rust-vmm Building the Virtualization Stack of the Future Andreea - PowerPoint PPT Presentation

rust-vmm Building the Virtualization Stack of the Future Andreea Florescu <fandree@amazon.com>

- Open Source Enthusiast Who am I? - Software Development Engineer @ Amazon - Firecracker maintainer - rust-vmm contributor 2

VMM or Hypervisor? 3

Linux Virtualization Stack Virtual Virtual Virtual Virtual Virtual ... Machine Machine Machine Machine Machine VMM VMM VMM VMM VMM Hypervisor KVM Linux Kernel Host 4

What is rust-vmm? - Building blocks for VMMs written in Rust - Virtualization components (crates) - Open Source 5

Why rust-vmm? - Faster development for new custom VMMs - Security & Testability - Clean interface - Reduce code duplication (CrosVM & Firecracker) 6

Why rust-vmm? - Faster development for new custom VMMs - Security & Testability - Clean interface - Reduce code duplication (CrosVM & Firecracker) 7

Why rust-vmm? - Faster development for new custom VMMs - Security & Testability - Clean interface - Reduce code duplication (CrosVM & Firecracker) 8

Why rust-vmm? - Faster development for new custom VMMs - Security & Testability - Clean interface - Reduce code duplication (CrosVM & Firecracker) 9

Why rust-vmm? - Faster development for new custom VMMs - Security & Testability - Clean interface - Reduce code duplication (CrosVM & Firecracker) 10

rust-vmm development 11

Who is contributing? CrowdStrike Alibaba Cloud Google AWS Intel Cloudbase Solutions RedHat Individual Contributors 12

Adding crates to rust-vmm - CrosVM/Firecracker - Wrappers over the KVM API - Guest Memory - ... - Developing from scratch - vhost-user - ACPI - ... 13

Existing crates 14

vm-memory - Firecracker - Guest Address 15

vm-memory - Firecracker - Guest Address - Memory Region Start addr End addr (GuestAddress) (GuestAddress) Anonymous Shared Mem mem-region 16

vm-memory - Firecracker - Guest Address - Memory Region - Guest Memory Start addr End addr (GuestAddress) (GuestAddress) Anonymous Shared Mem mem-region mem-region mem-region mem-region mem-region Guest Memory 17

vm-memory - rust-vmm vm-memory - Firecracker - Guest Address - Trait Guest Address - Memory Region - Trait Memory Region - Guest Memory - Trait Guest Memory Start addr End addr Start addr End addr (GuestAddress) (GuestAddress) (GuestAddress) (GuestAddress) Anonymous/File Anonymous Shared Mem Shared Mem mem-region mem-region mem-region mem-region mem-region mem-region Guest Memory 18

New Usecases Supported with rust-vmm - Vhost-user - memfd based Guest Memory - memory hotplug - cross region reads from Guest Memory 19

kvm-ioctls - Line Coverage (79.3% -> 91.3%) - Documentation for public interface - Code Examples - Experimental aarch64 support 20

From idea to published crate Design Discussions Milestone 0 Empty Idea GitHub Issue Crate github/rust-vmm/community Milestone 1 Design Pull Requests Crate in Dev Continuous Integration Milestone 2 Crate in License Dev Publish Documentation crates.io Tests 21

Current Status Milestone 0 vmm-vcpu linux-loader vm-virtio Empty Crate vhost vm-device Milestone 1 vm-memory Crate in Dev Milestone 2 kvm-bindings kvm-ioctls Publish crates.io 22

Demo Time 23

Fake Demo Time 24

containers-vmm VMM API 25

containers-vmm rust-vmm components acpi kvm-ioctls virtio-fs kernel-loader vm-virtio vm-memory block net VMM API vsock serial cpuid rate-limiter 26

containers-vmm rust-vmm components acpi kvm-ioctls virtio-fs kernel-loader vm-virtio vm-memory block net VMM API vsock serial cpuid rate-limiter 27

containers-vmm rust-vmm components acpi kvm-ioctls virtio-fs kernel-loader vm-virtio vm-memory block net VMM API vsock serial cpuid rate-limiter 28

containers-vmm rust-vmm components acpi kvm-ioctls VMM Glue virtio-fs kernel-loader vm-virtio vm-memory block net VMM API vsock serial cpuid rate-limiter 29

Does the world need more VMMs? 30

rust-vmm powering: Now: - Firecracker Future: - CrosVM - QEMU - 31

Open Questions - Test integration of crates - Create a reference VMM implementation - Same version for all crates? - Security Testing - Fuzzing 32

What’s next? - Hypervisor-agnostic crates - Using rust-vmm crates in existing VMMs - Purpose-built VMM for container workloads 33

What’s next? - Hypervisor-agnostic crates - Using rust-vmm crates in existing VMMs - Purpose-built VMM for container workloads Come decide with us! 34

Be part of rust-vmm! - Become a member of rust-vmm on GitHub - Subscribe to the rust-vmm email list - Want feedback on your work? Submit a review request! 35