LC3 notes(LC3回顾)
Join the LC3 China last week. Some topics seem very interesting.
Secure container
Secure Containers with EPT Isolation(Huawei, Intel) build the containers with EPT page table protection. EPT is a memory virtualization technology used in kvm and xen by default. It could deployed in vm in the cloud compare with the kvm-based ontainers(Intel: Clear Container or Huawei vm-based containers).
Chunyan Liu From Huawei show that how to prevent the attack by namespace-alike memory isolation:
nvme performance optimization
Coly Li from suse work on ssd/nvm optimization. He Explain the bottleneck for the Global I/O barrier and show the performance improvement after Hash Bucket Barriers and Lockless I/O barrier merged[3].
The final performance comparision are as follows notes:
- There is race condition in 4.4. The performance is higher but useless.
- Hash bucket barrier lead to a little downgrade of performance because more conflict are encountered. After apply the lockless I/O barrier, the performance is a little bit improvement.
libos and unikernel
There are two relative topics about libos. The first one from vmware who work on Linux libos. It seems similar with the work from Hajime Tazaki tazaki@sfc.wide.ad.jp. The other one is port unikernel to aarch64 in uKVM. I think unikernel could potentially get performance improvement for single process application if unikernel could provide all the dependency for apps. It seems that the only use-casse is network based application. Compare with unikernel, running a ‘full functional’ Linux as base of libos seems resolve the port effort for the dependency of apps, because the software on Linux do not need modify(only need to statically linked).
Other topics from our department besides secure container
- The New Container Engine from the New Containerd [E] - Qiang Huang, Huawei.
- Introduction to OCI Image Technologies Serving Container [C] - Keyang Xie & Jitang Lei, Huawei. introduction, slide.
- Obstacles & Solutions for Livepatch Support on Arm64 Architecture [C] - Bin Li, Huawei.
- Make Accelerator Pluggable for Container Engine [C] - Jiuyue Ma, Huawei, introduction, slide.
Reference: The slide of LC3 China