Chipset. Specification Update. Intel 82848P Memory Controller Hub (MCH) August 2003

Intel Cache Acceleration Software for Windows* Workstation

Intel Desktop Board DH61SA

Intel Setup and Configuration Service. (Lightweight)

How to abstract hardware acceleration device in cloud environment. Maciej Grochowski Intel DCG Ireland

Knut Omang Ifi/Oracle 6 Nov, 2017

Knut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:

Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger

Intel Server Board S5520HC

Virtually Impossible

Intel Desktop Board D946GZAB

Intel Desktop Board DG41CN

Intel Desktop Board D975XBX2

Xen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena

Intel Desktop Board DP67DE

Intel Unite. Intel Unite Firewall Help Guide

Innovating and Integrating for Communications and Storage

Advanced Operating Systems (CS 202) Virtualization

Intel 852GME/852PM Chipset Graphics and Memory Controller Hub (GMCH)

LED Manager for Intel NUC

Non-Volatile Memory Cache Enhancements: Turbo-Charging Client Platform Performance

Expand Your HPC Market Reach and Grow Your Sales with Intel Cluster Ready

I/O Scalability in Xen

Intel Desktop Board DG31PR

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Intel Desktop Board DH61CR

Micro VMMs and Nested Virtualization

ECC Handling Issues on Intel XScale I/O Processors

Intel Desktop Board DP55SB

Intel Desktop Board DG41RQ

Intel Desktop Board D945GCCR

Intel Server Board S2600STB

Intel Desktop Board DH55TC

INTEL PERCEPTUAL COMPUTING SDK. How To Use the Privacy Notification Tool

Intel 64 Architecture x2apic Specification

Intel Desktop Board D915GUX Specification Update

System Virtual Machines

Intel X48 Express Chipset Memory Controller Hub (MCH)

Intel Virtualization Technology FlexMigration Application Note

Intel Desktop Board D915GEV Specification Update

Intel Analysis of Speculative Execution Side Channels

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

CSE 120 Principles of Operating Systems

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on SuSE*Enterprise Linux Server* using Xen*

NVMHCI: The Optimized Interface for Caches and SSDs

Intel Atom Processor E3800 Product Family Development Kit Based on Intel Intelligent System Extended (ISX) Form Factor Reference Design

Intel Cache Acceleration Software (Intel CAS) for Linux* v2.9 (GA)

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

Intel Desktop Board D945GCLF

Transcription:

Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center

Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice. All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2007 Intel Corporation. Throughout this presentation: VT-x refers to Intel VT for IA-32 and Intel 64 VT-i refers to the Intel VT for IA-64, and VT-d refers to Intel VT for Directed I/O 2

Intel VT Roadmap: Overview Vector 3: I/O Focus PCI-SIG Standards for I/O-device sharing: Natively sharable I/O devices Endpoint DMA-translation caching Vector 2: Platform Focus VT-d Infrastructure for I/O-device virtualization: DMA protection and remapping Interrupt filtering and remapping Vector 1: Processor Focus VT-x VT-i Establish foundation for virtualization in the Intel 64 and Itanium architectures followed by on going evolution of support: Microarchitectural (e.g., lower VM entry/exit costs) Architectural (e.g., extended page tables EPT) VMM Software Evolution Software-only VMMs Binary translation Paravirtualization Device Emulation Past No Hardware Support Simpler and more Secure VMMs through foundation of virtualizable ISAs Improved CPU and I/O virtualization Performance and Functionality as VMMs exploit infrastructure provided by VT-x, VT-i, VT-d Today VMM software evolution over time with hardware support 3

New Feature Highlights APIC TPR Virtualization Significantly reduce VM exits caused by access to local APIC TPR (not CR8) Submitted a patch (last month, not in yet) Virtual-processor Identifiers (VPIDs) Supports retention of TLB entries across VM switches Extended page tables (EPT) NMI-window Exiting Enables timely delivery of NMIs to guest OS 4

New Feature Highlights (cont.) Preemption Timer Allows VMM to bound guest-os execution time Descriptor-table Exiting Enables VMM to protect IDT, GDT, etc. from attack in guest OS Interrupt remapping (VT-d2) 5

Future Extensions: VPIDs VPIDs: General Idea TLBs cache for multiple address spaces Address spaces distinguished by VPIDs Host software runs with VPID zero Each virtual CPU has its own non-zero VPID CPU uses VPIDs to prevent TLB sharing 6

Future Extensions: VPIDs VPIDs: Details New VM-execution controls: Use VPID (single-bit control) VPID value If use VPID is set: Guest s VPID used while guest is executing No TLB flushes on entry to or exit from guest If use VPID is clear: Guest execution uses VPID zero TLB flushes on entry and exit New instruction for VMM to flush per VPID 7

Future Extensions: EPT EPT: Overview CR3 EPT Base Pointer Guest Linear Address Intel 64 Page Tables Guest Physical Address EPT Page Tables Host Physical Address Intel 64 page tables Map guest-linear to guest-physical (translated again) Can be read and written by guest New EPT page tables under VMM control Map guest-physical to host-physical (accesses memory) Referenced by new EPT base pointer No VM exits due to page faults, INVLPG, or CR3 accesses 8

Future Extensions: EPT EPT Page Tables Page-table details similar to Intel 64: Each table has 512 8-byte entries (4KB) 4 levels of page tables Permission bits for read, write, execute Disallowed accesses Called EPT violations Cause VM exits 9

VT-d Overview VT-d provides infrastructure for I/O virtualization Defines architecture for DMA and interrupt remapping Common architecture across IA platforms Will be supported broadly across Intel chipsets CPU CPU System Bus North Bridge VT-d DRAM Integrated Devices PCIe* Root Ports PCI Express South Bridge PCI, LPC, Legacy devices, 10 *Other names and brands may be claimed as the property of others

VT-d Applied to Pass-through Model Direct Device Assignment to Guest OS Guest OS directly programs physical device For legacy guests, hypervisor sets up guest- to host-physical DMA mapping For remapping aware guests, hypervisor involved in map/unmap of DMA buffers PCI-SIG I/O Virtualization Working Group Activity towards standardizing natively sharable I/O devices IOV devices provide virtual interfaces, each independently assignable to VMs Pass-through Model VM 0 Guest OS and Apps Device Drivers VM n Hypervisor Assigned Devices Guest OS and Apps Device Drivers Pro: Highest Performance Pro: Smaller Hypervisor Pro: Device-assisted sharing Con: VM Migration Limits 11

DMA Remapping: Features Translates DMA requests from all devices DMA requests specify DMA Virtual Address Hardware translates to Host Physical Address Flexible DMA virtual address space management DMA address space per device or sharable across devices Page granular memory management Other Features H/W caching of frequently used remapping structures Support for PCIe* Address Translation Services (ATS) Improved RAS by reporting DMA faults to software 12 *Other names and brands may be claimed as the property of others

DMA Remapping: Hardware Overview DMA Requests Device ID Virtual Address Length Fault Generation Bus 255 Bus N Bus 0 Dev 31, Func 7 Dev P, Func 2 Dev P, Func 1 Dev 0, Func 0 4KB Page Tables 4KB Page Frame DMA Remapping Engine Translation Cache Context Cache Device Assignment Structures Device D1 Device D2 Address Translation Structures Address Translation Structures Memory Access with Host Physical Address Memory-resident Partitioning & Translation Structures 13

DMA Remapping: Page Walk Requestor ID DMA Virtual Address 15 8 7 3 2 0 Bus Device Func 63 57 56 48 000000b 000000000b 47 Level-4 table offset 39 38 Level-3 table offset 30 29 21 20 12 Level-2 Level-1 table offset table offset 11 Page Offset 0 Base 4KB Page Example entry specifying 4-level page table Level-4 Page Table Level-3 Page Table Level-2 Page Table Level-1 Page Table 14

Interrupt Virtualization Drivers for direct assigned devices run within VM Driver only aware of virtual CPU of the VM Device interrupts needs to be delivered to virtual CPU VT-x provides support for virtual CPU interrupt delivery Support lacking to isolate & route device interrupts Any direct assigned MSI capable device can generate any physical interrupt (no interrupt isolation) No support to drain in-flight interrupts destined to a CPU No easy way to re-direct device interrupts (require IPIs) Interrupt remapping enables interrupt isolation and routing 15

Interrupt Remapping Interrupt request specify request & originator IDs Remap hardware transforms request to physical interrupt Interrupt remapping hardware Enforces isolation through use of originator ID Generated interrupts with attributes in remap structure Caches frequently used remap structures S/W may modify remap for efficient interrupt re-direction Applicable to all interrupt sources Legacy interrupts delivered through I/O APICs Message signaled interrupts (MSI, MSI-X) Works with existing device hardware 16

VT-d Support in Xen Device assignment by hypercalls Device assignment Give the ownership of the device I/O port access Unblock or remapping IRQ mapping Remap interrupts MMIO handling Set up translation in the shadow page table so that the guest can directly access the device memory PCI config space virtualization BAR virtualization VT-d table for the device assigned Detect VT-d via ACPI tables Build (static) page tables for the device (BDF) using the P2M routines 17

Current Status Sanity Checks Assigned PCIe E1000 add-on card to 32-bit FC5 on 64-bit Xen. "scp" test shows near-native performance on the test machine (e.g 200+Mbps). Submitted the patches to xen-devl mailing list this month Testing on other guests 18

19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback