EmbeddedXEN is a particularly efficient virtualization framework tailored to ARM-based core embedded systems.
While security and OS isolation are key features of conventional virtualizuation frameworks, the main concerns for EmbeddedXEN are device heterogeneity and realtime aspects, which are particularly important in the embedded world.
EmbeddedXEN mainly relies on the original XEN architecture but with major differences in the way guest OS are handled: the hypervisor has been simplified, and only two guest OS (dom0 and domU) can run simultaneously; while dom0 is used to manage the native OS with drivers (original and backend splitted drivers), a paravirtualized OS (domU) can be cross-compiled on a different ARM device, and user applications can run seamlessly on the (virtualized) host device. Another important difference is that no user space tools are required to manage the VMs; the framework produces a compact single binary image containing both dom0 and domU guests, which can be easily deployed. The Xenbus architecture has been adapted to that context.
EmbeddedXEN therefore allows the porting of an OS and its applications from an ARM embedded device to last generation ARM hardware, such as HTC Smartphone for example.
This talk will discuss the challenges of client virtualization and introduce at a technical level XenClient XT, a security-oriented client virtualization product by Citrix. By describing XenClient XT architecture and features, it will be shown how the unique Xen's design and its support for modern x86 platform hardware can increase security and isolation among VMs.
Disaggregation of services provided by the platform will be a key of this talk. It will also be shown how third party software components can provide services to VMs in a secure and controlled way.
In this session we examined the Xen PV performance on the latest platforms in a few cases that covers CPU/memory intensive, disk intensive and network intensive workloads. We compared Xen PV guest vs. HVM/PVOPS to see whether PV guest still have advantage over HVM on a system with state-of-the-art VT features. KVM was also compared as a reference. We also compared PV driver performance against bare-metal and pass-through/SR-IOV. The identified issues were discussed and we presented our proposal on fixing those issues.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
With the introduction of virtualization extensions on ARM processors, the Xen community has taken steps to add ARM support for ARM CPUs to the Xen Hypervisor. This port is executed as part of of the Hypervisor project, with no separate codebase.
Xen engineers will describe the key challenges they have overcome, current technical status and discuss about the next steps.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
This talk will discuss the challenges of client virtualization and introduce at a technical level XenClient XT, a security-oriented client virtualization product by Citrix. By describing XenClient XT architecture and features, it will be shown how the unique Xen's design and its support for modern x86 platform hardware can increase security and isolation among VMs.
Disaggregation of services provided by the platform will be a key of this talk. It will also be shown how third party software components can provide services to VMs in a secure and controlled way.
In this session we examined the Xen PV performance on the latest platforms in a few cases that covers CPU/memory intensive, disk intensive and network intensive workloads. We compared Xen PV guest vs. HVM/PVOPS to see whether PV guest still have advantage over HVM on a system with state-of-the-art VT features. KVM was also compared as a reference. We also compared PV driver performance against bare-metal and pass-through/SR-IOV. The identified issues were discussed and we presented our proposal on fixing those issues.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
With the introduction of virtualization extensions on ARM processors, the Xen community has taken steps to add ARM support for ARM CPUs to the Xen Hypervisor. This port is executed as part of of the Hypervisor project, with no separate codebase.
Xen engineers will describe the key challenges they have overcome, current technical status and discuss about the next steps.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
XCP: The Art of Open Virtualization for the Enterprise and the CloudThe Linux Foundation
XCP is a free and open source self-contained virtualization solution for servers, built on top of the Xen hypervisor. It is easily installable in a few minutes from a single image file, yet powerful and scalable enough to be useful to power users, enterprise environments and cloud deployments. Created from the open-source components of XenServer, it supports the virtualization of a range of operating systems, including Linux, Solaris, BSDs and Windows. This talk will introduce XCP and explain its relationship with Xen and Linux. We will quickly demonstrate how to use XCP via the command-line and using opensource graphical interfaces, and describe some interesting features that set XCP apart from other virtualization platforms.
XPDS13: HVM Dom0 - Any unmodified OS as Dom0 - Will Auld, IntelThe Linux Foundation
It should be great if we can use an unmodified guest for dom0 or the driver domain. We found a way to achieve that. Since Xen's inception, the first guest on Xen is always a para-virtualized domain, and it can be modified Linux, NetBSD, and Solaris etc. In this way, dom0 can achieve near-native performance, so it is commonly used in the server market. However, modifications to guest kernels also implies limitations. For example, it can't support Windows OS as the dom0 or the driver domain. With the rapid evolution of hardware-assisted virtualization (e.g. VMX, VT-d technologies), HVM domains also can achieve comparable performance with para-virtualization. And, it's high time for Xen to such an unmodified guest as the dom0. In the presentation, we discuss its architectural changes and its benefits compared with the traditional PV or HVM dom0, and we also introduce what we have done.
ARM Servers and Xen – Hypervisor Support at Hyperscale-XPUS13 WikeliusThe Linux Foundation
The emergence of power optimized hyperscale servers is leading to a revolution in Data Center design. The intersection of this revolution with the growth of Cloud Computing, Big Data and Scale Out Storage solutions is resulting in innovation at rate and pace in the Server Industry that has not been seen for years. One particular example of this innovation is the deployment of ARM based servers in the Data Center and the impact these servers have on Power, Density and Scale. In this presentation we will look at the role that Xen is playing in the Revolution of ARM based server design and deployment and the impact on applications, systems management and provisioning.
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
The Xen Project produces a mature, enterprise-grade virtualization technology designed for the Cloud featuring many advanced and unique security features. For this reason, it's a hypervisor of choice for government agencies like NSA and the DoD, as well as for new security-minded projects the QubesOS Secure Desktop. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, and Xen Security Modules (XSM), are not enabled by default. This session will describe many of the advanced security features of Xen, as well as explaining why Xen is an excellent choice for secure Clouds
XPDS14: Xenstore Mandatory Access Control - James Bielman, GaloisThe Linux Foundation
Mandatory Access Control (MAC) is a security model in which access decisions are governed by a centralized security policy rather than the system's users. Systems with MAC are better protected from malicious or careless users and programs granting permissions that violate a system's desired security goals.
Xen supports MAC at the hypervisor level via the Flask Xen Security Module (XSM/Flask), building upon the widely used SELinux infrastructure. However, other critical components of the Xen architecture, such as Xenstore, are not covered by the XSM security policy.
Galois has developed an implementation of mandatory access control for a disaggregated Xenstore domain. In this presentation, James Bielman will discuss the implementation of Xenstore's nested security server in a Mirage-based Xen kernel.
Outine
1) Automotive E/E Systems: mastering complexity
2) Ecosystems of virtualization technologies
3) Automotive use-cases of virtualization
4) Limits of virtualization
Authors: N. Navet (RealTime-at-Work), B. Delord (PSA Peugeot-Citroen), M Baumeister (Freescale semiconductor)
Talk given at RTS Embedded System 2010 on March 31st 2010.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
XCP: The Art of Open Virtualization for the Enterprise and the CloudThe Linux Foundation
XCP is a free and open source self-contained virtualization solution for servers, built on top of the Xen hypervisor. It is easily installable in a few minutes from a single image file, yet powerful and scalable enough to be useful to power users, enterprise environments and cloud deployments. Created from the open-source components of XenServer, it supports the virtualization of a range of operating systems, including Linux, Solaris, BSDs and Windows. This talk will introduce XCP and explain its relationship with Xen and Linux. We will quickly demonstrate how to use XCP via the command-line and using opensource graphical interfaces, and describe some interesting features that set XCP apart from other virtualization platforms.
XPDS13: HVM Dom0 - Any unmodified OS as Dom0 - Will Auld, IntelThe Linux Foundation
It should be great if we can use an unmodified guest for dom0 or the driver domain. We found a way to achieve that. Since Xen's inception, the first guest on Xen is always a para-virtualized domain, and it can be modified Linux, NetBSD, and Solaris etc. In this way, dom0 can achieve near-native performance, so it is commonly used in the server market. However, modifications to guest kernels also implies limitations. For example, it can't support Windows OS as the dom0 or the driver domain. With the rapid evolution of hardware-assisted virtualization (e.g. VMX, VT-d technologies), HVM domains also can achieve comparable performance with para-virtualization. And, it's high time for Xen to such an unmodified guest as the dom0. In the presentation, we discuss its architectural changes and its benefits compared with the traditional PV or HVM dom0, and we also introduce what we have done.
ARM Servers and Xen – Hypervisor Support at Hyperscale-XPUS13 WikeliusThe Linux Foundation
The emergence of power optimized hyperscale servers is leading to a revolution in Data Center design. The intersection of this revolution with the growth of Cloud Computing, Big Data and Scale Out Storage solutions is resulting in innovation at rate and pace in the Server Industry that has not been seen for years. One particular example of this innovation is the deployment of ARM based servers in the Data Center and the impact these servers have on Power, Density and Scale. In this presentation we will look at the role that Xen is playing in the Revolution of ARM based server design and deployment and the impact on applications, systems management and provisioning.
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
The Xen Project produces a mature, enterprise-grade virtualization technology designed for the Cloud featuring many advanced and unique security features. For this reason, it's a hypervisor of choice for government agencies like NSA and the DoD, as well as for new security-minded projects the QubesOS Secure Desktop. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, and Xen Security Modules (XSM), are not enabled by default. This session will describe many of the advanced security features of Xen, as well as explaining why Xen is an excellent choice for secure Clouds
XPDS14: Xenstore Mandatory Access Control - James Bielman, GaloisThe Linux Foundation
Mandatory Access Control (MAC) is a security model in which access decisions are governed by a centralized security policy rather than the system's users. Systems with MAC are better protected from malicious or careless users and programs granting permissions that violate a system's desired security goals.
Xen supports MAC at the hypervisor level via the Flask Xen Security Module (XSM/Flask), building upon the widely used SELinux infrastructure. However, other critical components of the Xen architecture, such as Xenstore, are not covered by the XSM security policy.
Galois has developed an implementation of mandatory access control for a disaggregated Xenstore domain. In this presentation, James Bielman will discuss the implementation of Xenstore's nested security server in a Mirage-based Xen kernel.
Outine
1) Automotive E/E Systems: mastering complexity
2) Ecosystems of virtualization technologies
3) Automotive use-cases of virtualization
4) Limits of virtualization
Authors: N. Navet (RealTime-at-Work), B. Delord (PSA Peugeot-Citroen), M Baumeister (Freescale semiconductor)
Talk given at RTS Embedded System 2010 on March 31st 2010.
The Internet of Things arrived last decade when the number of devices (that can connect) outnumbered the world population. We have now entered a new age. The evolution from #virtualization to #cloud to #IoT and #BigData a consequence of the Moore Nielsen prediction and the rise of Fog Computing. The role of #OpenSource and #OpenStandards and the importance of the new trend: Open Data as the only way to keep sanity in Big Data. This is my presentation at the IEEE International Conference on Cloud Engineering in Boston on Pi Day 2014
Fog Computing is a paradigm that extends Cloud computing and services to the edge of the network. Similar to Cloud, Fog provides data, compute, storage, and application services to end-users. The motivation of Fog computing lies in a series of real scenarios, such as Smart Grid, smart traffic lights in vehicular networks and software defined networks.
In a traditional Xen configuration domain 0 is used for a large number of different functions including running the toolstack(s), backends for network and disk I/O, running the QEMU device model instances, driving the physical devices in the system, handling guest console/framebuffer I/O and miscellaneous monitoring and management functions. Having all these functions in one domain produces a complex environment which is susceptible to shared fate on the failure of any one function, has complex interactions between functions (including resource contention) which makes it difficult to predict performance, and has limited flexibility (such as requiring the same kernel for all device drivers).
""Domain 0 disaggregation"" has been discussed for some time as a way to break out domain 0's functions into separate domains. Doing this enables each domain to be tailored to its function such as using a different kernel or operating system to drive different physical devices. Splitting functions into separate domains removes some of the unintentional interactions such as in-domain resource contention and reduces the system impact of the failure of a single function such as a device driver crash.
Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility. This talk will describe XenServer's “Windsor” architecture and explain how it will provide the above benefits to customers and users. We will present an overview of the architecture and some early experimental measurements showing the benefits.
A Xen MIPS port implementation will be presented. In particular, major techniques used for cpu and memory para-virtualization on top of xen and linux will be presented. The major changes in xen hypervisor, xen tools and linux will be illustrated. The challenges, main issues we faced and solutions we applied will be discussed. Overall porting status and next steps will also be discussed.
Note: also see https://www.slideshare.net/xen_com_mgr/ossna18-xen-beginners-training-exercise-script
The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
The virtualization can be described in a generic way as a separation of the service request from the underlying physical delivery of that service. In computer virtualization, an additional layer called hypervisor is typically added between the hardware and the operating system. The hypervisor layer is responsible for both sharing of hardware resource and the enforcement of mandatory access control rules based on the available hardware resources.
There are three types of virtualization: full virtualization, para-virtualization and operating system level (OS-level) virtualization.
"Xen Cloud Platform”, Mike McClurg, Senior Engineer, Xen.org Engineering
The Xen Cloud Platform is an open-source, enterprise-ready server virtualization platform. It is based on the Xen hypervisor, and represents the common code base for Citrix's XenServer product line. This presentation gives an introduction to XCP, and how it relates to both the Xen hypervisor and to Citrix's XenServer. It covers XCP's XenAPI and how it can be used by two of the most popular cloud orchestration frameworks, CloudStack and OpenStack. Finally, it discusses the XCP "roadmap," and the plans for the future of XCP.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Large Language Model (LLM) and it’s Geospatial Applications
Dealing with Hardware Heterogeneity Using EmbeddedXEN, a Virtualization Framework Tailored to ARM Based Embedded Systems
1. Dealing with Hardware Heterogeneity Using
a Virtualization Framework Tailored to ARM Based
Embedded Systems
Prof. Daniel Rossier, PhD
HEIG-VD
Institut REDS, Reconfigurable & Embedded Digital Systems
rte Cheseaux 1, 1400 Yverdon-les-Bains
http://www.reds.ch/
3. Background
• HEIG-VD
• University of Applied Sciences in Yverdon, Switzerland (CH)
• Reconfigurable Embedded Digital System Institute
Hardware Design, FPGA
Embedded Execution Environment, Drivers, BSP, OS/RTOS, etc.
• Applied Research & Development
• ARM based Microcontrolers (v4, v5, v6, v7)
• Low-level interactions between computing cores (CPU, DSP, FPGA, etc.)
• Towards Cortex-A15 HVM
3 REDS@HEIG-VD
4. Background
• Embedded Virtualization on ARM
• XEN: free & easy access to a stable & evolving hypervisor source code
• Early port of XEN on ARM in 2007 in the context of a Diploma Project
• Necessity to get a simple, thin, fast, robust, easy-to-deployed virtualization
framework
• Re-use of Linux file organization & build system (Makefiles, scripts, …)
• Focus on realtime aspects (Linux/Xenomai as RTOS)
• Different sources of inspiration
• "Fast Secure Virtualization for the ARM Platform", Daniel Ferstay,
Master Thesis, The University of British Columbia, 2006
• XEN ARM port, George G. Davis, MontaVista, 2007
• Secure Xen on ARM Project, Sang-bum SUH, Samsung, 2007
4 REDS@HEIG-VD
5. Background
• Focus on heterogeneity of embedded devices
• Idea to re-use OS & applications from old devices to recent devices
• Time-to-market migration to new hardware generation
• Dealing with various cross-compiled binaries (ARM v5-v7)
• Dealing with different peripherals
• Less emphasis on security aspects
• Publicly available
• https://sourceforge.net/projects/embeddedxen
5 REDS@HEIG-VD
6. Background
• Hardware constraints
• Low latency, reactivity (response time)
• ARM cores do not support virtualization mechanisms
not easy to deal with various levels of execution modes
• Para-virtualization remains attractive
• About 30 files to be (slightly) adapted
• Low execution overhead
• Efficient processing of downcalls/upcalls with support of domain interactions
Physical interrupts are quickly processed in dom0.
6 REDS@HEIG-VD
7. Overview of EmbeddedXEN
Primary Guest OS Secondary Guest OS
known as Dom0 known as DomU
Xen-guest Xen-guest
(pv) (pv)
- Full privilege - Full privilege
- Dom0 original drivers
- DomU original drivers
- Backend drivers
- Native drivers - Frontend drivers
• Limited use of hypercalls
• ARM execution modes (USR/SVC) –
pseudo-user mode with double stack handling / downcalls & upcalls are
simple jumps to specific (callback) addresses
• No subtle use of domain access control (ARM DACR) to protect memory
• Memory sharing facilitated between primary and secondary OS
Domain Prioritized
VCPU Creation and EmbeddedXEN Upcalls
sched_flip Setup Handling Migration
Hypervisor Hypercalls
Manager
Scheduler Handling
Hardware
7 REDS@HEIG-VD
8. Overview of EmbeddedXEN
• Linux-like source tree and build system (Makefiles)
Config & build embeddedxen
system
tools
xen-guest
environnement.conf linux-2.6.26-domU
Common
part
xenbus core include console
include xen-guest arch
linux-2.6.32-dom0
hypervisor-4.0.2
include xen-guest arm
arch/arm
xen-guest
mach-msm mach-mx35
xen-guest include arch
Secondary mach-mx35
xen OS
mx35_fab4.c
xen-guest arm
Hypervisor arch/arm
Primary
kernel mm
OS mach-msm
8 REDS@HEIG-VD
9. Overview of EmbeddedXEN
• Single binary (multi-kernel) image
• Automatic parsing & image relocation during hypervisor bootstrap
EmbeddedXEN
Boot Head
1 (Dom-U)
0 (Dom-0)
Hypervisor
EOD
EOD
DOM-0 DOM-U
vmlinux vmlinux.dom0 vmlinux.domU
uImage
Dom-0 Filesystem /home/root/squeezeos.rootfs.img: • Stored separately in
sdcard, for example
Dom-U Filesystem
9 REDS@HEIG-VD
10. Protection & Memory Isolation
• Memory isolation between domains relies on different address space
isolation.
• No further advanced mechanisms to protect hypervisor and guest memory
• The guest OS kernel runs at the same privilege as the hypervisor.
• Each domain receives its own (contiguous) physical memory region
during domain set up.
• No pagination of the kernel linear address space is performed.
• Paravirt of memory management is kept minimal.
• Guest OS kernel has access to the whole memory.
• No protection mechanism for strong isolation of VM (but is it really necessary?)
10 REDS@HEIG-VD
12. Domain Interactions
• Virtualization of peripherals in EmbeddedXEN is quite similar
to the existing mechanisms in XEN.
• Driver split with frontend & backend drivers
• Communication with xenbus
• Use of grant tables for sharing/copying pages between domains
• However, a revisited (simplified) implementation of these
mechanisms have been achieved in EmbeddedXEN.
• XEN store is dynamically allocated at boot time of guest OSes.
• No user space tools are required to manage XEN store entries or peripherals
configs.
• Hotplugs & dynamic configs of peripherals are less relevant to embedded
systems.
12 REDS@HEIG-VD
13. Domain Interactions
• domU is passed information during bootstrap under control of dom0.
xen-guest OS xen-guest OS
xenbus xenstore subsys Subsys subsys Subsys
thread thread
event_channel xenstore
A/B xenbus
thread
Page Dom0 Page DomU
prod prod
cons cons
backend drivers frontend drivers
event_channel C/D
Hypervisor
via unpause_domU(store_mfn, domU
store_evtchn) start_info->store_mfn
start_info->store_evtchn
13 REDS@HEIG-VD
14. Domain Interactions
• Grant tables are used in a different way
• Shared pages are possible only in the vmalloc'd area.
• Kernel linear addresses are not shareable; contents needs to be copied using
temporary mappings.
Dom0 RAM DomU
Hypervisor Hypervisor
0xFF000000 0xFF000000
gnttab(domU)
VMALLOC_END has VMALLOC_END
has references to
references to gnttab(domU) gnttab
gnttab_foreign[1] gnttab(domU) domU
gnttab(dom0) gnttab_foreign[0]
gnttab gnttab(dom0)
shared pages
has
references to has
VMALLOC_START VMALLOC_START
gnttab(dom0) references to
mem_map_foreign mem_map_foreign(domU) dom0 mem_map_foreign(dom0) mem_map_foreign
0xC0000000 0xC0000000
shared pages
3GiB 3GiB
0x00000000
Hypervisor 0x00000000
14 REDS@HEIG-VD
15. Device Heterogeneity
• Different levels of heterogeneity
• At CPU level: various instructions sets (locks, cache, etc.), various PTEs
(MMU) flags, various co-processors, etc.
Compatibility ensured via hypercalls
• At peripherals level: not the same hardware
Compatibility ensured via backend driver processing hypervisor-4.0.2
include
arch/arm
xen-guest
mach-msm mach-mx35
xen
built-in.o cache-v6.S cache-v7.S Kconfig Makefile mm.h
proc-macros.S tlb-v6.S tlb-v7.S mm
arch/arm
kernel mm
15 REDS@HEIG-VD
16. Device Heterogeneity
• Example of ARMv6 running on ARMv7 CPU (iMX35 -> HTC Desire HD)
Original version Paravirt version
linux-2.6.26-domU/arch/arm/mm/cache-v6.S: linux-2.6.26-domU/arch/arm/mm/cache-v6.S:
ENTRY(v6_flush_kern_cache_all) .extern xen_flush_kern_cache_all
mov r0, #0 ENTRY(v6_flush_kern_cache_all)
#ifdef HARVARD_CACHE b xen_flush_kern_cache_all
mcr p15, 0, r0, c7, c14, 0 @ D cache clean+invalidate #if 0 /* paravirt */
#ifdef CONFIG_SMP mov r0, #0
mcr p15, 0, r0, c7, c5, 0 @ I+BTB cache invalidate
#else …
b v6_icache_inval_all
#endif mov pc, lr
#else #endif /* 0 */
mcr p15, 0, r0, c7, c15, 0 @ Cache clean+invalidate
#endif
mov pc, lr
linux-2.6.26-domU/xen-guest/hypervisor.c: hypervisor-4.0.2/arch/arm/mm/cache_v7.S:
void xen_flush_kern_cache_all(void) ENTRY(xen_flush_kern_cache_all)
{ stmfd sp!, {r4-r5, r7, r9-r11, lr}
struct mmuext_op op; bl xen_flush_dcache_all @ much more complex!!
mov r0, #0
op.cmd = MMUEXT_FLUSH_CACHE; mcr p15, 0, r0, c7, c5, 0 @ I+BTB cache invalidate
HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF); ldmfd sp!, {r4-r5, r7, r9-r11, lr}
} mov pc, lr
ENDPROC(xen_flush_kern_cache_all)
16 REDS@HEIG-VD
17. Device Heterogeneity
• Example of framebuffer device heterogeneity
• Configuration of framebuffer is retrieved from Dom0 via xenbus
xen-guest Dom0 xen-guest DomU
User space
applications User space
xenstore (/dev/fb0) xenbus applications
thread (/dev/fb0)
xenbus
thread
framebuffer
core
framebuffer
device-specific core
framebuffer
msmfb_pan_update()
Query framebuffer
xenfb backend xenfb frontend
params
fb_event_dom_register domU fb memory
dom0 fb memory fb_event_dom_switch
FB config is retrieved (allocated by domU)
(allocated by dom0) from dom0
17 REDS@HEIG-VD
18. Device Heterogeneity
• Example of audio device heterogeneity
• DomU audio buffers are accessed from Dom0 via shared pages.
xen-guest
Dom0 xen-guest
DomU
User space applications User space applications
xenstore xenstore
/dev/msm_pcm_out /dev/pcm/snd/pcm0c0d0p
xenbus - or - xenbus
thread /dev/pcm/snd/pcm0c0d0p thread
pcm subsystem pcm subsystem
xen-audio backend
xenvaud_pcm_start xen-audio frontend
xenvaud_pcm_stop
Audio buffers allocated in
domU
arch-specific audio driver
Sound device (headset, speakers, etc.)
18 REDS@HEIG-VD
19. Conclusions & Future Work
• EmbeddedXEN is an embedded virtualization framework which puts
emphasis on efficient and heterogeneous hardware.
• Application environments can be re-used "as such" on modern
platforms (Android-based for example) taking advantage of last
generation hardware.
• EmbeddedXEN relies on the main principles of XEN, with a revisited
lightweight, but less secure architecture.
• A single multikernel binary image, easy to deploy on the target
platform without additional tools, makes EmbeddedXEN well
tailored to embedded systems.
19 REDS@HEIG-VD
20. Conclusions & Future Work
• Further investigation projects:
• Elaboration of a domU using a graphical desktop for user
applications
• Support of multicore ARM CPUs (cortex-A9, cortex-A15)
• Live migration of domU using remote NFS-filesystem (migration
within a cloud)
• Support of hard realtime OS (RTEMS-paravirt)
20 REDS@HEIG-VD
21. • Thanks for your attention!
• Further information: daniel.rossier@heig-vd.ch
21 REDS@HEIG-VD