Linux Virtualization Goes Mobile

Linux Virtualization Goes Mobile Jim Huang ( 黃敬群 ) <jserv @ 0xlab.org> Aug 15, 2009 COSCUP 關於講者宅色夫宅色夫自由軟體 ARM SoC 環保 Android 搜尋結果洽好是本議程的提綱昔有凱撒我來，我見，我征服 I came, I saw, I conquered! 今有宅色夫我宅，我色，我舒服 I home, I suck, I comforted! 虛擬化兩大重點我來，我見，我征服 Exec. Env. #1 Exec. Env. #2 Exec. Env. #3 I came, I saw, I conquered Main OS Modified Guest OS Modified Guest OS Modified Guest OS Virtual Hardware Virtual Hardware Virtual Hardware 我宅，我色，我舒服 Para Modified Drivers Virtual Machine Monitor I home, I suck, I comforted Hypervisor Hardware 儘可能「征服」硬體 ( 充分使用系統資源 ) 軟體予以「舒服」 ( 提高使用比例與感受 ) Virtualization 技術很熱門，但不是新玩意 Hypervisor: 早在 1967 年，即提出隔離 Application 與 Hardware 的途徑 Virtualization 技術里程碑 1998 2004 2006 1972 2009 1967 2003 2007 2005 2008 VMware Trango AMD-V (x86) Virtual PC Intel→ WindRiver VM/370 - 1st commercial product Xen Open Kernel Labs OKL4 VirtualLogix VLX Citrix→ Xen Intel VT-x, Intel VT-i CP-40 RedHat → KVM 1st Full Virtualization NICTA L4 Microkernel + Qualcomm Sun → VirtualBox Hypervisor vmware→ Trango (VMware MVP) Spam and virus User tolerance for infected email email downtime is account for over 70% of all email less than 30 sent today minutes Security Services Virtualization 技術的轉變： Embedded/Mobile [2006] Toshiba W47T CDMA Phone [2007] 3G phones from HTC, LG, Mobile [2008] Samsung SPH-m800 [2008] Instinct™ and HTC Dream (G1) with Android Source: Open Kernel Labs. 走入消費性電子產品那英《征服》「就這樣被你征服切斷了所有退路我的心情是堅固我的決定是糊塗就這樣被你征服喝下你藏好的毒我的劇情已落幕我的愛恨已入土」那英《征服》「就這樣被你征服切斷了所有退路我的心情是堅固我的決定是糊塗就這樣被你征服喝下你藏好的毒我的劇情已落幕我的愛恨已入土」 [ 佳句偶得 ] 切斷了所有退路 → Virtualization 的概念喝下你藏好的毒 → Virtualization 的實做途徑 Virtual Machines VM 允許在單一實體的機器上，運作多個虛擬執行單元 App App App App App Xen Guest OS Guest OS Guest OS (Linux) (NetBSD) (Windows) VMWare VM VM VM Virtual Machine Monitor (VMM) / Hypervisor KVM Hardware QEMU OKL4( 本議程探討對象 ) 切斷了所有退路 → Virtualization 的概念喝下你藏好的毒 → Virtualization 的實做途徑 • Hardware Virtualization • OS Virtualization VMM/Hypervisor Technology Virtualizes access to OS Virtualizes access to hardware Single, standard OS kernel is running per box Host OS and each guest has full OS – standard or special Connects natively to underlying hardware VMware, Microsoft Virtual Server, XEN, Parallels Virtuozzo, Sun Solaris Containers 針對 Embedded/Mobile ，僅探討 Hardeware Virtualization 切斷了所有退路 → Virtualization 的概念喝下你藏好的毒 → Virtualization 的實做途徑 A A A A A A A OS OS OS OS OS Virtualization Layer Hardware What Why Abstraction 提昇系統資源使用率 Partitioning 提高安全性與平衡資源使用 Division/sharing 縮短系統反應時間 Hypervisor God! Full Virtualization x86 硬體支援的多種保護模式 Paravirtualization 通用的作業系統中， user process 並非真的被隔離 Address 1) 每個 process 對應到 location in physical kernel memory ，而 kernel Kernel mapping memory 位址為所有 process 所共 Page Table 享 User mapping for kernel mapping . 2) 在 kernel mode . 中， kernel 可存取到任何 . page table ，當然包含 Page Directory user process 的對應表 3) copy_from, copy_to page Address location in page physical Page Table memory for user mapping . CR3 . trapping kernel / user interactions Trusted Process Kernel Space addr 2 Linux Kernel Interrupt Handler seal User Space of Process unseal addr 1 data Interposition TSC Isolation seal Hypervisor Virtual Addr. Fast IPC 成為 Embedded Hypervisor 成敗的關鍵等等，小小的手機跑什麼虛擬化？ Mobile/Consumer Electronics 生態改變隱藏的災難需要更彈性的設計大量引入客製化難以預料的與 open source 產品設計安全要求軟體 component? Executives? Component 相互隔離依據需求組合 Component 有彈性的組合與迴避複雜的授權爭議 LOVER = Linux Optimized for Virtualization, Embedded, and Realtime (OSDC.tw 2007) OKLabs → OKL4 → L4 microkernel WindRiver → Wind microkernel TRANGO (now VMware MVP) VirtualLogix VLX → Sun Microsystems Chorus VMware MVP 讓你舒服！ (video demo) 同時在Nokia N810 Tablet上執行WinCE與Android Component 相互隔離依據需求組合 Component 有彈性的組合與迴避複雜的授權爭議成本效益 Time-to-Market (OKL4) OKL4OKL4 introducesintroduces virtualizationvirtualization technology.technology. QualcommQualcomm specificspecific components:components: OpenMAX,OpenMAX, Qcamera,Qcamera, GPS,GPS, QCRILQCRIL AndroidAndroid onon QualcommQualcomm PlatformPlatform (Source:(Source: QCT)QCT) Mobile/Consumer Electronics 生態改變隱藏的災難需要更彈性的設計大量引入客製化難以預料的與 open source 產品設計安全要求軟體 component? Executives? 安全性安全性 Mobile/Consumer Electronics 生態改變隱藏的災難需要更彈性的設計大量引入客製化難以預料的與 open source 產品設計安全要求軟體 component? 複雜的授權複雜的授權 Mobile/Consumer Electronics 生態改變隱藏的災難需要更彈性的設計大量引入客製化難以預料的與 open source 產品設計安全要求軟體 component? OKL4OKL4 onon OpenmokoOpenmoko demodemo Smaller TCB Fault isolation Control access using caps Improves separation of trusted and 特製的特製的DriverDriver un-trusted subsystems 讓你舒服 OKL4OKL4特色：特色：緊繃緊繃(capability)(capability) 有彈性有彈性(component)(component) 身手矯健身手矯健(Fast(Fast IPC)IPC) 虛擬化嬌小可愛嬌小可愛(10k(10k LoC)LoC) 虛擬化蘿莉蘿莉(10(10 yearsyears dev)dev) 免授權金免授權金(BSD(BSD License)License) 隨時等你來開隨時等你來開........ 發發 OK:Linux OK:Android OK:Symbian OK:Windows Virtualization Goes Mobile Virtualization 我來，我見，我征服切斷了所有退路 → 的概念喝下你藏好的毒 → Virtualization 的實做途徑 I came, I saw, I conquered 隱藏的災難需要更彈性的設計我宅，我色，我舒服 I home, I suck, I comforted 大量引入客製化難以預料的與 open source 產品設計安全要求軟體 component? Executives? 整體運算模式的轉變、多元的消費性電子產品設計需求安全性要求、與 open source 軟體銜接、引入專屬技術與功能導向的運算參考資料 • The Motorola Evoke QA4: A Case Study in Mobile Virtualization, Gernot Heiser, Open Kernel Labs, Inc. • Embedded VMM for Portable Virtual Machines, Naveen Kalla, Patrice Guelah, and Scott R. Armstrong • VMX Framework Performance and Power Management White Paper, VirtualMetrix, Inc. • OKL4: http://en.wikipedia.org/wiki/OKL4 • OKLabs: http://www.ok-labs.com/ • L4HQ → L4 Community: http://l4hq.org/ .

Load more