Older blog entries for mulix (starting at number 258)

I was hurrying down the Newark airport terminal, wondering whether I was going to make the connecting flight to Seattle, en-route to Vancouver for the 9th USENIX Symposium on Operating Systems Design and Implementation. Suddenly, my cell phone rang. It was Michael Factor, a long-time co-worker and mentor. "Have you seen the email?" "No, I just landed in Newark and am on the way to catch a connection to Seattle. Which email?" "Here, let me read you the opening:

Dear Authors,

Your paper has been selected as one of two winners of the OSDI Jay Lepreau Best Paper award."

Receiving this award is a unique experience and a great honor. It is doubly sweet because of all the research projects I've worked on, the Turtles nested virtualization project is perhaps the one I am most proud of. When Orit, Ben, and I started working on it in 2008, we set out to do the impossible. Many colleagues claimed that efficient nested x86 virtualization on the Intel platform could not be done. Eventually, working long and hard, and with help from friends, we showed that not only could it be done, it even performs well. I've learned a lot in the process, about x86 virtualization, about leading a team, and about the art and craft doing research, but the most important lesson was to never lose hope, to always believe that eventually, it will work. And guess what? It did!

If you want to know how we did it, and what we learned in the process, check out The Turtles Project: Design and Implementation of Nested Virtualization.

In classical machine virtualization, a hypervisor runs multiple operating systems simultaneously, each on its own virtual machine. In nested virtualization a hypervisor can run multiple other hypervisors with their associated virtual machines. As operating systems gain hypervisor functionality---Microsoft Windows 7 already runs Windows XP in a virtual machine---nested virtualization will become necessary in hypervisors that wish to host them. We present the design, implementation, analysis, and evaluation of high-performance nested virtualization on Intel x86-based systems. The Turtles project, which is part of the Linux/KVM hypervisor, runs multiple unmodified hypervisors (e.g., KVM and VMware) and operating systems (e.g., Linux and Windows). Despite the lack of architectural support for nested virtualization in the x86 architecture, it can achieve performance that is within 6-8\% of single-level (non-nested) virtualization for common workloads, through multi-dimensional paging for MMU virtualization and multi-level device assignment for I/O virtualization.

The scientist gave a superior smile before replying, ``What is the tortoise standing on?'' ``You're very clever, young man, very clever'', said the old lady. ``But it's turtles all the way down!''

Syndicated 2010-10-04 15:58:10 from Muli Ben-Yehuda

recent activity in a capsule

Syndicated 2010-09-06 10:15:47 from Muli Ben-Yehuda

interesting call for papers

I have been remiss in updating this thing recently. In penance, I offer you these interesting call for papers from conferences that you should, without a doubt, submit your best papers to:

The 2nd Workshop on I/O Virtualization, which I will be co-chairing, will be co-located with ASPLOS 2010 and VEE 2010 in Pittsburgh, Pennsylvania, in March 2010. Once again we will be looking for ground-breaking and thought-provoking papers in I/O virtualization, although if your paper is only ground-breaking or only thought provoking, that's fine too.

The 24th International Conference on Supercomputing (ICS'10) will be held in Japan (Japan!) in June 2010. We are soliciting papers on all aspects of research, development, and application of high-performance experimental and commercial systems. This will be my first time on the ICS PC, and I am looking forward to the experience.

Last but certainly not least, SYSTOR 2010---The 3rd Annual Haifa Experimental Systems Conference, will be held once again in Haifa in May, 2010, and you should all come visit.

More later.

Syndicated 2009-11-17 19:38:28 from Muli Ben-Yehuda

SYSTOR 2009 Call for Participation

                   CALL FOR PARTICIPATION

    SYSTOR 2009---The Israeli Experimental Systems Conference
       http://www.haifa.il.ibm.com/conferences/systor2009/
                        4-6 May 2009
                        Haifa, Israel

Registration deadline: May 2nd

SYSTOR 2009, the Israeli Experimental Systems Conference, will be held
at IBM Haifa Labs, in Haifa, Israel. The conference program will run
over three days, combining the forefront of academic systems research
with real-world systems developed in industry. The goal of the
conference is to promote systems research and to foster stronger ties
between the Israeli and worldwide systems research communities and
industry. Conference proceedings will be published by ACM in the ACM
Digital Library.

There is a limited number of seats available on a
first-come-first-served basis upon registration at
http://www.haifa.ibm.com/conferences/systor2009/registration.shtml
(registration is free of charge). Lunch and refreshments will be
served on all three days courtesy of IBM Haifa Labs.

The first day of the conference will feature sessions on distributed
systems, concurrency, and power management. Marc Snir, University of
Illinois at Urbana Champaign, will give a keynote talk, and in the
afternoon a student poster session with sweet refreshments will be
held.

The second day will begin with the keynote "Towards Invisible Storage"
by Alain Azagury, Director, XIV Business Executive, IBM, and an
invited talk on "The Next Generation Data Center" by Michael Kagan,
Mellanox CTO. After the morning talks, there will be paper sessions
focusing on data de-duplication and storage issues. The day will end
with an optional social event in Caesarea.

The third day will conclude the conference with paper sessions on
virtualization and system optimizations, and a panel of well-known
systems researchers who will debate "What is Systems Research about
and is it Relevant?" The full program for all three days is available
on the conference website.

We look forward to seeing you at SYSTOR 2009!

SYSTOR Advisory Committee
    * Marc Auslander, IBM
    * Ken Birman, Cornell
    * Danny Dolev, HUJI
    * Julian Satran, IBM
    * Marc Snir, UIUC
    * Willy Zwaenepoel, EPFL

Program Chairs
    * Michael Factor, IBM
    * Dror Feitelson, HUJI

General Chair
    * Miriam Allalouf, IBM

Publicity Chair
    * Muli Ben Yehuda, IBM

Publication Chair
    * Gregory Chockler, IBM

Syndicated 2009-04-07 13:04:17 from Muli Ben-Yehuda

miscellany

I want to update this thing more often, but there's so much going on, the days filled with action and counter-action, that before I know it it's past midnight, and I have to wake up at 5 AM for a workout, and updating the blog is left on the TODO list for yet another day. Like, today.

So, content?

I've been a manager for a month and change now, managing the virtualization and systems architecture group at the lab. It's an interesting challenge (which is why I agreed to do it), often frustrating, occasionally exhilarating. To my surprise, the part I like most is dealing with human beings in their myriad forms. To my non-surprise, the part I like least is the bureaucracy, but I figured I'd wait a couple more months before I start tilting at wind-mills. I still write code (well, debug code, mostly) and conduct research, but it's no longer the most important part of my day.

On the research front, we had two papers accepted to ICAC 2009 (one full paper and one short paper/poster), both in the general area of treating virtual machines as black boxes and inferring useful things about them---performance bottlenecks and boot-time--via statistical analysis of their inputs and outputs. Another paper, on the DMA mapping problem in direct assignment, was not accepted to USENIX ATC to my disappointment, and we are now revising it while looking for a new home.

I am continuing to work out twice a week with a private trainer who is seriously kicking my butt. It's rare when I don't finish a workout on the brink of exhaustion, drenched in sweat. I *love* it. Twice a week is no longer enough---I crave the endorphin rushes and sore muscles---so I've also re-started going for long walks, and hitting the punching bag in the back-yard like I really mean it. The kilograms are coming off, too, an added bonus.

Last but not least, SYSTOR 2009 is coming up next month, with a great program combining academic research and real-world systems. See y'all there!

Syndicated 2009-04-04 21:14:13 from Muli Ben-Yehuda

It's 5:40 AM. I am is sitting in an empty room full of half-assembled furniture, waiting for the personal trainer to arrive and whip my ass into shape.

Syndicated 2009-01-28 03:52:03 from Muli Ben-Yehuda

There will be a half-day workshop at the Technion's EE department on Thursday afternoon on "Technology Transfer - from Academy to Industry" which looks mildly interesting. I am on nominally on vacation this week and flying to Italy that night, but perhaps I'll go anyway. Anyone else planning to go?

Syndicated 2008-12-23 21:21:41 from Muli Ben-Yehuda

Scalable I/O paper online

Our new paper is online: "Scalable I/O---A Well-Architected Way to Do Scalable, Secure and Virtualized I/O", by Julian Satran, Leah Shalev, Muli Ben-Yehuda, and Zorik Machulsky. This is an overview paper showcasing the main ideas underlying a system we've been working on on and off since 2004. It's not as detailed as I would've liked due to the space constraints, but hopefully it will be followed by more detailed papers. The slides I'll be presenting later today at WIOV '08 are also available and go into a bit more details in areas.

Today in both virtualized and non-virtualized systems the entire I/O functionality is based on device drivers. They are central to any system structure; both anecdotal and informed evidence indicates device drivers as a major source of trouble in the classical OS and a source of scaling and performance issues in virtual I/O, due to "trusted intermediary" required for the shared I/O. We propose an architecture which virtualizes the entire I/O subsystem rather than each I/O device, and provides device-independent I/O at higher level of abstraction than the traditional I/O interfaces. In our suggested architecture the system robustness is increased by isolating drivers; efficient and scalable virtualization becomes possible by a complete separation of the I/O and compute function and introducing a protection model that does not require a trusted intermediary for I/O.

Syndicated 2008-12-10 19:18:25 from Muli Ben-Yehuda

new IOMMU paper available

New online for your perusing pleasure: "Direct Device Assignment for Untrusted Fully-Virtualized Virtual Machines", by Ben-Ami Yassour, Muli Ben-Yehuda and Orit Wasserman, IBM Research Report H-0263.

This is a short paper describing and evaluating our work earlier this year on direct device assignment in KVM, using Intel's VT-d IOMMU. Not much new here if you've read our other IOMMU papers, but it does make two contributions. First, it's the best (and only) available description (IMHO) of KVM's direct device assignment code, and second it's yet another data point on the relative performance of device emulation vs. virtual I/O drivers vs. direct device assignment. As always, comments appreciated. The abstract follows.

The I/O interfaces between a host platform and a guest virtual machine take one of three forms: either the hypervisor provides the guest with emulation of hardware devices, or the hypervisor provides virtual I/O drivers, or the hypervisor assigns a selected subset of the host's real I/O devices directly to the guest. Each method has advantages and disadvantages, but letting VMs access devices directly has a number of particularly interesting benefits, such as not requiring any guest VM changes and in theory providing near-native performance.

In an effort to quantify the benefits of direct device access, we have implemented direct device assignment for untrusted, fully-virtualized virtual machines in the Linux/KVM environment using Intel's VT-d IOMMU. Our implementation required no guest OS changes and---unlike alternative I/O virtualization approaches---provided near native I/O performance. In particular, a quantitative comparison of network performance on a 1GbE network shows that with large-enough messages direct device access throughput is statistically indistinguishable from native, albeit with CPU utilization that is slightly higher.

Syndicated 2008-11-24 18:35:51 from Muli Ben-Yehuda

249 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!