Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, July 11
 

08:00

09:00

Keynote: Xen Project Weather Report - Lars Kurth, Citrix
In this talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.

Speakers
avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →



Tuesday July 11, 2017 09:00 - 09:35
Grand Ballroom

09:35

Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchenko, EPAM Systems
With the grown interest in virtualization from big players around the world there are more and more companies choose ARM SoCs as their target platform for running server environments. It is also known that majority of such SoCs come with broad coprocessors available on the die, e.g. GPU, DSP, security etc. But at the moment the only way to speed up guests with these is either using a para-virtualized approach or making that HW dedicated to a specific guest.
Shared coprocessor framework for Xen aims to allow all guest OSes to benefit from this companion HW with ease while running unmodified software and/or firmware on guest side. You don’t need to worry about setting up IO ranges, interrupts, scheduling etc.: it is all covered, making support of new shared HW way faster.
As an example of the shared coprocessor framework usage a virtualized GPU will be shown.

Speakers
OA

Oleksandr Andrushchenko

Lead Software Engineer, EPAM Systems Inc.
Oleksandr Andrushchenko is an embedded software engineer from EPAM Systems Inc., Ukraine. He has over 15 years of experience in various fields of embedded engineering and now he mainly specializes in para-virtualized Linux kernel drivers development and coprocessor virtualization... Read More →



Tuesday July 11, 2017 09:35 - 10:25
Grand Ballroom

10:25

EFI Secure Boot, Shim and Xen: Current Status and Developments - Daniel Kiper - Oracle
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.

Speakers
avatar for Daniel Kiper

Daniel Kiper

Software Developer V, Oracle
Daniel Kiper works as software developer for Oracle. He is responsible for | Xen boot code development. He also played with GRUB2 and due to that last year he was appointed as one of the GRUB maintainers. Earlier he worked on kexec, kdump, makedumpfile, crash tool and memory hotp... Read More →



Tuesday July 11, 2017 10:25 - 10:55
Valletta Conference Centre II

10:25

Intel GVT-g: From Production to Upstream - Zhi Wang, Intel
In this topic, we're going to talk about the upstreaming of the Intel Graphics Virtualization Technology (GVT-g) in 2016, which extends the experience and value of graphics virtualization into open source communities and customers. Upstream GVT-g is implemented on top of mediated device framework which is newly introduced in VFIO, however it also brings a challenge to Xen implementation of GVT-g  (XenGT) since Xen doesn't support VFIO today. In this talk we'll review several options of XenGT upstreaming support, based on cooperation  work with Citrix.

Speakers
ZW

Zhi Wang

GVT-g Kernel Maintainer, Intel
Major contributor of the GVT-g upstream who have worked in this project | as a key developer for more than 3 years. In 2016, he worked with other | kernel maintainers and pushed whole project into Linux kernel. Now he is one of the maintainers of GVT-g.



Tuesday July 11, 2017 10:25 - 10:55
Grand Ballroom

10:55

Break
Tuesday July 11, 2017 10:55 - 11:20
Grand Ballroom Foyer

11:20

Virtualization at Huawei: Usage, Value-add and Challenges - Jinsong Liu, Huawei
Note that I am waiting for a short description of the talk.

Speakers
JL

Jinsong Liu

Chief Architect for Virtualization, Huawei
Liu Jinsong has worked with Xen since 2006 and is a former member of Intel Opensource Technology Center, focusing on Xen hypervisor development, including Xen RAS and Xen PM sub-system and some X86 features. After 2014, Jinsong joined Alibaba Cloud Computing as a senior technical... Read More →



Tuesday July 11, 2017 11:20 - 11:50
Valletta Conference Centre II

11:20

To Grant or Not to Grant? - João Martins, Oracle
Xen has made strides in scaling network performance such that it can now saturate 10 Gbit/s NICs and more taking in account aggregate throughput in multi-queued host backends.

Grant usage, one of the main bottlenecks associated with paravirtualizated I/O, has seen a number of improvements in the past years. However, 100 Gbit/s network adapters beckon and 25 Gbit/s will replace current 10 Gbit/s adapters in short order. This will require us to revisit the datapath.

This presentation discusses ways of overcoming this bottleneck and we describe the work we have been doing in the area without compromising the current grant-based model. We discuss a number of topics in this talk, such as page recycling mechanisms, grants versus copying and trends in networking/drivers. Finally we pitch an optional grant-less model in a way that can be managed by adminstrators and is transparent to guests.

Speakers
JM

João Martins

Principal Software Engineer, Oracle Corporation
João is a Principal Software Engineer at Oracle working on the x86 virtualization group. His work includes networking performance on guests and improving Xen's control stack, among others. Prior to Oracle, he did research on specialized guests in the context of network middleboxe... Read More →



Tuesday July 11, 2017 11:20 - 11:50
Grand Ballroom

11:55

Dedicated Secure Domain as Approach for Certification of Automotive Sector Solutions - Iurii Mykhalskyi, GlobaLogic
Nowadays Xen is not so widely used in automotive sector due to lack of certification. Any automotive solution should be compliant to ISO 26262 standard. In general case this is very complex task - each system part should be certified - bootloader, xen, Linux/Android. In this presentation Iurii Mykhalskyi will review current state of certifications and purpose approach that might help to deal with this task by creating special - secure domain. 

Speakers
IM

Iurii Mykhalskyi

Lead Software Engineer, GlobaLogic
I have more than 6 years of development experience, specializing in embedded development. My areas of interest include Linux kernel development and virtualization technology



Tuesday July 11, 2017 11:55 - Wednesday July 12, 2017 00:25
Valletta Conference Centre II

11:55

NoXS: Death to the XenStore - Filipe Manco, NEC
The XenStore is a central piece of the Xen framework on which most operations depend. This makes it both a central point of failure and a performance bottleneck. In this presentation, Filipe will present NEC's work on removing the XenStore and replacing it with NoXS, a hypervisor-based mechanism that provides the necessary functionality to replace the XenStore when running paravirtualized guests. NoXS not only bring advantages in terms of guest management operations' times, but also in terms of scalability and reliability by simplifying dom0. NoXS is also backwards compatible by allowing the XenStore to run in parallel. This presentation will discuss the design of NoXS and show initial results of the prototype implementation, namely boot times bellow 20 ms for up to 8000 guests. The presenter would also like to discuss whether this work is interesting to the Xen project, and if so, how it could be upstreamed.

Speakers
avatar for Filipe Manco

Filipe Manco

Research Scientist, NEC Europe Ltd.
Filipe Manco is a network systems researcher at NEC Europe Ltd. where he has been working with Xen and Unikernels for the past 4 years. He got his MSc degree in 2013 from the University of Aveiro, Portugal.


NoXS pdf

Tuesday July 11, 2017 11:55 - Wednesday July 12, 2017 00:25
Grand Ballroom

12:30

Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Groß, SUSE
Being a type 1 hypervisor Xen relies a lot on support of the operating system running as dom0, in most cases the Linux kernel. So a lot of the work to add new functionality to Xen is done in the Linux kernel.

This presentation shows which Xen related work was done in the last year and what is to be expected in the near future.

Speakers
JG

Jürgen Groß

Kernel Virtualization Engineer, SUSE
Jürgen started operating system work in 1989. He has experience in multiple OS's including some UNIX flavors on many different processors (MIPS, SPARC, Itanium, x86) where he did virtualization related work. His first contact with Xen was in 2008 when he enabled the Xen hypervisor on Itanium to run BS2000 (a mainframe OS) as a guest system. Now... Read More →



Tuesday July 11, 2017 12:30 - 13:00
Valletta Conference Centre II

12:30

The dm_op hypercall and libxendevicemodel - Paul Durrant, Citrix
As part of the effort to restrict and de-privilege the operation of device models, such those provided by QEMU, I have recently implemented a new hypercall and tools library in Xen, and an updated privcmd driver in Linux.

This talk will explain the rationale for the new hypercall, how it helps to restrict and audit the operation of device models and how this fits into the overall strategy of de-privileging QEMU.

Speakers
avatar for Paul Durrant

Paul Durrant

Senior Principal Software Engineer, Citrix Systems Inc
My name is Paul Durrant. I am a Senior Principal Software Engineer in the XenServer platform group of Citrix Systems R&D, based in Cambridge UK. My chief responsibilities are Windows Paravirtual drivers, Virtual GPU subsystem, and the guest storage and network data-paths. My work... Read More →


dmop pdf

Tuesday July 11, 2017 12:30 - 13:00
Grand Ballroom

13:00

Lunch
Tuesday July 11, 2017 13:00 - 14:00
Brasserie Restaurant

14:00

14:30

Contributing to Xen: An Introduction - George Dunlap, Citrix
If you are new to the Xen community and want to know how the development process works -- and in particular, if you want to know how you can get your changes in -- this talk is for you. My goal is that by the end you will have a framework for how the process works, and a good set of pointers and principles for being ready to dive in and submit your first patch -- or your first series. Topics will include: What's a maintainer? How does the development window and feature freeze work? How do I make a good patch series? What if I'm not sure if my code is a good idea or not? What if I need to make a big change and I'm not sure the correct approach?

Speakers
avatar for George Dunlap

George Dunlap

Principal Software Engineer, Citrix
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006. He is currently working as Principal Software Engineer for Citrix on the open-source Xen team in Cambridge, England. He has done work in many areas... Read More →



Tuesday July 11, 2017 14:30 - 15:15
Grand Ballroom

14:30

Solving Community Problems: Patch Volume vs Review Bandwidth, Community Meetings (or lack thereof), ... and other problems - Jan Beulich, SUSE & Lars Kurth, Citrix
This session is intended to tackle a number of community issues:

Code Review: Patch Volume vs Review Bandwidth
Patch volume has been increasing recently (from 4.8 to 4.9 it grew by 30%) can be quite high, and review bandwidth often does not cope. This has been an ongoing problem, and we have looked measuring (see https://xen.biterg.io), improved efficiency and encouraging community members to review more. Although these measures have been successful (some more than others) and more people do reviews and reviews seem to be working more effectively, review bandwith has not grown at the same rate as patch volume.

We are seeing clear bottlecks in ARM and x86 code, where the number of contributions (and new contributors) has grown and is expected to grow further. This is obviously a problem. 

Most options to address this would incur either undesirable restrictions (after all we want people to contribute), but without taking some measures the inflow is going to remain (almost) unmanageable.

This is an open session to look at all available options.

x86 Community Meeting (or other community meetings)
Currently we have a monthly ARM Community Meeting, which has been very successful. Should we have any more? I have had interest for x86 related meetings. Any others? 

A communiuty meeting requires a meeting chair who will a) reach out to attendees, b) put together the agenda, c) write up and post minutes to xen-devel@ and d) chair the meeting

Speakers
JB

Jan Beulich

SUSE
Jan Beulich is a Software Engineering Consultant at Suse, who is also a Xen Project Hypervisor committer and maintainer.
avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →


Tuesday July 11, 2017 14:30 - 15:15
Déry/Jókai

14:30

Graphics Virtualization - Rich Persaud, BAE Systems
GPU virtualization is used in Server VDI, Automotive, Desktops and Laptops. GPU vendors have different approaches to virtualization of 3D graphics (NVIDIA GRID, AMD MxGPU, Intel GVT, Imagination PowerVR OmniShield), while software-based graphics virtualization may not support modern video and user interface animations. Gaming is one of the few growth areas for PCs and CAD can be done via remote desktop. What are current best practices for Xen users and developers to achieve high-performance 3D graphics on Windows, Linux and Android? Is KVM better than Xen for graphics virtualization?

Speakers
RP

Rich Persaud

Consultant, BAE Systems
Rich Persaud has worked with Xen since 2005 and is a former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Lin... Read More →


Tuesday July 11, 2017 14:30 - 15:15
Mikszáth/Petöfi

14:30

14:30

14:30

15:20

Design Session: PV-IOMMU - Paul Durrant, Citrix
The final design for PV-IOMMU was posted to xen-devel more than a year ago (see https://lists.xenproject.org/archives/html/xen-devel/2016-02/msg01428.html) and RFC code was posted at around the same time (see https://lists.xenproject.org/archives/html/xen-devel/2016-02/threads.html#01441). Unfortunately no further progress has been made on it since then, despite Citrix XenServer carrying a version of the code. The interface is important for several reasons, one of them being that it is a key enabler for virtual graphics implementations (where device drivers running a service domain need to DMA map memory belonging to a guest domain).

Speakers
avatar for Paul Durrant

Paul Durrant

Senior Principal Software Engineer, Citrix Systems Inc
My name is Paul Durrant. I am a Senior Principal Software Engineer in the XenServer platform group of Citrix Systems R&D, based in Cambridge UK. My chief responsibilities are Windows Paravirtual drivers, Virtual GPU subsystem, and the guest storage and network data-paths. My work... Read More →



Tuesday July 11, 2017 15:20 - 16:05
Valletta Conference Centre II

15:20

EFI + Intel TXT and TPM + Xen/Linux: How to Make It Work - Daniel Kiper, Oracle
After some investigation it looks that EFI + tboot + Xen does not work. The problem is that tboot treats EFI as untrusted stuff and shuts down all services. However, these services are needed to boot Xen properly. So, this tboot behavior makes it completely unusable with Xen. Linux is hit by this issue, too. It is less severe because it boots but due to a lack of EFI runtime services it is not possible to run e.g. efibootmgr which manages machine boot config. Hence, this means that we should hammer out proper approach to that problem. At the beginning of discussion we should review EFI infrastructure security. This should lead to a decision about EFI availability in measured environments. If yes, then we should decide
what and how should be exposed. It is also worth considering here solutions providing functionality similar to tboot, e.g. TrustedGRUB, EFI TBOOT, etc.

Speakers
avatar for Daniel Kiper

Daniel Kiper

Software Developer V, Oracle
Daniel Kiper works as software developer for Oracle. He is responsible for | Xen boot code development. He also played with GRUB2 and due to that last year he was appointed as one of the GRUB maintainers. Earlier he worked on kexec, kdump, makedumpfile, crash tool and memory hotp... Read More →


Tuesday July 11, 2017 15:20 - 16:05
Mikszáth/Petöfi

15:20

Design Session: The (missing) toolstack side of PVH DomU - Ian Jackson, Citrix & Roger Pau Monne, Ciitrix
Although the Xen side of PVHv2 DomU is finished, the toolstack side of PVHv2 is lagging behind. The current way of creating a PVHv2 guest is not the final interface, and should not be relied upon.

This design session aims to discus the user visible xl/libxl interface of PVHv2 in order to come up with a sane interface in xl/libxl that can be declared stable.

Speakers
avatar for Ian Jackson

Ian Jackson

Citrix
Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →
RP

Roger Pau Monné

Citrix Systems
Roger Pau Monné is a Software Engineer at Citrix and a FreeBSD developer. He is currently mainly working PVH Dom0 support in Xen, while also maintaining Xen support in FreeBSD.


Tuesday July 11, 2017 15:20 - 16:05
Krúdy/Arany

15:20

15:20

15:20

Design Session: Xen Certification in Automotive Industrial - Iurii Mykhalskyi
Speakers
IM

Iurii Mykhalskyi

Lead Software Engineer, GlobaLogic
I have more than 6 years of development experience, specializing in embedded development. My areas of interest include Linux kernel development and virtualization technology


Tuesday July 11, 2017 15:20 - 16:05
Déry/Jókai

16:05

Break
Tuesday July 11, 2017 16:05 - 16:35
Grand Ballroom Foyer

16:35

Design Session: Improved Xen/domU ring mapping API - Andrew Cooper, Citrix
The current mechanisms for Qemu and other emulators to form shared rings with Xen is problematic. As a start, it is an entirely unnecessary security risk (being guest-accessible), but it also may cause performance problems (by shattering host superpages), migration problems (emulators can't attach to an incoming domain until migration is complete). Furthermore, the duct-tape applied to newer emulator interfaces (remove the mapping from the p2m) prevents re-attaching to running domain which has ballooned to its limit (as re-attaching involves adding one extra frame).

Speakers
AC

Andrew Cooper

Senior Software Engineer, Citrix XenServer
Andrew is a senior software engineer working in the Ring0 team for Citrix XenServer. Upstream, he is x86 hypervisor maintainer, committer, and a member of the Xen security team.


Tuesday July 11, 2017 16:35 - 17:35
Valletta Conference Centre II

16:35

EFI Secure Boot + Shim + GRUB2 + Xen: How to Make It Work - Daniel Kiper, Oracle
Speakers
avatar for Daniel Kiper

Daniel Kiper

Software Developer V, Oracle
Daniel Kiper works as software developer for Oracle. He is responsible for | Xen boot code development. He also played with GRUB2 and due to that last year he was appointed as one of the GRUB maintainers. Earlier he worked on kexec, kdump, makedumpfile, crash tool and memory hotp... Read More →


Tuesday July 11, 2017 16:35 - 17:35
Mikszáth/Petöfi

16:35

Making Releases Lessons Learned: Improving Our Release Process and Tooling - Julien Grall, ARM & Wei Liu, Citrix
This session will cover a lessons learned of the last few releases as well as point releases.

We will specifcally look at
a) Verification of Releases: in particular with a view to checking automatically which XSAs have been applied
b) See whether we need to create a Release Checklist and Guide for Release Manager and what should be on it (maybe we can put together a draft)
c) Whether the Release Process prompting for Features works, what we learned from https://xenproject.atlassian.net/secure/RapidBoard.jspa?rapidView=1 & and where to go next
d) For 4.9 the runway for PR was to short - include PR into the Release Checklist/Guide
e) Any other tooling, process related stuff
d) AOB

Moderators
avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →

Speakers
avatar for Julien Grall

Julien Grall

Software Engineer, ARM
Julien Grall is a Senior Software Engineer at ARM, working on open source virtualization. He has been working on Xen since 2012, initially focusing on Xen x86 and then on support for ARM architecture. He is currently a maintainer of Xen ARM.
WL

Wei Liu

Software Engineer, Citrix
Wei Liu has been working on Xen since 2012. He has worked on variousparts of the Xen hypervisor project and other perperal projects likeLinux kernel, FreeBSD kernel and QEMU. He worked as Release Managerfor Xen 4.6, 4.7 and 4.8 releases. He is now a Xen hypervisor projectcommitte... Read More →


Tuesday July 11, 2017 16:35 - 17:35
Krúdy/Arany

16:35

16:35

16:35

18:00

Welcome Reception
Set sail with us on the river Danube for an evening of networking, nibbles and libations!  

A bus will pick up from main lobby at 18:00 and the boat will depart from Dock 9 at Jaszai Mari Square by 18:45.

If you choose to walk, please note that it will take about 30 minutes from the Corinthia Hotel. 




Tuesday July 11, 2017 18:00 - 20:30
Dock 9 at Jaszai Mari Square
 
Wednesday, July 12
 

08:00

09:00

Keynote: Xen 4.8 at Gandi - Vincent Legout, Gandi
Gandi.net is a cloud provider running about 10000 VMs since 2008. We recently updated our infrastructure from Xen 4.1 to Xen 4.8 and decided to move all of our platform to Xen (from a mix of Xen and KVM). This plaform uses home-made code based on Xen python bindings and xl to orchestrate VMs. This talk will present our use cases and the experience we had with Xen, the shortcomings or issues we had while upgrading our platform, what features we use, and present some new features we would like to have in Xen. For example, it will discuss how we use live patching and live migration. The talk will consider both the Xen hypervisor and its associated userspace utilities.

Speakers
VL

Vincent Legout

Engineer, Gandi
Vincent works on the Xen platform at Gandi.net.


slides pdf

Wednesday July 12, 2017 09:00 - 09:30
Grand Ballroom

09:35

Supporting TPM 2.0 In The Dynamic Root of Trust Model on OpenXT - Chris Rogers, AIS
OpenXT is a Xen-based client virtualization platform that provides a DRTM environment using the TPM, Tboot, and Intel TXT. Within the past few years, the TPM 2.0 specification has been finalized enough such that the majority of new hardware ships with a 2.0 module. Therefore, it was imperative that the OpenXT project leverage the significant improvements to security and features that TPM 2.0 provides. This presentation seeks to detail and examine the implementation challenges we faced during the course of development, including the integration of a new set of TPM tools from Intel, modifications to Tboot, 'layered' sealing, and handling the many nuances of the TPM 2.0 spec as it applies to OpenXT. It is our hope that this knowledge may contribute to the adoption of TPM 2.0 in a wider variety of security-focused projects.

Speakers
avatar for Chris Rogers

Chris Rogers

Research Software Engineer, AIS
Chris Rogers is a Research Software Engineer currently working at AIS. He has experience with multiple layers of the virtualization stack including PV driver, toolstack, kernel, and hypervisor development. He holds a BS and MS in Computer Science from Binghamton University.



Wednesday July 12, 2017 09:35 - 10:05
Valletta Conference Centre II

09:35

uniprof: Transparent Unikernel Performance Profiling and Debugging - Florian Schmidt, NEC
Unikernels are increasingly gaining traction as they provide lightweight, low-overhead, high-performance execution of applications, while keeping the high isolation guarantees of virtualization crucial to multi-tenant deployments. However, developers still lack tools to support their development, especially compared to the rich toolsets that full operating systems such as Linux or BSD provide.

In this talk, Florian will present uniprof, a unikernel profiler and performance debugger that gives developers insight into their unikernel behavior transparently, without having to instrument the unikernel itself. Uniprof works on both x86 and ARM, can profile even when frame pointers are unavailable, and can be used with visualization tools such as flame graphs. It incurs only minimal overhead (~0.1% at 100 samples/s) to the unikernel, making it ideal for profiling even on production systems.

Speakers
avatar for Florian Schmidt

Florian Schmidt

Research Scientist, NEC Europe Ltd.
Florian Schmidt is a Research Scientist at NEC Laboratories Europe. He holds a master degree and a PhD in computer science from RWTH Aachen, Germany. In the past, he has worked on networked and operating systems, as well as wireless communications. Currently, he is investigating... Read More →



Wednesday July 12, 2017 09:35 - 10:05
Grand Ballroom

10:10

Approach to Native Applications in XEN on ARM - Volodymyr Babchuk, EPAM Systems
Today XEN comes to embedded systems, where it needs to be much closer to a hardware.
In one hand hypervisor needs to mediate calls to Trusted Zone, control power,
provide drivers for coprocessors, on other hand it needs to remain as small
and as secure as possible. So natural approach is to offload all these tasks
to something else (like stubdomain or native application).

ARM platform allow hypervisor to act as a common kernel by handling system calls from userspace.

In this talk Volodymyr will describe idea of native applications, compare them
with stubdomains and share results of his Native Apps PoC.

Speakers
VB

Volodymyr Babchuk

Lead Embedded Engineer, EPAM Systems
Volodymyr Babchuk is embedded engineer from EPAM Systems Ukraine. He has over 10 years of experience in various fields of embedded engineering and now he specializes mainly in security-related topics.



Wednesday July 12, 2017 10:10 - 10:40
Grand Ballroom

10:10

PVH Dom0: The Road so Far - Roger Pau Monné, Citrix
This talk will start with an overview of the x86 PVH Dom0 architecture together with some basic information about it, in order for the audience to understand why does Xen need PVH, and even more, why does Xen need a PVH Dom0 at all.

Then it will dive into the hypervisor side implementation, in order to understand how is PVH Dom0 implemented, and in which way it interacts with the existing Xen internal interfaces and subsystems. Details about the current implementation status will also be provided, together with a roadmap of the missing bits.

Hopefully after the talk the audience should have a good understanding about what's this new PVH mode, and how is it implemented inside of Xen.

Speakers
RP

Roger Pau Monné

Citrix Systems
Roger Pau Monné is a Software Engineer at Citrix and a FreeBSD developer. He is currently mainly working PVH Dom0 support in Xen, while also maintaining Xen support in FreeBSD.



Wednesday July 12, 2017 10:10 - 10:40
Valletta Conference Centre II

10:40

Break
Wednesday July 12, 2017 10:40 - 11:10
Grand Ballroom Foyer

11:10

Product Manager or Investor: Why Virtualization? Why Xen? - Rich Persaud, BAE Systems
Ten years ago, Xen was an open-source software challenger to incumbent VMware. Today, VMware is owned by a hardware OEM, virtualization hardware extensions are widely available in modern x86 and ARM CPUs, and Xen competes for developer attention with OS-bundled hypervisors and container namespaces. This presentation offers a structured approach for developers to communicate the business benefits of Xen-based virtualization to product management and investors.

Speakers
RP

Rich Persaud

Consultant, BAE Systems
Rich Persaud has worked with Xen since 2005 and is a former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Lin... Read More →



Wednesday July 12, 2017 11:10 - 11:30
Valletta Conference Centre II

11:10

Intel Update - Jun Nakajima, Intel
Modern and future systems will use more data and compute in an unprecedented way to be more useful and effective, and the virtualization will continue to be the foundation to deploy and manage them. This means that Xen continue to meet the key requirements, such as high-performance, scalability, and security in a nonlinear fashion.

We give an overview of the existing and new hardware virtualization features that we believe help Xen achieve such objectives, and discuss how we enable such features for Xen. For performance, we include accelerators support (e.g. FPGA), RDMA, Intel Processor Trace, and Xeon Phi. For scalability, we provide a brief overview of 5-level paging, our enabling plan, and more. For security, we introduce mode-based execution control for EPT, SGX, and other new features.

Speakers
avatar for Jun Nakajima

Jun Nakajima

Senior Principal Engineer, Intel Open Source Technology Center
Jun Nakajima is a Senior Principal Engineer leading open source virtualization and cloud projects, such as Xen, KVM, and OpenStack at Intel Open Source Technology Center. Jun has been working on various virtualization projects for more than a decade. Jun presented a number of tim... Read More →



Wednesday July 12, 2017 11:10 - 11:30
Grand Ballroom

11:35

Reworking the ARM GIC Emulation - Andre Przywara, ARM
The ARM Generic Interrupt Controller (GIC) provides some level of virtualization support in hardware. This still requires emulation of the distributor part, which has to integrate with the virtualization feature. Doing this in a performing and readable way is not trivial, especially the locking strategy tends to be complicated.

While extending the existing virtual GIC support in Xen to cover support for MSIs, some issues have been discovered which ask for some significant changes in the existing code.
The presentation will briefly describe the existing VGIC design and the issues we faced when trying to extend it. Based on this the changes will be presented and how they improve and ideally simplify the code.

Speakers
AP

Andre Przywara

Developer, ARM Ltd.
Andre Przywara works in the ARM Linux kernel team in Cambridge/UK, primarily on KVM and Xen, but also on other parts of the Linux kernel. Recent work included extending the virtualization support for the ARM interrupt controller in both KVM and Xen. Before joining ARM Andre spent... Read More →



Wednesday July 12, 2017 11:35 - 11:55
Valletta Conference Centre II

11:35

Intel New QoS (RDT) Features Introduction - Yi Sun, Intel
Accompanying with Cloud Services extension, more and more applications/VMs work on a single platform concurrently. This causes serious contention to shared resources (e.g. LLC, L2 Cache, Memory Bandwidth). Because of that, Intel introduces QoS (named as RDT, Resource Director Technology, now) features to monitor and control the usage of these shared resources. So far, Intel has enabled CMT/MBM for monitoring and L3 CAT/CDP for controlling on Xen. Based on successful applications of these features and new requirements from industry, Intel introduces new shared resource controlling features (e.g. L2 CAT and MBA) in its latest chips to provide ways to configure and control the usage of cache and memory bandwidth. To make more users get these features and enjoy the performance improvement, Intel is trying to push these features into Xen. The original codes of QoS only focus on implementing L3 CAT and CDP so that the extendability is not good. To make codes be more flexible, we refactor the codes to generate an extendable infrastructure so that it would be easy to add a new feature. This presentation will introduce above things in details to make the audience be clear about what QoS features are, how we design and implement them on Xen and the benefits users can get.

Speakers
YS

Yi Sun

Software Engineer, Intel
Yi joined Intel in 2013. He worked on developing mobile storage drivers (emmc/sd/sdio drivers), Security domain to lead critical bug fix and new features development on Android. In June 2016, he transferred internally to join VMM Enabling team to develop features (New Instruction... Read More →



Wednesday July 12, 2017 11:35 - 11:55
Grand Ballroom

11:55

Xen Challenges in the ARM ITS Emulation - Andre Przywara, ARM
For being able to use MSIs on ARM systems in Xen domains we need to emulate the ARM GICv3 ITS controller. Its design is centered around a command queue located in normal system memory.

Emulating this in the Xen hypervisor brings some interesting challenges, ranging from safely accessing the guest memory and dealing with possible propagation of commands, to possible DOS attacks by domains keeping the emulation code busy.

The presentation outlines the main problems and how we hit Xen limits in emulating this correctly and efficiently. Also it presents our temporary workarounds and their drawbacks.

Speakers
AP

Andre Przywara

Developer, ARM Ltd.
Andre Przywara works in the ARM Linux kernel team in Cambridge/UK, primarily on KVM and Xen, but also on other parts of the Linux kernel. Recent work included extending the virtualization support for the ARM interrupt controller in both KVM and Xen. Before joining ARM Andre spent... Read More →



Wednesday July 12, 2017 11:55 - 12:15
Valletta Conference Centre II

11:55

Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.

Speakers
KH

Kai Huang

Software Engineer, Intel Corporation
This is Kai Huang from Intel OTC. I have been working on low level system software (Linux device driver, Solaris PCIE/DMA framework, KVM & Xen hypervisor) for 8 years since I graduated from university. My current role is software engineer at Intel OTC's VMM enabling team and my main responsibility is to enable new virtualization hardware features of Intel's new platforms for both KVM... Read More →



Wednesday July 12, 2017 11:55 - 12:15
Grand Ballroom

12:20

Xen Test Lab: The Installation and Our Plans - Ian Jackson, Citrix
The Xen Project uses a bespoke Continuous Integration system, osstest. This system has a number of unique architectural features that make it flexible and powerful. In this talk, I'll take you through some of these, such as: the distributed job scheduler; the standalone vs. infrastructure abstraction; and some of the more advanced command-line interfaces useful in infrastructure installations.

Speakers
avatar for Ian Jackson

Ian Jackson

Citrix
Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →


slides pdf
talk txt

Wednesday July 12, 2017 12:20 - 12:40
Valletta Conference Centre II

12:20

5 Level Paging Support in Xen - Yu Zhang, Intel
Existing Intel processors limit the linear address width to 48 bits, hence the maximum linear address space is 256TiB bytes. Intel's upcoming processor will overcome this limitation by introducing a new paging mode in IA-32e - 5-level paging, which will extend the linear address width to 57 bits and translate linear addresses by traversing a 5-level paging structure.

Also, existing Intel processors limit physical addresses width to 46 bits. That limit applies also to guest-physical addresses. With 5-level paging, the physical address width will be extended to 52 bit. To support VMs with 5 level paging feature, a new EPT mode will be introduced - 5-level EPT. As its name suggests, it will translate guest-physical addresses by traversing a 5-level hierarchy of EPT paging structures.

In this session, Yu will give a introduction of this new feature, and some high level design options to support 5-level paging in Xen.

Speakers
YZ

Yu Zhang

Intel
Yu is a virtualization developer from Intel China. Joined Intel open source technology center in 2013, Yu participated in the iGVT-g and iGVT-d projects and currently is devoted to the new feature enabling in Xen/KVM for Intel's next generation CPU. Before joining Intel, Yu had b... Read More →



Wednesday July 12, 2017 12:20 - 12:40
Grand Ballroom

12:40

osstest: View Inside a Unique Test Automaton - Ian Jackson, Citrix
The Xen Project uses a bespoke Continuous Integration system, osstest. This system has a number of unique architectural features that make it flexible and powerful. In this talk, I'll take you through some of these, such as: the distributed job scheduler; the standalone vs. infrastructure abstraction; and some of the more advanced command-line interfaces useful in infrastructure installations.

Speakers
avatar for Ian Jackson

Ian Jackson

Citrix
Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →


slides pdf
talk txt

Wednesday July 12, 2017 12:40 - 13:00
Valletta Conference Centre II

12:40

Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu, Intel
Shared Virtual Memory (SVM) is a VT-d feature that allows sharing application address space with the I/O device. The feature works with the PCI sig Process Address Space ID (PASID). With SVM, programmer gets a consistent view of memory across host application and device, avoids pining or copying overheads. We have been working on supporting SVM in Xen to enable SVM usage in guest if a SVM capable device is assigned. e.g. assign IGD to a guest, applications like OpenCL would benefit if SVM is supported in guest. SVM virtualization requires exposing a virtual VT-d to guest. In this discussion, Yi would update the latest SVM virtualization implementation and foresee the future work about supporting SVM and IOVA a single virtual VT-d.

Speakers
avatar for Yi Liu

Yi Liu

Software Engineer, Intel Corp
Yi is a virtualization software engineer from Intel OTC. He works on Intel virtualization feature enabling on Xen/KVM. Prior to this position, he works on UEFI development for 3 years.



Wednesday July 12, 2017 12:40 - 13:00
Grand Ballroom

13:00

Lunch
Wednesday July 12, 2017 13:00 - 14:00
Brasserie Restaurant

14:00

14:30

Design Session: Default Tests and Configuration of Server and Edge Hypervisors
Virtualization increasingly depends on hardware support, while hardware diversity continues to increase. At present, common feature configurations are tested and given first-class support. Other configurations imply expert mode and private testing. Derivative projects also carry patches that may not be acceptable to upstream Xen, but are common to edge (client, embedded) use cases. Can downstream projects contribute test capacity for non-server configurations of Xen?

These test cases are relevant to OpenXT:

  • Xen feature subsets (Kconfig)
  • GPU passthrough/virtualization with local display: Linux, Windows (USB video capture)
  • Measured Launch (Intel TXT, AMD SVM, TPM 1.2, TPM 2.0)
  • Inter-VM communication: libvchan, V4V
  • Stub domains: Mini-OS, Linux
  • Driver domains: network, USB

Speakers
RP

Rich Persaud

Consultant, BAE Systems
Rich Persaud has worked with Xen since 2005 and is a former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Lin... Read More →


Wednesday July 12, 2017 14:30 - 15:15
Krúdy/Arany

14:30

Design Discussion: Intel Features 1 - RDT & SGX Features - Yi Sun & Kai Huang, Intel
This session has two parts: if we need more time, the session will continue in Intel Features 2

Part 1: Design Discussion: Intel New QoS (RDT) Features - Yi Sun
Accompanying with Cloud Services extension, more and more applications/VMs work on a single platform concurrently. This causes serious contention to shared resources (e.g. LLC, L2 Cache, Memory Bandwidth). Because of that, Intel introduces QoS (named as RDT, Resource Director Technology, now) features to monitor and control the usage of these shared resources. So far, Intel has enabled CMT/MBM for monitoring and L3 CAT/CDP for controlling on Xen. Based on successful applications of these features and new requirements from industry, Intel introduces new shared resource controlling features (e.g. L2 CAT and MBA) in its latest chips to provide ways to configure and control the usage of cache and memory bandwidth. To make more users get these features and enjoy the performance improvement, Intel is trying to push these features into Xen. The original codes of QoS only focus on implementing L3 CAT and CDP so that the extendability is not good. To make codes be more flexible, we refactor the codes to generate an extendable infrastructure so that it would be easy to add a new feature. In this discussion session, I would like to discuss the new infrastructure, RDT features points, how to handle socket offline/online, how to handle domains schedule and other technical points.

Part 2: Design Discussion: SGX virtualization - Kai Huang
Intel Software Guard Extensions (SGX) is a set of new instructions and memory access mechanism targeting to protect user-level software from being attacked. It achieves this by using particular address range of 'enclave' in user-level application, and content of enclave cannot be accessed directly by any software from outside, including privileged software. Enclave Page Cache (EPC) is the hardware resource used to commit to enclave. EPC is limited resource typically reserved by BIOS. SGX also supports Launch Control which allows 3rd party to run their own Launch Enclave, which governs other enclaves to run. SGX virtualization on Xen including exposing SGX to guest, EPC management, Launch Control virtualization, SGX interaction with VMX handling, etc. This design discussion is about to go through the SGX virtualization design with maintainers & other developers, including problems, design options, detailed technical discussion, etc, to make further Xen SGX integration go more smoothly.

Speakers
KH

Kai Huang

Software Engineer, Intel Corporation
This is Kai Huang from Intel OTC. I have been working on low level system software (Linux device driver, Solaris PCIE/DMA framework, KVM & Xen hypervisor) for 8 years since I graduated from university. My current role is software engineer at Intel OTC's VMM enabling team and my main responsibility is to enable new virtualization hardware features of Intel's new platforms for both KVM... Read More →
YS

Yi Sun

Software Engineer, Intel
Yi joined Intel in 2013. He worked on developing mobile storage drivers (emmc/sd/sdio drivers), Security domain to lead critical bug fix and new features development on Android. In June 2016, he transferred internally to join VMM Enabling team to develop features (New Instruction... Read More →


Wednesday July 12, 2017 14:30 - 15:15
Valletta Conference Centre II

14:30

Unikernel Support for NFV-like Applications on Xen ARM 64bit - Anastassios Nanos & Julian Chesterfield, OnApp
64bit ARM-based SoC devices offer a compelling alternative as embedded, low power edge devices to their traditional x86 counterparts. There are some limitations, however, that have attracted the attention of the virtualisation community including improving multi-tenancy support and providing isolation. We propose to lead a discussion around the status and future design considerations of MiniOS on aarch64 in order to fully exploit the low footprint of unikernels towards NFV-type workloads as Reusable Function Blocks (RFBs) that are promoted in the H2020 SUPERFLUIDITY project. Additionally we would like to discuss the relevant benefits of the miniOS approach vs Native App execution in EL0 on ARM.

Speakers
JC

Julian Chesterfield

Chief Scientific Officer, OnApp
Dr. Julian Chesterfield is the Chief Scientific Officer at OnApp, and leads the Emerging Technologies R&D team. He studied Computer Science at University College London (MSc) and went on to complete a PhD in Computer Science at Cambridge University. Julian was formerly an early m... Read More →
AN

Anastassios Nanos

Systems Engineer, OnApp
Anastassios Nanos received his Ph.D. in Computer Engineering at the National Technical University of Athens (NTUA), Greece in 2013. His research interests include system-level support for heterogeneous platforms, I/O Virtualization, systems software for high-performance I/O in vi... Read More →


Wednesday July 12, 2017 14:30 - 15:15
Mikszáth/Petöfi

14:30

Design Session
Wednesday July 12, 2017 14:30 - 15:15
Tas

14:30

14:30

15:20

Design Discussion: Intel Features 2 - SGX & SVM - Kai Huang & Yi Liu, Intel
This session has two parts: if we need more time, the session will continue in Intel Features 3 on the following day

Part 1: Design Discussion: SGX virtualization - Kai Huang
Intel Software Guard Extensions (SGX) is a set of new instructions and memory access mechanism targeting to protect user-level software from being attacked. It achieves this by using particular address range of 'enclave' in user-level application, and content of enclave cannot be accessed directly by any software from outside, including privileged software. Enclave Page Cache (EPC) is the hardware resource used to commit to enclave. EPC is limited resource typically reserved by BIOS. SGX also supports Launch Control which allows 3rd party to run their own Launch Enclave, which governs other enclaves to run. SGX virtualization on Xen including exposing SGX to guest, EPC management, Launch Control virtualization, SGX interaction with VMX handling, etc. This design discussion is about to go through the SGX virtualization design with maintainers & other developers, including problems, design options, detailed technical discussion, etc, to make further Xen SGX integration go more smoothly.

Part2: Design Discussion: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu
Shared Virtual Memory (SVM) is a VT-d feature that allows sharing application address space with the I/O device. The feature works with the PCI sig Process Address Space ID (PASID). With SVM, programmer gets a consistent view of memory across host application and device, avoids pining or copying overheads. We have been working on supporting SVM in Xen to enable SVM usage in guest if a SVM capable device is assigned. e.g. assign IGD to a guest, applications like OpenCL would benefit if SVM is supported in guest. SVM virtualization requires exposing a virtual VT-d to guest. In this discussion, Yi would update the latest SVM virtualization implementation and foresee the future work about supporting SVM and IOVA a single virtual VT-d on Xen.

Speakers
KH

Kai Huang

Software Engineer, Intel Corporation
This is Kai Huang from Intel OTC. I have been working on low level system software (Linux device driver, Solaris PCIE/DMA framework, KVM & Xen hypervisor) for 8 years since I graduated from university. My current role is software engineer at Intel OTC's VMM enabling team and my main responsibility is to enable new virtualization hardware features of Intel's new platforms for both KVM... Read More →
avatar for Yi Liu

Yi Liu

Software Engineer, Intel Corp
Yi is a virtualization software engineer from Intel OTC. He works on Intel virtualization feature enabling on Xen/KVM. Prior to this position, he works on UEFI development for 3 years.



Wednesday July 12, 2017 15:20 - 16:05
Valletta Conference Centre II

15:20

Zerocopy on Xen PV Drivers - João Martins & Ankur Arora, Oracle
Xen Paravirtualized devices are knowingly bound to the efficiency of grant operations or more specifically, limited foreign memory visibility -- as is generally expected from Type-1 hypervisors.

However, in most cases, the “Dom0 can do everything” model is no different from the alternatives -- Type-2 hypervisors -- where I/O backends often have access to guest frames (e.g. KVM vhost). On Xen, avoiding grant references for PV drivers means resorting to copying and recycling already mapped grants. We can gain some of this performance back by relaxing certain security restrictions, such as the ignoring guest authorization for guest page frame numbers; this is in lieu of hypervisor mediated view of the guest from the backend domain. The intent of this session is to discuss/propose this mechanism in a way that is transparent to guests while employing mechanisms to restrict what backends should map.

Speakers
AA

Ankur Arora

Principal Software Engineer, Oracle Corporation
Ankur is a Principal Software Engineer at Oracle working on x86 virtualization. In prior lives, he's worked on proprietary highly parallel HW for Oracle, on non-volatile memory based storage devices, and oddly enough, a proprietary Remus.
JM

João Martins

Principal Software Engineer, Oracle Corporation
João is a Principal Software Engineer at Oracle working on the x86 virtualization group. His work includes networking performance on guests and improving Xen's control stack, among others. Prior to Oracle, he did research on specialized guests in the context of network middleboxe... Read More →



Wednesday July 12, 2017 15:20 - 16:05
Mikszáth/Petöfi

15:20

Design Session: The Future of Xen Toolstacks for Server and Edge Use Cases & Common re-usable building blocks (build systems + MiniOS + other)
Many Xen toolstacks have come and gone. Libxenlight was created to provide a common base layer upon which higher-level toolstacks could be built. What is the roadmap for libxenlight to meet the needs of servers, local/enterprise managed clients, OTA update for embedded and mobile devices, unikernels, containers and automated testing? Can we reduce duplication among libvirt, xapi (Ocaml), xenrt (Python) and OpenXT (Haskell) toolstacks? Can Xen management tools compete with DevOps expectations set by the fast-moving container ecosystem?

Speakers
RP

Rich Persaud

Consultant, BAE Systems
Rich Persaud has worked with Xen since 2005 and is a former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Lin... Read More →


Wednesday July 12, 2017 15:20 - 16:05
Grand Ballroom

15:20

15:20

Design Session
Wednesday July 12, 2017 15:20 - 16:05
Tas

15:20

16:05

Break
Wednesday July 12, 2017 16:05 - 16:35
Grand Ballroom Foyer

16:35

Design Discussion: Support for 5-level paging (including support for PV-guests) - Yu Zhang, Intel & Jürgen Groß, SUSE
This session has two parts: if we need more time, we can continue on the next day.

Part 1: Yu Zhang
In this session, Yu will present the audience the current design to support 5 level paging in Xen hypervisor and to support VMs with this new paging mode on Intel's next generation CPU. Hopefully, will get suggestions from community maintainers.

Part 2: Jürgen Groß
Currently Intel is pushing patches to the Linux kernel for support of 5-level paging. This will expand the virtual address space from currently 16TB to 8PB (factor of 512). While supporting 5-level paging in the hypervisor isn't questioned the support for pv-guests has its pros and cons. Especially the pv memory management interface of Xen isn't the best loved interface in the kernel, so expanding it should be done with care, especially considering pvh guests as a replacement for pv.

This session is meant to come to a conclusion what to do about 5-level paging and pv guests.

Speakers
JG

Jürgen Groß

Kernel Virtualization Engineer, SUSE
Jürgen started operating system work in 1989. He has experience in multiple OS's including some UNIX flavors on many different processors (MIPS, SPARC, Itanium, x86) where he did virtualization related work. His first contact with Xen was in 2008 when he enabled the Xen hypervisor on Itanium to run BS2000 (a mainframe OS) as a guest system. Now... Read More →
YZ

Yu Zhang

Intel
Yu is a virtualization developer from Intel China. Joined Intel open source technology center in 2013, Yu participated in the iGVT-g and iGVT-d projects and currently is devoted to the new feature enabling in Xen/KVM for Intel's next generation CPU. Before joining Intel, Yu had b... Read More →



Wednesday July 12, 2017 16:35 - 17:35
Valletta Conference Centre II

16:35

16:35

Design Session
Wednesday July 12, 2017 16:35 - 17:35
Tas

16:35

16:35

Design Session: Scheduling for coprocessors & Xen ARM Wishlist
Speakers
VB

Volodymyr Babchuk

Lead Embedded Engineer, EPAM Systems
Volodymyr Babchuk is embedded engineer from EPAM Systems Ukraine. He has over 10 years of experience in various fields of embedded engineering and now he specializes mainly in security-related topics.
avatar for Julien Grall

Julien Grall

Software Engineer, ARM
Julien Grall is a Senior Software Engineer at ARM, working on open source virtualization. He has been working on Xen since 2012, initially focusing on Xen x86 and then on support for ARM architecture. He is currently a maintainer of Xen ARM.


Wednesday July 12, 2017 16:35 - 17:35
Mikszáth/Petöfi
 
Thursday, July 13
 

08:00

09:00

Keynote: Towards a Configurable and Slimmer x86 Hypervisor - Wei Liu, Citrix
The classic PV interface has given Xen a head start in the cloud computing era. However, with the advance of hardware technology, its usage has be declining significantly. The complexity of PV ABI has been a source of security bugs and friction between Xen and other communities.

This talk tries to lay out a plan to make x86 Xen configurable to support different guests types, and then move the PV ABI to a PVH container so that it is possible to support PV workload in a more secure manner.

slides pdf

Thursday July 13, 2017 09:00 - 09:30
Grand Ballroom

09:35

Keynote: Secure Containers with Xen and CoreOS rkt - Stefano Stabellini, Aporeto
Aporeto's efforts in securing containers using Xen-based virtualization technologies are moving forward. After PVCalls, a new approach to virtual machine networking, we introduced a Xen transport for 9pfs. Exporting a filesystem from host to guest is an essential requirement for many containers engines. Together, the two protocols lay the foundation for VM-based containers.

This talk will introduce the new Xen 9pfs protocol. It will explain its design and performance. The presentation will describe the best way to integrate Xen into container engines. It will discuss the challenges of introducing Xen support into CoreOS rkt, and provide an update on the upstreaming effort. It also will demonstrate rkt deploying cloud-native apps seamlessly as virtual machines on Xen, and detail the benefits of this approach and the differences with traditional containers deployments.

Speakers
SS

Stefano Stabellini

Virtualization Expert, Aporeto
Stefano Stabellini serves as virtualization expert and Linux kernel lead at Aporeto, a VC funded early stage start-up in the Bay Area. Previously, as Senior Principal Software Engineer in Citrix, he led a small group of passionate engineers working on Open Source projects. Stefan... Read More →



Thursday July 13, 2017 09:35 - 10:05
Grand Ballroom

10:10

Bring up PCI Passthrough on ARM - Julien Grall, ARM
Device passthrough allows the user to give control of physical devices (NIC, graphic card, etc) to a virtual machine, giving it full and direct access to the device. This has several potential uses, including avoiding overhead of the device para-virtualization and being able to run unmodified guest on Xen on ARM.

Whilst PCI passthrough is already something well established on Xen, ARM support will require some fundamental changes due to architectural differences. For instance, the MSI doorbell will be translated by the IOMMU.

During this session, we will look at the state of PCI passthrough on x86. Then, we will describe the interactions of the components (PCI Root controller, interrupt controller and IOMMU) required for the use of PCI on an ARM system.

With this background, we will round out the discussion with the proposed approach for implementing PCI passthrough on ARM.

Speakers
avatar for Julien Grall

Julien Grall

Software Engineer, ARM
Julien Grall is a Senior Software Engineer at ARM, working on open source virtualization. He has been working on Xen since 2012, initially focusing on Xen x86 and then on support for ARM architecture. He is currently a maintainer of Xen ARM.


slides pdf

Thursday July 13, 2017 10:10 - 10:40
Grand Ballroom

10:10

How to Abstract Hardware Acceleration Device in Cloud Environment - Maciej Grochowski, Intel
Intel® QuickAssist Technology (QAT) offers acceleration for the compute-intensive workloads of cryptography and compression. It supports Single Root I/O Virtualization (SR-IOV), which allows a single physical device to be shared by multiple guests. To better support fair sharing of capacity in a multi-tenant environment, Intel supports the concept of service level agreements. The service level is expressed using the abstraction of “acceleration units”. In this talk we will explain why we chose to define such an abstraction, and why specifying the capacity using raw throughput or operation rate alone is insufficient for accelerators – in brief, because the capacity is so heavily dependent on factors such as algorithm, direction (encrypt/sign/compress vs. decrypt/verify/decompress), key size, request size, compression level, etc. We go on to describe how such SLAs can be used to ensure that guests can be guaranteed some minimum acceleration capacity, and/or limited to some maximum. Finally, we describe use cases where this might be useful, such as when offering “acceleration as a service” in a cloud or Network Functions Virtualization (NFV) environment.

Speakers
MG

Maciej Grochowski

Software Engineer, Intel
Maciej Grochowski is a software engineer at Intel Corporation, working for Data Center Group. He has wide technology background from small embedded systems, through driver development to user applications stacks and low latency applications. Currently focused on acceleration of c... Read More →



Thursday July 13, 2017 10:10 - 10:40
Valletta Conference Centre II

10:50

Break
Thursday July 13, 2017 10:50 - 11:20
Grand Ballroom Foyer

11:20

PL011 UART Emulation in Xen on ARM - Bhupinder Thakur, Qualcomm Datacenter Technologies, Inc.
Linaro has published VM System specification for ARM Processors, which
provides a set of guidelines for both guest OS and hypervisor implementations,
such that building OS images according to these guidelines guarantees
that those images can also run on hypervisors compliant with this specification.

One of the spec requirements is that the hypervisor must provide an
emulated PL011 UART as a serial console which meets the minimum requirements in SBSA UART as defined in ARM Server Base Architecture Document. In this presentation, Bhupinder Thakur will cover the motivation behind VM System spec requirements and the work done for adding support of PL011 emulation in Xen.

Speakers
BT

Bhupinder Thakur

Engineer, Qualcomm Datacenter Technologies, Inc.
Bhupinder Thakur is a Principal Engineer at Qualcomm, working as a Linaro assignee in the virtualization group since September 2016. He is working on implementing the VM system specification requirements for ARM published by Linaro.



Thursday July 13, 2017 11:20 - 11:50
Valletta Conference Centre II

11:20

Xen Test Framework: Testing, From a Guest's Perspective - Andrew Cooper, Citrix
Sensible testing of hypervisor behaviour is a complicated task. Checking whether guest OSes boot and install properly is certainly useful, but this only covers a fraction of the guest/hypervisor interfaces. x86 in particular has large quantities of architecture which isn't used by any modern OS.

Unit testing on the other hand would be a great, if unit testing a kernel were a plausible task in general. XTF takes an alternative approach, and allows for component level testing from a unikernel-like perspective.

It is amazing what you find from this viewpoint.

Speakers
AC

Andrew Cooper

Senior Software Engineer, Citrix XenServer
Andrew is a senior software engineer working in the Ring0 team for Citrix XenServer. Upstream, he is x86 hypervisor maintainer, committer, and a member of the Xen security team.


xtf pdf

Thursday July 13, 2017 11:20 - 11:50
Grand Ballroom

11:55

Hypervisor-Based Security: Bringing Virtualized Exceptions Into the Game - Mihai Dontu, Bitdefender
With this presentation, Mihai Donțu will cover the current status of #VE support in Xen, how Bitdefender plans to use it to improve the performance of its Hypervisor Introspection (HVI) solution, and the changes Bitdefender is working on mainlining in the hope that they will find their way into all major Xen deployments. The aim is to make VMI an even more appealing security option for customers running workloads on supporting Intel hardware.

Speakers
avatar for Mihai Donțu

Mihai Donțu

Technical Project Manager, Bitdefender
Mihai Dontu is the technical project manager of the Linux development team within Bitdefender and is currently involved in integrating their memory introspection technology in Xen.



Thursday July 13, 2017 11:55 - 12:25
Grand Ballroom

11:55

Xen Schedulers and Their Impact on Interrupt Latency - Stefano Stabellini, Aporeto & Dario Faggioli, Citrix
The Xen hypervisor is a great fit for embedded, automotive and avionics, thanks to its lean architecture, small code base (even smaller on ARM), flexibility and security. Low interrupt latency is an essential requirement for many embedded use cases. Unavoidably, virtualization increases interrupt latency, but different Xen configurations lead to very different results.

This talk will explain how to achieve minimal interrupt latency. It will cover how scheduling interacts with interrupt delivery in Xen. It will introduce the new Xen "null" scheduler, designed for maximum determinism and minimum overhead on embedded platforms. Findings will be corroborated by showing interrupt latency numbers taken on Xen on ARM in various configurations, such as vCPU pinning, Credit 1 and 2, and null schedulers.

Speakers
avatar for Dario Faggioli

Dario Faggioli

Ph.D, Senior Software Engineer, Citrix
Dario's first contact with Open Source was with the Linux kernel community, during his Ph.D. He is now employed by Citrix, and works full time on the Xen Project. His focus is on scheduling, his range of action is from deep down inside the hypervisor, up to toolstack and command... Read More →
SS

Stefano Stabellini

Virtualization Expert, Aporeto
Stefano Stabellini serves as virtualization expert and Linux kernel lead at Aporeto, a VC funded early stage start-up in the Bay Area. Previously, as Senior Principal Software Engineer in Citrix, he led a small group of passionate engineers working on Open Source projects. Stefan... Read More →



Thursday July 13, 2017 11:55 - 12:25
Valletta Conference Centre II

12:30

Xen-lite for ARM: Adapting Xen for a Samsung Exynos MicroServer with Hybrid FPGA IO Acceleration - Julian Chesterfield, OnApp
Emerging ARM-based microserver architectures such as the Kaleao KMAX platform offer power efficiency and much greater core density with increasing use of centralised shared IO resources across non cache-coherent processors. Their combined core energy efficiency, the increased parity in performance with power-efficient x86 platforms and the wider support for the ARM ecosystem makes them suitable candidates for replacing x86 equipment at edge sites. However the reduction in individual processor and memory capacity present new challenges in system software design.

Our talk discusses some hardware architecture trends behind emerging technology platforms, such as the KMAX system, and describes the unique challenges involved in building an efficient clustered hypervisor stack with centralised IO resources based on xen, as well as the rationale behind the design decisions and the tradeoffs.

Speakers
JC

Julian Chesterfield

Chief Scientific Officer, OnApp
Dr. Julian Chesterfield is the Chief Scientific Officer at OnApp, and leads the Emerging Technologies R&D team. He studied Computer Science at University College London (MSc) and went on to complete a PhD in Computer Science at Cambridge University. Julian was formerly an early m... Read More →



Thursday July 13, 2017 12:30 - 13:00
Grand Ballroom

12:30

Using American Fuzzy Lop on the x86 Instruction Emulator - George Dunlap, Citrix
Americal Fuzzy Lop (AFL) is a fuzzer that uses code coverage and genetic algorithms to automatically find "interesting" inputs: in particular, inputs which will crash your code. Andrew Cooper hooked it up Xen's x86 instruction decoder to AFL and within an hour it found a bug which had been introduced in the 4.8 development window. I extended that work to test the full emulator, and with a few days of tweaking and iterating, AFL had produced over 6,000 unique test cases which gave us nearly 97% code coverage.

This talk will give an overview of our experience with AFL, to help give you a better understanding of the usefulness of this new tool.

Speakers
avatar for George Dunlap

George Dunlap

Principal Software Engineer, Citrix
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006. He is currently working as Principal Software Engineer for Citrix on the open-source Xen team in Cambridge, England. He has done work in many areas... Read More →



Thursday July 13, 2017 12:30 - 13:00
Valletta Conference Centre II

13:00

Lunch
Thursday July 13, 2017 13:00 - 14:00
Brasserie Restaurant

14:00

14:30

PCI Passthrough on ARM
Speakers
avatar for Julien Grall

Julien Grall

Software Engineer, ARM
Julien Grall is a Senior Software Engineer at ARM, working on open source virtualization. He has been working on Xen since 2012, initially focusing on Xen x86 and then on support for ARM architecture. He is currently a maintainer of Xen ARM.



Thursday July 13, 2017 14:30 - 15:15
Mikszáth/Petöfi

14:30

Fuzzing Xen Hypervisor - Wei Liu, Citrix & Felix Schmoll, Jacobs University
The upstream community has been using American Fuzzy Lop on x86 instruction emulators and achieve good results. I've been working with Felix Schmoll on a Google Summer of Code project to design a system to fuzz the whole hypervisor. We will report the progress and
discoveries. And then present a preliminary architecture for efficiently fuzzing the hypervisor.

We hope to gather feedback from the community and see if there is interest in collaborating on this project.

Speakers
WL

Wei Liu

Software Engineer, Citrix
Wei Liu has been working on Xen since 2012. He has worked on variousparts of the Xen hypervisor project and other perperal projects likeLinux kernel, FreeBSD kernel and QEMU. He worked as Release Managerfor Xen 4.6, 4.7 and 4.8 releases. He is now a Xen hypervisor projectcommitte... Read More →
FS

Felix Schmoll

Jacobs University
TBD


Thursday July 13, 2017 14:30 - 15:15
Valletta Conference Centre II

14:30

14:30

14:30

15:20

Design Session: Hardware Errata Workarounds - Who should create them? - Jan Beulich, Suse & Improvements to in-hypervisor emulation - Andrew Cooper, Citrix
Some errata are being worked around by microcode updates. In other cases as well as when such aren't immediately available (or aren't being put in place), software workarounds are often possible. However, the description of the errata and their conditions is often quite terse, putting non-vendor community members in a rather bad position to create such workarounds.

This raises the question as who should create them and whether there are better models to deal with errara than those we use today.

Emulation is a necessary part virtualisation; while x86_emulate() has been most-okay thus far, VM Introspection has more complicated requirements, and several problems have surfaced. There are issues to do with ordering of introspection requests with respect to register writeback, duplication of logic between the instruction emulator and vmexit intercepts (the former of which bypasses introspection hooks), and the processing of interrupt injection on the return-to-guest path. Another issue is that introspection only functions at all because p2m permissions are ignored.

Speakers
JB

Jan Beulich

SUSE
Jan Beulich is a Software Engineering Consultant at Suse, who is also a Xen Project Hypervisor committer and maintainer.
AC

Andrew Cooper

Senior Software Engineer, Citrix XenServer
Andrew is a senior software engineer working in the Ring0 team for Citrix XenServer. Upstream, he is x86 hypervisor maintainer, committer, and a member of the Xen security team.


Thursday July 13, 2017 15:20 - 16:05
Mikszáth/Petöfi

15:20

Open Session: Testing & CI Process and Workflow Improvements, x86/ARM/Embedded Testing, etc. - Does what we do today work? - Julien Grall, ARM & Ian Jackson, Citrix & Wei Liu, Citrix
This is an open session to discuss various testing related topics, such as:
a) Testing Process and OSSTEST
b) Testing Improvements
c) ARM/x86/Embedded Testing
e) Other improvements to CI workflow

The basic goal is to establish what works well, what doesn't work well, what and how we can improve.

Moderators
avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →

Speakers
avatar for Julien Grall

Julien Grall

Software Engineer, ARM
Julien Grall is a Senior Software Engineer at ARM, working on open source virtualization. He has been working on Xen since 2012, initially focusing on Xen x86 and then on support for ARM architecture. He is currently a maintainer of Xen ARM.
avatar for Ian Jackson

Ian Jackson

Citrix
Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →
WL

Wei Liu

Software Engineer, Citrix
Wei Liu has been working on Xen since 2012. He has worked on variousparts of the Xen hypervisor project and other perperal projects likeLinux kernel, FreeBSD kernel and QEMU. He worked as Release Managerfor Xen 4.6, 4.7 and 4.8 releases. He is now a Xen hypervisor projectcommitte... Read More →


Thursday July 13, 2017 15:20 - 16:05
Valletta Conference Centre II

15:20

15:20

15:20

15:20

Design Session
Speakers
RP

Rich Persaud

Consultant, BAE Systems
Rich Persaud has worked with Xen since 2005 and is a former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Lin... Read More →


Thursday July 13, 2017 15:20 - 16:05
Mikszáth/Petöfi

15:20

16:05

Break
Thursday July 13, 2017 16:05 - 16:35
Grand Ballroom Foyer

16:35

Design Session: Loose ends for becoming a CNA (CVE Numbering Authorities) and other Security Team Operational Questions - Ian Jackson, Citrix & Lars Kurth, Citrix
The Xen Project has in-principle agreement to become a CVE Numbering Authority. However to do this, we need to define the scope of the CNA. A number of have worked on this, but we need some community inout.

Consolidate Security Coverage Documents
Consolidate security coverage documents where possible (we have a proposal). Specifically
  • Review the proposal (currently in a google doc - export attached) 
  • Review the scope (currently in a google doc) - this may involve clarifying the supported status of some components 

Once we have agreement, we basically just need to document the outcome, publish it and get the process started.

Other Operational Issues


Possible/Proposed Process Changes?

  • Bundling of issues / once every other week or monthly XSA publication?
  • Include maintainers on pre-disclosure when affected and not on security team 

Moderators
avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →

Speakers
avatar for Ian Jackson

Ian Jackson

Citrix
Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →



Thursday July 13, 2017 16:35 - 17:35
Valletta Conference Centre II

16:35

Credit2 Scheduler: Are We There Yet? - Dario Faggioli, Citrix
The current Xen scheduler, Credit, will be replaced by Credit2. The question is no longer "if it will happen", it's "when will it happen?". In fact, Credit was developed in 'previous era', both of scheduling and of computing, it grew hacks over hacks, and code has become very hard to understand and maintain. Credit2 is much more clean, flexible and easy to do development on (for improving performance, adding features, etc).

The Credit2 design goals, characteristics and current status will be covered in this session. But the main goal of the session itself would be talking about the challenges we are facing for answering the "when" question. That is, how can we ensure a smooth transition to a new default scheduler (e.g., without introducing performance problems and regressions)? What has been done so far, what still needs to be done and how can you help?

Speakers
avatar for Dario Faggioli

Dario Faggioli

Ph.D, Senior Software Engineer, Citrix
Dario's first contact with Open Source was with the Linux kernel community, during his Ph.D. He is now employed by Citrix, and works full time on the Xen Project. His focus is on scheduling, his range of action is from deep down inside the hypervisor, up to toolstack and command... Read More →


Thursday July 13, 2017 16:35 - 17:35
Mikszáth/Petöfi

16:35

16:35

16:35

16:35