Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, May 25
 

16:00 CEST

Keynote Session: Welcome & Xen Project Weather Report - George Dunlap, Citrix Systems R&D Uk Ltd
This talk will present a summary of the major activities that have happened in the XenProject community in the last year, as well as looking forward at things coming down the pipeline.

Speakers
avatar for George Dunlap

George Dunlap

Principal Software Engineer, Citrix Systems R&D UK Ltd
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006, then worked as a core Xen developer for many years for Citrix's open-source team in Cambridge, England. He is now community manager and chairman of the... Read More →



Tuesday May 25, 2021 16:00 - 16:30 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

16:30 CEST

Sponsored Keynote Session: Xen Safety and Security Design Patterns for Automotive and IoT Software Compositions - Robin Randhawa, ARM
Xen is a key component of Arm’s open source example software stack for Automotive and IoT domains. We selected Xen for its open source nature, its rich feature matrix, its good support for Arm systems and its vibrant community. Xen is a great vehicle for us to disseminate best practices in an open and transparent way, especially for emerging Arm architecture extensions that are relevant for safety and security. In this presentation we will showcase how we mean to use Xen to explore a set of safety and security specific software compositions that aim to leverage Arm architectural extensions. The presentation will provide insights into current and emerging scenarios in the Automotive and IoT space where we mean to use Xen as a key enabling technology.

Speakers
avatar for Robin Randhawa

Robin Randhawa

Technical Director For Software Architecture, Arm
Having been with Arm for almost 13 years, Robin has worked in a number of different technical roles spanning research into operating system design, through to optimising open source software for Arm and on to software safety techniques for Vehicle Autonomy control. Some of the key... Read More →



Tuesday May 25, 2021 16:30 - 17:00 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

17:00 CEST

Break & Hallway Chats
Tuesday May 25, 2021 17:00 - 17:30 CEST
Fairfax

17:30 CEST

Enabling UEFI Secure Boot on Xen - Robert Eshleman, Vates SAS
Various boot chain technologies have been developed to secure the boot chain on Xen systems, but there still exists much work to be done to fully secure running Xen systems. First, an explanation of what UEFI Secure Boot is and how it works is presented. Second, how UEFI Secure Boot may be supported on Xen systems is examined.  Finally, we look at future and current work to be done in order to fully secure Xen on a UEFI Secure Boot enabled platform.

Speakers
avatar for Bobby Eshleman

Bobby Eshleman

Software Engineer, Vates
Bobby Eshleman is a software engineer at Vates SAS working at the level of the hypervisor and kernel for the XCP-ng project.



Tuesday May 25, 2021 17:30 - 18:00 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Unikraft Weather Report - Felipe Huici, NEC Laboratories Europe GmbH
In the past year, the Unikraft Xen Incubation Project has taking a major leap. In this talk, we will give an update of all the activities that have taken place, including (1) a major effort to transparently support off-the-shelf applications via binary compatibility and musl support; (2) ongoing integration efforts with orchestration frameworks such as Kubernetes; (3) significant improvements to performance (e.g., our evaluation using off-the-shelf applications such as nginx, SQLite, and Redis shows that running them on Unikraft results in a 1.7x-2.7x performance improvement compared to Linux guests); (4) important performance improvements to Unikraft's Xen netfront driver; and (5) ongoing efforts that allow Unikraft to comparmentalize each of its libraries and thus build security-hardened images.

Speakers
avatar for Felipe Huici

Felipe Huici

Chief Researcher, NEC Laboratories Laboratories GmbH
Felipe Huici is a chief researcher at NEC Europe Laboratories GmbH, CEO of the Unikraft.io start-up, and is passionate about high performance systems and lightweight virtualization.



Tuesday May 25, 2021 17:30 - 18:00 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Xen FuSa SIG updates - Artem Mygaiev, EPAM Systems & Stefano Stabellini, Xilinx
In this talk we will cover work being done by Functional Safety Special Interest Group to bring Xen on Arm mainline to regulated domains such as Automotive: creating maintainable Xen documentation, applying some defensive programming techniques, implementing safety related features. We will elaborate on activities that will be useful for non-safety cases as well so that the whole Xen community may benefit from FuSa SIG work, and briefly explain how safety-only processes and tools may be introduced without significant impact on existing community processes.

Speakers
avatar for Stefano Stabellini

Stefano Stabellini

Fellow, AMD
Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal Software Engineer... Read More →
avatar for Artem Mygaiev

Artem Mygaiev

Director, Technology Solutions, EPAM Systems
Artem Mygaiev is a technology expert with 19 years of experience in software engineering and software project management in various technology domains. Artem specializes in embedded software development and system level open source software. Beginning 2012 Artem is actively contributing... Read More →



Tuesday May 25, 2021 17:30 - 18:00 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

A New Role Model for Xen - Daniel Smith, Apertus Solutions, LLC
Xen is the only type-1 hypervisor with a flexible security architecture, Xen Security Modules (XSM). This talk will present the existing role model, a review of XSM, and improvements to the security model. The default security model for Xen enables a domain to assume a subset of the following roles: Control, Hardware, Xenstore and Device Model. Embedded systems often require a statically partitioned system with a guarantee that no new domains can be started (i.e. no control domain). However, inconsistency in domain roles makes it difficult to specify rules for static partitioning with PCI passthrough. Hyperlaunch improves the launch integrity and simplifies the security configuration of disaggregated Xen-based systems. To facilitate this, the existing role system is being reevaluated and a new role model will be proposed in this session.

Speakers
avatar for Daniel Smith

Daniel Smith

Chief Technologist, Apertus Solutions
Daniel Smith began using Linux in 1997, building Linux-based endpoint security solutions in 2004 and contributing to the OpenXT virtualization platform in 2014, later serving as release manager for OpenXT 7.0. He developed the first open-source implementation of DRTM forward sealing... Read More →



Tuesday May 25, 2021 18:00 - 18:30 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

Cloning Unikernels on Xen - Costin Lupu, University Politehnica of Bucharest
Unikernels research and development met an increasing interest in recent years because of the promising advantages offered to providers of cloud services. In contrast with mainstream deployments which usually involve a cloud application packaged in a general-purpose OS container, running the same application on top of a unikernel is obviously a much better choice considering the lower instantiation times and memory footprint. However, this approach enables a higher density of instances running on the same host and subsequently raises new challenges regarding efficient resource allocation. While initially unikernels were used for specialized applications, such as NFV or lightweight applications, now a major objective in unikernels development is porting existing applications with as little engineering effort as possible (e.g. Unikraft). One way to achieve this is to provide full POSIX compatibility, but some of the most popular cloud services were designed using fork() or cloning primitives to achieve higher performance or fault tolerance. This presentation proposes a solution based on Xen which addresses the concerns mentioned above by adding cloning support for unikernels. It tries to clarify the semantics of the fork() call for a unikernel and how it can be supported on a Xen environment by reusing as much as possible the available functionality in both hypervisor and toolstack.


Speakers
avatar for Costin Lupu

Costin Lupu

Researcher, University Politehnica of Bucharest
I'm a PhD student at University Politehnica of Bucharest specializing in OS virtualization. I have been doing research using Xen based solutions for the last 5 years and for the last 2 years I have been also a main contributor for Unikraft unikernel.



Tuesday May 25, 2021 18:00 - 18:30 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

PCI Device Passthrough on ARM
PCI device passthrough capability allows XEN guests to have full access to PCI devices without modifying the guest OS. PCI devices passthrough to the guest will behave as they are physically attached to the guest and fully isolated from the host.   The goal of this work is to implement the virtual PCI bus topology through IO emulation such that only assigned devices are visible to the guest and the guest can use the standard PCI device driver without the use of PV drivers.  Only Domain-0 and XEN will have direct access to the physical PCI bus. I/O memory regions for the device will be mapped to the guest and interrupts will be redirected to the guest. IOMMU has to be configured correctly to have DMA transactions.   PCI device passthrough without the use of PV drivers will have performance benefits as PCI device assigned will behave same as physically attached to the guest. 

Speakers
avatar for Rahul Singh

Rahul Singh

Staff Software Engineer, ARM
Rahul Singh is a Staff Software Engineer in the Open Source Software group at Arm. Rahul works on the XEN hypervisor and has experience in developing safety-critical software, embedded software, Linux Device Drivers, and Linux Kernel Programming.
OA

Oleksandr Andrushchenko

Lead Software Engineer, EPAM Systems Inc.
Oleksandr Andrushchenko is an embedded software engineer at EPAM Systems, Ukraine. He has experience in various fields of embedded engineering and now he mainly specializes in para-virtualized Linux kernel drivers development and virtualization.



Tuesday May 25, 2021 18:00 - 18:30 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

18:30 CEST

Break & Hallway Chats
Tuesday May 25, 2021 18:30 - 19:00 CEST
Fairfax

19:00 CEST

19:45 CEST

20:30 CEST

Closing Remarks
Tuesday May 25, 2021 20:30 - 20:45 CEST
Budapest
 
Wednesday, May 26
 

16:00 CEST

Keynote Session: Hyperlaunch: A New Start for Xen! - Christopher Clark, Consultant & Daniel Smith, Apertus Solutions LLC
This presentation explores the design and motivation for Hyperlaunch: a new, powerful, flexible system for launching the Xen hypervisor and virtual machines. The feature provides a new general capability to build and launch alternative configurations of VMs, including support for static partitioning and accelerated start of VMs during host boot, while adhering to the principles of least privilege. It enables seamless migration for systems that require a dom0, and incorporates Xen's dom0less functionality, with new developments from the DomB project, on both x86 and Arm platforms. It builds upon and replaces the earlier 'late hardware domain' feature for disaggregation of dom0. Hyperlaunch is designed to be flexible and reusable across multiple use cases, and our aim is to ensure that it is capable, widely exercised, comprehensively tested, and well understood by the Xen community.

Speakers
avatar for Daniel Smith

Daniel Smith

Chief Technologist, Apertus Solutions
Daniel Smith began using Linux in 1997, building Linux-based endpoint security solutions in 2004 and contributing to the OpenXT virtualization platform in 2014, later serving as release manager for OpenXT 7.0. He developed the first open-source implementation of DRTM forward sealing... Read More →
avatar for Christopher Clark

Christopher Clark

Consultant, Hyperlaunch
Christopher Clark is a software consultant working on Open Source virtualization technology with the Xen hypervisor, most recently involved with developing the new Hyperlaunch feature for Xen with Star Lab.



Wednesday May 26, 2021 16:00 - 16:30 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

16:30 CEST

Sponsored Keynote Session: XCP-ng: Project State and Perspectives - Olivier Lambert, Vates
This talk will be a brief recap of XCP-ng origins, how it started, and what it is now. We'll explore various topics, like the community, links between different projects, and so on. Finally, we'll explore some interesting topics that will be covered in the future.

Speakers
avatar for Olivier Lambert

Olivier Lambert

CEO, Vates
Olivier Lambert has been working with free software projects since 2005, deploying Xen since 2008. He was the creator of Xen Orchestra in 2009 and started XCP-ng Project in 2018. He's one of the founder of Vates (https://vates.fr), a French company specializing in open infrastructure software... Read More →



Wednesday May 26, 2021 16:30 - 17:00 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

17:00 CEST

Break & Hallway Chats
Wednesday May 26, 2021 17:00 - 17:30 CEST
Fairfax

17:30 CEST

A Year of Fuzzing with Xen - Tamas K Lengyel, Intel
In this talk I'll review the latest developments of our Xen based fuzzer that Intel open-sourced last year. Since open-sourcing we've gained operational experience while fuzzing a variety of kernel modules in Linux. We'll showcase the workflow that led us to the discovery of several security issues in the Linux kernel, such as NULL-pointer dereferences, array-index out-of-bounds and infinite loops in interrupt-context. All the issues were triggerable by an external device via DMA but thanks to our fuzzing effort are now fixed upstream. We'll discuss how Xen can be used to fuzz Windows VMs and even Xen itself!

Speakers
avatar for Tamas K Lengyel

Tamas K Lengyel

Senior Security Researcher, Intel
Tamas works as Senior Security Researcher at Intel. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem, LibVMI... Read More →



Wednesday May 26, 2021 17:30 - 18:00 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Clang-format for Xen Coding Style Checking - Anastasiia Lukianenko, EPAM
At the moment there is no tool that would allow to format patches in Xen. The idea of Xen-checker is to use the clang-format approach as a base for Xen ‘checkpatch’ process. The new tool consists of modified .clang-format configuration file to automate Xen patches format checking and reformatting. The tool can be used as a pre-commit hook to check and format every patch automatically. Some features are missing in the clang configurator, so new clang-format options have been proposed for more flexible code formatting. Also, the purpose of the topic is to start the discussion about the existing rules for Xen code formatting to eliminate possible inaccuracies in the work of the Xen checker. This will make it easier to adhere to the unanimous decision.

Speakers
avatar for Anastasiia Lukianenko

Anastasiia Lukianenko

Embedded Software Engineer, EPAM
Anastasiia Lukianenko is a software engineer with 4 years of experience in automotive and embedded projects, dealing mostly with Linux kernel, Xen and U-boot. Anastasiia has various contributions in U-boot and Android OS development. In the beginning of 2020 Anastasiia started to... Read More →



Wednesday May 26, 2021 17:30 - 18:00 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Protection Hypervisor: Atto-sized Hypervisor Design - Daniel Smith, Apertus Solutions, LLC
At Xen Summit 2020, Apertus presented the Hardened Access Terminal (HAT) Security Architecture, based on principles of isolation and least privilege. HAT depends on hardware capabilities which are typically managed by hypervisors. While HAT is hypervisor agnostic, Xen Project's design for a flexible, independent, bare-metal hypervisor has made Xen the most advantageous hypervisor for implementing HAT. In this session Apertus will discuss how nested virtualization has enabled a new conceptualization of how virtual systems can be constructed. From nested virtualization the discussion will move to the design and development of a minimal Protection Hypervisor (PX) that can function as an examplar for a Xen L0 or host Xen as an L1 guest.

Speakers
avatar for Daniel Smith

Daniel Smith

Chief Technologist, Apertus Solutions
Daniel Smith began using Linux in 1997, building Linux-based endpoint security solutions in 2004 and contributing to the OpenXT virtualization platform in 2014, later serving as release manager for OpenXT 7.0. He developed the first open-source implementation of DRTM forward sealing... Read More →



Wednesday May 26, 2021 17:30 - 18:00 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

Gitlab-CI for Xen Project - Stefano Stabellini, Xilinx
Gitlab is an Open Source git repository hosting service and DevOps platform. It provides the ability to run a containers-based CI-loop for every git commit. Many Open Source projects have already adopted it, including QEMU. Twelve months ago Xen Project had already a GitLab setup but with some serious limitations. For instance, the CI-loop results weren't actively monitored and ARM tests were completely missing. During the last year, we created a GitLab CI-loop working group with key members of the Xen Community. The working group developed a few important improvements, including ARM dom0less testing and the ability to test patch series automatically before commit. This presentation will go over the improvements in detail, and it will discuss the plans for the future, focusing on how to integrate the GitLab CI-loop further into Xen contribution processes.

Speakers
avatar for Stefano Stabellini

Stefano Stabellini

Fellow, AMD
Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal Software Engineer... Read More →



Wednesday May 26, 2021 18:00 - 18:30 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

How to Deliver Modern WiFi Connectivity for BSD-based Firewall VM? - Piotr Król, LPN Plant Sp. z o.o.
lpnRouter is a product that leverages Xen Hypervisor and Dasharo Secure Firewall firmware to create a virtualized BSD-based firewall with modern WiFi support. BSD systems are well-recognized among the network appliance market. Lack of support for the most recent WiFi specification (e.g. 802.11ac) in BSD limits WiFi cards' usage to older models with lower bandwidth, automatically reducing the user experience and total addressable market. The proposed solution leverages Xen Hypervisor capabilities to create create a small Linux-based WiFiVM being a network driver virtual machine implementing modern WiFi card features. The second VM will be the OPNSense serving as the primary VM with GUI for firewall configuration. The WiFi card from Linux VM will use a bridge as a VIF to the OPNSense, where it will expose as an Ethernet card.

Speakers
avatar for Piotr Król

Piotr Król

CEO, LPN Plant Sp. z o.o.
Piotr Król is a multi-disciplinary executive running several companies in the embedded systems and semiconductor industries, including 3mdeb, LPN Plant, and Vitro Technology. Prior to starting his own companies, he worked as an engineer for Intel for over seven years. Piotr is also... Read More →



Wednesday May 26, 2021 18:00 - 18:30 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

Structure-aware Fuzzing of Oxenstored: The Dawn of a Security Audit - Edwin Török, Citrix R&D Limited
The xenstore daemon - a key-value tree with ACLs and transactions - is part of the guest virtual device ABI.Security flaws need to be fixed with minimal impact to backward-compatibility. Alas, there is no executable specification to verify it. Structure-aware fuzzing can be used: take any random number and build up a valid expression tree that can serve as input for Quickcheck. Drive two state-machines (one a reference implementation, or same but without live-update). Check that all desired properties hold (security, and equivalent semantics), shrink the testcase to reproduce the bug if not. Integrating with afl-fuzz makes this practical and various frameworks simplify it: qcstm, crowbar, monolith. This all started when asked to fix 1 XSA, and ended up discovering and fixing about 6 more: this is only the dawn of a security audit of xenstore.

Speakers
avatar for Edwin Török

Edwin Török

Staff Software Engineer, Citrix R&D Limited
I've been contributing to and working on open-source projects for about 16 years now: * starting from Google of Summer Code project at ClamAV* moving on to full-time core team member of the open-source antivirus ClamAV at Sourcefire Inc.* some small contributions to other projects... Read More →



Wednesday May 26, 2021 18:00 - 18:30 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

18:30 CEST

Break & Hallway Chats
Wednesday May 26, 2021 18:30 - 19:00 CEST
Fairfax

19:00 CEST

Design Session - Hyperlaunch: Design Session
This session is a follow-up to the keynote presentation talk on Hyperlaunch – a new, flexible system for launching the Xen hypervisor and virtual machines – to enable community feedback on the design and work, discuss next steps and forward direction for development, and cover related topics.
Details for the Hyperlaunch talk session are at: https://xen2021.sched.com/event/jAEa/ Further details on Hyperlaunch are available on the Xen Project wiki: https://wiki.xenproject.org/wiki/Hyperlaunch

Wednesday May 26, 2021 19:00 - 19:45 CEST
Shanghai

19:45 CEST

Design Session - Alternative vTPM 2.0 Backend to Comply with Upcoming SVVP Changes
There are changes to requirements virtualization platform must comply with that Microsoft has announced for Windows Server 2022. This will now expect TPM 2.0 device being fully functional in each VM to be able to pass SVVP suite. At Citrix we’re currently working on integration of an alternative SWTPM based backend for TPM 2.0 emulation to Xen ecosystem. We’re starting with XAPI but some changes are also expected in Xen/QEMU/OVMF and we want to eventually contribute the support back to libxl (with probably some help of our upstream team).

Wednesday May 26, 2021 19:45 - 20:30 CEST
Shanghai

20:30 CEST

Closing Remarks
Wednesday May 26, 2021 20:30 - 20:45 CEST
Budapest
 
Thursday, May 27
 

16:00 CEST

Keynote Session: Hypervisor Extensions in RISC-V - Robert Eshleman, Vates SAS
This talk presents the virtualization capabilities offered by the RISC-V Hypervisor ISA extension (H extension) as well as other RISC-V base ISA capabilities important to a hypervisor. The current state of the ISA and the H extension is discussed, along with ways in which they differ from current Xen-supported ISAs (x86 and ARM) and the impact this may have on the Xen codebase. Furthermore, current challenges in the RISC-V ecosystem will be discussed as well as how they will be dealt with in Xen.

Speakers
avatar for Bobby Eshleman

Bobby Eshleman

Software Engineer, Vates
Bobby Eshleman is a software engineer at Vates SAS working at the level of the hypervisor and kernel for the XCP-ng project.



Thursday May 27, 2021 16:00 - 16:30 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

16:30 CEST

Sponsored Keynote Session: Have your Cake and Eat it: Reliably Running Stateful Virtual Machines in Cheap Spot Markets - Hakim Weatherspoon, Exotanium
Cloud enterprise consumers spend millions of dollars each month renting space on computers owned by cloud providers.  Cloud Spot markets as provided by Amazon, Microsoft and Google allow the use of unrented computers for up to 10 times cheaper than the normal rate reducing costs up to 90%.  There is just one catch, cloud providers reserve the right to take those computers back at any time with little to no warning making the spot market nearly impossible to reliably use for stateful applications. In this talk, we explore the use of seamless live migration of stateful application containers and virtual machines (VMs) to take advantage of spot markets allowing stateful applications to benefit from significant discounts of cloud spot markets. We show that in unstable markets live migration of stateful applications can achieve significant savings at low overhead and while maintaining good reliability.

Speakers
avatar for Hakim Weatherspoon

Hakim Weatherspoon

CEO, Exotanium, Inc
Hakim Weatherspoon is the Chief Executive Officer of Exotanium, Inc (http://exotanium.io) and Professor in the Department of Computer Science at Cornell University. His research interests cover various aspects of fault-tolerance, reliability, security, and performance of internet-scale data systems such as cloud and distributed systems. Weatherspoon received his Ph.D... Read More →



Thursday May 27, 2021 16:30 - 17:00 CEST
Budapest
  Keynote Sessions
  • Presentation Slides Attached Yes

17:00 CEST

Break & Hallway Chats
Thursday May 27, 2021 17:00 - 17:30 CEST
Fairfax

17:30 CEST

Livepatching Xenstored - Björn Döbel, Amazon
Xen operators have been using livepatching to address functional and security problems in the hypervisor for the past couple of years. Similar problems exist in the toolstack and services such as xenstored have not been restartable until very recently. It would therefore be beneficial to apply livepatching to those tools as well. In this talk I am going to explain how we extended on AWS' livepatch infrastructure to livepatch xenstored and what problems we had to overcome in order to reliably livepatch xenstored in the EC2 fleet.

Speakers
BD

Bjoern Doebel

Principal Engineer, AWS
Björn obtained a PhD in operating systems from TU Dresden, Germany, in 2014. He then joined Amazon's Kernel and Operating Systems team and has been dabbling in hypervisor security and operating cloud environments ever since.



Thursday May 27, 2021 17:30 - 18:00 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Making Xen Traces Look Good with KernelShark - Giuseppe Eletto, University of Turin & Dario Faggioli, SUSE
So, what do a Penguin, a Shark, and a Panda have in common? Answer: the plugin that we have developed for opening Xen hypervisor traces with KernelShark, just like it opens Linux kernel traces! Xen comes with advanced tracing capabilities but with limited options for visualizing and analyzing them. KernelShark, on the other hand, is renowned in the tracing community for the simplicity of illustrating Linux kernel trace files. With our KernelShark plugin, it is now possible to have a very clear and intuitive view of the execution of the VM's vCPUs on the pCPUs, in a Xen system, and of all the events that happen in the meanwhile. This talk will describe the challenges faced during the development, the design choice made, and the current status of the project (yes, there will be a demo!). Finally, we will outline some possible future developments.

Speakers
avatar for Dario Faggioli

Dario Faggioli

Virtualization Engineer, SUSE
Dario is a Virtualization Software Engineer at SUSE. He's been active in the Open Source virtualization space for a few years. Within the Xen-Project, he is still the maintainer of the Xen hypervisor scheduler. He also works on Linux kernel, KVM, Libvirt, and QEMU. Back during his... Read More →
GE

Giuseppe Eletto

Student, University of Turin
Giuseppe is a Sicilian boy who became passionate about computer science and Linux thanks to his uncle already at the age of 13. He is a student at the University of Turin and is now completing his BSc degree.



Thursday May 27, 2021 17:30 - 18:00 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

Virtio with Xen and Full Grant Support - Jürgen Groß, SUSE
One of the advantages of Xen over other virtualization products is the grant concept, which allows a guest to limit access of backends drivers to the I/O data only. Additionally the usage of grants is hiding the guest type (pv or HVM) from the backends, resulting in a single way to access guest I/O data pages. The grant interface is being used by Xen pv backends (kernel and qemu side) and by pv frontends. Other I/O virtualization protocols like virtio are not yet supported on Xen, in spite of several attempts to do so in the past. Jürgen will present a new attempt to add full virtio support for Xen guests based on the grant mechanism. He will show what needs to be done in the various components (guest kernel, qemu backends, kernel backends, Xen tools) and how this work can be done using (partially) existing generic software layers.

Speakers
avatar for Jürgen Groß

Jürgen Groß

Principal Developer, SUSE
Jürgen is working in the virtualization team of SUSE, where he is responsible for all Xen related Linux kernel code of SUSE Linux. He is a regular Xen summit attendee since many years now.



Thursday May 27, 2021 17:30 - 18:00 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

Live Replacing Xen with KVM (and vice versa) in 10 seconds - Tu Dinh Ngoc, IRIT, University of Toulouse
In this talk, the authors introduce HyperTP, a solution that combines fast in-place heterogeneous hypervisor replacement and VM migration between heterogeneous hypervisors. The authors present relevant technical aspects of HyperTP, and demonstrate that HyperTP can move running VMs between Xen and KVM in as little as 1.7 seconds. The authors additionally show benefits of HyperTP in improving security and hypervisor portability.

This is a technical deep-dive of the work presented in the paper "Mitigating vulnerability windows with hypervisor transplant" at Eurosys 2021: https://dl.acm.org/doi/10.1145/3447786.3456235

Speakers
TD

Tu Dinh Ngoc

Student, IRIT, University of Toulouse
Tu Dinh Ngoc is a PhD student belonging to the SEPIA research team at the Institut de Recherche en Informatique de Toulouse (University of Toulouse, France). His research focuses on operating systems, virtualization, security, networking and storage.



Thursday May 27, 2021 18:00 - 18:30 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

Live-update: State of Art - Julien Grall & Hongyan Xia, Amazon Web Services
Administrators often require updating the Xen hypervisor to address security vulnerabilities, introduce new features, or fix software defects. Traditionally, updating the Xen hypervisor requires rebooting the host, which entails disrupting running guests. Live update is the mechanism to streamline Xen updates while keeping guests' disruption to a minimum. AWS outlined the live update operation in the 2019 Xen Summit. At a high-level, (i) the target Xen hypervisor is loaded in RAM, (ii) the source (i.e., currently running) Xen serializes its state, and finally, (iii) the source Xen transfers control to the target, which in turn becomes the authoritative hypervisor for the host. The talk will cover current design, project status, and technical challenges (e.g., non-stable ABI across Xen versions). The talk will also present a demo of the live update operation.

Speakers
avatar for Hongyan Xia

Hongyan Xia

Kernel/Hypervisor Engineer, AWS
Hongyan Xia is a Kernel/Hypervisor Engineer in the Amazon UK Cambridge EC2 team, working on the Secret-Free Hypervisor and Xen Live Update projects. Before joining Amazon, he obtained his PhD from the University of Cambridge, and worked on the Cambridge CHERI platform as well as the... Read More →
avatar for Julien Grall

Julien Grall

Xen maintainer, Amazon Web Services
Julien Grall is an kernel/hypervisor engineer in the Amazon EC2 team. He is currently working on adding support for live updating the Xen hypervisor. Julien has been involved in Xen community since 2012. Today he is a Xen Project committer, and he maintains Xen on Arm.



Thursday May 27, 2021 18:00 - 18:30 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

RunX: Deploy RTOSes and unikernels as Containers at the Edge - Stefano Stabellini & Bruce Ashfield, Xilinx
This talk will introduce RunX, an OCI-compatible container runtime to run software packaged as containers as Xen micro-VMs. RunX allows traditional containers to be executed with a minimal overhead as virtual machines, providing additional isolation and real-time support. It also introduces new types of containers designed with embedded deployments in mind. RunX enables RTOSes and unikernels to be packaged as containers, delivered to the target using the powerful containers infrastructure, and deployed at runtime as Xen micro-VMs. Physical resources can be dynamically assigned to them, such as FPGA blocks. This presentation will go through the architecture of RunX and the new deployment scenarios it enables. It will provide an overview of the integration with Yocto Project and describe how to build a complete system with the latest RunX and Yocto releases.

Speakers
avatar for Bruce Ashfield

Bruce Ashfield

Principal Engineer, Xilinx
Bruce Ashfield is currently a system software architect and Yocto technical lead at Xilinx, the world's largest supplier of FPGA solutions. Previously, at Wind River, he created a embedded products based on the Yocto project. Bruce had a particular focus in virtualization and cloud... Read More →
avatar for Stefano Stabellini

Stefano Stabellini

Fellow, AMD
Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal Software Engineer... Read More →



Thursday May 27, 2021 18:00 - 18:30 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

18:30 CEST

Break & Hallway Chats
Thursday May 27, 2021 18:30 - 19:00 CEST
Fairfax

19:00 CEST

19:45 CEST

20:30 CEST

Closing Remarks
Thursday May 27, 2021 20:30 - 20:45 CEST
Budapest
 
Friday, May 28
 

16:00 CEST

On the Emergence of DPUs in the Datacenter - Olivier LAMBERT, Vates
DPU: 3 letters for Data Processing Units. Their purpose: moving data in data centers, from network packets to storage blocks. They are a type of new class of programmable processor, after CPUs and GPUs. Will they become mainstream? Or at least a reality? What exactly can they bring? And obviously, the most important task: how do we integrate them around Xen? This talk will explain what DPUs are, why this trend is growing and how they could tackle some existing issues in the virtualization world. Note: this talk won't go deep into technological details, consider it as an intro for a design session coming afterward.

Speakers
avatar for Olivier Lambert

Olivier Lambert

CEO, Vates
Olivier Lambert has been working with free software projects since 2005, deploying Xen since 2008. He was the creator of Xen Orchestra in 2009 and started XCP-ng Project in 2018. He's one of the founder of Vates (https://vates.fr), a French company specializing in open infrastructure software... Read More →



Friday May 28, 2021 16:00 - 16:30 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

16:00 CEST

Prevent Speculative Leaks - Norbert Manthey & Michael Kurth, Amazon Web Services
In 2018, the speculative execution vulnerabilities CVE-2017-5753 (Spectre V1) and CVE-2017-575 (Meltdown) have become public. Since then, several other vulnerabilities have been revealed. For each vulnerability, mitigations have been proposed which allow to securely isolate hypervisor secret data from guests. As reported in XSA 289, several vulnerabilities can be chained to leak sensitive data. To mitigate the vulnerability chain, speculative barriers have to be placed in the hypervisor code. In this presentation, we will revisit the vulnerabilities and explain why some mitigations are not good enough to prevent data leakage. In Linux, the smatch tool allows to report code snippets that might allow to speculatively leak data. We extended the smatch tool to find issues of the same type in Xen’s code base. We will present code examples that have been identified with this tool for XSA 289.

Speakers
avatar for Michael Kurth

Michael Kurth

Security Engineer, Amazon Web Services (AWS)
Michael Kurth works as a security engineer at Amazon Web Services (AWS). He is based in Dresden, Germany and earned his Master's degree from ETH Zurich. He wrote his Master's thesis at VUSec in Amsterdam which resulted in the discovery of the vulnerability CVE-2019-11184. Previously... Read More →
avatar for Norbert Manthey

Norbert Manthey

Security Engineer, AWS
Norbert obtained a PhD in automated reasoning from TU Dresden, Germany, in 2014. After a postdoc position in the automated reasoning field, he then joined Amazon's security team in 2016. Since then, he has been pursuing proactive security activities in cloud environments.



Friday May 28, 2021 16:00 - 16:30 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

16:00 CEST

The Root VM: A New Xen Domain Species - Connor Davis, AIS
The Xen scheduler is a complex piece of code responsible for scheduling guest virtual machines and managing platform power. What if this complexity could be avoided by reusing the scheduler in a domU instead? This talk is a case study that discusses the benefits and costs of a scheduler-less Xen, in particular its effect on power, performance, emulation, and PCI passthrough. This study is based on the open-source research implementation of the Xen PV interface in the MicroV hypervisor. The goal of this talk to raise awareness of this alternative architecture and to start a discussion on the possibility of bringing this alternative to upstream Xen.

Speakers
avatar for Connor Davis

Connor Davis

Software Engineer, Assured Information Security, Inc.
Connor Davis is a software engineer/security researcher at Assured Information Security, Inc. where he spends most of his time exploring virtualization technologies (in particular VT-x/VT-d), covert communications, embedded systems, secure boot architectures, and Clang/LLVM. In his... Read More →



Friday May 28, 2021 16:00 - 16:30 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

16:30 CEST

Improving Virtual Periodic Timers - Roger Pau Monné, Citrix Systems R&D
Virtual (periodic) timers are a subsystem of Xen used by HVM guests in order to more easily manage the emulated event timers implemented in the hypervisor. Such subsystem is mainly designed to allow the injection of an interrupt at a certain interval. The author has been doing some work in order to improve and simplify the logic in virtual timers, and the talk will give details about the changes done for virtual periodic timers itself and other parts of Xen in order to achieve it.

Speakers
avatar for Roger Pau Monné

Roger Pau Monné

Software Engineer, Citrix
Roger Pau Monné is a Software Engineer at Citrix. He is currently working on hypervisor related topics most of the time. Apart from contributing to Xen he is also a FreeBSD developer and contributes to other Xen-related projects, like the Linux kernel and QEMU.



Friday May 28, 2021 16:30 - 17:00 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

16:30 CEST

Introducing Xen to Armv8-R: AArch64 with MPU Support - Wei Chen & Penny Zheng, Arm
The Armv8-R architecture is the latest Arm architecture targeted at the Real-time profile. Cortex-R82 is the first 64-bit Armv8-R processor. It introduces virtualization at EL2 while retaining the Protected Memory System Architecture (PMSA) based on a Memory Protection Unit (MPU). It supports optional MPU / MMU in EL1 to run bare-metal/RTOS workloads or rich OSes, such as Linux. This project covers the initial porting of Xen hypervisor to Cortex-R82 platform, includes expanding of the current Xen capability to run with an MPU and host a guest OS. This work provides Xen hypervisor the capability of managing mixed criticality workloads. Wei and Penny will : Introduce current work status, the expanded Xen capability, like static-allocation and direct-map. Introduce the benefits and limitations of Xen on Armv8-R64. The talk will finish with a discussion of current outstanding issues.

Speakers
avatar for Penny Zheng

Penny Zheng

Senior Software Engineer, ARM
Penny Zheng is a Senior Software Engineer at Arm in the Opensource Software Ecosystem. She is focusing on virtualization, hypervisor and container. She was responsible for ARM maintenance in Kata Container Project. And currently, she is working for the Xen and Automotive software... Read More →
avatar for Wei Chen

Wei Chen

Principal Software Engineer, Arm Ltd.
Wei Chen is a Principle Software Engineer at Arm in the Opensource Software Ecosystem. The focus of his work is virtualization, RTOS and security. Wei was responsible for Unikernel and kata-container on Arm. Currently, Wei is responsible for the Xen and Automotive software projects... Read More →



Friday May 28, 2021 16:30 - 17:00 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

16:30 CEST

Xen 4.15 - Retrospective, from the Release Manager's Point of View - Ian Jackson, Citrix
I will look back at the release process for Xen 4.15, the release decisions, and the outcomes with the benefit of some hindsight. I'll also take a step back and share my perspective, from the point of view of the release manager role. Release management, in a community such as Xen with a great diversity of interests, can be a tricky balancing act. It can involve making tough decisions based on incomplete information or even guesswork. I'm hoping that sharing my perspective will make it easier for the community to help future release managers. And I'm hoping that a look back on what went well, and what went badly, will help future release managers learn from my successes and avoid my mistakes.

Speakers
IJ

Ian Jackson

Xen Committer, Citrix
Ian Jackson is a longstanding Xen committer and maintainer, and member of the Xen Project Security Team. For Xen 4.15, Ian was the Release Manager. Ian has been involved in Free and Open Source software for many years, particularly via the Debian Project.



Friday May 28, 2021 16:30 - 17:00 CEST
Nanjing
  Breakout Session
  • Presentation Slides Attached Yes

17:00 CEST

Break & Hallway Chats
Friday May 28, 2021 17:00 - 17:30 CEST
Fairfax

17:30 CEST

Arm's Weakly-Ordered Memory Model and Barrier Requirements - Ash Wilding Amazon
Arm's weakly-ordered memory model and the need for correct, minimally intrusive barriers while retaining performance are some of the biggest stumbling blocks for people building Arm-based HW/SW systems. Barriers in particular are seen as being "scary", especially if one's experiences are mostly working with strongly-ordered architectures like x86, leading people to use stricter, more intrusive barriers than necessary just to be safe. In this talk, Ash will introduce these concepts then walk you through several real-world examples to help demystify them.

Speakers
avatar for Ash Wilding

Ash Wilding

Senior Kernel & Hypervisor Engineer, Amazon
Ash is a Senior Kernel & Hypervisor Engineer at Amazon AWS, specifically in the KaOS organization which develops and maintains the kernels and hypervisors deployed across all AWS EC2 servers. He is a member of the team working to deliver Xen Live Update functionality based in Cambridge... Read More →



Friday May 28, 2021 17:30 - 18:00 CEST
Chicago
  Breakout Session
  • Presentation Slides Attached Yes

17:30 CEST

x86 Stack Switching, and the Improvement Proposals from Hardware Vendors - Andrew Cooper, Citrix
The 386 processor had fairly sane stack switching semantics but fast forward through 3 decades of features and it is now far from certain that contemporary features can even be implemented safely. This talk will look at the problems which have accumulated in the architecture, and the proposals from Intel and AMD to address the problems, seeing as both proposals are soliciting technical feedback (at the time of writing/presenting).

Speakers
AC

Andrew Cooper

Staff Software Engineer, Citrix
Andrew is a senior software engineer working in the Ring0 team for the Citrix Hypervisor. Upstream, he is an x86 hypervisor maintainer, committer, and a member of the Xen security team.



Friday May 28, 2021 17:30 - 18:00 CEST
Toronto
  Breakout Session
  • Presentation Slides Attached Yes

18:00 CEST

18:00 CEST

18:45 CEST

Break & Hallway Chats
Friday May 28, 2021 18:45 - 19:15 CEST
Fairfax

19:15 CEST

20:00 CEST

Design Session - XSM-Roles
Friday May 28, 2021 20:00 - 20:45 CEST
Shanghai

20:45 CEST

Closing Remarks
Friday May 28, 2021 20:45 - 21:00 CEST
Budapest
 
  • Timezone
  • Filter By Date Xen Project Developer and Design Summit 2021 May 25 -28, 2021
  • Filter By Venue Venues
  • Filter By Type
  • Breakout Session
  • Breaks & Networking
  • Closing Remarks
  • Design Sessions
  • Keynote Sessions
  • Presentation Slides Attached

Filter sessions
Apply filters to sessions.