Virtualization basic concepts in multicore ARM SoC's
Virtualization is a hardware and/or software technique that allows executing several operative systems and/or applications, also called guests or virtual machines, on one single physical platform. Guest operative systems or applications are isolated from each other, appearing as they would when executed on different physical platforms. There are alternative categories for implementing virtualization:
- Full virtualization
- Hardware assisted virtualization
Full virtualization is the full system emulation allowing to run the unmodified guest OS on the virtual machine directly. The guest OS, which is a complete operating system (such as window, linux, mac os, etc.), is not aware that it is running in a virtualized environment. The guest OS can run any application that was conceived for that OS. The layer responsible to emulate the machine is called Virtual Machine Monitor (VMM) and it converts the instructions of the guest OS in instruction of the host system. In addition, the VMM needs to emulate all the hardware of the platform. In this way the guest OS will use the abstraction of the VMM to access the underlying hardware. The main issue in full virtualization is its complicated implementation. Previous implementations were not efficient and in some cases it was almost impossible to implement due to severe limitations of embedded cores.
Para-virtualization is similar to the concept of the full virtualization. It allows the execution of a guest OS in a virtual machine, but unlike full virtualization approach, selective modifications are needed to execute the guest OS. Usually modifications related to system call interfaces, memory management, and interrupt handling are necessary to make the guest OS aware that it is running in a virtual machine. The advantage of the para-virtualization approach is its high performance and reactivity since the guest OS can implement the necessary optimizations that allow to by-pass several software abstraction interfaces.
The device drivers of the guest OS of a para-virtualized system are generally modified to enable a direct communication with a real device driver without using the emulation abstraction layer. This approach allows a direct exchange of data with the real device drivers. In order to support this model it is also necessary to modify the real device driver accordingly. Implementation details vary from one hypervisor to another. One clear drawback of para-virtualization is the need of access to the guest OS source code as well as the rights to modify it.
Hardware assisted virtualization
All the major processor companies such as Intel, AMD, ARM have seen the huge interest in virtualization. In order to reduce the overhead all of them have extended their architectures with the necessary hardware support known as Virtualization Technology (VT) for Intel, Secure Virtual Machine (SVM) for AMD, or LDPA for ARM. Virtualization extensions provide hardware support for virtualization and remove the bottlenecks in emulating processor instructions that are difficult to virtualize. They also add the necessary support to reduce the typical operations performed in a VMM, such as address translation, new privilege levels. This implies that most of the instructions of the guest OS are executed by the processor without intervention of the VMM. The majority of current I/O devices support direct memory access (DMA), which allows each device to have an independent access to memory thus accelerating I/O transactions.
However DMA operations imply different drawbacks, among which the most critical ones are the lack of protection from faulty drivers and the unsuitability when used in virtualization environments. In order to reduce these drawbacks, all major companies INTEL, ARM, AMD have recently introduced the hardware support for the input and output operations, a new hardware component called input/output memory management unit (IOMMU) that provides memory protection from I/O devices by intercepting DMA transactions and utilizes I/O page tables to determine whether the access is permitted and to resolve the actual host physical address by automatic translation.