Xen ARM with Virtualization Extensions

From Xen
Revision as of 11:56, 13 December 2013 by APrzywara (talk | contribs) (Platform specific configuration: add link to Midway page)

The ARM v7-A and ARM v8-A architectures include optional virtualization extensions that allow a hypervisor to manage fully hardware virtualized guests. These extensions are currently available in some ARM v7 processors such as the Cortex A15 and Cortex A7.

Status

Both the 32-bit (arm32) and the 64-bit (arm64) ports of Xen boot dom0 and unprivileged guests can be created and destroyed using xl. See below for information on the hardware and models.

Guest ABI

The guest (including dom0) visible ABI exposed by the hypervisor is not yet set in stone and there may be changes as work progresses. See requirements (below) for specific details of matching kernel and hypervisor versions.

Contributing

Please email xen-devel with comments, questions and patches. Please see the list info page for subscription information and the archives. For patches please see Submitting Xen Patches.

Hardware

The arm32 port of Xen currently runs on:

Work is also underway to support the Google Chromebook.

The arm64 port of Xen currently runs on:

Work is also underway to support the ARM v8 Foundation Model.

Requirements

ARM Hardware or Software Model
See above for details of the hardware and models which are supported.
Firmware
Xen requires certain functionality from the system firmware. See below for details.
Device Tree
A device tree in the flat device tree format (.dtb). The device tree source for unprivileged Xen ARM guests is available upstream in the Linux tree >= v3.7: xenvm-4.2.dts. The interface is also documented in the Linux tree: xen.txt. Regarding Xen and Dom0, the regular DTS for the underlying platform can be used.
Xen
All current work is now merged into the current development branch git://xenbits.xen.org/xen.git. It is recommended to use the latest Xen master branch.
Linux kernel for dom0
The patches necessary to boot Linux as dom0 under Xen were merged upstream in v3.7. In order to actually start guests a few additional patches were required however these patches have now been included in the v3.8 Linux release. The latest Linus' tree has everything needed to run on Xen on ARM as dom0 and domU. It is recommended to use the latest Linux release where possible.
dom0 userspace
The developers are using the armhf port of Debian Wheezy.
domU kernel
The patches necessary to boot Linux as a guest under Xen were merged upstream in v3.7.

Hypervisor ABI Compatibility

The ABI for Xen on ARM is currently not set in stone.

The most recent ABI change was xen: event channel arrays are xen_ulong_t and not unsigned long. This change was reflected in Linux commit c81611c4e96f595a80d8be9367c385d2c116428b which is already present in mainline and will be part of v3.9-rc1.

Firmware Requirements

Xen's boot requirements are spelled out in docs/misc/arm/booting.txt in the Xen tree, which references the Linux arm and arm64 booting documentation.

The primary requirement is that the hypervisor must be launched in Non-Secure Hypervisor mode only. If the stock firmware on a platform does not obey this (most commonly by launching in Secure Supervisor mode) then a firmware update may be required. The is a tree available with u-boot patches by Andre Przywara to enable the correct behavior in his u-boot tree. At the time of writing hypmode_v5 was the latest branch, in addition Andre maintains a hypmode-ports branch with specific support for a variety of platforms.

When running Xen under a FastModel (which typically have no firmware at all) it is sometimes necessary to use a boot-wrapper. See the Fast Model page for more information.

Xen previously included a workaround for firmware which lacked this functionality, however it was unmaintainable and interfered with proper support for other platforms and therefore as of September 2013 it has been removed.

Getting Xen output

To get output log on the UART, Xen needs to know which UART to use.

console=dtuart dtuart=myserial

where myserial is either an alias to the UART in the device tree (aliases are found in the aliases device tree node) or a full DTB path to the device. As Xen already uses it the UART will be disabled from the point of view of domain 0.

For instance, this is a dummy device tree (won't work) to use the uart0 in Xen:

/ {
    choosen {
       bootargs = "console=dtuart dtuart=myserial";
    }
    aliases {
        myserial = &myserial_0;
    }
    myserial_0: uart0 {
       ... configuration of your UART ...
    }
  }

Here dtuart is configured using the myserial alias. Alternatively /uart0 (the full path to the device) could have been used.

Note: If you don't see output from Xen, you can enable early printk. This option will turn on platform specific UART and output information before the console is initialized.

Device Trees

Xen needs the device trees to be in the flat device tree format (the device tree blob or DTB).

It is no longer necessary to build a specific DTB for use with Xen. The Device Tree files shipped with Linux or from the Split Device Tree Repository can be used.

Xen

Usually the DTB is provided to Xen via the bootloader (e.g. as the third argument to u-boot's bootz or bootm command) or, when running on the models, via the bootwrapper.

However it can sometimes be convenient to link the DTB directly into the Xen image, overriding any DTB supplied by the bootloader.

The DTB to use is specified by the CONFIG_DTB_FILE config variable which should be set to the absolute path of the DTB. This variable may be set in .config or on the make command line.

The Xen command line may be set with the bootargs parameter of the chosen node of the device tree. Parameters for the domain 0 kernel are passed using the xen,dom0-bootargs parameter.

Dom0 kernel

Enable at least ARCH_VEXPRESS, ARCH_VEXPRESS_DT. Disable SPARSE_IRQ (it doesn't play nicely with device tree support). If ARM_APPENDED_DTB is enabled then any appended DTB will be used instead of one supplied by Xen and the kernel will crash unless the memory in the DTB matches that location/size supplied by Xen. It is strongly recommended not to use APPENDED_DTB with your dom0 kernel.

A working configuration is available here.

The Linux command line should be set with the xen,dom0-bootargs parameter of the chosen node of the device tree supplied to Xen. If this parameter is missing then Linux will not get a command line and the wrong console will be used (there's a bug where the kernel doesn't use the default, built-in command line if the /chosen node is missing.

The location of the dom0 kernel must be described in the Device Tree, according to the binding. If the platform uses a new enough u-boot with the fdt command then this can be done as part of the boot process, using:

   fdt addr ${fdt_addr}
   fdt resize
   
   fdt set /chosen \#address-cells <1>
   fdt set /chosen \#size-cells <1>
   
   fdt mknod /chosen module@0
   fdt set /chosen/module@0 compatible "xen,linux-zimage" "xen,multiboot-module"
   fdt set /chosen/module@0 reg <${kernel_addr_r} 0x${filesize} >
   fdt set /chosen/module@0 bootargs "<DOMAIN 0 COMMAND LINE>"

(this assumes the device tree blob is loaded at ${fdt_addr} and the kernel at ${kernel_addr_r}).

If the firmware does not support this then it may be necessary to add a hardcoded chosen node to the Device Tree:

   chosen {
   		#address-cells = <1>;
   		#size-cells = <1>;
   
   		module@0 {
   			 compatible = "xen,linux-zimage", "xen,multiboot-module";
   			 reg = <0x80080000 0x800000>;
   			 bootargs = "<DOMAIN 0 COMMAND LINE>";
   		};
   };

Specifying the actual kernel address and size of the reg property.

DomU kernel and DTS

Unprivileged guests can be created using xl. A simple VM config file would look like this:

kernel = "/root/image"
memory = 128
name = "guest"
vcpus = 1
disk = [ 'phy:/dev/loop0,xvda,w' ]
extra = "earlyprintk=xenboot console=hvc0 root=/dev/xvda debug rw init=/bin/sh"

where "/root/image" is a Linux zImage.

It is no longer recommended (or advised) to use an appended DTB. As of commit 0c64527e7fc9 "libxl: build a device tree for ARM guests" the toolstack will automatically generate a DTB for the guest based on the configuration file above. This change entered staging on 19 November and hit the master branch on 22 November 2013.

If you are using an older version of Xen then you should append a suitable dtb (e.g. xenvm-4.2.dtb) to your kernel with:

   cat arch/arm/boot/zImage arch/arm/boot/dts/xenvm-4.2.dtb > /mnt/root/image

Building Xen on ARM

Cross Compiling

Cross compiling the hypervisor is relatively simple.

Linaro supply cross compilers for both arm32 (arm-linux-gnueabihf-) and arm64 (aarch64-linux-gnu-) via linaro-toolchain-binaries. Alternatively, for 32-bit at least, you can download the arm-unknown-linux-gnueabi compiler from kernel.org.

Once you have a suitable cross compiler you can compile Xen with:

   $ make dist-xen XEN_TARGET_ARCH=arm32 CROSS_COMPILE=arm-unknown-linux-gnueabihf-

or:

   $ make dist-xen XEN_TARGET_ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu-

This assumes that the command prefix for you cross compiler is arm-unknown-linux-gnueabihf- or aarch64-linux-gnu- and that the appropriate arm-unknown-linux-gnueabihf-gcc or aarch64-linux-gnu-gcc and friends are in your $PATH.

Cross compilation of the tools is described in Xen ARM with Virtualization Extensions/CrossCompiling.

Native Building

In order to build the tools a native build environment is required. For 32-bit the developers mainly use the armhf port of Debian, which is present in Wheezy running on an IMX53 based development board, although any ARMv7 development board would do. Note that the build hardware does not need to support the virtualisation extensions, since you don't have to run Xen on the same system as where you build it.

It may also be possible to build using a cross-architecture chroot running on an X86 system as described in this blog post, although this hasn't been tried yet.

Platform specific configuration

Open issues, known problems and workarounds

See this page for a full list of bugs and projects.

Developer FAQs

Use the Xen ARM Dev FAQ page to cover commonly asked questions.