PVM Virtualization Framework Proposed For Linux - Built Atop The KVM Hypervisor

Written by Michael Larabel in Virtualization on 26 February 2024 at 11:19 AM EST. 8 Comments
VIRTUALIZATION
Ant Group and Alibaba have proposed PVM, the Pagetable Virtual Machine, as a new virtualization framework built upon the Kernel-based Virtual Machine (KVM) hypervisor. PVM does not require hardware-assisted virtualization while working with KVM-enabled software like Kata Containers.

Ant Group and Alibaba Cloud are already using the Pagetable Virtual Machine in a production environment across "tens of thousands of secure containers daily" and now has been submitted under a Request For Comments (RFC) flag for the upstream Linux community.

The motivation for PVM was described as:
"A team in Ant Group, co-creator of Kata Containers along with Intel, deploy the VM-based containers in our public cloud VM to satisfy dynamic resource requests and various needs to isolate workloads. However, for safety, nested virtualization is disabled in the L0 hypervisor, so we cannot use KVM directly. Additionally, the current nested architecture involves complex and expensive transitions between the L0 hypervisor and L1 hypervisor.

So the over-arching goals of PVM are to completely decouple secure container hosting from the host hypervisor and hardware virtualization support to:

1) enable nested virtualization within any IaaS clouds without affecting the security, flexibility, and complexity of the cloud platform;

2) avoid costly exits to the host hypervisor and devise efficient world switching mechanisms."

PVM is compatible with existing KVM software, does not require nested virtualization hardware capabilities, works around secure container needs, and allows for lightweight container kernels.

PVM graphic


The downside of PVM is the shadow paging that can take on a significant performance hit if the guest application is frequently modifying the page table. Bit for "long-running cloud services" the performance of PVM is said to be good and there are various optimizations to offset the performance issues.

Currently the PVM virtualization framework code amounts to nearly seven thousand lines of new kernel code spread across 73 patches. The initial RFC patches are out for discussion on the Linux kernel mailing list.
8 Comments
Related News
QEMU 9.0 Released WIth True Multi-Queue Support For VirtIO Block Driver
CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions
More Efficient VirtIO DRM Driver To Import Scanout Buffers From Other Devices
KVM Virtualization With Linux 6.9 Brings More Optimizations For Intel & AMD
LXD 5.21 LTS Released With UI By Default, AMD SEV Memory Encryption For VMs
VirtualBox KVM Backend Adds Support For SR-IOV Graphics
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance