如何在kvm中完成设备仿真

Question

I know that the qemu-kvm does the device emulation stuff in KVM. Is the qemu-kvm being executed in the userspace of the host? So when a kick function is encountered, it exits the VM through a hypercall into the hypervisor, then the hypervisor hand over to qemu-kvm in host userspace. Next after doing the needed things, the qemu-kvm transits to the hypervisor and then the hypervisor back to the VM. So it means there are two system calls one from VM-->Hypervisor and qemu-kvm-->Hypervisor? Are these the steps that take place or i am wrong? If there is any documentation about these kind of stuff, please give me the link. Thank you very much...

Thanks, Bala

Answer 1

kvm was started by an Israeli firm called qumranet . These introductory papers are written by those guys and are recommended for reading:

Kernel-based Virtual Machine Technology: http://www.fujitsu.com/downloads/MAG/vol47-3/paper18.pdf KVM: Kernel-based Virtualization Driver: http://www.linuxinsight.com/files/kvm_whitepaper.pdf

KVM uses QEMU for I/O emulation which is explained in the paper. It will help you to understand how a switch from guest to host mode works, the reasons behind the switch, how I/O emulation is done by qemu at userspace and how it switches back to the guest. These are excellent, brief papers.

Answer 2

I am more familiar with KVM part working on x86 architecture, so try to explain this in KVM's x86 implementation.

In x86 architecture, KVM leverages CPU's functionality to separate hypervisor and guest mode. In Intel terms, they are VMX root and non-root modes respectively.

VM entry (hypervisor -> VM) is fired by KVM with VMLAUNCH instruction with all guest-needed information filled in CPU's VMCS in kernel mode. Only a system call is invoked from qemu-kvm to kvm kernel module.

A VM exit happens while guest OS is handling something that out of its privilege, such as accessing a physical HW or an interrupt happened. After that, a VM entry is issued and CPU changes to non-root mode again to execute guest code. In summary, VM exit (VM -> hypervisor) is done by HW automatically, and the corresponding exit reason and information would be recored in VMCS. KVM then check VMCS to determine its next step. There is no system call for VM -> hypervisor.

Most device emulations are based in userspace where qemu-kvm can leverage the existing qemu's code. However some device passthrough technologies, such as Intel VT-d, allow guest to access hardware directly through IOMMU or others. Which can bring more powerful performance especially on high speed networking devices.

If you want to dig out the source code, I recommend to focus on CPU virtualization (Intel VT-x) first, which is located in linux/arch/x86/kvm/vmx.c . Intel software developer guide also has comprehensive introduction to VT as well.

Answer 3

I found this good. Atleast for the basics. Hope it helps.

Answer 4

Is the qemu-kvm being executed in the userspace of the host? yes, this is a performance bottleneck too and there are ways around it being developed. Look at PCI SR-IOV NIC for network and NPIV for fibrechannel. They both are special hardware designed to subdivided I/O controllers so that KVM/qemu can attach the VM to a private channel on the controller.

So it means there are two system calls one from VM-->Hypervisor and qemu-kvm-->Hypervisor? I don't know for certain but I think there are device interrupts crossing user-kernel space boundaries not systems calls.

Perhaps this document will help you a bit:

http://www.linux-kvm.org/wiki/images/4/42/Kvm-device-assignment.pdf