LinuxConf Europe 2007

Photos and reports

Timetable

Programme

Registration

LPI Exams

Conference Dinner (Sunday)

Duxford Excursion (Monday)

Exhibitors and Sponsors

Accommodation

Venue

Travel

About Cambridge

Kernel Summit 2007

Other GUUG events

Other UKUUG events

Jeff Dike - Intel Corp

Two ptrace-free ways to virtualize system calls

As a user-space virtualization technology, User-mode Linux (UML) has historically relied on ptrace system call interception in order to virtualize its process system calls. This necessarily imposes a cost, as a ptrace-intercepted system call is much slower than a non-intercepted one. While this is non-fatal - UML currently runs the ever-popular kernel build at about 70% of native speed - it would be nice to get the remaining 30% back. The bulk of this consists of system call and page fault overhead.

Until recently, ptrace has been the only game in town when it came to virtualizing system calls from userspace. One development to fix this situation is the advent of hardware virtualization capabilities on x86-family platforms, in the form of Intel VT and AMD Pacifica technologies, and a standard way to access this functionality, in the form of KVM. UML has been ported to run in guest ring 0, and work is underway to merge this, plus a KVM interface, into the current UML tree. Using VT, UML has a fully virtualized CPU at its disposal, including an IDT, which can be set up to deliver its process system calls directly to the UML kernel, avoiding the host's ptrace altogether.

On platforms without hardware virtualization support, the second way to avoid ptrace involves the containerization effort. This is adding general namespace support to the kernel, so that a process can be confined to a portion of any given kernel resource. UML can make use of this by virtualizing the data accessed by its process system calls rather than virtualizing the system calls themselves. I prototyped a virtualized time system in mid-2006, creating a time namespace and making system call interception selective. The result is that gettimeofday and settimeofday run directly on the host, but see a virtualized time which is controlled by the UML kernel. As a result, gettimeofday was fully virtualized and ran at 98% of native speed. As the containerization of portions of the kernel get accepted into mainline, UML can make use of this in order to accelerate related system calls.

Submitted paper

and Paper (tgz) .