User Mode Linux

Ritesh Raj Sarraf's picture

Recently, we had the User-Mode Linux suite out of Debian, which included user-mode-linux, user-mode-linux-doc and uml-utilities package. We are happy that we were able to bring it back into the archvie quick, and hope to maintain it active.

For many who may not know about UML, here's a discription from its website:

User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.

User-Mode Linux gives you a virtual machine that may have more hardware and software virtual resources than your actual, physical computer. Disk storage for the virtual machine is entirely contained inside a single file on your physical machine. You can assign your virtual machine only the hardware access you want it to have. With properly limited access, nothing you do on the virtual machine can change or damage your real computer, or its software.

 

Most of the use cases mentioned here are achievable with Containers today. The big difference UML provides in, is with a separate kernel. UML is an implementation of Linux as an architecture of Linux itself. It supports x86 and x86_64 architecture. And given that it is the port of the kernel, you can do many of the tests and experiments of the regular kernel, safely inside a confined UML environment. As with other virtualization implementations, the limitation comes in if you are working on physical hardware.

 

With its re-entry in Debian, I wanted to revive my local setup. First is the packaging structure and the second is its integration with current standard tools

  • Packaging: For packaging UML in Debian, we rely on the packaged linux-source package provided by the kernel team.
    • linux-source package: We build UML from the linux sources that are provided by the debian kernel team. This works fine for now. Whenever there's a kernel vulnerability, there'll be an updated source package, to which we'll rebuild the UML package.
    • Merge with debian-kernel: In the longer run, we'd like to push UML package into the debian kernel team. UML is a component of the Linux kernel, and that is where it should be built from. 
  • Integration: It works fairly well right now. On modern systems with systemd, where (nspawn) containers can easily have a network interface bound to it, UML lacks a bit behind. It'd be nice if we could see some UML integration with systemd.
    • Networking under systemd: Setting up networking, for UML, under systemd is fairly straight. In fact, with systemd, it is much simpler. Below is the host network (tuntap) setup, to which UML can bind for all its network needs.
rrs@learner:~/tidBits (master)$ cat /etc/systemd/network/tap.netdev 
[NetDev]
Name=tap0
Kind=tap

[TAP]
Group=uml-net
User=uml-net
2016-08-01 / 15:41:40 ♒♒♒  ☺  
rrs@learner:~/tidBits (master)$ cat /etc/systemd/network/tap.network 
[Match]
Name=tap0

[Network]
DHCPServer=yes
IPForward=yes
IPMasquerade=yes
Address=172.16.20.2
LLMNR=yes
MulticastDNS=yes
DNS=172.16.20.1
2016-08-01 / 15:41:43 ♒♒♒  ☺  

systemd allows for defining user/group ownership in its file.  With this setup, and uml-utilities running, one can simply fire a UML instance as below:

rrs@learner:~/rrs-home/Community/Packaging/user-mode-linux (master)$ linux ubd0=~/rrs-home/NoTrack/uml.img eth0=daemon mem=1024M rw  
Core dump limits :
    soft - 0
    hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir...none found
Checking if /dev/shm is on tmpfs...OK
Checking PROT_EXEC mmap in /dev/shm...OK
Adding 23609344 bytes to physical memory to account for exec-shield gap
Linux version 4.6.3 (root@chutzpah) (gcc version 5.4.0 20160609 (Debian 5.4.0-6) ) #2 Sat Jul 16 16:22:22 UTC 2016
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 263721
Kernel command line: ubd0=/home/rrs/rrs-home/NoTrack/uml.img eth0=daemon mem=1024M rw root=98:0
PID hash table entries: 4096 (order: 3, 32768 bytes)
Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)
Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes)
Memory: 1020852K/1071632K available (4803K kernel code, 1207K rwdata, 1340K rodata, 157K init, 217K bss, 50780K reserved, 0K cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:15
.....snipped.......

root@uml:~# cat /proc/cpuinfo 
processor    : 0
vendor_id    : User Mode Linux
model name    : UML
mode        : skas
host        : Linux learner 4.6.0-1-amd64 #1 SMP Debian 4.6.4-1 (2016-07-18) x86_64
bogomips    : 6048.97

root@uml:~# ping www.debian.org
PING www.debian.org (130.89.148.14) 56(84) bytes of data.
64 bytes from klecker4.snt.utwente.nl (130.89.148.14): icmp_seq=1 ttl=46 time=372 ms
64 bytes from klecker4.snt.utwente.nl (130.89.148.14): icmp_seq=2 ttl=46 time=395 ms
64 bytes from klecker4.snt.utwente.nl (130.89.148.14): icmp_seq=3 ttl=46 time=315 ms
^C
--- www.debian.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 315.550/361.064/395.440/33.556 ms

 

And here are some (incomplete and non-conclusive) performance numbers

root@uml:~# dd if=/dev/zero of=foo.img bs=1M count=2500 conv=fsync
2500+0 records in
2500+0 records out
2621440000 bytes (2.6 GB, 2.4 GiB) copied, 39.4876 s, 66.4 MB/s

vs

rrs@learner:/var/tmp/Debian-Build/Result$ dd if=/dev/zero of=foo.img bs=1M count=2500 conv=fsync
2500+0 records in
2500+0 records out
2621440000 bytes (2.6 GB, 2.4 GiB) copied, 41.2126 s, 63.6 MB/s
2016-08-01 / 15:59:15 ♒♒♒  ☺  

Keywords: 

Categories: 

Comments

Ritesh Raj Sarraf's picture

Important attributes to UML

I missed to mention an important point on User-Mode Linux. With modern Linux virtualization (Almost all implementations have para-virtualized drivers), we almost get native performance. But there's an important clause in the traditional virtualization support, i.e. you need to have special purpose Host CPU with Virtual-Machine Extensions (vmx). On the other hand, for User-Mode Linux, no such capability is required. This can be an important factor for many users in developing nations, who still have commodity computer hardware.

Other important aspect about User-Mode Linux: The entire kernel runs as a user process.

rrs@learner:~/tidBits (master)$ ps aux | grep linux
rrs      16762 63.6  0.9 1073204 79416 pts/0   R+   15:25   0:05 linux ubd0=/home/rrs/.rrs-home/NoTrack/uml.img eth0=daemon mem=1024M rw

 

And you can also leverage kernel subsystems that do not depend on real hardware. For example, for very long, I've wanted to have open-iscsi run in a UML instance.

root@uml:~# iscsiadm -m discovery -t st -p 172.16.20.40
172.16.20.40:3260,1 iqn.1994-05.com.redhat:23d8eb7fa1fc
172.16.20.41:3260,1 iqn.1994-05.com.redhat:23d8eb7fa1fc
172.16.20.42:3260,1 iqn.1994-05.com.redhat:23d8eb7fa1fc
172.16.20.43:3260,1 iqn.1994-05.com.redhat:23d8eb7fa1fc
172.16.20.40:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot
172.16.20.41:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot
172.16.20.42:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot
172.16.20.43:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot
172.16.20.40:3260,1 iqn.2003-01.org.linux-iscsi.debian.x8664
172.16.20.41:3260,1 iqn.2003-01.org.linux-iscsi.debian.x8664
172.16.20.42:3260,1 iqn.2003-01.org.linux-iscsi.debian.x8664
172.16.20.43:3260,1 iqn.2003-01.org.linux-iscsi.debian.x8664

Add new comment