tree: 21d06fb2b0f2605a7f10949f3168d3f9e7f31f36 [path history] [tgz]
  1. bin/
  2. buildtools/
  3. lib/
  4. packages/
  5. scripts/
  6. tests/
  7. third_party/
  8. BUILD.gn
  9. OWNERS
  10. README.md
src/virtualization/README.md

Guest

The vmm app enables booting a guest operating system using the Zircon hypervisor. The hypervisor and VMM are collectively referred to as “Machina”.

These instructions will guide you through creating minimal Zircon and Linux guests. For instructions on building a more comprehensive Linux guest system see the debian_guest package.

These instructions assume familiarity with how to build Fuchsia images and boot them on your target device.

Build host system with the guest package

Configure, build, and boot the guest package as follows:

fx set core.x64 --with-base //src/virtualization
fx build

For ARM64 targets, replace x64 with arm64 or the appropriate board name.

Note for external developers

_Googlers: You don't need to do this, the Linux images are downloaded from CIPD by Jiri.

The debian_guest package expects the Linux kernel binaries and userspace image to be in prebuilt/virtualization/packages/debian_guest. You should create them before running fx build by following the instructions in debian_guest/README.md.

Running guests

After booting the target device, to run Zircon:

guest launch zircon_guest

Likewise, to launch a Debian guest:

guest launch debian_guest

Running on QEMU

Running a guest on QEMU on x64 requires KVM (i.e. pass -k to fx qemu):

fx qemu -k

You may also need to enable nested KVM on your host machine. The following instructions assume a Linux host machine with an Intel processor.

To check whether nested virtualization is enabled, run the following command:

cat /sys/module/kvm_intel/parameters/nested

An output of Y indicates nested virtualization is enabled, 0 or N indicates not enabled.

To enable nested virtualization until the next reboot:

modprobe -r kvm_intel
modprobe kvm_intel nested=1

To make the change permanent add the following line to /etc/modprobe.d/kvm.conf:

options kvm_intel nested=1

Running from Workstation

To run from Workstation, configure the guest package as follows:

fx set workstation.x64 --with-base //src/virtualization

After booting the guest packages can be launched from the system launcher as debian_guest and zircon_guest.

Integration tests

Machina has a set of integration tests that launch Zircon and Debian guests to test the VMM, hypervisor, and each of the virtio devices. To run the tests:

fx set core.x64 --with-base //src/virtualization:tests
fx build
fx test //src/virtualization/tests

For ARM64 targets, replace x64 with arm64 or the appropriate board name.

Guest Configuration

Guest systems can be configured by including a config file inside the guest package:

{
    "type": "object",
    "properties": {
        "kernel": {
            "type": "string"
        },
        "ramdisk": {
            "type": "string"
        },
        "block": {
            "type": "string"
        },
        "cmdline": {
            "type": "string"
        }
    }
}

Monitor Guest exit statistics

kstats -v can print the number of Guest exits per second and the reason. For example, the output on ARM64 appears as follows:

cpu   vm_entry vm_exit inst_abt data_abt wfx_inst sys_inst smc_inst ints
  0      43        43        0      6      27        1        0      9
  1     226       225        0    111       3       17        0     94
  2     109       109        0     60       8        7        0     35
  3      58        58        0     21      12        2        0     23

The fields in the output are as follows:

  • inst_abt: The amount of instruction abort exit.
  • data_abt: The amount of data abort exit.
  • wfx_inst: The amount of instruction wfe/wfi exit.
  • sys_inst: The amount of systen register access exit.
  • smc_inst: The amount of instruction smc exit.
  • ints : The amount of interrupt exit.

For x86_64, the output is as follows:

 cpu    vm_entry vm_exit ints ints_win ept ctrl_reg msr(rd wr) inst(io hlt cpuid ple vmcall xsetbv)
  0       40       40     10      0     0      0        10 10        5  5    0    0    0      0

With the following fields:

  • ints : The amount of interrupt exit.
  • ints_win : The amount of interrupt window exit.
  • ept : The amount of EPT violation exit.
  • ctrl_reg : The amount of control register(CRx) access exit.
  • msr : The amount of MSR register access exit (rd/wr is read/write).
  • inst : the amount of some kinds of instruction exit.