Virtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software

Similar documents
Security and Performance Benefits of Virtualization

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

OS Virtualization. Linux Containers (LXC)

Open Source in Automotive Infotainment

A Big Little Hypervisor for IoT Development February 2018

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Multicore platform towards automotive safety challenges

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

In the Driver s Seat

ISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training

Deflating the hype: Embedded Virtualization in 3 steps

1 Virtualization Recap

Silver Bullet of Virtualization. Challenges and Concerns. May 27, 2013 v1.0

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

AGL Reference Hardware Specification Document

Deployment Patterns using Docker and Chef

Infotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive

Interaction between AUTOSAR and non-autosar Systems on top of a Hypervisor

Linux and AUTOSAR Vector Informatik Congress, Stuttgart,

I/O and virtualization

HKG : OpenAMP Introduction. Wendy Liang

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

HPVM & OpenVMS. Sandeep Ramavana OpenVMS Engineering Sep Germany Technical Update Days 2009

Chapter 5 C. Virtual machines

VM Migration, Containers (Lecture 12, cs262a)

[Docker] Containerization

Azure Sphere: Fitting Linux Security in 4 MiB of RAM. Ryan Fairfax Principal Software Engineering Lead Microsoft

Next Generation of IVI Systems: Android Automotive. Klaus Lindemann, Manager HMI August 23, 2018

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

Linux Community Project Leaders Unite. Peter Vescuso EVP Marketing, Bus Dev Black Duck Software

Virtual Open Systems (VOSyS)

Micro VMMs and Nested Virtualization

EE 660: Computer Architecture Cloud Architecture: Virtualization

RDMA Container Support. Liran Liss Mellanox Technologies

COMP3891/9283 Extended OS

Mentor Automotive. Vehicle Network Design to meet the needs of ADAS and Autonomous Driving

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Virtualization. Michael Tsai 2018/4/16

Lecture 09: VMs and VCS head in the clouds

Advanced Cloud Infrastructures

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Operating Systems Overview

How to protect Automotive systems with ARM Security Architecture

Embedded Hardware and Software

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Industry-leading Application PaaS Platform

The failure of Operating Systems,

Lecture 5: February 3

Virtualization Introduction

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

RTOS, Linux & Virtualization Wind River Systems, Inc.

System-on-Chip Architecture for Mobile Applications. Sabyasachi Dey

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited


Virtualization, Xen and Denali

MultiDroid: A Novel Solution to Consolidate Interactive Physical Android Clients on One Single Computing Platform

Over 350M i.mx SOCs shipped to date Over 92M i.mx shipped in vehicles since 2007 #1 in Auto Infotainment Applications Processors

IBM Bluemix compute capabilities IBM Corporation

Operating system hardening

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

New Approaches to Connected Device Security

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Distributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Home Gateway: the next battle ground. Majid Bemanian Security & Networking Marketing

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Secure Partitioning (s-par) for Enterprise-Class Consolidation

How Parallels RAS Enhances Microsoft RDS. White Paper Parallels Remote Application Server

Nested Virtualization and Server Consolidation

FIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Countermeasures against Cyber-attacks

Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility

Virtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM

Virtual Machine Monitors!

Introduction to Virtualization and Containers Phil Hopkins

Messaging Overview. Introduction. Gen-Z Messaging

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

LINUX KERNEL UPDATES FOR AUTOMOTIVE: LESSONS LEARNED

Building High Performance, Power Efficient Cortex and Mali systems with ARM CoreLink. Robert Kaye

Virtualization. Pradipta De

A Userspace Packet Switch for Virtual Machines

Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison

Operating System Structure

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

The Missing Piece of Virtualization. I/O Virtualization on 10 Gb Ethernet For Virtualized Data Centers

EC H2020 dredbox: Seminar School at INSA Rennes

Module Day Topic. 1 Definition of Cloud Computing and its Basics

Virtualization Overview NSRC

ROBIN SYSTEMS. Containerizing Oracle: Not Thinking About It Yet? You Should Be!!!

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

IBM Research Report. A Comparison of Virtualization Technologies for Use in Cloud Data Centers

10 th AUTOSAR Open Conference

Automatic NUMA Balancing. Rik van Riel, Principal Software Engineer, Red Hat Vinod Chegu, Master Technologist, HP

Hardware OS & OS- Application interface

Module 1: Virtualization. Types of Interfaces

Developing deterministic networking technology for railway applications using TTEthernet software-based end systems

Transcription:

Virtualizaton: One Size Does Not Fit All Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software

Agenda Linux and Automotive Challenges Solution: Virtualization Linux Containers Best Fit? 2010 MontaVista Software - Confidential 2

Linux and Automotive

Linux in Automotive A number of ECUs are deployed in a car Traditionally running RTOSes Linux has gained traction in the automotive industry Transforming the OS landscape SoCs offer increasing performance Modern multicore SoCs offer a lot of power More functionality can be implemented on a single SoC With growing computing power the demands are also growing Cars becoming more intelligent Consolidating functions On a multicore system 2012 MontaVista Software 4

Linux and Automotive (cont.) Linux deployment Instrument Clusters Telematics IVI Systems Driven by Availability of Linux on SoCs from silicone vendors Drivers for HW usually available from Day 1 Increased demand for connectivity Wireless connectivity (to cloud) Follows increasing bandwidth and lowering prices Consumer devices (local) Innovation rate in OSS Abundance of SW projects 2012 MontaVista Software 5

Challenges: A Linux Perspective

Challenge 1: Solving Different Lifecycle Cadences Example: Android Co-Existence - OEM driven cadence T1/OEM Custom Apps Android Apps Consumer Cadence ~monthly - Cadence of ~6-12 months GENIVI Compliant Stack Android Google Cadence ~6-9 months MV Linux Kernel HW - SoC - 1-3 year cadence - Multiple hardware - Low, medium and high end 2012 MontaVista Software

Challenge 2: Connected Car Downloaded Apps Trusted Services Cloud Untrusted Services Networking: Firewall Trusted Applications Automotive Stack Access Control Linux Kernel Untrusted Applications Sandbox 2012 MontaVista Software

Challenge 3: Interoperability Traditional Model Instrument Cluster MCU Infotainment MCU Bus MCU... MCU MCU 2012 MontaVista Software

Challenge 3: Interoperability (cont.) Multicore Model Muticore System Instrument Cluster Infotainment Control Functions SW Bus MCU Bus MCU 2012 MontaVista Software

Solution: Virtualization

Demands on Virtualization in Automotive Depend on Use Cases Use Cases: Automotive Domain shares the resources with guest domain (e.g. Driver seat) Automotive and guest domains run each on dedicated resources (e.g. Passenger seats vs driver seat) Tecnological Demands: Isolation and Security Different domains should not affect each others functioning Interoperability Domains need to communicate and interact with each other 2012 MontaVista Software 12

Use Case: Shared HW HW Automotive GENIVI Stack Arbitration Audio Graphics Input Network Android LSM Access Control Linux Kernel With Android Patches 2012 MontaVista Software 13

Use Case: Dedicated HW Automotive GENIVI Stack Android LSM Linux Kernel HW Audio Graphics Input Network HW Audio Graphics Input Less Issues 2012 MontaVista Software 14

Resource Control Audio Management Priorities, handling of interrupt sources Graphics Management What, when, where to display Inputs Input distribution and focus Networking Outside world CE Connectivity IPC Interoperability (when desired) 2012 MontaVista Software 15

Interconnectivity Tradeoffs Flexibility (different Oses) Full Virtualization Performance Penalty Paravirtualization OS Level Virtualization Isolation 2012 MontaVista Software 16

Full Virtualization Host OS runs unmodified instances of guest OS(es) Maximal Domain Isolation Heavyweight, needs to emulate the HW visible by guest OS completely Access to real HW resources controlled by the hosting OS Linux/OSS world: KVM, proprietary implementations Intercommunication usually only on networking level Specific Automotive Demands: Audio needs an audio management implementation in both domains, hosting and guest Graphics, Inputs, networking handled automagically CE Connectivity may need more thorough planning IPC: mainly using networking 2012 MontaVista Software 17

Paravirtualization Thin HW abstraction layer running various OSes (hypervisor) Good Domain Isolation Guest OSes need to be patched Repetitive work when changing the OS version May not be supported on all OSes Lightweight Runs a separate instance for every guest kernel in the system Specific Automotive Demands: Audio Management, Graphics, Inputs, Networking hypervisor may need to control some of the functionality, depends on use case IPC hypervisor specific means 2012 MontaVista Software 18

OS Level Virtualization Multiple OS instances running on same kernel Domain isolation not so good (shared kernel) But tunable! Single kernel Need to maintain just one kernel Reduced Memory Footprint compared to other solutions Multiple userlands or applications Very little performance impact Use standard kernel features (no patching) Specific Automotive Demands: Audio Management, Graphics, Inputs, Networking, IPC handled by the same kernel 2012 MontaVista Software 19

Linux Containers

What s different? One Tux to run them all 2012 MontaVista Software 21

What are Containers? Lightweight, OS level virtualization Strictly speaking, not really virtualization Means of isolating process groups from each other Standard Linux kernel functionality cgroups namespaces Configurable access to system resources Devices, CPU, memory usage specified at start time Configuration is persistent Can be a single application or a complete userland ANY userland that runs on top of the same kernel Guest root FS is a part of the host root FS 2012 MontaVista Software 22

lxc OSS project http://lxc.sourceforge.net Project in active development Some cool features not implemented yet Checkpoint / resume Comes with a set of command line utilities lxc-create, lxc-destroy lxc-start/lxc-stop lxc-freeze/lxc-unfreeze lxc-console, lxc-attach... 2012 MontaVista Software 23

Containers and system resources Through cgroups / cpusets Resource management CPU time CPU affinity Memory usage Through namespaces Resource isolation File system Networking IPC Through configuration Resource Isolation Devices and access (r/w) Mount points Can be exclusive 2012 MontaVista Software 24

Isolation Host system IPC Container 1 Container n Root FS /... = / /... = / /dev /dev /dev... /dev /dev PID = xy PID 1 IPC PID 1 IPC Linux kernel 2012 MontaVista Software 25

File System Container s / is in the hosts s directory tree Individual files or directories can be shared between containers and/or with host (e.g. /etc/hosts, /bin,...) All specified in configuration files Some interesting consequences on IPC mechanisms Named pipes, sockets will work 2012 MontaVista Software 26

Single Kernel All kernel services available to host and container Can be restricted through MAC So... Anything that can be mmap ed can be used to communicate data between containers and/or host... (zero-copy) Host system Container 1... Container n Host app /dev/... 2012 MontaVista Software 27

Distorted Perception of reality? Using mmap ed buffers? E.g. For video buffer? What if... There is a mmap capable device with an allocated buffer and mmap() implementation Seen as /dev/fb0 on guest platform? Seen as /dev/mydriver on host platofrm? Complicated? It s YOUR call - as much as YOU make it! Moral: Finding a right tradeoff between isolation and performance is not something that the outside factors can decide for you. Solutions can be combined too! 2012 MontaVista Software 28

Containers special case A special case of container can... be bound to a single core be exempted from scheduler have all but a small number of interrupts vectored off its core (if/when needed) Result: Performance close to bare metal container on steroids (BME) > 99 % of CPU time dedicated to the foreground task ~16 times the performance of the normal Linux system on same HW All Linux kernel services still available Can communicate with host or other containers as any ordinary container Standard Linux programming!! 2010 MontaVista Software - Confidential 29

Best fit?

The answer is Depends on what you want to achieve Want to process CAN? Use a dedicated MCU, some form of serial connection to the host system Use one of cores on a multicore chip? Host a non-linux based system? (para)virtualize Or process CAN in BME Host a Linux userland? (e.g. Android?) Sandbox a single application? Containers are a natural choice 2010 MontaVista Software - Confidential 31

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback