XPDDS17: Keynote: Towards a Configurable and Slimmer x86 Hypervisor - Wei Liu, Citrix

•

0 recomendaciones•716 vistas

The classic PV interface has given Xen a head start in the cloud computing era. However, with the advance of hardware technology, its usage has be declining significantly. The complexity of PV ABI has been a source of security bugs and friction between Xen and other communities. This talk tries to lay out a plan to make x86 Xen configurable to support different guests types, and then move the PV ABI to a PVH container so that it is possible to support PV workload in a more secure manner.

Tecnología

Towards a conﬁgurable and slimmer x86
hypervisor
Liu Wei
Budapest – July 11-13, 2017

Current state of aﬀairs
PV mode: no hardware extension needed, used in legacy
systems, useful in certain cases like running unikernel and
nested-virt without vVMX or vSVM
HVM mode: needs hardware support and QEMU for
emulation, has become the mainstream Xen VM mode
PVH mode: essentially HVM without QEMU, under
development
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 2 / 19

Two (big) projects
Splitting PV and HVM code: Refactor x86 hypervisor code.
Make guest supporting code conﬁgurable via Kconﬁg
PV ABI in PVH container: Implement a PV ABI shim. Use it
to translate PV hypercalls into PVH ones when necessary
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 3 / 19

Why splitting PV and HVM code?
Users can pick and choose the guest interfaces
Smaller binary, smaller attack surface
Reclaim precious address space if PV is disabled, to let Xen
support >16TB host memory more easily
Improve x86 hypervisor code base
*NOT* intending to kill PV in the hypervisor
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 4 / 19

Xen x86 PV memory layout
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 5 / 19

The conceptual map of code
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 6 / 19

The reality
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 7 / 19

Current code
do foo ( . . . )
{
/∗ . . . ∗/
i f (hvm) {
do foo hvm ( ) ;
return ;
}
/∗ l o t s of code to do foo f o r pv ∗/
return ;
}
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 8 / 19

Current code
do bar ( . . . )
{
/∗ . . . ∗/
i f (hvm) { /∗ Some code ∗/ };
i f ( pv ) { /∗ Some code ∗/ };
/∗ l o t s of code f o r common case ∗/
i f (hvm) { /∗ Some code ∗/ };
i f ( pv ) { /∗ Some code ∗/ };
return ;
}
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 9 / 19

Future code
do baz ( . . . )
{
/∗ code f o r common case ∗/
i f (hvm)
do baz hvm ( ) ;
i f ( pv )
do baz pv ( ) ;
return ;
}
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 10 / 19

Game plan for splitting PV and HVM code
Identify all the components that need refactoring
Dom0 builder
Domain handling code
Trap handling code
Memory management code
Guest memory accessor
...
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 11 / 19

Game plan for splitting PV and HVM code
Coarse-grained refactoring – mostly for PV code
Move code around
Split code into manageable trunks
Do some basic cleanups:
Use better function names
Use better coding style
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 12 / 19

Game plan for splitting PV and HVM code
Fine-grained refactoring – for both PV and HVM code
Abstract out a set of guest interfaces
Adjust internal interfaces between components if necessary
Fix x86 common code
Make PV and HVM conﬁgurable
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 13 / 19

Why PV ABI in PVH container?
Continue to support PV in a more secure manner
Have more than 128GB worth of 32bit PV guests
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 14 / 19

PV ABI in PVH container
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 15 / 19

Game plan for PV ABI in PVH container
Build the PV shim – essentially a stripped-down Xen
hypervisor
Go through all PV hypercall handlers, categorize them into the
aforementeioned groups
Further refactor PV guest supporting code: provide the ”real
PV” handlers and ”PV shim” handlers while sharing as much
code as possible
Change the build system to pull in the right objects
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 16 / 19

Game plan for PV ABI in PVH container
Adjust Xen toolstack
Construct a PVH guest while using the PV shim as ”ﬁrmware”
Further improvements (open questions at the moment)
Provide mechanism to parse guest kernel inside the container,
something like pvgrub
Provide mechanism to pass-through PCI devices (if that’s still
relevant)
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 17 / 19

Current status
Doing coarse-grained refactoring:
Dom0 builder (done)
Domain handling code (done)
Trap handling code (done)
Memory management code (doing)
Guest memory accessor
...
ETA: Some point in the future :)
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 18 / 19

Q&A
Budapest – July 11-13, 2017 Towards a conﬁgurable and slimmer x86 hypervisor 19 / 19

Más contenido relacionado

La actualidad más candente

Make room! Make room!

Denis Chapligin

Ceph on Windows

Ceph Community

The ARM architecture strongly recommends to use a break-before-make when changing translation table entries whenever certain conditions are met. Failing to do so may result in getting TLB conflicts or breaking the coherency. During this session, we will introduce break-before-make and when the code handling page tables should use it. We will also discuss the modifications required in Xen to avoid breaking the coherency.

XPDS16: Keeping coherency on ARM - Julien Grall, ARM

The Linux Foundation

XPDDS17: Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Gr...

The Linux Foundation

During last year, we have seen the rise of LibraryOSes in the hypervisor world. Fast, scalable and light, they bring to hypervisors the resource efficiency of Containers while maintaining many of its well known isolation and manageability advantages. While most LibraryOSes are niche in what they do, OSv is designed to run almost any POSIX compliant application and just have a slight focus in the Java application. Which applications can we run? And why? What's the story with Java and what can users gain from it? And more importantly: How can Xen users and the Xen community at large benefit from OSv? Those are some of the questions that I intend to cover in this presentation.

XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems

The Linux Foundation

Ceph RBD Update - June 2021

Ceph Community

Integration of Glusterfs in to commvault simpana

Gluster.org

2021.06. Ceph Project Update

Ceph Community

CephFS Update

Ceph Community

ops300 Week5 storage (1)

trayyoo

Deploying CloudStack and Ceph with flexible VXLAN and BGP networking

ShapeBlue

Bsdtw17: lightning talks/wip sessions

Scott Tsai

Proxmox ve-datasheet

Miguel Angel

Since Fremantle Extras applications will eventually be submitted to the Mer builder it may be a good idea to introduce it. We use the openSuse Open Build Service; a GPL service that provides an emulated, pristine (yes, I'm looking at you autobuilder and scratchbox), dependency driven build environment. I'll talk about the processes around Mer builds, access controls, managing integration with our DVCS (git), acceleration tricks and generally how to make good use of things you find lying about on the web. This slideset has useful notes - see tab next to 'Comments'

Building For Mer

David Greaves

Integrating gluster fs,_qemu_and_ovirt-vijay_bellur-linuxcon_eu_2013

Gluster.org

Docker + GCE + etcd + ray tracing

Syoyo Fujita

Docker infiniband

Syoyo Fujita

As the current stubdomain based on minios is difficult to maintain, we have worked on a stubdomain based on Linux. This helps to use QEMU upsteam in the stubdom with little change. So first I will present how a Linux based stubdomain is built and lauched, and the difficulties around it. Then, to see if this is a viable option, I will show disk and network benchmarks to compare it with a traditional QEMU in dom0 configuration. To finish, I will present the current limitations of this type of stubdomains.

Linux based Stubdomains

The Linux Foundation

Accessing gluster ufo_-_eco_willson

Gluster.org

2021.02 new in Ceph Pacific Dashboard

Ceph Community

La actualidad más candente (20)

Make room! Make room!

Ceph on Windows

XPDS16: Keeping coherency on ARM - Julien Grall, ARM

XPDDS17: Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Gr...

XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems

Ceph RBD Update - June 2021

Integration of Glusterfs in to commvault simpana

2021.06. Ceph Project Update

CephFS Update

ops300 Week5 storage (1)

Deploying CloudStack and Ceph with flexible VXLAN and BGP networking

Bsdtw17: lightning talks/wip sessions

Proxmox ve-datasheet

Building For Mer

Integrating gluster fs,_qemu_and_ovirt-vijay_bellur-linuxcon_eu_2013

Docker + GCE + etcd + ray tracing

Docker infiniband

Linux based Stubdomains

Accessing gluster ufo_-_eco_willson

2021.02 new in Ceph Pacific Dashboard

Similar a XPDDS17: Keynote: Towards a Configurable and Slimmer x86 Hypervisor - Wei Liu, Citrix

Subtitle: Reducing the OS burden while taking advantage of new hardware features Xen is a hypervisor using a microkernel design that allows running multiple concurrent operating systems on the same hardware. One of the key features of Xen is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. Xen has a long history going back to the 90s when it was designed and the early 2000s when it was released. As a consequence of this, many of the assumptions and virtualization techniques backed into it are now superseeded by new hardware features, that make virtualization more transparent from an OS point of view. This talk provides an overview on the different kind of guests supported by Xen and how these new hardware features are used in order to improve and evolve them. It also describes the design and implementation of a new guest type, called PVHv2, and how it can be used as a control domain (Dom0). Also see: https://fosdem.org/2017/schedule/event/iaas_towahvm/

Fosdem 17 - Towards a HVM-like Dom0 for Xen

The Linux Foundation

BSDCan 2015: How to Port BSD as a Xen on ARM Guest

The Linux Foundation

Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.

Scaleable PHP Applications in Kubernetes

Robert Lemke

Hyper-v Storage

Paulo Freitas

PBX on a non-specialized distro

StefanoFancello

Network Functions Virtualization (NFV), Software Defined Networking (SDN) and Software Defined Access (SDA) are all poised to transform the traditional complex appliance based networks into software running on standard COTS infrastructure. One of the last bastions of this transformation is the wireless access, the base station. This presentation will review the opportunities and challenges related to the base station, use cases and proposed ways to overcome it, with a sneak preview to ASOCS's disruptive Virtual Base station design and approach.

2014 - 6 - Paving the way to a virtualized base station

Eran Bello

CloudStack IPv6 in production

ShapeBlue

BDE_SC4_WS3_6_Luigi Selmi - Pilot SC4

BigData_Europe

Ceph Day Bring Ceph To Enterprise

Alex Lau

PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests. This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

The Linux Foundation

Arm versus x86

JochenPolster

Ceph Day Tokyo - Bring Ceph to Enterprise

Ceph Community

Ceph Day Taipei - Bring Ceph to Enterprise

Ceph Community

Storage based on_openstack_mariocho

Mario Cho

During last LinuxCon, Bruno presented the continuous packaging approach used with a tool like project-builder.org to package upstream projects for hundreds of Linux distributions tuples in an automatic manner. Discussions happened there with the FOSSology project which wanted to benefit from this approach to produce Linux packages for their users. Both projects have since that worked jointly to make it a reality, and want to share their return of experience on this journey, benefits obtained, issues encountered and how they were fixed. After a reminder of the basics on continuous packing, the presentation will give a concrete example of what was setup using the infrastructure of the LinuxFoudation to enable the automatic creation of rpm and deb packages for FOSSology, launched during the continuous integration process already in place. A demo of the build process will also be made.

Using containers and Continuous Packaging to Build native FOSSology packages

Bruno Cornec

[ElastixWorld 2016] mediasoup: Powerful WebRTC SFU for Node.js

Iñaki Baz Castillo

Installing Component Pack 6.0.0.6

LetsConnect

Hyper-V 2008 R2 Best Practices

Aidan Finn

Currently, typical supercomputers have an expected useful life of 3 or 4 years. One way of another, after this time period, infrastructure is typically replaced or upgraded to face the increasing resource demand by users and companies. This always gives rise to the same question, namely, what should be done with the old hardware if it was replaced? Possible solutions come in the form of decommissioning, splitting up and using it for spare parts, or donating it, but in several cases, the hardware can still provide value when used for different tasks. In this talk we will describe how we have converted the old Tier1 Flemish supercomputer https://www.ugent.be/hpc/en/infrastructure/tier1 into a cloud platform using OpenNebula. During this conversion process, we faced several technical challenges. The first and foremost of these was how to recycle hardware that was designed for use in a classical HPC environment to use in a private cloud. We will describe which steps were taken to address isolating VM traffic through the existing InfiniBand interconnect using the VXLAN network technology. We will also address how we managed mapping our internal (university) and external (industry) users using the OpenNebula “remote” authentication plugin. Finally, we will discuss how we used the InfiniBand interconnect to share the Ceph storage backend and VM traffic in a secure manner. After a testbed phase, in which only pilot users are given access and provide feedback, the new UGent HPC Cloud platform called “Grimer” will be available in production. YouTube: https://youtu.be/jHchktxIZnM

OpenNebulaConf2017EU: Transforming an Old Supercomputer into a Cloud Platform...

OpenNebula Project

Ceph Day Berlin: Ceph and iSCSI in a high availability setup

Ceph Community

Similar a XPDDS17: Keynote: Towards a Configurable and Slimmer x86 Hypervisor - Wei Liu, Citrix (20)

Fosdem 17 - Towards a HVM-like Dom0 for Xen

BSDCan 2015: How to Port BSD as a Xen on ARM Guest

Scaleable PHP Applications in Kubernetes

Hyper-v Storage

PBX on a non-specialized distro

2014 - 6 - Paving the way to a virtualized base station

CloudStack IPv6 in production

BDE_SC4_WS3_6_Luigi Selmi - Pilot SC4

Ceph Day Bring Ceph To Enterprise

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

Arm versus x86

Ceph Day Tokyo - Bring Ceph to Enterprise

Ceph Day Taipei - Bring Ceph to Enterprise

Storage based on_openstack_mariocho

Using containers and Continuous Packaging to Build native FOSSology packages

[ElastixWorld 2016] mediasoup: Powerful WebRTC SFU for Node.js

Installing Component Pack 6.0.0.6

Hyper-V 2008 R2 Best Practices

OpenNebulaConf2017EU: Transforming an Old Supercomputer into a Cloud Platform...

Ceph Day Berlin: Ceph and iSCSI in a high availability setup

Más de The Linux Foundation

Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other. This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary. This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.

ELC2019: Static Partitioning Made Simple

The Linux Foundation

TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

The Linux Foundation

Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered: Embedded/automotive features of Xen Collaboration with AGL and GENIVI organizations for standardization Efforts on Functional Safety compliance Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.

XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...

The Linux Foundation

XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...

The Linux Foundation

In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time. The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.

XPDDS19 Keynote: Unikraft Weather Report

The Linux Foundation

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...

The Linux Foundation

This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional. Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings. The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx

The Linux Foundation

As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion? This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.

XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...

The Linux Foundation

This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.

XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project. In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices. In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes. This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

The Linux Foundation

The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency. In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management. During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

The Linux Foundation

For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM). Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'. In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.

XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...

The Linux Foundation

XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems

The Linux Foundation

Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform. XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.

XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...

The Linux Foundation

XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...

The Linux Foundation

High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...

The Linux Foundation

Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling. This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.

XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE

The Linux Foundation

The use of Virtual GPUs (vGPUs) has widely grown in server farms to give Virtual Machines (VMs) dedicated graphics. Software rendering with virtual CPUs can only take us so far and even with Intel-GVT, which uses integrated graphics, there isn't enough power to do the fun stuff. In this presentation, Jon Farrell will be talking about the process of implementing AMD MxGPU on Xen, challenges that he encountered while doing it, and discussing performance metrics of bare metal and vGPU VM on popular benchmarks like 3D Mark* and The Witcher 3. To wrap up his presentation, Jon will share his thoughts about future research and where this technology can take us.

XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security

The Linux Foundation

Más de The Linux Foundation (20)