Hello Andreas,
On Wed Apr 02, 2025 at 06:55:12 +0000, Hübner, Andreas wrote:
I'm currently evaluating whether we can use Fiasco/L4Re for some of our future projects and ran into some problems/questions that you might help me out with. The general idea is to isolate multiple Linux VMs running Debian/Ubuntu (unmodified kernel) on x86/amd64 hardware with L4Re.
Wonderful :)
I already did most of the tutorials on the kernkonzept/manifest github wiki. (https://github.com/kernkonzept/manifest/wiki) There were some issues with the hardware I'm using, since it maps its BIOS to an address that L4 likes to use for page tables. (at least on amd64, x86 did work out of the box) I fixed it by adjusting the base address in the linker script. (Hopefully, this should not have any bad side effects on L4.)
Is it some more special hardware? But if it work I guess it's good.
First question: In the VM tutorials, I always see the use of kernel image + cpio ramdisk in the startup code. Is this also applicable if I want to use a full-fledged Debian/Ubuntu installation? The guest system should also be able to modify the installation. (i. e. run apt-get upgrade etc.)
Yes, that's currently also applicable when booting full distributions. Obviously this is not ideal for this kine of use-case. We are working on it.
Second question: The general architecture for the VM scenario seems to be Fiasco/L4 -> uvmm -> Linux VMs.
Yes.
Is it also possible to use L4Linux as Host for the Linux VMs? My assumption would be, that it might be easier to use the Linux VMs from Linux instead of uvmm. (maybe with kvm/libvirt support?)
Good idea :) However, there's no working support for this approach (even if you might spot some code in this area in L4Linux).
Especially when it comes to passing the hardware to the VMs.
But that should not be a problem. Hardware pass-through it pretty common.
Third question: This is a direct follow up from the last point. Passing the HW is the hard part for me. I'm not that familiar with device tree files yet and as far as I know x86/amd64 usually does not use device tree because it can auto-detect via PCI/ACPI. But it looks like uvmm/io does require device tree to pass the HW to the VMs even though L4 itself is detecting it via PCI/ACPI.
It is correct that uvmm does need a device tree, also on x86. However, you can just take the virt-pc.dtb. All the pass-through of PCI devices will just work through the virtual PCI bridge, thus has nothing to do anymore with the device tree. Just for putting any other devices to the VM requires adding those to the device tree (such as more virtio device).
In the corresponding vbus config you select with PCI devs to make available on this vbus which will consequently show up in the VM.
Maybe I can pass the whole PCI bus, but then I would like to isolate at least some parts.
That's possible too, just to mention it.
For example VM 1 should only get one port of the network adapter and VM 2 should get another one. (exclusively)
Yes.
And while both VMs should be able to read the RTC, they should not be able to modify it. (or maybe only one of them)
There's an L4Re RTC service for this.
I know, it's not really a question, but maybe you can give me some advice on how best to approach this on x86/amd64 hardware.
Fourth question: Does Fiasco/L4 support SR-IOV? I checked the code + commits and there seems to be some development in the last year, but not sure how "mature" it is.
It's work in progress and I think there are some bits still missing. But should not take long anymore.
That's all for now, thanks for reading and I hope the questions are not too embarrassing/annoying. :)
Not at all :)
Adam _______________________________________________ l4-hackers mailing list -- l4-hackers@os.inf.tu-dresden.de To unsubscribe send an email to l4-hackers-leave@os.inf.tu-dresden.de