PVM Virtualization Framework Proposed For Linux - Built Atop The KVM Hypervisor

Written by Michael Larabel in Virtualization on 26 February 2024 at 11:19 AM EST. 8 Comments
VIRTUALIZATION
Ant Group and Alibaba have proposed PVM, the Pagetable Virtual Machine, as a new virtualization framework built upon the Kernel-based Virtual Machine (KVM) hypervisor. PVM does not require hardware-assisted virtualization while working with KVM-enabled software like Kata Containers.

Ant Group and Alibaba Cloud are already using the Pagetable Virtual Machine in a production environment across "tens of thousands of secure containers daily" and now has been submitted under a Request For Comments (RFC) flag for the upstream Linux community.

The motivation for PVM was described as:
"A team in Ant Group, co-creator of Kata Containers along with Intel, deploy the VM-based containers in our public cloud VM to satisfy dynamic resource requests and various needs to isolate workloads. However, for safety, nested virtualization is disabled in the L0 hypervisor, so we cannot use KVM directly. Additionally, the current nested architecture involves complex and expensive transitions between the L0 hypervisor and L1 hypervisor.

So the over-arching goals of PVM are to completely decouple secure container hosting from the host hypervisor and hardware virtualization support to:

1) enable nested virtualization within any IaaS clouds without affecting the security, flexibility, and complexity of the cloud platform;

2) avoid costly exits to the host hypervisor and devise efficient world switching mechanisms."

PVM is compatible with existing KVM software, does not require nested virtualization hardware capabilities, works around secure container needs, and allows for lightweight container kernels.

PVM graphic


The downside of PVM is the shadow paging that can take on a significant performance hit if the guest application is frequently modifying the page table. Bit for "long-running cloud services" the performance of PVM is said to be good and there are various optimizations to offset the performance issues.

Currently the PVM virtualization framework code amounts to nearly seven thousand lines of new kernel code spread across 73 patches. The initial RFC patches are out for discussion on the Linux kernel mailing list.
8 Comments
Related News
Linux Developers Consider Ending 32-bit KVM Host Virtualization Support`
QEMU 9.2 Released With VirtIO GPU Vulkan Support, AVX10 & Experimental Rust Support
Rust Hypervisor Firmware v0.5 Supports For More CPUs & Improves EFI Support
Linux 6.13 KVM Eliminates An "Awful Idea", Many x86_64 Improvements
Virtual CPUFreq Driver Coming With Linux 6.13 For Better Power/Performance Within VMs
IBM Power11 CPUs Launching In 2025 - Linux 6.13 Preps KVM Nested Guests For Power11
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features