Resilience to Device Driver Failures Using Virtualization

Faulty device drivers are a significant cause of system failures. Low overhead mechanisms that leverage virtualization can detect and recover from device driver failures without requiring modifications to the device driver, applications, or OS running in the VMs. These mechanisms can var y significantly in terms of coverage, recovery latency, and implementation complexity. This paper explores the design space of such mechanisms, provides a taxonomy for their character ization, and evaluates key points in the design space. Based on full implementations of a variety of mechanisms, design tradeoffs are described and key implementation challenges are identified. Schemes are evaluated on a var iety of system configurations with multiple devices and multiple VMs running applications. Extensive fault injection campaigns are used to evaluate the effectiveness of the different mechanisms. It is shown that simple recovery schemes, transparent to the VMs running applications, can effectively recover from a ver y high percentage of faults. How ever, in order to minimize ser vice interr uption duration, it is necessary to use schemes that are slightly more complex, involving redundant device controllers. Index Terms — Fault tolerance, recovery, vir tual machine, VMM, hyper visor, networ k, storage