We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Using SPDK with the Xen hypervisor

Formal Metadata

Title
Using SPDK with the Xen hypervisor
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
This talk will present our usage of SPDK, Storage Performance Development Kit, with the Xen hypervisor and discuss memory sharing mechanisms in hypervisors from a security and performance perspective. This talk will present our usage of SPDK, Storage Performance Development Kit, with the Xen hypervisor and discuss memory sharing mechanisms in hypervisors from a security and performance perspective. SPDK is a userspace NVMe driver allowing access to these types of storage devices with minimal overhead from the operating system. It allows you to maximize the performance usage of new storage technologies, as well as having faster development times of applications serving IO because of the easier development cycle of running in userspace. In our case, we use it as a storage backend for virtual machines where an SPDK application establishes a connection with virtual machines through shared memory. This sharing of memory, in a virtualized environment, gives access to the outside world to a virtual machine. In the case of Xen, the sharing mechanism, called Grant Table, uses the hypervisor as a trusted intermediary to allow sharing memory with another virtual machine. The backend doing device multiplexing only get access to areas explicitely permitted by the frontend. This permits the guest to not completely trust the storage provider software with complete access to private memory, but the extra security of this model doesn't come for free. We would like to discuss improvements that could be added that would still keep the security aims of the Grant Table mechanism while providing a high performance interface.