Multi-Hypervisor Virtual Machines
Traditional system virtual machines (VMs) are controlled by only one hypervisor at a time. Consequently, a VM is limited to the set of hypervisor-level services provided by the sole controlling hypervisor. We propose the notion of a multi-hypervisor virtual machine, or Span VM, that is simultaneously controlled by multiple co-located hypervisors. A Span VM runs an unmodified guest operating system and benefits from different services offered by the underlying hypervisors. Using nested virtualization, we demonstrate how two or more hypervisors can cooperatively exert control over a Span VM's memory, VCPUs, and I/O devices. A rich set of hypervisor-level services have been recently proposed, such as guest monitoring, rootkit detection, high availability, and live guest patching. We envision Span VMs to enable a new hypervisor ecosystem in which such services are provided by specialized hypervisors that augment the base hypervisor. We have designed and implemented a prototype systems support for Span VMs using the KVM/QEMU platform. Our current prototype can support Span VMs that use multiple hypervisor services such as VM introspection, network monitoring, and guest mirroring, with performance comparable to traditional nested VMs.