The hardware-assisted virtualization challenge


January 30, 2019 posted by Kamil Rytarowski

Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux' KVM, or Hyper-V).

Today, I am here to report: Mission Accomplished!

It's been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.

With the advent of Intel's open-sourcing of their HAXM engine, we now have access to an important set of features:

  • A BSD-style license.
  • Support for multiple platforms: Windows, Darwin, Linux, and now NetBSD .
  • HAXM is an Intel hardware assisted virtualization for their CPUs (VTx and EPT needed).
  • Support for an arbitrary number of concurrent VMs. For simplicity's sake, NetBSD only supports 8, whereas Windows/Darwin/Linux support 64.
  • An arbitary number of supported VCPUS per VM. All OSes support up to 64 VCPUs.
  • ioctl(2) based API (/dev/HAX, /dev/haxmvm/vmXX, /dev/haxmvm/haxmvmXXvcpuYY).
  • Implement non-intrusively as part of the kernel, rather than as an out-of-tree, standalone executable kernel module.
  • Default compatibility with qemu as a frontend.
  • Active upstream support from Intel, which is driven by commercial needs.
  • Optimized for desktop scenarios.
  • Probably the only open-source cross-OS virtualization engine.
  • An active and passionate community that's dedicated to keep improving it.

As well as a few of HAXM's downsides:

  • No AMD (SVM) support (althought there are community plans to implement it).
  • No support for non-x86 architectures.
  • Need for a relatively recent Intel CPU (EPT required).
  • Not as flexible as KVM-like solutions for embedded use-cases or servers.
  • Not as quick as KVM (probably 80% as fast as KVM).

If you'd like more details on HAXM, check out the following sites:

Showcase

I've managed to boot and run several operating systems as guests running on HAXM/NetBSD, all of which are multi-core (2-4 VCPUs):

  • NetBSD. And as our motto goes, of course it runs NetBSD. And, of course, my main priority as a NetBSD developer is achieving excellent support for NetBSD guest operating systems. With the massive performance gains of hardware-accelerated virtualization, it'll finally be possible to run kernel fuzzers and many other practical, real-world workloads on virtualized NetBSD systems.


    [NetBSD at the bootloader]


    [NetBSD kernel booting]


    [NetBSD at a shell prompt]


    [NetBSD with X Window session]


    [NetBSD with X Window session]


    [NetBSD guest and qemu's ACPI integration - emitted poweroff button press]


    [NetBSD in the qemu's curses mode display, which I find convenient to use, especially on a headless remote computer]

  • Linux. When I pledged myself to not boot any other OS before accomplishing my goal, I was mostly thinking about resigning from benefits of the Linux ecosystem (driver and software base). There is still a selection of programs that I miss such as valgrind.. but with each week we are getting closer to fill the missing gaps. Linux guests seem to work, however there is need to tune or disable IOAPIC in order to get it running (I had to pass "noapic" as a Linux kernel option).


    [ArchLinux at a bootloader]


    [ArchLinux at a shell (ZSH) prompt]


    [Ubuntu's installer]


    [Ubuntu at a bootloader]

  • Windows. While I have no personal need nor use-case to run Windows, it's a must-have prestigious target for virtualization. I've obtained a Windows 7 86 trial image from the official Microsoft webpage for testing purposes. Windows 8.1 or newer and 64-bit version is still in development in HAXM.


    [Windows 7 booting]


    [Windows 7 welcome message]


    [Windows 7 running]


    [Windows 7 Control Panel]


    [Windows 7 multitasking]


    [Windows 7 MS Paint]

  • DragonflyBSD. I was prompted to test this FreeBSD derivation by a developer of this OS and it just worked flawlessly.


    [DragonflyBSD at a bootloader]


    [DragonflyBSD at a shell prompt]

  • FreeDOS. It seems to just work, but I have no idea what I can use it for.


    [FREEDOS at an installer]


    [FREEDOS at a command line]

Unfortunatelly not all Operating Systems are already supported. I've found issues with the following ones:
  • Android. The kernel booting seems fine (with "noapic"), but later during distribution load it freezes the host computer.


    [Android bootloader]


    [Android just before the host crash]

  • FreeBSD. Hangs during the booting process.


    [FreeBSD hanging at boot]

Summary and future plans

One thing I must clarify, since I'm frequently asked about it, is that HAXM/NetBSD does not attempt to compete with the NVMM (NetBSD Virtual Machine Monitor) work being done by Maxime Villard. I'm primarily doing this for my own educational purposes, and because I find reaching feature-parity with other open-source projects is important work. Additionally, NVMM only has AMD CPU support, whereas I'm primarily a user of the Intel x86 platform, and thus, so is HAXM/NetBSD. The Intel port of NVMM and NVMM in general is still in development, and this means that HAXM is probably the first solution that has ever successfuly managed to run Windows on NetBSD (has anyone done it with Xen before?)

I will keep working on this project in my spare time and try to correct IOAPIC issues on Linux, hangs during FreeBSD's boot process, and Android crashes.

Most of the NetBSD-specific patches for qemu and Intel HAXM have already been merged upstream. And after this process has been completed, there are plans to make it available in pkgsrc. There's also at least one kernel-level workaround for HAXM behavior related to FPU state, which triggers an assert due to an abnormal condition. For this to be amended, fixes would have to land upstream into HAXM's code.

Subnote

Althought I confess that I've been playing with OpenVMS/VAX in SIMH as I have got a hobbyist license, but on the other hand it's hardly to be treated as a competition to NetBSD. Another exception was during a DTrace tutorial during EuroBSDCon 2017 in Paris, where I had to boot and use a FreeBSD image shared by the lecturer. [4 comments]

 



Comments:

Thanks, Kamil, that's great progress! I look forward to seeing more contribution to HAXM from you and the NetBSD community. > An arbitary number of supported VCPUS per VM. All OSes support up to 64 VCPUs. I think 64 is a typo, because HAX_MAX_VCPUS is defined as 16.

Posted by Yu Ning on January 30, 2019 at 08:53 AM UTC #

I have been running Windows 2000, XP and 7 as NetBSD/Xen guests (amd64) for quite a while now. It is not perfect (eg. graphics over VNC, no audio, could not get PCI or USB forwarding to work, performance is not great) but quite reliable.

Posted by khorben on January 30, 2019 at 10:26 AM UTC #

Amazing work, very well done!

Posted by Zach on January 30, 2019 at 03:34 PM UTC #

this is really nice!!!!!!!!!!!!!!!!!!!!!

Posted by tony on January 31, 2019 at 02:48 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed