KVM Forum 2018 has ended
October 24-26, 2018 - Edinburgh, Scotland, UK
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

KVM Forum Track 2 [clear filter]
Thursday, October 25

11:00 BST

Secure Virtual Machines on Power - Ram Pai & Guerney Hunt, IBM
Virtual-machines (VMs) on cloud platform are vulnerable to attacks from sources ranging from other virtual machines, compromised hypervisor to malicious cloud administrator. Securing these VMs requires specialized hardware and software features. Multiple vendors have proposed innovative features to support this need.

Ram and Guerney present the Power9 architectural features that enable a new opensource firmware entity called the Ultravisor. Togather these two components enable the KVM Hypervisor to support a new class of VMs called Secure Virtual Machines (SVMs). This presentation describes the Ultravisor interfaces, the enhancements to KVM and other opensource software entities in the ecosystem.

avatar for Guerney Hunt

Guerney Hunt

Research Staff Member, IBM
Dr. Guerney D. H. Hunt has been a Research Staff Member at IBM’s T. J. Watson Research Center since 1995. He is currently working on transferring security technology into IBM products, and developing additional security technology. He participated in a team funded by the Department... Read More →

Ram Pai

Software Development Lead, IBM
Ram Pai is a Linux kernel developer since 2001. He works for IBM's Linux Technology Center in Hillboro Oregon. He has enabled the VFS Shared-Subtree and POWER memory-key feature to the Linux Kernel. He has also contributed to enable SRIOV, the page cache readahead algorithm, tools... Read More →

Thursday October 25, 2018 11:00 - 11:30 BST
Fintry Auditorium

11:30 BST

s390 KVM Memory Management and its Pitfalls - Janosch Frank, IBM
Due to the history of the s390 architecture, many ways of memory management have been introduced to the platform over the years and are still available today. Numerous optimizations for guests increased speed and efficiency, but also added to the complexity that KVM now has to handle when running a guest.

This talk will give an introduction on how KVM memory management for guests is handled on s390, how the optimizations work and what makes adding huge page backing support difficult.


Janosch Frank

Software Engineer, IBM
Janosch is a software engineer at IBM Germany and a s390 co-maintainer for KVM. He works on guest memory management, Protected Virtualization and KVM testing.

Thursday October 25, 2018 11:30 - 12:00 BST
Fintry Auditorium

12:00 BST

vfio-ap: The Perils of the Weird - Halil Pasic, IBM
Pass-through of AP crypto adapters is an ongoing effort spanning KVM, QEMU, and Libvirt. Patches are under discussion. The problem at hand is unique due to the properties of the virtualization facilities provided by the platform. We use vfio-mdev to partition not a single device, but a set of devices. Another peculiarity is that individual cards can be partitioned, but not individually. The cards are partitioned into domains, which are independent from a functional perspective, but span all cards from an access-control perspective.

We have a family of drivers for the different card types on the ap bus. From a pass-through perspective these cards can be treated uniformly, so we ended up adding another driver to the ap bus. Consequently, we had to resolve a set of unique problems, such as how to bind the resources to the right driver and how to react when resources are unbound.


Halil Pasic

Software Enigneer, IBM
Halil is working on open source virtualization for IBM Z, with a focus on I/O. This means contributing to QEMU and KVM, while having an eye on integration with the upper management stack (mostly Libvirt).

Thursday October 25, 2018 12:00 - 12:30 BST
Fintry Auditorium

13:45 BST

Kata Containers: Leveraging Advanced Features of QEMU to Provide Better Container Isolation - Eric Ernst, Intel
Kata Containers is an open source project that brings the security of hardware virtualization to containers through lightweight VMs. In its effort to look and feel like a container, Kata leverages many of the features in KVM/QEMU which are typically not needed for a cloud virtual machine.

How many developers use VFIO? How many use VFIO-hotplug? And DAX and nvdimm and CPU hotplug?

This session details how Kata Containers use features of KVM/QEMU and some of the problem areas we encountered along the way. Finally, we discuss areas in the hypervisor we’re looking to focus on going forward.

avatar for Eric	Ernst

Eric Ernst

Senior software engineer, Intel
Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →

Thursday October 25, 2018 13:45 - 14:15 BST
Fintry Auditorium

14:15 BST

“Honey, I Shrunk the Hypervisor” - Building a Legacy Free Platform for QEMU - Robert Bradford, Intel Corporation
When virtualization first appeared in hardware platforms it was necessary to use emulation for many parts of the implementation of the virtual machine. However with new virtualization support and the development of paravirtualized devices less of the platform needs to be emulated. The removal of legacy emulation has many benefits including reducing attack surface and reduced binary size.

In this presentation we will describe our effort to produce a legacy free platform using QEMU and the progress so far. We outline the issues we encountered with tightly coupled dependencies, firmware expectations and operating system assumptions and how we go about resolving those. The features required to run Kata Containers, which utilises QEMU functionality not ordinarily used, guides our direction on what our platform needs to look like and acts as one of our validation tools.


Rob Bradford

Software Engineer, Intel
Rob has worked on Open Source at Intel for over 15 years on a wide variety of projects spanning from client user experiences, to graphics, to system software and now cloud technologies. In the field of cloud technologies Rob has been a key contributor to the Cloud Integrated Advanced... Read More →

Thursday October 25, 2018 14:15 - 14:45 BST
Fintry Auditorium

14:45 BST

Device Assignment with Nested Guests and DPDK - Peter Xu, Red Hat
I/O virtualization is one of the most important aspect of virtualization technology. Generally speaking we can have three types of I/O devices in a virtual machine: emulated, para-virtualized, and device assignment. Here device assignment plays a vital role in performance critical scenarios, which allows a guest to seamlessly manipulate a real hardware device. However it was never safe to run DPDK with such a device before in the guest, and even impossible for nested virtualization due to lack of IO page mapping mechanism. In this presentation, Peter Xu will introduce his work on QEMU/KVM vIOMMU to enable these scenarios. It will contain not only how new users can start using the new feature, but also technical details and challenges on the project.

avatar for Peter Xu

Peter Xu

Senior Software Engineer, Red Hat
Peter Xu works for Red Hat virtualization team. He is working on QEMU/KVM project with vIOMMUs, migrations, interrupts and other miscelleneous stuff. He has given a talk in KVM Forum 2016 together with Wei Xu on vhost DMA Remapping.

Thursday October 25, 2018 14:45 - 15:15 BST
Fintry Auditorium

15:45 BST

Taking it to the Nest Level - Nested KVM on the POWER9 Processor - Suraj Jitindar Singh, IBM
Nested virtualisation refers to the idea of running a virtual machine within another virtual machine. The new IBM POWER9 PowerPC processor has increased hardware support for nested virtualisation and Suraj has been in the process of developing software support for this feature. In this talk he will delve into the rational behind developing this, the implementation details including the changes involved to KVM and qemu to support this feature, the challenges faced, and finally a discussion about the current state of the project and future work still to be completed. Suraj will also attempt to answer the question on everybody's lips "but how deep can you nest?"


Suraj Jitindar Singh

Software Engineer, IBM Australia
Software engineer at IBM where I work on virtualisation for the IBM PowerPC processor architecture. While working in this area for the past 2 and a half years I have made contributions to both the KVM and qemu projects. No previous speaking experience however looking forward to the... Read More →

Thursday October 25, 2018 15:45 - 16:15 BST
Fintry Auditorium

16:15 BST

"Hybrid" Nesting: KVM on Hyper-V - Vitaly Kuznetsov, Red Hat & Tianyu Lan, Microsoft
This may come as a surprise but it is already possible to run nested KVM inside Hyper-V VMs and this includes several instance types on Azure. Such workloads, however, may not always perform very well. Some limitations come from x86 architecture and conceptual differences between KVM and Hyper-V, other issues could be dealt with within KVM. In this talk we will go through different performance bottlenecks of nested KVM-on-Hyper-V deployments. The presentation will highligh recent developments in the area: Englightened VMCS, Enlightened MSR-Bitmap, stable clocksource and others. We will also try to describe our work in progress and possible future improvements for nested KVM in general and KVM on Hyper-V in particular.

avatar for Vitaly Kuznetsov

Vitaly Kuznetsov

Principal Software Engineer, Red Hat
Vitaly works at Virtualization Engineering team at Red Hat focusing on KVM development as well as making Linux the best guest for other hypervisors. He frequently presents at FOSDEM, KVM Forum, DevConf and other technical conferences.

Tianyu Lan

Senior Software Engineer, Microsoft
Tianyu is Senior Software Engineer in COSINE(Core OS & Intelligent Edge) at Microsoft. He focuses on the performance optimization of Linux VMs on Hyper-V. Previously, Tianyu worked on ACPI, power management, KVM and Xen opens source projects at Intel Open source technology center... Read More →

Thursday October 25, 2018 16:15 - 16:45 BST
Fintry Auditorium

16:45 BST

Improving KVM x86 Nested-Virtualization - Liran Alon, Oracle
In this presentation, we will share our insights on current state and issues of KVM nVMX support in various mechanisms.
We will deep dive into a nVMX mechanism which had many issues: nVMX event-injection. We will cover how it works, examine an interesting issue we have encountered, analyze it's root-cause and explain the fix we have upstream. Then, we will cover recent work done on other nVMX mechanisms in high-level and highlight pending nVMX issues which are still not resolved and suggest possible directions for the future of nVMX.

avatar for Liran Alon

Liran Alon

Virtualization Architect, Oracle
Liran Alon is the Virtualization Architect of OCI Israel (Oracle Cloud Infrastructure). He is involved and lead projects in multiple areas of the company's public cloud offering such as Compute, Networking and Virtualization. In addition, Liran is a very active KVM contributor (mostly... Read More →

Thursday October 25, 2018 16:45 - 17:15 BST
Fintry Auditorium
Friday, October 26

09:30 BST

Hardware-Assisted Mediated Pass-Through with VFIO - Kevin Tian, Intel
Hardware-assisted I/O virtualization techniques (e.g. PCI Express® SR-IOV) have limitations on enabling hyper-scale usages, dynamic resource management and software composability, etc. While bringing improvements in those areas, mediated pass-through techniques (e.g. VFIO mediated device) suffer from software complexity and inefficiency problems, due to lacking of finer-grained hardware assistance for guaranteed efficiency and protection.
In this talk, Kevin Tian will introduce necessary architecture changes to enable finer-grained hardware assistance for mediated pass-through I/O virtualization, with Intel® Scalable I/O Virtualization technology as the example. A deep dive will be provided for key software framework changes, including design considerations spanning multiple components (VFIO, IOMMU, Qemu, etc.). Last is an overview of current enabling status and remaining opens.


Kevin Tian

Principal Engineer, Intel
Kevin is a virtualization veteran from Intel with 16 years experience in open source virtualization projects (KVM, Xen, etc.), including multiple presentations in associated conferences. He is currently a software architect in Open source Technology Center of Intel, with current focus... Read More →

Friday October 26, 2018 09:30 - 10:00 BST
Fintry Auditorium

10:00 BST

SPDK vhost Target: A Practical Solution to Accelerate Storage I/Os Inside VMs - Ziye Yang & Changpeng Liu, Intel
In this presentation, we would like to introduce SPDK’s user space vhost* solution (including vhost-scsi/blk/NVMe), which can collaborate with QEMU & KVM to accelerate virtio-scsi, virtio-blk and even emulated NVMe controller inside guest OS. Relying on SPDK vhost* solution, the performance of I/Os inside VMs can be greatly improved compared (e.g., with I/O IOPS increasing, I/O latency decreasing) compared with the existing solutions (e.g., original QEMU emulation solution, kernel vhost* solution). Moreover, we compare our SPDK vhost-scsi/blk/NVMe with other approaches like other solutions (e.g., direct device pass-through solution, SR-IOV solution, Zheng’s VFIO based solution in KVM 2017, FPGA acceleration solution, etc). Generally, our solution is much more scalable and practical. Currently, SPDK vhost* solution is adopted by many cloud service providers (e.g., Alibaba).

avatar for Changpeng Liu

Changpeng Liu

Cloud Software Engineer, Intel
Changpeng Liu is cloud software engineer in Intel and core maintainer of SPDK (Storage Performance Development Kit) open source project. His working areas include NVMe, storage IO virtualization and storage offload accelerators in IPU.
avatar for Ziye Yang

Ziye Yang

Staff cloud software engineer, Intel
Ziye Yang is a staff software engineer at Intel and is currently involved in cloud native related projects. Before that, Ziye worked at EMC for 4.5 years. Ziye is interested in system virtualization, file system and storage related research and development work. Ziye currently has... Read More →

Friday October 26, 2018 10:00 - 10:30 BST
Fintry Auditorium

11:00 BST

VFIO Device Assignment Quirks, How to use Them and How to Avoid Them - Alex Williamson, Red Hat
In order to assign a peripheral I/O device to a virtual machine, the device needs to be isolated from the host and aspects of the hardware need to be virtualized for transparency to the guest. Some devices and platforms are better at this than others. Nonobservance to specifications and creative backdoors through hardware can present challenges to device assignment. In this presentation, Alex Williamson will look at some of the common mistakes found in hardware that make device assignment more challenging, how we work around those challenges, and how devices and platforms can better enable device assignment.

avatar for Alex Williamson

Alex Williamson

Sr Principal Software Engineer, Red Hat
Alex Williamson is a Senior Principal Software Engineer with Red Hat, maintainer of VFIO, Linux’s secure userspace driver framework, for both the kernel and QEMU components, and regular contributor to the Linux kernel IOMMU and PCI subsystems. Alex has given previous talks on VFIO... Read More →

Friday October 26, 2018 11:00 - 11:30 BST
Fintry Auditorium

11:30 BST

Shared Virtual Addressing in KVM - Yi Liu & Jacob Pan, Intel Corporation
Shared Virtual Addressing in KVM (Liu Yi, Intel) - Shared Virtual Addressing (SVA) is a hardware extension to allow device directly accessing CPU virtual address, thus enables efficient workload submission on accelerators. SVA requires support in PCI bus, endpoint device and IOMMU, which has been made available by major hardware vendors (Intel, AMD, ARM, etc.). Then it becomes a hot area in cloud and data center, where same level of efficiency is expected when those accelerators are assigned to VMs.

This talk will first provide an overview of SVA and then the envisioned architecture of virtualizing SVA in KVM. Following that will be a deep dive of main SVA working flow cross multiple kernel/user components (Qemu, VFIO, IOMMU, etc.), especially about how to design neutral kernel APIs to work with different IOMMU vendors and also different vIOMMU models (emulated or para-virtualized).

avatar for Yi Liu

Yi Liu

Senior Software Engineer, Intel
Yi is a software engineer from Intel Virtualization team, focusing on I/O virtualization technology. He works on Shared Virtual Memory, Scalable IOV and vIOMMU stuffs in recent years. He has been invited to give presentations at LPC 2017, LinuxCon Beijing 2018, KVM Forum 2018, Intel... Read More →
avatar for Jacob Pan

Jacob Pan

Linux Kernel Developer, Intel Corporation
Jacob is a veteran Linux kernel developer at Intel. His most recent interest and work are on Shared Virtual Address/Memory as well as the IOMMU subsystem in general.Prior to that, Jacob contributed to power management, device drivers, interrupt, timers, and X86 core.

Friday October 26, 2018 11:30 - 12:00 BST
Fintry Auditorium

12:00 BST

A Perfect Solution for Live Migration with Pass-through Devices - Quan Xu, Alibaba
Several efforts have been made on enabling live migration with pass-through devices, however, it is inevitable to modify device driver to save and restore device states, and mark a page as dirty after DMA memory access. These ‘ugly’ modifications are not compatible with legacy drivers or Windows virtual machine.
We design new virtio hardware devices (virtio-net based Nic and virtio-blk based storage). These devices can be pass-through with VFIO, then the legacy virtio-net/virtio-blk drivers are working without any modification in virtual machine, including Windows. We also extend the capability of devices to support live migration, including being aware of live migration, logging the page of DMA memory access, saving and restoring device states on run-time. And then we extend the migration and VFIO code to support live migration with pass-through these devices as QEMU 'emulated' devices.


Quan Xu

staff engineer, alibaba
Xen community vTPM maintainer, committer KVM committer

Friday October 26, 2018 12:00 - 12:30 BST
Fintry Auditorium

13:45 BST

Live Migration Support for GPU with SRIOV: Challenges and Solution - Zheng Xiao, Alibaba Cloud; Jerry Jiang & Ken Xue, AMD
As we all known pass-through device is not migration-friendly because of hypervisor hard to track device hardware's internal status. While there are still chance for specific device to support live migration: for example AMD GPU devices. AMD GPU product with SRIOV virtualization already deployed in alibaba cloud to support graphic remote rendering. Right now there are increasing demands from customers to support migration of vGPU. In this session, alibaba engineers will introduce a generic solution in VFIO how to migrate GPU device within VFIO framework, expose what's challenges we have. while AMD engineers will expose details what need to do inside SRIOV PF device driver to overcome these challenges. Last, there will be a short demo video how it looks like for audiences.


Yinan Jerry Jiang

staff engineer, Advanced Micro Device Inc.
Jerry is AMD staff engineer working on AMD GPU device driver developing as well as GPU silicon design many years.
avatar for XIAO ZHENG


staff engineer, Alibaba Group/Alibaba Cloud
Xiao is now staff engineer in alibaba cloud responsible for GPU virtualization and heterogeneous computing service developing. Xiao has many years experience in KVM hypervisor design and implementation, especially skillful in GPU virtualization. During the past few years.Xiao was... Read More →

Friday October 26, 2018 13:45 - 14:15 BST
Fintry Auditorium

14:15 BST

vdpa: vhost-mdev as a New vhost Protocol Transport - Cunming Liang & Tiwei Bie, Intel
vdpa is introduced to vhost so as to hookup with a virtio compatible DMA controller. It allows whatever HW device being represented as emulated virtio device being able to DMA buffers to guest directly.
vhost-mdev constructs a new transport carrying vhost protocol message, which leverages mdev framework to expose virtio compatible portion from its parent device. Qemu vhost takes vhost-mdev instances as general VFIO devices.
The talk is going to introduce all building blocks including qemu vhost-vfio adapter, kernel vhost-mdev helpers and a driver provider. Meanwhile, it will touch some points relevant to the new feature bits in virtio spec.


Tiwei Bie

Software Engineer, Intel
Tiwei is DPDK virtio/vhost maintainer. The major effort recently is on qemu/kernel vdpa enabling and virtio 1.1 kernel driver.

Cunming Liang

Architect, Intel
Cunming is architect of data plane software, spending years on high performance network I/O of general purpose CPU and its virtualization includes para-virtualization and SR-IOV. One of the recent effort is to drive NFV grade virtual network device towards higher performance, smaller... Read More →

Friday October 26, 2018 14:15 - 14:45 BST
Fintry Auditorium

14:45 BST

Empty Promise: Zero-Copy Receive for vhost - Mike Rapoport, IBM
In para-virtual networking with virtio-net/vhost, the copying of packet between the hypervisor and the guest is one of the major sources of the overhead, especially for the large packets. And, although, zero-copy transmit was merged into the Linux kernel a few years ago, the "receive side zero copy" item is still in the KVM NetworkingTodo, and probably will remain there for some more time.

Our attempted approach to implementation of zero-copy receive for virtio-net and vhost that leveraged receive-side steering abilities of the modern high speed network cards didn't improve anything and just moved the bottleneck to another place.

The talk presents what we've tried, why we thought there will be an improvement and what were the reasons for their absence .


Mike Rapoport

Researcher, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →

Friday October 26, 2018 14:45 - 15:15 BST
Fintry Auditorium

15:45 BST

RAM is Getting More Complex - Dr. David Alan Gilbert, Red Hat
QEMU models 'RAMBlocks' which used to mostly actually be RAM or ROM; over time they've slowly got more complex. We've got huge pages, non volatile storage, devices, shared memory.
I'll talk about the different types, and talk about some of the problems they can cause from migrations point of view.

avatar for Dr. David Alan Gilbert

Dr. David Alan Gilbert

Principal Software Engineer, Red Hat Limited
I work on Red Hat's QEMU/KVM team on live migration. I've previously spoken at KVM Forum on how to avoid migration failures, and with Andrea Arcangeli on Postcopy migration.

Friday October 26, 2018 15:45 - 16:15 BST
Fintry Auditorium

16:15 BST

Guest Free Page Hinting - Nitesh Narayan Lal, Red Hat, Inc.
KVM guest suffers a major setback when it comes to freeing the unused memory. With the current implementation, when a guest frees certain memory chunk its availability for reuse is never communicated back to the host. Due to which the host fails to reclaim the memory freed by the guest for any other purpose. This talk presents the idea of guest free page hinting for efficiently handing freed memory between the guest and the host. This presentation also briefly covers memory ballooning and its pros and cons compared to this approach, the current design, challenges, performance, and possible improvement areas.

avatar for Nitesh Narayan Lal

Nitesh Narayan Lal

Software Engineer, Red Hat Inc
Nitesh is a Software Engineer in the Virtualization team at Red Hat. He is currently working on projects related to memory management and Fuzzers. He likes to research and read about latest security breaches, and breakthroughs. Nitesh first presented a talk on KVM & Virtio Introduction... Read More →

Friday October 26, 2018 16:15 - 16:45 BST
Fintry Auditorium

16:45 BST

virtio-mem: Paravirtualized Memory - David Hildenbrand, Red Hat
Memory hot(un)plug is a complicated matter. Especially when it comes to reliable memory hotunplug. While some architectures in KVM support memory hot(un)plug (e.g. x86), others have limited or no support (e.g. s390x).

Most hardware interfaces (like ACPI) are clearly focused on the concept of DIMMs. This usually implies that only fairly huge pieces of memory can be plugged and unplugged, whereby the latter can be problematic and easily fail.

In some virtual environments, people use ACPI for memory hotplug and balloon devices (e.g. virtio-balloon) as a mean for more reliable unplug of memory - which has a different set of restrictions.

In this talk, an introduction to the topic is given, the involved problems are outlined and virtio-mem is introduced, providing a single paravirtualized interface for fine grained memory hot(un)plug.

avatar for David Hildenbrand

David Hildenbrand

Senior Software Engineer, Red Hat
David has been working on QEMU/KVM for almost 6 years now. His current projects are mostly centered around memory hot(un)plug and memory overcommit in the context of virtual machines. While he's involved with QEMU/KVM on s390x and Linux memory management in general, his main projects... Read More →

Friday October 26, 2018 16:45 - 17:15 BST
Fintry Auditorium