TwinDrivers: Semi-Automatic Derivation of Fast and Safe Hypervisor Network Drivers from Guest OS Drivers
In a virtualized environment, device drivers are often run inside a virtual machine (VM) rather than in the hypervisor. Doing so protects the hypervisor from bugs in the driver, and also allows the reuse of the device driver and its support infrastructure in the VM. Unfortunately, this approach results in poor performance for I/O intensive devices such as network cards. The alternative approach is to run device drivers directly in the hypervisor. Although this approach results in better performance, it suffers from the loss of safety guarantees for the hypervisor, and incurs the software engineering cost of maintaining the driver support infrastructure. In this paper we present TwinDrivers, a framework which allows us to automatically create safe and efficient hypervisor drivers from guest OS drivers. The hypervisor driver runs directly in the hypervisor, but its data resides completely in the driver VM address space. A Software Virtual Memory mechanism allows the driver to access its VM data efficiently from the hypervisor running in any guest context, and also protects the hypervisor from invalid memory accesses from the driver. An upcall mechanism allows the hypervisor to largely reuse the driver support infrastructure present in the VM. The TwinDriver system thus combines the performance benefits of hypervisor-driver based approaches with the safety and software engineering benefits of VM driver based approaches. Using the TwinDrivers hypervisor driver, we are able to improve the guest domain networking performance in Xen by a factor of 2.4 for transmit workloads, and 2.1 for receive workloads. The resulting transmit perfomance is within 64% of native Linux performance, and the receive performance is within 67% of Linux performance.