Rump Kernel Based QEMU Stubdomain

Rump kernel based QEMU stubdomain

Wei Liu

Seattle – August 17-18, 2015 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Agenda

I Background

I Introduction to rump kernel

I Why rump kernel

I What are required for QEMU stubdomain

I Status of upstream QEMU stubdomain

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 2 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Background

I Feature parity with QEMU traditional

I so that we can eventually use QEMU upstream for everything

I Most secure option for sandboxing QEMU

I But be aware of the downside: extra resources required

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 3 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Introduction to rump kernel

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 4 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Why rump kernel

Options we considered:

I Roll our own

I Linux based

I OSv based

I Rump kernel based

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 5 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Why rump kernel

Roll our own:

I Like QEMU traditional stubdom I Require much work to maintain

I QEMU upstream changes a lot

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 6 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Why rump kernel

Linux based:

I Anthony Perard built a prototype

I Hard to build

I Hard to distribute

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 7 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Why rump kernel

OSv based:

I Provides toolchain to turn application to VM

I No C++ expertise

I No PV support (yet)

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 8 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Why rump kernel

Rump kernel based:

I Provides toolchain to turn application to VM I NetBSD code base

I POSIX-y interface I Many NetBSD infrastructures available I Lots of utilities for debugging (with the help of syscall proxy)

I PV support

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 9 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

What are required

To build a QEMU stubdomain:

I Xenbus driver

I Privcmd driver

I Grant table driver

I Tap (and bridge) device

I Communication channel between toolstack domain and QEMU

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 10 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

What are required

How are they done in QEMU traditional stubdomain

I Various drivers: libxc hooked up to mini-os

I Tap device: hacked together, dump traﬃc to vif

I Communication: via special consoles

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 11 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

What are required

How are they (going to be) done in QEMU upstream stubdomain

I Various drivers: rump kernel hooked up to mini-os

I Tap (and bridge) device: provided by NetBSD

I Communication: libvchan or TCP network

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 12 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Things done so far

I All required Xen drivers upstreamed in rump kernel

I Bridge and tap drivers enabled I QEMU built as unikernel

I Build a bunch of prerequisite libraries I Build QEMU with prerequisite libraries I Able to run with –help and exits

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 13 / 19 Agenda Xen 4.6 timeline Development update Xen 4.6 Retrospective

Problems need to be solved

I Bootstrap rump kernel to certain state

I Network topology setup etc I Currently use a simple program to do that I Stabilise toolchain and utilities

I Wish to use rumprun directly from libxl I Currently not sure if it meets every requirement we have I How to build QEMU stubdomain

I Currently done with a hacked-up script I Building should be done with Raisin, don’t want to put into Xen tree

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 14 / 19 Thank you!

Seattle – August 17-18, 2015 Rump kernel based QEMU stubdomain 15 / 19