DOCSLIB.ORG

KVM/ARM: Experiences Building the Linux ARM Hypervisor

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
KVM/ARM: Experiences Building the Linux ARM Hypervisor KVM/ARM: Experiences Building the Linux ARM Hypervisor Christoffer Dall and Jason Nieh fcdall, [email protected] Department of Computer Science, Columbia University Technical Report CUCS-010-13 April 2013 Abstract ization. To address this problem, ARM has introduced hardware virtualization extensions in the newest ARM As ARM CPUs become increasingly common in mo- CPU architectures. ARM has benefited from the hind- bile devices and servers, there is a growing demand sight of x86 in its design. For example, nested page for providing the benefits of virtualization for ARM- tables, not part of the original x86 virtualization hard- based devices. We present our experiences building the ware, are standard in ARM. However, there are impor- Linux ARM hypervisor, KVM/ARM, the first full sys- tant differences between ARM and x86 virtualization ex- tem ARM virtualization solution that can run unmodified tensions such that x86 hypervisor designs may not be guest operating systems on ARM multicore hardware. directly amenable to ARM. These differences may also KVM/ARM introduces split-mode virtualization, allow- impact hypervisor performance, especially for multicore ing a hypervisor to split its execution across CPU modes systems, but have not been evaluated with real hardware. to take advantage of CPU mode-specific features. This allows KVM/ARM to leverage Linux kernel services and We describe our experiences building KVM/ARM, functionality to simplify hypervisor development and the ARM hypervisor in the mainline Linux kernel. maintainability while utilizing recent ARM hardware KVM/ARM is the first hypervisor to leverage ARM virtualization extensions to run application workloads in hardware virtualization support to run unmodified guest guest operating systems with comparable performance operating systems (OSes) on ARM multicore hardware. to native execution. KVM/ARM has been successfully Our work makes four main contributions. First, we in- merged into the mainline Linux 3.9 kernel, ensuring that troduce split-mode virtualization, a new approach to hy- it will gain wide adoption as the virtualization platform pervisor design that splits the core hypervisor so that it of choice for ARM. We provide the first measurements runs across different CPU modes to take advantage of the on real hardware of a complete hypervisor using ARM specific benefits and functionality offered by each CPU hardware virtualization support. Our results demonstrate mode. This approach provides key benefits in the con- that KVM/ARM has modest virtualization performance text of ARM virtualization. ARM introduces a new CPU and power costs, and can achieve lower performance and mode for running hypervisors called Hyp mode, but Hyp power costs compared to x86-based Linux virtualization mode has a different feature set from other CPU modes. on multicore hardware. Hypervisors provide many aspects of OS functionality, but standard OS mechanisms in Linux would have to be significantly redesigned to run in Hyp mode. Our split- 1 Introduction mode virtualization mechanism allows a hypervisor to use Hyp mode to leverage ARM hardware virtualization ARM-based devices are seeing tremendous growth features, but also run in normal privileged CPU modes, across smartphones, netbooks, and embedded comput- allowing it to coexist with other OS functionality. ers. While ARM CPUs have benefited from their advan- Second, we designed and implemented KVM/ARM tages in power efficiency in these markets, ARM CPUs from the ground up as an open source project that would also continue to increase in performance such that they be easy to maintain and integrate into the Linux ker- are now within the range of x86 CPUs for many classes nel. For example, by using our split-mode virtualiza- of applications. This is spurring the development of new tion, we can leverage the existing KVM hypervisor in- ARM-based microservers and an upward push of ARM terface in Linux and can reuse substantial pieces of ex- CPUs into traditional server and PC systems. isting kernel code and interfaces to reduce code duplica- Unlike x86-based systems, a key limitation of ARM- tion. KVM/ARM was accepted as the ARM hypervisor based systems has been the lack of support for virtual- of the mainline Linux kernel as of the Linux 3.9 kernel, 1 ensuring its wide adoption and use given the dominance 64-bit ARMv8 architecture. The Cortex-A15 [2] is an of Linux on ARM platforms. Based on our open source examples of current ARMv7 CPUs including hardware experiences, we offer some useful hints on transferring virtualization extensions. We present a brief overview of research ideas into implementations likely to be adopted the ARM virtualization extensions. by existing open source communities. Third, we demonstrate the effectiveness of 2.1 CPU Virtualization KVM/ARM on real multicore ARM hardware. Our results are the first measurements of a hypervisor using Figure 1 shows the CPU modes on the ARMv7 archi- ARM virtualization support on real hardware. We tecture, including TrustZone (Security Extensions) and compare against the standard widely-used Linux x86 a new CPU mode called Hyp mode. TrustZone splits the KVM hypervisor and evaluate its performance overhead modes into two worlds, secure and non-secure, which are for running application workloads in virtual machines orthogonal to the CPU modes. A special mode, monitor (VMs) versus native non-virtualized execution. Our mode, is provided to switch between the secure and non- results show that KVM/ARM achieves comparable secure worlds. Although ARM CPUs always power up performance overhead in most cases, and significantly starting in the secure world, ARM bootloaders typically lower performance overhead for two important appli- transition to the non-secure world at an early stage and cations, Apache and MySQL, on multicore platforms. secure world is only used for specialized use cases such These results provide the first comparison of ARM as digital rights management. TrustZone may appear and x86 virtualization extensions on real hardware to useful for virtualization by using the secure world for hy- quantitatively demonstrate how the different design pervisor execution, but this does not work because there choices affect virtualization performance. We show is no support for trap-and-emulate. There is no means to that KVM/ARM also provides power efficiency benefits trap operations executed in the non-secure world to the over Linux x86 KVM. secure world. Non-secure software can therefore freely Finally, we make several recommendations regarding configure, for example, virtual memory. Any software future hardware support for virtualization based on our running in the non-secure world therefore has access to experiences building and evaluating a complete ARM all non-secure memory, making it impossible to isolate hypervisor. We identify features that are important and multiple VMs running in the non-secure world. helpful to reduce the software complexity of hypervisor implementation, and discuss mechanisms useful to max- Non-Secure state Secure state imize hypervisor performance, especially in the context of multicore systems. PL0 PL0 This technical report describes our experiences de- User User signing, implementing, and evaluating KVM/ARM. Sec- PL1 PL1 tion 2 presents an overview of the ARM virtualization Kernel Kernel extensions and a comparison with x86. Section 3 de- PL2 scribes the design of the KVM/ARM hypervisor. Sec- Hyp tion 4 discusses the implementation of KVM/ARM and our experiences releasing it to the Linux community and Monitor Mode (Secure PL1) having it adopted into the mainline Linux kernel. Sec- tion 5 presents experimental results quantifying the per- formance and energy efficiency of KVM/ARM, as well Figure 1: ARMv7 CPU modes. as a quantitative comparison of real ARM and x86 vir- tualization hardware. Section 6 makes several recom- Hyp mode was introduced as a trap-and-emulate mendations about designing hardware support for virtu- mechanism to support virtualization in the non-secure alization. Section 7 discusses related work. Finally, we world. Hyp mode is a CPU mode that is strictly present some concluding remarks. more privileged than other CPU modes, user and ker- nel modes. Without Hyp mode, the OS kernel running in kernel mode directly manages the hardware and can 2 ARM Virtualization Extensions natively execute sensitive instructions. With Hyp mode enabled, the kernel continues running in kernel mode but Because the ARM architecture is not classically virtual- the hardware will instead trap into Hyp mode on various izable [20], ARM has introduced hardware virtualization sensitive instructions and hardware interrupts. To run support as an optional extension in the latest ARMv7 VMs, the hypervisor must at least partially reside in Hyp architecture [4] and a mandatory part of the upcoming mode. The VM will execute normally in user and ker- 2 nel mode until some condition is reached that requires TTBR VA intervention of the hypervisor. At this point, the hard- ware traps into Hyp mode giving control to the hyper- Stage-1 L1 visor, which can then manage the hardware and provide Table L2 the required isolation across VMs. Once the condition Table L3 is processed by the hypervisor, the CPU can be switched Page GPA back into user or kernel mode and the VM can continue VTTBR executing. To improve performance, ARM allows many traps to Stage-2 L1 be configured so they trap directly into a VM’s kernel Table L2 mode instead of going through Hyp mode. For exam- Table L3 Page L4 ple, traps caused by normal system calls or undefined Page PA exceptions from user mode can be configured to trap to a VM’s kernel mode so that they are handled by the guest OS without intervention of the hypervisor. This avoids Figure 2: Stage-1 and Stage-2 page table walk on going to Hyp mode on each system call or undefined ex- ARMv7 using the LPAE memory long format descrip- ception, reducing virtualization overhead. tors.
Load more

Recommended publications
  • Trusted Docker Containers and Trusted Vms in Openstack
    Trusted Docker Containers and Trusted VMs in OpenStack Raghu Yeluri Abhishek Gupta Outline o Context: Docker Security – Top Customer Asks o Intel’s Focus: Trusted Docker Containers o Who Verifies Trust ? o Reference Architecture with OpenStack o Demo o Availability o Call to Action Docker Overview in a Slide.. Docker Hub Lightweight, open source engine for creating, deploying containers Provides work flow for running, building and containerizing apps. Separates apps from where they run.; Enables Micro-services; scale by composition. Underlying building blocks: Linux kernel's namespaces (isolation) + cgroups (resource control) + .. Components of Docker Docker Engine – Runtime for running, building Docker containers. Docker Repositories(Hub) - SaaS service for sharing/managing images Docker Images (layers) Images hold Apps. Shareable snapshot of software. Container is a running instance of image. Orchestration: OpenStack, Docker Swarm, Kubernetes, Mesos, Fleet, Project Docker Layers Atomic, Lattice… Docker Security – 5 key Customer Asks 1. How do you know that the Docker Host Integrity is there? o Do you trust the Docker daemon? o Do you trust the Docker host has booted with Integrity? 2. How do you verify Docker Container Integrity o Who wrote the Docker image? Do you trust the image? Did the right Image get launched? 3. Runtime Protection of Docker Engine & Enhanced Isolation o How can Intel help with runtime Integrity? 4. Enterprise Security Features – Compliance, Manageability, Identity authentication.. Etc. 5. OpenStack as a single Control Plane for Trusted VMs and Trusted Docker Containers.. Intel’s Focus: Enable Hardware-based Integrity Assurance for Docker Containers – Trusted Docker Containers Trusted Docker Containers – 3 focus areas o Launch Integrity of Docker Host o Runtime Integrity of Docker Host o Integrity of Docker Images Today’s Focus: Integrity of Docker Host, and how to use it in OpenStack.
    [Show full text]
  • Accelerometer Sensor Emulation!!!! by Columbia University ­ NYC ­ Thesis ­ Raghavan Santhanam Benchmark
    Enabling the Virtual Phones to remotely sense the Real Phones in real-time ~ A Sensor Emulation initiative for virtualized Android-x86 ~ Raghavan Santhanam Submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science in the School of Engineering and Applied Science 2014 © 2014 Raghavan Santhanam All Rights Reserved ABSTRACT Enabling the Virtual Phones to remotely sense the Real Phones in real-time ~ A Sensor Emulation initiative for virtualized Android-x86 ~ Smartphones nowadays have the ground-breaking features that were only a figment of one’s imagination. For the ever-demanding cellphone users, the exhaustive list of features that a smartphone supports just keeps getting more exhaustive with time. These features aid one’s personal and professional uses as well. Extrapolating into the future the features of a present-day smartphone, the lives of us humans using smartphones are going to be unimaginably agile. With the above said emphasis on the current and future potential of a smartphone, the ability to virtualize smartphones with all their real-world features into a virtual platform, is a boon for those who want to rigorously experiment and customize the virtualized smartphone hardware without spending an extra penny. Once virtualizable independently on a larger scale, the idea of virtualized smartphones with all the virtualized pieces of hardware takes an interesting turn with the sensors being virtualized in a way that’s closer to the real-world behavior. When accessible remotely with the real-time responsiveness, the above mentioned real-world behavior will be a real dealmaker in many real-world systems, namely, the life-saving systems like the ones that instantaneously get alerts about harmful magnetic radiations in the deep mining areas, etc.
    [Show full text]
  • Providing User Security Guarantees in Public Infrastructure Clouds
    1 Providing User Security Guarantees in Public Infrastructure Clouds Nicolae Paladi, Christian Gehrmann, and Antonis Michalas Abstract—The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments. Index Terms—Security; Cloud Computing; Storage Protection; Trusted Computing F 1 INTRODUCTION host level. While support data encryption at rest is offered by several cloud providers and can be configured by tenants Cloud computing has progressed from a bold vision to mas- in their VM instances, functionality and migration capabil- sive deployments in various application domains. However, ities of such solutions are severely restricted.
    [Show full text]
  • Vmware Horizon 7 Datasheet
    DATASHEET VMWARE HORIZON 7 AT A GLANCE End-User Computing Today VMware Horizon® 7 delivers virtualized or Today, end users are leveraging new types of devices for work—accessing hosted desktops and applications through a Windows and Linux applications alongside iOS or Android applications—and single platform to end users. These desktop are more mobile than ever. and application services—including Remote Desktop Services (RDS) hosted apps, In this new mobile cloud world, managing and delivering services to end users packaged apps with VMware ThinApp®, with traditional PC-centric tools have become increasingly di cult. Data loss software-as-a-service (SaaS) apps, and and image drift are real security and compliance concerns. And organizations even virtualized apps from Citrix—can all are struggling to contain costs. Horizon 7 provides IT with a new streamlined be accessed from one digital workspace approach to deliver, protect, and manage Windows and Linux desktops and across devices, locations, media, and applications while containing costs and ensuring that end users can work connections without compromising quality anytime, anywhere, on any device. and user experience. Leveraging complete workspace environment Horizon 7: Delivering Desktops and Applications as a Service management and optimized for the software– defi ned data center, Horizon 7 helps IT control, Horizon 7 enables IT to centrally manage images to streamline management, manage, and protect all of the Windows reduce costs, and maintain compliance. With Horizon 7, virtualized or hosted resources end users want, at the speed they desktops and applications can be delivered through a single platform to end expect, with the e ciency business demands.
    [Show full text]
  • Virtualization with Limited Hardware Support
    Virtualization with Limited Hardware Support by Bi Wu Department of Computer Science Duke University Date: Approved: Landon Cox, Supervisor Jeffrey Chase Alvin Lebeck Harvey Tuch Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Computer Science in the Graduate School of Duke University 2013 Abstract Virtualization with Limited Hardware Support by Bi Wu Department of Computer Science Duke University Date: Approved: Landon Cox, Supervisor Jeffrey Chase Alvin Lebeck Harvey Tuch An abstract of a dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Computer Science in the Graduate School of Duke University 2013 Copyright c 2013 by Bi Wu All rights reserved except the rights granted by the Creative Commons Attribution-Noncommercial Licence Abstract Over the past 15 years, virtualization has become a standard way to migrate old software to new hardware, isolate untrusted code, and encapsulate application state. However, many of the techniques for implementing common virtualization functional- ity, such as transparent isolation and full-system record and replay, rely on hardware features provided by the x86 architecture. As the mainstream computing landscape diversifies to include less feature-rich mobile and embedded systems, it is critical to rethink how to efficiently provide core virtualization functionality with limited hardware support. As a result, this dissertation explores the feasibility of providing common virtu- alization functionality with limited hardware support. We propose three approaches to virtualization using limited hardware support. First, we describe a way to transparently virtualize a CPU using hardware break- points and on-demand control-flow analysis.
    [Show full text]
  • NOVA: a Log-Structured File System for Hybrid Volatile/Non
    NOVA: A Log-structured File System for Hybrid Volatile/Non-volatile Main Memories Jian Xu and Steven Swanson, University of California, San Diego https://www.usenix.org/conference/fast16/technical-sessions/presentation/xu This paper is included in the Proceedings of the 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016 • Santa Clara, CA, USA ISBN 978-1-931971-28-7 Open access to the Proceedings of the 14th USENIX Conference on File and Storage Technologies is sponsored by USENIX NOVA: A Log-structured File System for Hybrid Volatile/Non-volatile Main Memories Jian Xu Steven Swanson University of California, San Diego Abstract Hybrid DRAM/NVMM storage systems present a host of opportunities and challenges for system designers. These sys- Fast non-volatile memories (NVMs) will soon appear on tems need to minimize software overhead if they are to fully the processor memory bus alongside DRAM. The result- exploit NVMM’s high performance and efficiently support ing hybrid memory systems will provide software with sub- more flexible access patterns, and at the same time they must microsecond, high-bandwidth access to persistent data, but provide the strong consistency guarantees that applications managing, accessing, and maintaining consistency for data require and respect the limitations of emerging memories stored in NVM raises a host of challenges. Existing file sys- (e.g., limited program cycles). tems built for spinning or solid-state disks introduce software Conventional file systems are not suitable for hybrid mem- overheads that would obscure the performance that NVMs ory systems because they are built for the performance char- should provide, but proposed file systems for NVMs either in- acteristics of disks (spinning or solid state) and rely on disks’ cur similar overheads or fail to provide the strong consistency consistency guarantees (e.g., that sector updates are atomic) guarantees that applications require.
    [Show full text]
  • Vmware Product Guide
    VMWARE PRODUCT GUIDE J U L Y 2017 Table of Contents 1 TERMS APPLICABLE TO ALL PRODUCTS 4 - 10 2 DATA CENTER AND CLOUD INFRASTRUCTURE 11 - 23 2.1 VMware vSphere 11 - 13 2.2 VMware vSphere Essentials Plus with vSphere Storage Appliance 13 2.3 VMware vCloud Director 13 2.4 VMware vSphere Storage Appliance 14 2.5 VMware NSX Platform 14 - 15 2.6 VMware vSAN 15 - 20 2.7 VMware vSphere Data Protection Advanced 20- 21 2.8 VMware vCenter Support Assistant 21 2.9 VMware Software Manager 21 2.10 VMware Continuent 21 - 22 2.11 VMware Photon Platform 22 - 23 3 INFRASTRUCTURE AND OPERATIONS MANAGEMENT 24 - 30 3.1 VMware vCenter Server 24 3.2 VMware vRealize Suite 24 - 25 3.3 VMware vRealize Operations Insight 25 3.4 VMware Site Recovery Manager 25 - 26 3.5 VMware vRealize Automation 26 - 27 3.6 VMware vCloud Connector Core 27 3.7 VMware vRealize Log Insight 27 - 28 3.8 VMware vRealize Operations Management Pack for EPIC 28 - 29 3.9 VMware vRealize Code Stream 29 3.10 VMware Health Analyzer Collector 29 3.11 VMware vRealize Operations Management Pack for MEDITECH 29 3.12 VMware vRealize Network Insight 29 - 30 4 SECURITY PRODUCTS 31 4.1 VMware vCloud Networking and Security 31 5 VMWARE SUITES 32 - 39 5.1 VMware vCloud Suite 32 - 33 5.2 VMware vSphere with Operations Management 33 - 35 5.3 VMware vRealize Operations 35 - 37 5.4 VMware vCloud NFV 37 5.5 VMware Cloud Foundation 38 - 39 1 5.6 Server SAN Suite 39 6 DESKTOP AND END USER COMPUTING 40 - 56 6.1 VMware Horizon View Enterprise Add-on 40 6.2 VMware Horizon Client for IOS 40 - 41 6.3 VMware Horizon
    [Show full text]
  • Firecracker: Lightweight Virtualization for Serverless Applications
    Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache, Marc Brooker, Andreea Florescu, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa, Amazon Web Services https://www.usenix.org/conference/nsdi20/presentation/agache This paper is included in the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) February 25–27, 2020 • Santa Clara, CA, USA 978-1-939133-13-7 Open access to the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) is sponsored by Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache Marc Brooker Andreea Florescu Amazon Web Services Amazon Web Services Amazon Web Services Alexandra Iordache Anthony Liguori Rolf Neugebauer Amazon Web Services Amazon Web Services Amazon Web Services Phil Piwonka Diana-Maria Popa Amazon Web Services Amazon Web Services Abstract vantage over traditional server provisioning processes: mul- titenancy allows servers to be shared across a large num- Serverless containers and functions are widely used for de- ber of workloads, and the ability to provision new func- ploying and managing software in the cloud. Their popularity tions and containers in milliseconds allows capacity to be is due to reduced cost of operations, improved utilization of switched between workloads quickly as demand changes. hardware, and faster scaling than traditional deployment meth- Serverless is also attracting the attention of the research com- ods. The economics and scale of serverless applications de- munity [21,26,27,44,47], including work on scaling out video mand that workloads from multiple customers run on the same encoding [13], linear algebra [20, 53] and parallel compila- hardware with minimal overhead, while preserving strong se- tion [12].
    [Show full text]
  • A Full GPU Virtualization Solution with Mediated Pass-Through
    A Full GPU Virtualization Solution with Mediated Pass-Through Kun Tian, Yaozu Dong, David Cowperthwaite Intel Corporation Abstract shows the spectrum of GPU virtualization solutions Graphics Processing Unit (GPU) virtualization is an (with hardware acceleration increasing from left to enabling technology in emerging virtualization right). Device emulation [7] has great complexity and scenarios. Unfortunately, existing GPU virtualization extremely low performance, so it does not meet today’s approaches are still suboptimal in performance and full needs. API forwarding [3][9][22][31] employs a feature support. frontend driver, to forward the high level API calls inside a VM, to the host for acceleration. However, API This paper introduces gVirt, a product level GPU forwarding faces the challenge of supporting full virtualization implementation with: 1) full GPU features, due to the complexity of intrusive virtualization running native graphics driver in guest, modification in the guest graphics software stack, and and 2) mediated pass-through that achieves both good incompatibility between the guest and host graphics performance and scalability, and also secure isolation software stacks. Direct pass-through [5][37] dedicates among guests. gVirt presents a virtual full-fledged GPU the GPU to a single VM, providing full features and the to each VM. VMs can directly access best performance, but at the cost of device sharing performance-critical resources, without intervention capability among VMs. Mediated pass-through [19], from the hypervisor in most cases, while privileged passes through performance-critical resources, while operations from guest are trap-and-emulated at minimal mediating privileged operations on the device, with cost. Experiments demonstrate that gVirt can achieve good performance, full features, and sharing capability.
    [Show full text]
  • Koller Dan Williams IBM T
    An Ounce of Prevention is Worth a Pound of Cure: Ahead-of-time Preparation for Safe High-level Container Interfaces Ricardo Koller Dan Williams IBM T. J. Watson Research Center Abstract as the container filesystem is already layered at the same file- based granularity as images. Containers continue to gain traction in the cloud as However, relying on the host to implement the filesystem lightweight alternatives to virtual machines (VMs). This abstraction is not without cost: the filesystem abstraction is is partially due to their use of host filesystem abstractions, high-level, wide, and complex, providing an ample attack which play a role in startup times, memory utilization, crash surface to the host. Bugs in the filesystem implementation consistency, file sharing, host introspection, and image man- can be exploitedby a user to crash or otherwise get controlof agement. However, the filesystem interface is high-level and the host, resulting in (at least) a complete isolation failure in wide, presenting a large attack surface to the host. Emerg- a multi-tenant environment such as a container-based cloud. ing secure container efforts focus on lowering the level A search on the CVE database [13] for kernel filesystem vul- of abstraction of the interface to the host through deprivi- nerabilities provides a sobering reminder of the width, com- leged functionality recreation (e.g., VMs, userspace kernels). plexity, and ultimately danger of filesystem interfaces. However, the filesystem abstraction is so important that some have resorted to directly exposing it from the host instead of Efforts to improve the security of containers use low-level suffering the resulting semantic gap.
    [Show full text]
  • Verifying a High-Performance Crash-Safe File System Using a Tree Specification
    Verifying a high-performance crash-safe file system using a tree specification Haogang Chen,y Tej Chajed, Alex Konradi,z Stephanie Wang,x Atalay İleri, Adam Chlipala, M. Frans Kaashoek, Nickolai Zeldovich MIT CSAIL ABSTRACT 1 INTRODUCTION File systems achieve high I/O performance and crash safety DFSCQ is the first file system that (1) provides a precise by implementing sophisticated optimizations to increase disk fsync fdatasync specification for and , which allow appli- throughput. These optimizations include deferring writing cations to achieve high performance and crash safety, and buffered data to persistent storage, grouping many trans- (2) provides a machine-checked proof that its implementa- actions into a single I/O operation, checksumming journal tion meets this specification. DFSCQ’s specification captures entries, and bypassing the write-ahead log when writing to the behavior of sophisticated optimizations, including log- file data blocks. The widely used Linux ext4 is an example bypass writes, and DFSCQ’s proof rules out some of the of an I/O-efficient file system; the above optimizations allow common bugs in file-system implementations despite the it to batch many writes into a single I/O operation and to complex optimizations. reduce the number of disk-write barriers that flush data to The key challenge in building DFSCQ is to write a speci- disk [33, 56]. Unfortunately, these optimizations complicate fication for the file system and its internal implementation a file system’s implementation. For example, it took 6 years without exposing internal file-system details. DFSCQ in- for ext4 developers to realize that two optimizations (data troduces a metadata-prefix specification that captures the writes that bypass the journal and journal checksumming) properties of fsync and fdatasync, which roughly follows taken together can lead to disclosure of previously deleted the behavior of Linux ext4.
    [Show full text]
  • Virtual GPU Software User Guide Is Organized As Follows: ‣ This Chapter Introduces the Capabilities and Features of NVIDIA Vgpu Software
    Virtual GPU Software User Guide DU-06920-001 _v13.0 Revision 02 | August 2021 Table of Contents Chapter 1. Introduction to NVIDIA vGPU Software..............................................................1 1.1. How NVIDIA vGPU Software Is Used....................................................................................... 1 1.1.2. GPU Pass-Through.............................................................................................................1 1.1.3. Bare-Metal Deployment.....................................................................................................1 1.2. Primary Display Adapter Requirements for NVIDIA vGPU Software Deployments................2 1.3. NVIDIA vGPU Software Features............................................................................................. 3 1.3.1. GPU Instance Support on NVIDIA vGPU Software............................................................3 1.3.2. API Support on NVIDIA vGPU............................................................................................ 5 1.3.3. NVIDIA CUDA Toolkit and OpenCL Support on NVIDIA vGPU Software...........................5 1.3.4. Additional vWS Features....................................................................................................8 1.3.5. NVIDIA GPU Cloud (NGC) Containers Support on NVIDIA vGPU Software...................... 9 1.3.6. NVIDIA GPU Operator Support.......................................................................................... 9 1.4. How this Guide Is Organized..................................................................................................10
    [Show full text]