Loading…
KVM Forum 2019 has ended
October 31 - November 1
Lyon Convention Centre - Lyon, France
More information for KVM Forum 2019

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, October 30
 

11:30 CET

Core-Scheduling for Virtualization: Where are We? (If We Want It!) - Dario Faggioli, SUSE*
Clever scheduling of virtual CPUs on Symmetric MultiThreaded systems for, among other things, making highly impractical side-channel attacks even more unpractical, is no new idea. Unfortunately, via exploiting L1TF and MDS vulnerabilities in Intel CPUs, impractical is becoming practical!

But, instead than disabling SMT, we can avoid that VM share cores. This is called core-scheduling, and implementing it requires quite some scheduler changes. Nevertheless, work toward that is being done for both KVM and Xen (and other hypervisors have it already).

After an overview of L1TF and MDS, we will see how core-scheduling may help and why it is so tricky to implement (although in different ways) for both KVM and Xen.

We will show numbers from performance evaluation of the currently available implementations. In fact, all this only matters if performance are better than turning SMT off.

Speakers
avatar for Dario Faggioli

Dario Faggioli

Virtualization Software Engineer, SUSE
Dario is a Virtualization Software Engineer at SUSE. He's been active in the Open Source virtualization space for a few years. Initially, he worked only on Xen-Project, and he is still the maintainer of the Xen hypervisor scheduler. Back during his Ph.D., he worked on real-time scheduling... Read More →



Wednesday October 30, 2019 11:30 - 12:05 CET
Pasteur Auditorium
  OSS - KVM Forum Track
  • Session Slides Included YES

12:20 CET

The Hype Around the RISC-V Hypervisor - Alistair Francis & Anup Patel, Western Digital*
RISC-V (pronounced "risk-five") is an Instruction Set Architecture (ISA) that's available under open, free and non-restrictive licences. It is a clean and modular ISA where new features are added as optional extensions. The RISC-V hypervisor extension provides virtualisation capabilities to a RISC-V CPU and it is designed considering both Type-1 and Type-2 hypervisors. In this talk Alistair and Anup will explain the RISC-V Hypervisor extension, discuss how it was implemented in QEMU and talk about the RISC-V implementation of KVM.

Alistair will talk about the current state of the RISC-V Hypervisor Extensions in QEMU. This will include details about the implementation and design choices that were made. He will discuss what we currently have upstream and how this compares to the latest and proposed future specification versions. This will include all known limitations and proposed future work in the QEMU implementation. He will also talk about current out of tree work that is not yet ready to be submitted upstream and discuss how this can be upstreamed.

Anup will then explain KVM RISC-V internals and the road ahead for KVM RISC-V. Anup will also show a demo of KVM RISC-V using using KVMTOOL.

Speakers
AF

Alistair Francis

Technologist, Western Digital
I am a member of Western Digital's Open Source RISC-V research team. I contribute to and maintain a range of different software projects, from low level operating systems to high level system applications. I am tasked with developing and maintaining the QEMU software emulation platform... Read More →
AP

Anup Patel

Technologist, Western Digital
I am an open-source enthusiast with primary interest in hypervisors and Linux kernel. I work for Western Digital System Software Research group where we do lot of open-source contributions to help RISC-V ecosystem.



Wednesday October 30, 2019 12:20 - 12:55 CET
Pasteur Auditorium
  OSS - KVM Forum Track
  • Session Slides Included YES

14:25 CET

VirtIO without the Virt - Towards Implementations in Hardware - Michael Tsirkin, Red Hat
VirtIO was designed to standardize hypervisor interfaces for virtual machines - but we are beginning to see the emergence of Virtio hardware. This talk will answer the questions: why does this make sense, what works and what are the issues hardware implementations of virtio have to overcome?
Topics to be covered:

- What is the difference between hardware virtio devices and virtio data path accelerators?
- What are the minimal requirements of virtio in hardware?
- How can we handle compatibility, including hardware bugs and limitations?
- How to make live migration work? What about overcommit?
- Which changes included in the recent virtio specification help design hardware virtio devices?
- Which known issues remain and how does the Virtio committee plat to address them?
- Why design Virtio in hardware? Are there alternatives?
- Why get involved with the Virtio specification process?

Speakers
MS

Michael S. Tsirkin

Distinguished Engineer, Red Hat Inc
Michael has been with Red Hat for more than 10 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and... Read More →



Wednesday October 30, 2019 14:25 - 15:00 CET
Pasteur Auditorium
  OSS - KVM Forum Track
  • Session Slides Included YES

15:15 CET

Storage Performance Review for Hypervisors - Felipe Franciosi, Nutanix
With the advent of fast storage technologies like NVMe and 3DXP, hypervisors are facing unprecedented challenges. The added software overhead involved in access validations, general data movement and notification between domains is more noticeable than ever. It affects all sorts of performance dimensions including bandwidth, IOPS and latency, most of which have been vastly hidden by the slow nature of devices until recently.

This talk is divided in two parts. Firstly, we will focus on storage performance evaluation and benchmarks, showing how these translate to virtualisation. Secondly, we will dive into hypervisors based on KVM and Xen to compare how they work and discuss how they can deliver the best end user experience in terms of performance and efficiency.

Speakers
avatar for Felipe Franciosi

Felipe Franciosi

Senior Staff Software Engineer, Nutanix
Felipe is a Senior Staff Software Engineer working for Nutanix since 2015, more specifically leading the engineering efforts of the Acropolis Hypervisor (AHV). He brings nearly 20 years of expertise in storage performance and virtualisation. This includes four years at Citrix working... Read More →



Wednesday October 30, 2019 15:15 - 15:50 CET
Pasteur Auditorium
  OSS - KVM Forum Track
  • Session Slides Included YES

16:15 CET

KVMstat and Beyond - Past, Present and Future of Performance Monitoring - Christian Bornträger, IBM
When it comes to performance monitoring KVM provides sophisticated tools to deep dive into specific aspects. For example kvm_stat or perf allow to analyse the exits from guest mode. On the other hand getting a system level view or having permanent monitoring and analytics is only available for the process view, e.g. with tools like sysstat. Other hypervisors offer a much better out of the box experience.
This talk is about extending the tooling for kvm stats to better integrate into the bigger picture.

Speakers
avatar for Christian Borntraeger

Christian Borntraeger

CPO Linux on IBM Z Development, IBM



Wednesday October 30, 2019 16:15 - 16:50 CET
Pasteur Auditorium
  OSS - KVM Forum Track
  • Session Slides Included YES
 
Thursday, October 31
 

09:00 CET

Keynote: KVM Status Report - Christian Borntraeger, CPO Linux on IBM Z Development, IBM
Speakers
avatar for Christian Borntraeger

Christian Borntraeger

CPO Linux on IBM Z Development, IBM



Thursday October 31, 2019 09:00 - 09:15 CET
Forum 3
  Keynote
  • Session Slides Included YES

09:15 CET

Keynote: QEMU Status Report - Paolo Bonzini, Sr. Principal Software Engineer, Red Hat, Inc.
Speakers
avatar for Paolo Bonzini

Paolo Bonzini

Distinguished Engineer, Red Hat, Inc.
Paolo is a long-time KVM contributor and co-maintainer; he also co-maintains some subsystems in QEMU. He works at Red Hat.



Thursday October 31, 2019 09:15 - 09:30 CET
Forum 3
  Keynote
  • Session Slides Included YES

10:00 CET

Firecracker: Lessons from the Trenches - Andreea Florescu & Alexandra Iordache, Amazon
Firecracker is an open source VMM written in Rust, leveraging KVM to provide isolation for multi-tenant, serverless workloads like containers and functions. It is currently used in production by AWS Lambda and AWS Fargate.

Each Firecracker process has a low memory overhead, it boots virtual machines in as little as 125 milliseconds and oversubscribes host resources in order to pack thousands of microVMs on a single host. But in a multi-tenant environment, the most important requirement is properly enforcing the security isolation of workloads.

In this talk we will go over the design decisions we took when building Firecracker, showcasing the advantages as well as the limitations of this VMM. What does it take to run Firecracker at scale? Are Rust’s builtin protection mechanisms enough to ensure smooth sailing in production? Come and find out!

Speakers
avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →
avatar for Alexandra Iordache

Alexandra Iordache

Software Development Engineer, Amazon
Alexandra is a software development engineer at AWS and one of the maintainers of the Firecracker project. Her work is centered on the Firecracker virtual machine monitor.



Thursday October 31, 2019 10:00 - 10:30 CET
Forum 3
  KVM Forum Track 1
  • Session Slides Included YES

11:00 CET

ZERO: Next Generation Virtualization Platform for Huawei Cloud - Jinsong Liu & Zhichao Huang, Huawei
Virtualization technologies build the infrastructure of cloud computing. However, with more and more VMs and workloads running on cloud, traditional virtualization technologies exposed some weakness under cloud environment, i.e., virtualization overhead, performance fluctuation, and higher cost overhead, etc. ZERO is Huawei’s next generation virtualization platform – targeted achieving 4 '0's: '0' reserved for CPU, '0' reserved for memory, ‘0’virtualization overhead, and ’0’ performance fluctuations. By designing ZERO virtualization chip, ZERO System offloads overhead to ZERO chip&card, including all network I/O, all storage I/O, and all cloud control plane. By designing split-hypervisor, ZERO leaves a very small and silent hypervisor at X86/ARM server, therefor improving overall resource utilization and performance. Currently ZERO1.0 has been launched on Huawei Cloud, supporting both VM and bare metal instances, and supports both X86 and ARM server.

Speakers
ZH

Zhichao Huang

Senior Software Engineer, Huawei
Zhichao Huang is a senior software engineer from Huawei. He has 12 years working experience on Linux/Virtualization.



Thursday October 31, 2019 11:00 - 11:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

11:00 CET

Managing Matryoshkas: Testing Nested Guests - Marc Hartmayer, IBM
The nested virtualization functionality is one of the key functionalities of modern hypervisors. Yet, one central quest is to find an adequate way to write functional tests that check and verify the entire "KVM/QEMU/libvirt" stack in each level of (nested) guest. How can each guest level be supervised, managed, tested without introducing high complexity and without writing duplicated code in each guest level?

In this presentation, Marc Hartmayer will discuss existing test approaches and present an alternative approach by using "self-replicating programs" in combination with the technique of remote proxy objects. Moreover, he will show a demo for a test case in which the pass-through functionality of a device will be tested up to the Nth level. Lastly, he'll give an outlook on how this approach could be integrated into existing frameworks like Avocado and what else could be done.

Speakers
MH

Marc Hartmayer

Software Engineer, IBM R&D
Marc Hartmayer is a software engineer working at IBM Germany. The main project he works on is libvirt.


slides pdf

Thursday October 31, 2019 11:00 - 11:30 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

11:30 CET

How KVM-based Hybrid Deployment Powers Bytedance’s Biggest Day Ever - Lu Ye & Zhenwei Pi, Bytedance
During the Spring Festival Gala, the instantaneous traffic is several hundred times that of normal, and the burst traffic during the activity greatly exceeds the current capacity of the IDCs. At the same time, to ensure the QoS of the mixed deployment online services, the isolation level of various resources is very high in every aspect, not limited to page cache, cpu scheduling capability, memory bandwidth, etc. In this session, Ye Lu & Zhenwei will introduce how the decision KVM-based Hybrid deployment solution is made, the performance optimization at the landing, and the system monitoring after virtualization, such as more accurate network analysis tools to distinguish app backend error, physical network outage, virtualized network failure. The solution help services go through the traffic peaks and improve the overall resource utilization of the IDCs.

Speakers
ZP

Zhenwei Pi

Bytedance
Zhenwei Pi is working as a cloud computing engineer in ByteDance. He is responsible for the IaaS architecture of ByteDance’s production environment, including private cloud and edge computing cloud.
YL

Ye Lu

Cloud Computing Enginneer, Bytedance
Yelu is working as a cloud computing engineer in ByteDance, which has more than 600 millions active users and hundreds of thousands of servers all over the world. She is responsible for the IaaS architecture of ByteDance’s production environment, including private cloud and edge... Read More →



Thursday October 31, 2019 11:30 - 12:00 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

11:30 CET

Nesting&testing - Vitaly Kuznetsov, Red Hat
Nested virtualization on x86 is finally becoming a thing: lots of work has been
done recently to eliminate bugs and make it faster. Testing, however, remains
a challenge and regressions even for KVM-on-KVM are, unfortunately, not
uncommon. Adding third party hypervisors (Hyper-V, VMware,...) and different
types of L2 guests to the picture also doesn't make it any simpler.

The talk will try to cover the existing KVM testing frameworks: kvm-unit-tests
and selftests, what these frameworks test and what they don't, the gaps we have
between VMX and SVM. Possible improvements and additional testing approaches
will be suggested. Overall, this is going to be an open discussion on how we
can test nested virtualization better.

Speakers
avatar for Vitaly Kuznetsov

Vitaly Kuznetsov

Principal Software Engineer, Red Hat
Vitaly works at Virtualization Engineering team at Red Hat focusing on KVM development as well as making Linux the best guest for other hypervisors. He frequently presents at FOSDEM, KVM Forum, DevConf and other technical conferences.



Thursday October 31, 2019 11:30 - 12:00 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

12:00 CET

Seamless Cloud System Upgrade with VMM Fast Restart - Jason Zeng, Intel
Frequent updates (software and firmware) become a major pain point to Cloud Service Providers. There have been some approaches to address this, for example hot patching, live migration, etc., but there still have some limitations for each of them. VMM fast restart tries to propose an alternative solution, which leverages kexec-based fast rebooting of host machine while keeping VM states in memory across reboot, to achieve short service downtime, high success rate and low management overhead.

This talk will introduce the technical approaches, current status of development, and future plans of VMM fast restart. Related challenges will also be described in this talk.

Speakers
JZ

Jason Zeng

Software Engineer, Intel Coporation
Jason Zeng is a software engineer from Intel virtualization team, focusing on various KVM/virtualization features and projects. Currently he is working on VMM Fast Restart project which aims to provide a solution for fast upgrading and rebooting VMM/host kernel while impose less impact... Read More →



Thursday October 31, 2019 12:00 - 12:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

12:00 CET

Moving s390 Kvm-unit-tests up the Stack - Janosch Frank, IBM R&D Germany
Tests from the KVM unit tests framework have been traditionally run on only one hypervisor...KVM. But having a clean and tiny test framework has been so invaluable, we started porting it to all s390 hypervisors that are out there.

This allowed new users like hardware and firmware to use it and with the advent of Protected Virtualization became an important part of software and hardware verification.

This talk concentrates on how we used KVM unit tests in the past, how we're using it right now and what lies in the future for s390 (and maybe also other platforms).

Cross and stacked hypervisor testing to the rescue!




Speakers
JF

Janosch Frank

Software Engineer, IBM
Janosch Frank is a software engineer at IBM Germany and a s390 co-maintainer for KVM. He works on guest memory management, Protected Virtualization and KVM testing.



Thursday October 31, 2019 12:00 - 12:30 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

13:45 CET

Pushing Device Emulation into the Guest - Alexander Graf, AWS
Ever since KVM was created, the tenant split has always been very clear: KVM inside the Linux kernel provides an abstraction layer for CPU and close-to-CPU hardware, guests run as if they were on real hardware and user space (QEMU usually) emulates real world hardware.

It's about time we start to reconsider that split though. With spectre mitigations in place, exiting guest context suddenly becomes much more expensive than before. From a general security point of view we ideally want to run as little code as we can in host context. Also, with device assignment becoming commodity, maybe we can build faster virtual devices if we think out of the box.

In this presentation I will introduce a prototype I've been working on that implements legacy device emulation inside guest firmware and explain all the security as well as tenant split benefits that brings.

Speakers
AG

Alexander Graf

Principal Software Engineer, Amazon
Alexander joined Amazon just this year. In his previous life he worked on fancy things like SUSE Studio, QEMU, KVM, openSUSE and SLES on ARM and U-Boot. Whenever something really useful comes to his mind, he tends to implement it. Among others he did Mac OS X virtualization using... Read More →



Thursday October 31, 2019 13:45 - 14:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

13:45 CET

virtio-fs: A Shared File System for Virtual Machines - Stefan Hajnoczi, Red Hat
virtio-fs is a new shared file system for virtual machines. Unlike previous approaches, it is designed to take advantage of the co-location of virtual machines and the hypervisor to achieve local file system semantics and performance. This talk covers the status of virtio-fs, its key features, and use cases.

Amongst its features, the ability to share the host page cache with the guest is unique and not available in other shared file systems. This leads to interesting applications, including local file system mmap MAP_SHARED semantics, memory footprint reduction, and efficient page cache sharing between guests.

This talk also covers metadata coherence and the shared memory version table that is being developed to achieve this. The table allows guests accessing the same files and directories to have a consistent view even when other guests make changes to the file system.

Speakers
avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan has been active in QEMU since 2010 and is a Senior Principal Software Engineer in Red Hat's virtualization team with a focus on storage. He works on virtio drivers in Linux and helps maintain the block layer and tracing in QEMU. He also organizes and mentors in the Google Summer... Read More →



Thursday October 31, 2019 13:45 - 14:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

14:15 CET

KVM Address Space Isolation - Alexandre Chartre & Liran Alon, Oracle
Recent vulnerabilities like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS) have shown that the cpu hyper-threading architecture is prone to leaking data with speculative execution attacks.

With KVM, a guest VM can use speculative execution attacks to leak data from the sibling hyper-thread, thus potentially accessing data from the host kernel, from the hypervisor or from another VM.

Kernel Address Space Isolation is a project aims to use address spaces to isolate some parts of the kernel to prevent leaking sensitive data. If KVM can be run in an address space containing no sensitive data, and separated from the full kernel address space, then KVM would be immune from leaking secrets.

A first proposal to implement KVM Address Space Isolation and early discussions are available here: https://lkml.org/lkml/2019/5/13/515

Speakers
avatar for Liran Alon

Liran Alon

Virtualization Architect, Oracle
Liran Alon is the Virtualization Architect of OCI Israel (Oracle Cloud Infrastructure). He is involved and lead projects in multiple areas of the company's public cloud offering such as Compute, Networking and Virtualization. In addition, Liran is a very active KVM contributor (mostly... Read More →
AC

Alexandre Chartre

Consulting Developer, Oracle
Alexandre Chartre is a Consulting Developer in the Linux and Virtualization engineering team at Oracle. Lately, he has been focusing on security issues on Linux, in particular on Spectre and Meltdown issues (and all variants and derivatives) and their impact on virtualization and... Read More →



Thursday October 31, 2019 14:15 - 14:45 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

14:15 CET

SPDK Vhost FUSE Target to Accelerate File Access in VMs and Containers - Changpeng Liu & Xiaodong Liu, Intel
Virtio-fs(https://virtio-fs.gitlab.io/) is proposed recently to provide file system sharing for lightweight VMs and containers workloads, where shared volumes are a requirement.

In this presentation, we propose an SPDK(Storage Performance Development Kit, https://spdk.io) userspace vhost-user-fs solution, which can be used together with QEMU/Kata Container to accelerate virtio-fs. Virtio-fs uses FUSE instead of 9P for communication. We will present this solution in details including the utilization of techniques such as virtio-fs, blobfs (SPDK file system) and the significant performance gain achieved. Blobfs can be built on abstract block device layer in SPDK, which can access local or remote storage services via iSCSI/NVMe/NVMeoF protocols in userspace. Relying on this solution, we are going to build a fast, consistent and secure manner to share directory tree on host to guests.

Speakers
avatar for Xiaodong Liu

Xiaodong Liu

Senior Cloud Engineer, Intel
Xiaodong Liu is a senior cloud engineer at Intel, working on storage related areas like Storage Performance Development Kit (SPDK) and Intel Intelligent acceleration Library (ISA-L). He focuses on acceleration, protocols and innovations among virtualization, cloud native storage and... Read More →



Thursday October 31, 2019 14:15 - 14:45 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

14:45 CET

Virtualization Based Hardening: Securing Container Workloads and Beyond - Jun Nakajima, Intel & Andrei Lutas, Bitdefender
One concern of container workloads has always been the limited process isolation provided by the hosting OS. With Virtualization Based Hardening (VBH), a new set of security policies can be enforced by an open source thin-layer hypervisor, which can prevent compromised containers from tampering the OS kernel or other containers, through a set of memory exploit and attack techniques. Intel, together with Bitdefender, worked on several memory introspection use-cases designed to defend container workloads against zero day binary exploits. We will review a few CVEs as examples.

In addition, the set of APIs exposed by the HV is intended to assist anyone in implementing hardening modules for containers. The solution can be used for other scenarios, such as debugging. We also present a tool for kernel developers which can help in some uncommon tasks such as finding self-modified kernel code.

Speakers
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corp.
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Jun presented a number of times at technical conferences, including KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX. He has... Read More →
AL

Andrei Lutas

Senior Team Lead, Bitdefender SRL
Andrei joined Bitdefender in October 2008, as a junior virus researcher. Initial responsibilities included reverse engineering of malicious samples, adding signatures for malicious files, developing disinfection routines and developing code-similarity methods and systems. He joined... Read More →



Thursday October 31, 2019 14:45 - 15:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

14:45 CET

virtio-vsock in QEMU, Firecracker and Linux: Status, Performance and Challenges - Andra Paraschiv, Amazon Web Services & Stefano Garzarella, Red Hat
The virtio-vsock device provides a zero-configuration communication
channel between guest agents and hypervisor services independent of the
guest network configuration. QEMU and the Linux kernel have virtio-vsock
vhost support. Firecracker is a new open source Virtual Machine Monitor
(VMM) that makes use of KVM and includes support for virtio-vsock.

Andra will give an intro on the state of the art of virtio-vsock and its
use cases. She will then present multiple proposed options for
communication channels between a virtual machine and the host or between
virtual machines using Firecracker. These options include the vhost
backend as well as UNIX domain sockets. She will share performance
metrics with regard to the discussed alternatives.

Stefano will describe the latest performance improvements within the
Linux kernel and QEMU. He will also give an overview of tools that
recently added vsock support (e.g. wireshark, tcpdump, iproute2-ss,
ncat). Finally, he will present the next challenges that will be faced
to improve virtio-vsock, such as support for nested VMs and network
namespaces.

Speakers
avatar for Stefano Garzarella

Stefano Garzarella

Senior Software Engineer, Red Hat
Stefano is a Senior Software Engineer at Red Hat. He is working on virtualization and networking topics in QEMU and Linux kernel. He is a co-maintainer of Linux's virtio-vsock. Current projects cover virtio-vsock, QEMU network and storage, and lightweight VMs.
avatar for Andra Paraschiv

Andra Paraschiv

Software Development Engineer, Amazon Web Services
Andra is a Software Development Engineer at Amazon Development Center, Romania, Bucharest, part of Amazon Web Services (AWS). She has been working on the virtualization stack of EC2, both on Xen and Nitro hypervisors. Before AWS, she was a Software Engineer at Intel, focusing on research... Read More →



Thursday October 31, 2019 14:45 - 15:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

15:45 CET

Virtio Device Fuzzing - Dmitrii Stepanov, Yandex
For the cloud providers it is important to keep private user data secure. One way to achieve it is to fuzz the interfaces available to the guest, to find new vulnerabilities and ways of exploitation. One of such surface is the emulated devices used by the guest machines.

We present the approach to fuzz virtio devices based on AFL to find a bugs. We evaluate this approach by
fuzzing the virtio devices in SPDK and QEMU. Find several crashes, hangs and filed new CVE (CVE-2019-9547). Also to make the approach useful for our Cloud production case, we integrate it with the CI for each release.

Speakers
avatar for Dmitrii Stepanov

Dmitrii Stepanov

Software Engineer, Yandex
10+ years of system-level development: gdb, gcc, linux, rtos. Right now i'm working on the Yandex Cloud project (https://cloud.yandex.com/), as part of the Kernel-Hypervisor team. My ongoing projects are: - virtio-blk device optimization, stability and security - host security (from... Read More →



Thursday October 31, 2019 15:45 - 16:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

16:15 CET

Protected Virtual Machines for s390x - Claudio Imbrenda, IBM
Traditionally, system administrators have been able to access all data on a running system, including memory belonging to Virtual Machines (VMs). Bugs in the hypervisor have also allowed cross-VM attacks.

A new upcoming feature for the s390x architecture will prevent those security issues, allowing VM guests to be protected from a broken or malicious hypervisor, without using memory encryption, while at the same time requiring a minimum amount of changes in the guest.

This presentation will introduce the technology, the architectural extensions, the unique features, and how KVM and Qemu have been adapted to exploit it. The presentation will also cover the typical lifecycle of host and guest, including interactions with the firmware.

Speakers
avatar for Claudio Imbrenda

Claudio Imbrenda

Developer, IBM
KVM and Qemu developer on s390x for IBM.



Thursday October 31, 2019 16:15 - 16:45 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

16:15 CET

Reworking the Inter-VM Shared Memory Device - Jan Kiszka, Siemens AG
The ivshmem device is a simple way to interconnect a number of VMs and let them exchange data and events without much hypervisor involvement. In fact, this is a common pattern in many hypervisor, specifically in embedded. But our current design has a number of shortcomings, primarily around life-cycle management. And it has always been a stepchild, lacking even an upstream kernel driver.

This talk will present our effort to improve ivshmem. The new design gained essential missing features as well as a number of nice add-ons like uni-directional memory regions or optimized UIO interrupt handling. And it has been written to be applicable on QEMU as well as other hypervisors, e.g. Jailhouse.

The talk will furthermore present a prototype that stacks virtio over an ivshmem link, providing a lightweight backend-frontend channel that does not require virtio awareness in the hypervisor.

Speakers
JK

Jan Kiszka

Senior Key Expert, Siemens
Jan Kiszka is working as consultant, open source evangelist and senior software engineer in the Competence Center for Embedded Linux at Siemens Corporate Technology. He is supporting Siemens division and subsidiaries with adapting and enhancing open source as platform for their products... Read More →



Thursday October 31, 2019 16:15 - 16:45 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

16:45 CET

Improving and Expanding SEV Support - Thomas Lendacky, AMD
AMD continues to improve and expand the support for SEV in the kernel/hypervisor. This talk will focus on the current development activities around SEV, such as eliminating memory pinning, live migration and SEV-ES.

Speakers
TL

Thomas Lendacky

PMTS Software Engineer, AMD
Tom Lendacky is a member of the Linux OS group at Advanced Micro Devices. He is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support to enable SEV-ES (Secure Encrypted Virtualization - Encrypted... Read More →



Thursday October 31, 2019 16:45 - 17:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

16:45 CET

Making the Most of NBD - Eric Blake & Richard Jones, Red Hat
The Network Block Device (NBD) protocol dates back to Linux 2.1.55 in April 1997, pre-dating iSCSI as a means for block device access of remote storage. However, in more recent years, the protocol has seen a revival as virtualization scenarios have used and extended its features for a variety of tasks.

This talk will cover recent developments: new commands (WRITE_ZEROES, BLOCK_STATUS, RESIZE), encryption support (X.509 certificates, TLS PSK), multi-connection throughput enhancement, underlying protocol improvements (structured replies, 64-bit requests), and standardization efforts for a common URI naming representation.

Richard Jones and Eric Blake will also discuss performance improvements, and userspace libraries for easier integration of the NBD protocol into other projects (nbdkit, libnbd). A demonstration of some interesting nbdkit plugins and filters will tie it all together.

Speakers
RW

Richard W.M. Jones

Senior Principal Software Engineer, Red Hat
Richard Jones works at Red Hat. He works on virtualization, importing VMs from other hypervisors to KVM, RISC-V, Fedora, and Unikernels.
avatar for Eric Blake

Eric Blake

Software Engineer, Red Hat
Eric Blake is a software engineer at Red Hat, working on block device management in virtualization. He has contributed extensively to qemu and libvirt. He has spoken at several past KVM Forums, most recently about making the most of NBD in Oct 2019.



Thursday October 31, 2019 16:45 - 17:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES
 
Friday, November 1
 

09:00 CET

Bring a Scalable IOV Capable Device into Linux World - Xin Zeng & Yi Liu, Intel
Intel has introduced a new hardware-assisted IO virtualization technology, i.e. scalable IOV which provides much better flexibility and scalability in sharing of I/O devices like network interface cards, GPUs, and hardware accelerators across containers and VMs compared to the existing one - SR-IOV. In this presentation, the authors will take an overview of the scalable IOV technology from platform and device's perspective, introduce how to enable a typical scalable IOV device driver through vfio-mdev framework, how to compose the virtual device from scalable IOV capable device and bring up this virtual device, how the virtual device works and how the scalable IOV capable device works together with another PASID based technology SVA(Shared Virtual Address) in virtualization environment.

Speakers
XZ

Xin Zeng

Software Engineer, Intel
Xin Zeng is a software engineer of Network Platform Group at Intel Data Center Group. He is now working on virtualization projects for Intel QuickAssist Technology product. Intel QuickAssist Technology can be used to handle compute-intensive security and compression operations that... Read More →
avatar for Yi Liu

Yi Liu

Software Engineer, Intel Corporation
Yi is a software engineer from Intel Virtualization team, focusing on I/O virtualization technology. He works on Shared Virtual Memory, Scalable IOV and vIOMMU stuffs in recent years. He has been invited to give presentation at LPC 2017, LinuxCon Beijing 2018 and KVM Forum 2018, Intel... Read More →



Friday November 1, 2019 09:00 - 09:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

09:00 CET

What's Going On? Taking Advantage of TCG's Total System Awareness - Alex Bennée, Linaro
When emulating a system using QEMU's Tiny Code Generator we must inspect and translate every single instruction that gets executed. As we completely control the system we should be able to extract some interesting information about how the code executes. While other code instrumentation systems exist (DynamoRIO, Pin, Valgrind) QEMU is unique in supporting system emulation as well as not requiring the host system to have the same instruction set as the guest. In this talk we shall discuss how we can answer some interesting questions about programs running under QEMU. We shall examine some of the drawbacks of QEMU's current introspection support. Finally we shall discuss if a plugin system will allow for more detailed experiments without comprising our ability to continually improve the quality of our emulation code.

Speakers
avatar for Alex Bennée

Alex Bennée

Senior Software Engineer, Linaro
Alex started learning to program in the 80s in an era of classic home computers that allowed you to get down and dirty at the system level. After graduating with a degree in Chemistry he's worked on a variety of projects including Fruit Machines, Line Cards, CCTV recorders and point-to-multipoint... Read More →



Friday November 1, 2019 09:00 - 09:30 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

09:30 CET

Toward a Virtualization World Built on Mediated Pass-Through - Kevin Tian, Intel
Mediated pass-through provides many merits, e.g. flexible resource management, easy-to-scale, composability, etc. while still sustaining good user experience regarding to performance and feature. While VFIO introduces basic mediated pass-through support (mdev) since kernel 4.10, there are many inspiring values to be further explored atop. In this talk, Kevin Tian will introduce their work on extending VFIO mdev framework in three main areas: enriching the portfolio of mediation capabilities efficiently, using mediation framework to bridge hardware gaps, and bringing mediation capability in nested virtualization environment. Along the road mediated pass-through could become a corner-stone toward uncompromised cloud experience in pass-through usages.

Speakers
KT

Kevin Tian

Principal Engineer, Intel
Kevin is a virtualization veteran from Intel with 16 years experience in open source virtualization projects (KVM, Xen, etc.), including multiple presentations in associated conferences. He is currently a software architect in Open source Technology Center of Intel, with current focus... Read More →



Friday November 1, 2019 09:30 - 10:00 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

09:30 CET

Towards the Higher Level Debugging with QEMU - Pavel Dovgalyuk, ISP RAS
QEMU includes gdbserver emulator which is capable of debugging the whole emulated system, including firmwares, drivers, and BIOS code. However, debugging with a multi-process operating system is tricky, because GDB does not distinguish the processes within the guest.
In this talk authors discuss the approaches for making the debugging better: detecting the processes, inspection of the address spaces, instrumenting the code, mapping the executables, and so on.

The talk also includes overview of the new debugging stub for QEMU which allows using WinDbg without switching the guest system into the debugging mode.

Speakers
PD

Pavel Dovgalyuk

Software developer, ISP RAS
Pavel Dovgalyuk is a software developer in Institute for System Programming (ISP) of the Russian Academy of Sciences (RAS). The activities of the Institute include fundamental research, software development, applied research for the benefits of the Industry, and education. For the... Read More →



Friday November 1, 2019 09:30 - 10:00 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

10:00 CET

muser: Mediated User Space Device - Thanos Makatos, & Swapnil Ingle, Nutanix
Meet muser, a framework built on top of vfio/mdev for implementing PCI devices in userspace. It consists of a kernel module that acts as the mediated device and a userspace library where the core of the device is implemented. Applications using libmuser must only provide a description and callbacks for read/write.

muser abstracts the complexity yet allows tremendous flexibility. It manages interrupts, the PCI config space, memory translation, handles interaction with vfio/mdev and much more. While allowing customization where needed (for power users), it can also offer bindings for various languages. To prove simplicity, we will write and test a device live during the talk!

This is very useful with QEMU, where devices presented via vfio can be directly passed to VMs. It also enables a single userspace process to manage devices for multiple VMs, which has performance benefits.

Speakers
avatar for Thanos Makatos

Thanos Makatos

Member of Technical Staff, Nutanix
I'm a software engineer with experience in storage systems, virtualization, software-defined storage, and HCI.
avatar for Swapnil Ingle

Swapnil Ingle

Member of technical staff, Nutanix
I am a software engineer working with Nutanix on Acropolis hypervisor. I have experience in storage protocols, RDMA, block layer and filesystems.


muser pdf

Friday November 1, 2019 10:00 - 10:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

10:00 CET

QEMU-Hexagon: Automatic Translation of the ISA Manual Pseudcode to Tiny Code Instructions of a VLIW Architecture - Niccolò Izzo, rev.ng & Taylor Simpson, Qualcomm Innovation Center
This talk will present the implementation of the QEMU frontend for the Qualcomm Hexagon DSP.

The QEMU frontend is automatically generated: the authors have extracted and formalized the pseudocode of each instruction from the ISA reference manual and implemented a translator.
This translator transforms the pseudocode to C code to be embedded directly in QEMU which performs instruction decoding, textual disassembly and generates the equivalent tiny code instructions.
This approach reduces the implementation effort and allows to easily add new instructions.

The other interesting aspect is the fact that Hexagon is a VLIW architecture: it runs bundles composed of up to 4 parallel instructions that might also feature data dependencies.

This talk also wants to be the starting point for upstreaming our frontend, which is now almost feature-complete.

Speakers
avatar for Taylor Simpson

Taylor Simpson

Lead LLVM Compiler & Tools Team, Qualcomm Innovation Center
Taylor Simpson (PhD) leads the LLVM compiler and tools team at Qualcomm Innovation Center.  His team is dedicated to delivering state-of-the-art toolchains for all Qualcomm processors, including Hexagon.  He presented a talk on the LLVM back end for Hexagon at the 2011 LLVM Developers... Read More →
NI

Niccolò Izzo

Lead Compiler Engineer, rev.ng
N. Izzo received its Master’s Degree in Computer Science and Engineering (cum laude) in 2017 from Politecnico di Milano (Italy), his thesis work was published as “Software-only Reverse Engineering of Physical (DRAM) Mappings for Rowhammer Attacks” (Costa Brava, Spain, IEEE... Read More →



Friday November 1, 2019 10:00 - 10:30 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

11:00 CET

Reports of my Bloat Have Been Greatly Exaggerated - Paolo Bonzini, Red Hat, Inc.
Is QEMU bloated? Insecure? Obsolete? What are QEMU's tasks when virtualizing a modern guest, and how do they change for various workloads and scenarios? The aim of this talk is to provide hard data on the security and size of various components of QEMU, explain how the build can be tailored to minimize code size, attack surface and startup time, and give ideas for future development of QEMU. I will also shortly present the tools that helped me gather the data, so that anyone can reproduce my experiments in the future.

Speakers
avatar for Paolo Bonzini

Paolo Bonzini

Distinguished Engineer, Red Hat, Inc.
Paolo is a long-time KVM contributor and co-maintainer; he also co-maintains some subsystems in QEMU. He works at Red Hat.



Friday November 1, 2019 11:00 - 11:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

11:30 CET

Playing Lego with Virtualization Components - Andreea Florescu, Amazon & Samuel Ortiz, Intel
rust-vmm is an open-source project that maintains a set of high-quality virtualization building blocks. It allows developers to focus on their VMM key differentiators rather than re-implementing components like KVM API wrappers, virtio devices and memory models.

In this presentation we go over the design and structure of the project, as well as the fundamentals of building VMMs using rust-vmm. We start by describing why we think Rust is the right language. We also highlight the implications of splitting virtualization components into standalone, separate repositories. Next, we look at how rust-vmm is used in practice by Rust based VMMs and what changes are required to make the transition from a single repo model to one where packages are consumed from a shared, multi-repo. Finally, we outline how the modular nature of rust-vmm can be leveraged by non Rust based VMMs like QEMU.

Speakers
avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →
avatar for Samuel Ortiz

Samuel Ortiz

Principal Software Engineer, Intel
I currently work at Intel’s Open Source Technology Center where I’m busy with the cloud-hypervisor and Kata Containers projects. I’ve previously talked at the KVM Forum, the Open Infrastructure Summit, KubeCon and various other random open source conferences.



Friday November 1, 2019 11:30 - 12:00 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

11:30 CET

Ideal/optimal Memory Management for Future VMs - Isaku Yamahata, Intel
We argue that memory management for future VMs ought to be different from the one for Linux processes. Recently new types of memory, such as persistent memory, encrypted memory, are emerging, and they have different characteristics or require different (or additional) operations (e.g. flush caches) in terms of memory management. Although KVM has started to reuse the Linux kernel mechanism and benefited, it’s becoming difficult to keep using the kernel memory management for guests to meet those requirements, while achieving performance and simplicity. For example, various aspects of memory management are different: life cycles, page sizes, page invalidation, page access/modification tracking, memory ballooning, security, and isolation (e.g. from the host). In this session we discuss ideal/optimal memory management for guest VMs, possible implementation options, and preliminary PoC.

Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →



Friday November 1, 2019 11:30 - 12:00 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

12:00 CET

Building a Firmware for Virtual Machines using Rust - Rob Bradford, Intel Corporation
In the recent past there has been an explosion of innovation in the technology area around Virtual Machine Monitors (also known as hypervisors) based around the Rust programming language including Google’s crosvm for ChromeOS, Amazon’s Firecracker for containers and Intel's Cloud Hypervisor project.

One defining aspect of all the Rust hypervisors that are active or under development is that they do not use a traditional firmware for booting the guest operating system and instead boot directly into a Linux kernel under the control of the host. This limitation makes it much harder to use the hypervisor to provide a general purpose Virtual Machine, often known as a “pet”. In order to mitigate this we have developed the Rust Hypervisor Firmware to allow these Rust based hypervisors to load customer controlled operating systems and enable a wider range of uses.


Speakers
RB

Rob Bradford

Software Engineer, Intel Corporation
Rob has worked on Open Source at Intel for over 10 years on a wide variety of projects spanning from client user experiences, to graphics, to system software and now cloud technologies. In the field of cloud technologies Rob has been a key contributor to the Cloud Integrated Advanced... Read More →



Friday November 1, 2019 12:00 - 12:30 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

12:00 CET

A Lightweight Virtual Interrupt Controller for Container/Serverless - Jing Liu & Chao Peng, Intel
On x86 platforms, interrupts are configured and delivered to operating system through either the interrupt controllers(e.g. PIC/APIC) or MSI/MSI-X. Similarly for virtualized x86 system, the same set of technologies are used. However, this is not fundamentally required and for some light weight virtualization usages like Kata Containers and Firecracker, which mainly focus on virtio devices and even MSI/MSI-X is not included due to complexity of PCI, the existing interrupt controllers and interrupt handling flow in both host and guest sides are over-killed. We prototyped a new virtual and simplified interrupt controller which fits current kernel interrupt framework well and meanwhile keeps only minimal code in VMM side. This will present the solution as well as the performance data and demonstrate how it can achieve simple and efficient interrupt handling for virtio-mmio device.

Speakers
JL

Jing Liu

Software Engineer, Intel
Jing Liu is a software engineer working in Intel virtualization team. She focuses on hardware virtualization enabling work and innovation optimization projects for modern cloud in these years. She was once a speaker for colleges in previous company IBM.
CP

Chao Peng

Senior Software Engineer, Intel
Chao Peng is a senior software engineer in Intel virtualization team. His responsibilities include enabling various hardware virtualization features in open source VMM/OS, as well as developing new usages models in virtualization and cloud environment. He was speaker in KVM forum/Xen... Read More →



Friday November 1, 2019 12:00 - 12:30 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

13:45 CET

Improving MMU Scalability in x86 KVM - Ben Gardon, Google
The x86 KVM MMU has significant scaling issues with many VCPUs and lots of RAM. Over the last year, we have made substantial improvements to the x86 KVM MMU in the direct-mapped TDP case, to reduce lock contention and memory overheads, with the goal of migrating VMs with 416 VCPUs and 12TB of memory. With these changes, the x86 KVM MMU can handle EPT/NPT violations from all VCPUs in parallel, requires ~99% less MMU memory overhead in steady state with 2M pages, simplifies the implementation of MMU operations, and more. This talk will cover new synchronization models, abstractions, and data structures, and details of the performance we have gained from them.

Speakers
avatar for Ben Gardon

Ben Gardon

Software Engineer, Google
I work to make the x86 KVM MMU more scalable and performant.



Friday November 1, 2019 13:45 - 14:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

13:45 CET

KubeVirt Community Update - Fabian Deutsch, Red Hat
KubeVirt enables Kubernetes to run VMs in addition to containers and got introduced 2 years ago. In these 2 years quite a lot has changed and KubeVirt gained traction. In this talk we are

- giving small demo to illustrate how KubeVirt works
- looking at where KubeVirt stands today
- what features it gained
- what architectural shifts it went through
- how traditional components like libvirt are used
- how the community is using KubeVirt
- and what is laying ahead

Speakers
avatar for Fabian Deutsch

Fabian Deutsch

Engineering Manager, Red Hat
Fabian Deutsch is working for Red Hat and has been working in the virtualization space for the last couple of years. Initially covering some node level aspects in oVirt and now building a robust virtual machine add-on for Kubernetes with KubeVirt. Throughout the years he spoke at... Read More →



Friday November 1, 2019 13:45 - 14:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

14:15 CET

Micro-Optimizing KVM VM-Exits - Andrea Arcangeli, Red Hat Inc.
Many common workloads aren't sensitive to the VM-Exit performance or they can be optimized through device assignment. The focus of this presentation will be on those workloads that are sensitive to the VM-Exit performance and that cannot avoid triggering high frequency VM-Exits. Those workloads aren't common, but they can materialize in the guest with some applications like databases. Incidentally those are also the workloads that show the biggest impact from the software mitigations of some CPU model speculative execution vulnerabilities.

The KVM x86-64 VM-Exits are already highly optimized, but there is still room for improvement. We'll first analyze the impact of various software mitigations on the VM-Exit execution and then how we can change KVM in order to Micro-Optimize the VM-Exit further, with, but also without, the software mitigations enabled.

Speakers
avatar for Andrea Arcangeli

Andrea Arcangeli

Distinguished Engineer, Red Hat
Andrea Arcangeli joined Red Hat in 2008 because of his interest in working on the KVM Virtualization Hypervisor, with a special interest in virtual machine memory management. He worked on many parts of the Linux Kernel, especially on the Virtual Memory subsystem. Andrea started working... Read More →



Friday November 1, 2019 14:15 - 14:45 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

14:15 CET

Post-copy Live Migration on Pass-through Devices - Kevin Tian & Shaopeng He, Intel
As we all know, post-copy can greatly reduce live migration down time for devices with memory intensive usages. While it is possible on emulated devices, live migration with post-copy technology on pass-through devices is still not supported. In this session, Yan will explain detailed benefits and show you a generic solution in VFIO on how to migrate pass-through devices with post-copy technology and Shaopeng will expose performance statistics of using post-copy on migrating SRIOV VFs on Intel NIC.

Speakers
KT

Kevin Tian

Principal Engineer, Intel
Kevin is a virtualization veteran from Intel with 16 years experience in open source virtualization projects (KVM, Xen, etc.), including multiple presentations in associated conferences. He is currently a software architect in Open source Technology Center of Intel, with current focus... Read More →
SH

Shaopeng He

Senior Network Software Engineer, Intel
Shaopeng is a Senior Network Software Engineer from Intel. He focuses on Network Interface Controller and I/O virtualization. Prior to Intel, he worked in cloud and network industry for over 10 years.



Friday November 1, 2019 14:15 - 14:45 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

14:45 CET

Boosting Dedicated Instances by KVM Tax Cut - Wanpeng Li, Tencent Cloud
The KVM hypervisor is at the core of cloud computing, some customers from financial, online shopping, and gaming etc more prefer the dedicated instances to avoid resources contention from multi-tenant, and the security can be guaranteed by isolation. However, without more hypervisor optimizations, cloud providers still can't provide performance that is "indistinguishable from metal."

In this presentation,we will introduce some features which can reduce the tax from kvm hypervisor for dedicated instances include: Exitless Timer, KVM_HINTS_DEDICATED performance hint, allow userspace to disable MWAIT/HLT/PAUSE vmexits, adaptively tune advance lapic timer and adaptive halt-polling in guest/host to reduce latency.

Speakers
avatar for Wanpeng Li

Wanpeng Li

Linux Kernel Contributor, Tencent Cloud
Wanpeng Li is a 8 years experienced Linux kernel/virtualization developer who works in Tencent Cloud currently. He mainly focus on KVM, scheduler and memory management. In KVM, he contributes a lot of features to improve performance and stability. He has experience worked in IBM LTC... Read More →



Friday November 1, 2019 14:45 - 15:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

14:45 CET

Efficient Performance Monitoring in the Cloud with Virtual PMUs - Sean Christopherson, Intel
Virtual Performance Monitor Units (vPMUs) are usually disabled in today’s KVM-based clouds though some runnable vPMU code has been in the upstream for several years. Consequently, profiling software inside virtual machines becomes a gap in the services that cloud vendors can provide. The main barriers are 1) the existing vPMU provides inaccurate profiling results in some cases; and 2) the advanced vPMU features, e.g. LBR and PEBS, have not been supported as they are not designed with virtualization in consideration.

To tackle the above issues, the existing vPMU is optimized by avoiding some heavyweight host perf operations. Tests show that the optimization can greatly reduce the emulation overhead of guest PMU operations with ~3000x boost, and achieves near-native efficiency. In addition, for the first time the virtualized LBR and PEBS features are brought to the clouds.

Speakers
avatar for Sean Christopherson

Sean Christopherson

Software Engineer, Intel
Sean is a reviewer for x86 KVM's VMX and MMU sub-sub-systems, and a prolific contributor to KVM. Sean is the lead KVM developer for SGX and TDX.



Friday November 1, 2019 14:45 - 15:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

16:15 CET

Enhancing KVM for Guest Protection and Security - Jun Nakajima, Intel Corp.
We have been working on KVM to better protect and isolate guests, and propose a more secure and yet simpler architecture, where 1) guest memory is isolated from the host except the areas for I/O buffers, 2) no MMIO emulation is used. Since it piggybacks on the Linux systems, KVM tends to have more attack surfaces compared with other VMMs, making the guest more vulnerable. For example, the kernel or QEMU can easily access data of the guests today. Even if we have memory encryption technologies, it’s also easy for them to corrupt data of the guests (accidentally or intentionally) or use potential side channels.

In our architecture, we need to make limited changes to guests, but this provides more protection and simplification, compared with other approaches like XPFO, where the user-level still has access to the entire guest memory. We share our experiences and data based on our PoC.

Speakers
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corp.
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Jun presented a number of times at technical conferences, including KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX. He has... Read More →



Friday November 1, 2019 16:15 - 16:45 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

16:15 CET

Multi-process QEMU - Status Update - John Johnson & Elena Ufimtseva, Oracle
QEMU can be susceptible to security attacks on the many interfaces it exposes to a guest VM. Each interface is an exposure point that, if compromised, provides a malign guest the ability to assume the QEMU process's host privileges.

A multi-process QEMU involves separating QEMU services into multiple host processes. Each of these processes can be given only the privileges it needs to provide its service.

We introduced this topic at KVM forum two years ago, and hosted a BoF on it last year. In this presentation, we will introduce the work we've done with an LSI SCSI controller model, including how it performs, and what the next steps will be.

Speakers
JJ

John Johnson

Senior Software Architect, Oracle
Currently working on KVM/QEMU projects at Oracle, such as the multi-process QEMU projects. Previously worked on multiple OS and virtualization technologies at Sun Microsystems, including the software and hardware architecture for SPARC LDoms, and the kernel architecture for 64b SPARC... Read More →
EU

Elena Ufimtseva

Principal Member of Technical Staff, Oracle
Currently working at Oracle on QEMU multiprocess disaggregation project. Before was working on the implementation of vNUMA topology for guests in Xen hypervisor, as well as Xen livepatching and working on various Xen hypervisor improvements and issues. Previously had given a talk... Read More →



Friday November 1, 2019 16:15 - 16:45 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES

16:45 CET

Advanced VMI on KVM: A Progress Report - Mihai Dontu, Bitdefender
This talk is a follow-up to our 2017 one called “Bringing Commercial Grade Virtual Machine Introspection to KVM”. Since then we have made a lot of progress with regards to performance and stability, and are also on track to include support for three Intel features that can greatly help with scalability: VMFUNC, #VE and SPP. We also came across a surprise: in our tests, the speed of the more involved guest-to-hypervisor communication channel used on KVM (BSD sockets on top of vhost-vsock) comes very close to Xen’s lightweight event channel. And we have the numbers to prove it.

Speakers
MD

Mihai Donțu

Engineering Manager, Bitdefender
I lead the Linux development team at Bitdefender and I am currently involved in integrating our HVI technology with open source hypervisors like Xen and KVM



Friday November 1, 2019 16:45 - 17:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES

16:45 CET

Bring QEMU to Micro Service World - Xiao Guangrong & Zhang Yulei, Tencent Cloud
Recently more and more services, particularly micro services, have been moved from VMs to containers. Due to container's native infrastructure, cloud providers are seeking tech to create a more secured multi-tenant environment such as firecrack from AWS.
But using a dedicated hypervisor for micro service would bring extra burden to develop and maintain respectively. Furthermore, the improvement we add for one could benifit another. How about leveraging QEMU to fulfill the requirements of micro services? That is exactly what we did at Tencent Cloud.
We will share our works to adapt QEMU to fast deploy intensive micro services in a extremely short period ( < 35 ms) with less resource utilization which is comparable to containers that includes directly starting a VM from the parent, C/R QEMU to start a new VM, modularizing QEMU, reducing resource usage for both QEMU & Linux VMs etc.

Speakers
XG

Xiao Guangrong

Senior Software Engineer, Tencent Cloud
Xiao Guangrong is a Linux Kernel developer working on Ftrace, MM, Btrfs but his main interest is KVM. As a active contributor, he was invited to give some presentations at some conferences: Japan LinuxCon 2011, Japan LinuxCon 2012 China CLK 2012, KVM Forum 2016, 2017, 2018. He is... Read More →
YZ

Yulei Zhang

Senior Software Engineer, Tencent
Yulei has more than 10 years experienced software developer working in Virtualization area. Used to work on GFX driver and involve in Intel GPU virtualization technology(a.k.a Intel GVT-g). He is currently a senior software developer Tencent Cloud, his recent presentations were: "Adaptive... Read More →



Friday November 1, 2019 16:45 - 17:15 CET
Forum 3
  KVM Forum Track 2
  • Session Slides Included YES