Understanding VFIO and UIO user space driver frameworkStatus: Available Now
VFIO and UIO are Linux kernel frameworks that securely provide direct device access to userspace. This presentation will provide attendees with an overview of VFIO and UIO work. In addition, developers will learn how PCI devices are exported to userspace and how applications like QEMU use devices in virtual machines (VMs).
Topics covered include:
- How virtualization uses VFIO to assign physical devices to VMs
- How VFIO decomposes devices as a set of userspace APIs and applications like QEMU
- How devices create, a programming interface made up of I/O access, interrupts, and DMA and IOMMU.
- Discuss supported features such as interrupts/MSIx, DMA, IOMMU, and limitations of UIO with VFIO.
Linux Kernel Security - Inside the Linux Security Modules (LSMs) (2020)Status: Available Now
The Linux Security Module (LSM) framework provides a mechanism for various security checks to be hooked by new kernel extensions.
The primary users of the LSM interface are Mandatory Access Control (MAC) extensions which provide a comprehensive security policy. Examples include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger MAC extensions, other extensions can be built using the LSM to provide specific changes to system operation when these tweaks are not available in the core functionality of Linux itself.
The topic deep dives into the
- Understanding LSMs,
- Types of LSMs,
- Architecture of LSM,
- The various hooks and the functionality provided by these hooks