DuVisor: a User-level Hypervisor Through Delegated Virtualization

Abstract

DuVisor introduces the concept of "delegated virtualization" to fundamentally redesign hypervisor architecture, achieving a purely user-level hypervisor by separating the control plane from the data plane. This design allows DuVisor to handle all VM operations and hardware virtualization extensions without requiring runtime intervention from the kernel driver. Implemented on an open-source RISC-V CPU, this approach drastically reduces the security attack surface and yields performance improvements of up to 47.96% compared to KVM.

Report

Key Highlights

• Novel Architecture: Introduces "delegated virtualization," which completely separates the kernel-resident control plane from the user-level data plane.
• User-Level Operation: DuVisor functions as a pure user-level hypervisor, eliminating the need to trap into the kernel for VM operations once initial configuration is complete.
• Performance Gain: Achieves significant performance improvements, outperforming KVM by up to 47.96% in real-world application benchmarks.
• Security Improvement: Greatly minimizes the hypervisor's attack surface by drastically reducing the role of the kernel-resident component during runtime.
• RISC-V Implementation: The system was validated by implementing the necessary hardware extension on an open-source RISC-V CPU and building a hypervisor atop it.

Technical Details

• Delegated Virtualization: A design approach where the kernel driver (control plane) handles initialization, but the user-level helper process (data plane) gains direct access and responsibility for high-frequency runtime tasks.
• Mechanism: Retrofitting existing hardware virtualization support with a specific "delegated virtualization extension" is crucial to its function.
• User-Mode Responsibilities: DuVisor handles critical low-level tasks entirely in user mode, including direct processing of VM exits, configuration of virtualization registers, management of the stage-2 page table, and handling virtual devices.
• Implementation Stack: The hardware extension was implemented on an open-source RISC-V processor. The hypervisor software was built using the Rust programming language.
• Comparison Baseline: Performance evaluation results are compared directly against KVM (Kernel-based Virtual Machine), a mainstream virtualization system.

Implications

• Enhanced Security Model: DuVisor provides a blueprint for next-generation virtualization security by moving the bulk of the hypervisor functionality outside the kernel, drastically shrinking the Trusted Computing Base (TCB) required for VM management.
• New Performance Ceiling: By eliminating frequent and costly ring crossings (switches between kernel and user mode) inherent in traditional architectures, DuVisor sets a new standard for efficient, high-performance virtualization.
• Validation of RISC-V Extensibility: The successful implementation of the necessary hardware extension on an open-source RISC-V platform demonstrates the flexibility and customizability of the RISC-V instruction set architecture, allowing for co-design solutions that tightly integrate hardware and software virtualization primitives.
• Future OS Design: This work suggests a path toward fundamentally changing how operating systems manage virtualization, potentially leading to faster, more resilient cloud and container environments.