FPGAVirt: A Novel Virtualization Framework for FPGAs in the Cloud Joel Mandebi Mbongue, Festus Hategekimana, Danielle Tchuinkou Kwadjo, David Andrews, and Christophe Bobda Computer Science and Computer Engineering Department University of Arkansas, Fayetteville, Arkansas Email: {jmmandeb, fhategek, dtchuink, dandrews, cbobda}@uark.edu Abstract—Field-Programmable Gate Arrays (FPGAs) are becoming important components within commercially available cloud computing systems. However, the FPGAs are not yet sufficiently abstracted within existing software ecosystems. Contrary to how applications are transparently scheduled across general purpose processors, software processes need to explicitly provision and control communications with hardware circuits within the FPGAs. In this paper, we introduce a novel virtualization framework called FPGAVirt that lever- ages Virtio to implement an efficient communication scheme between virtual machines and the FPGAs. FPGAVirt avoids the overhead of context switches between virtual machine and host address spaces by using the in-kernel network stack for transferring packets to FPGAs. Experimental results show FPGAVirt can deliver an additional 2× to 35× performance increase compared to current state of the art virtualization approaches. Keywords-Cloud; Virtualization; FPGA; Overlay; Virtio- Vsock I. I NTRODUCTION Field-Programmable Gate Arrays (FPGA) are gaining interest in general purpose computing systems due to their ability to serve as energy efficient domain customizable accelerators [1]. Amazon is now exposing FPGAs to ap- plication developers in their cloud based EC2 F1 instances. Baidu is providing the same type of FPGA services within their cloud infrastructure [2]. While these systems introduce application programmers to the energy and performance benefits of FPGAs, additional research is required to trans- parently manage the FPGA within the virtual machine software stacks that run in todays cloud based systems. Specifically, to achieve this capability new approaches are needed to address the following challenges: (i) Abstraction: FPGAs must be seen by the cloud management system as a resource that can be requested, assigned and deallocated. (ii) Sharing: while the programming model used in general purpose processors allows sharing execution time intervals between VMs’ processes, the operation model of FPGAs imposes a restriction: VMs must be able to access and program specific regions of the FPGA. (iii) Isolation: each VM should execute in an environment totally isolated from other ones. Moreover, the whole cloud infrastructure must be protected from malicious applications that users could introduce. Allowing tenants to program FPGAs in the cloud therefore requires the adoption of security mechanisms to prevent hardware tasks from accessing or tampering re- sources not belonging to their domain. (iv) Availability: in practice, it ensures that data and services are available as much as possible. In the context of provisioning FPGAs, architectural supports should be provided to make sure that users would always access their hardware designs. The contribution of this paper are: (1) A hard- ware/software co-design framework that allows VMs to ac- cess virtualized FPGAs. (2) An overlay dividing the physical FPGA into virtual functions. The overlay provides isolation to hardware tasks using hardware sandboxes (HWSB) [3], and employs configurable communication channels. The latter allows the dynamic allocation of additional resources to users. II. RELATED WORK Recent work focusing on FPGAs in the cloud such as [4], [5], and [6] propose virtualization frameworks. [4] presents a virtual FPGA model that does not allow users to program FPGAs with their own designs, rather it relies on precom- piled hardware accelerators. Moreover, no communication link is enabled between hardware tasks mapped on virtual FPGAs belonging to the same user. Consequently, data will therefore be copied back and forth through the VM address space. Finally, the employed FPGA virtualization mecha- nism imposes either a modification of the host operating sys- tem (HOS), or high overhead due to the address translation between VM and Host address spaces. As opposed to [4], [5] introduces an approach where users access FPGA resources over a network and deploy their hardware designs. It divides a single physical FPGA into virtual FPGAs. Similarly to [4], [5] does not enable communication channels among virtual FPGAs. This restriction prevents user from expanding their designs as the size of virtual FPGAs is fixed. Furthermore, no support protects the whole infrastructure from hardware malicious applications that could either access or modify the content of other applications, and eventually attack the cloud infrastructure. The work presented in [6] also suffers from the same limitations observed in [5]. In response to these shortcomings, we design a model in which FPGA’s regions allocated to VMs can communicate, and only access resources belonging to their domain. Virtualization tech- niques can be categorized as software-based approaches and hardware-based ones. Emulation and paravirtualization 862 2018 IEEE 11th International Conference on Cloud Computing 2159-6190/18/$31.00 ©2018 IEEE DOI 10.1109/CLOUD.2018.00122