Loading…
KVM Forum 2018 has ended
October 24-26, 2018 - Edinburgh, Scotland, UK
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

KVM Forum Track 2 [clear filter]
Thursday, October 25
 

11:00

Secure Virtual Machines on Power - Ram Pai & Guerney Hunt, IBM
Virtual-machines (VMs) on cloud platform are vulnerable to attacks from sources ranging from other virtual machines, compromised hypervisor to malicious cloud administrator. Securing these VMs requires specialized hardware and software features. Multiple vendors have proposed innovative features to support this need.

Ram and Guerney present the Power9 architectural features that enable a new opensource firmware entity called the Ultravisor. Togather these two components enable the KVM Hypervisor to support a new class of VMs called Secure Virtual Machines (SVMs). This presentation describes the Ultravisor interfaces, the enhancements to KVM and other opensource software entities in the ecosystem.

Speakers
GH

Guerney Hunt

Research Staff Member, IBM
Dr. Guerney D. H. Hunt has been a Research Staff Member at IBM’s T. J. Watson Research Center since 1995. He is currently working on transferring security technology into IBM products, and developing additional security technology. He participated in a team funded by the Department... Read More →
RP

Ram Pai

Software Development Lead, IBM
Ram Pai is a Linux kernel developer since 2001. He works for IBM's Linux Technology Center in Hillboro Oregon. He has enabled the VFS Shared-Subtree and POWER memory-key feature to the Linux Kernel. He has also contributed to enable SRIOV, the page cache readahead algorithm, tools... Read More →



Thursday October 25, 2018 11:00 - 11:30
Fintry Auditorium

11:30

s390 KVM Memory Management and its Pitfalls - Janosch Frank, IBM
Due to the history of the s390 architecture, many ways of memory management have been introduced to the platform over the years and are still available today. Numerous optimizations for guests increased speed and efficiency, but also added to the complexity that KVM now has to handle when running a guest.

This talk will give an introduction on how KVM memory management for guests is handled on s390, how the optimizations work and what makes adding huge page backing support difficult.

Speakers
JF

Janosch Frank

Software Engineer, IBM R&D Germany
Janosch Frank is a software engineer at IBM Germany and a s390 co-maintainer for KVM. He works on guest memory management and KVM unit testing.



Thursday October 25, 2018 11:30 - 12:00
Fintry Auditorium

12:00

vfio-ap: The Perils of the Weird - Halil Pasic, IBM
Pass-through of AP crypto adapters is an ongoing effort spanning KVM, QEMU, and Libvirt. Patches are under discussion. The problem at hand is unique due to the properties of the virtualization facilities provided by the platform. We use vfio-mdev to partition not a single device, but a set of devices. Another peculiarity is that individual cards can be partitioned, but not individually. The cards are partitioned into domains, which are independent from a functional perspective, but span all cards from an access-control perspective.

We have a family of drivers for the different card types on the ap bus. From a pass-through perspective these cards can be treated uniformly, so we ended up adding another driver to the ap bus. Consequently, we had to resolve a set of unique problems, such as how to bind the resources to the right driver and how to react when resources are unbound.

Speakers
HP

Halil Pasic

Software Enigneer, IBM
Halil is working on open source virtualization for IBM Z, with a focus on I/O. This means contributing to QEMU and KVM, while having an eye on integration with the upper management stack (mostly Libvirt).


Thursday October 25, 2018 12:00 - 12:30
Fintry Auditorium

13:45

Kata Containers: Leveraging Advanced Features of QEMU to Provide Better Container Isolation - Eric Ernst, Intel
Kata Containers is an open source project that brings the security of hardware virtualization to containers through lightweight VMs. In its effort to look and feel like a container, Kata leverages many of the features in KVM/QEMU which are typically not needed for a cloud virtual machine.

How many developers use VFIO? How many use VFIO-hotplug? And DAX and nvdimm and CPU hotplug?

This session details how Kata Containers use features of KVM/QEMU and some of the problem areas we encountered along the way. Finally, we discuss areas in the hypervisor we’re looking to focus on going forward.

Speakers
avatar for Eric	Ernst

Eric Ernst

Senior software engineer, Intel
Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →


Thursday October 25, 2018 13:45 - 14:15
Fintry Auditorium

14:15

“Honey, I Shrunk the Hypervisor” - Building a Legacy Free Platform for QEMU - Robert Bradford, Intel Corporation
When virtualization first appeared in hardware platforms it was necessary to use emulation for many parts of the implementation of the virtual machine. However with new virtualization support and the development of paravirtualized devices less of the platform needs to be emulated. The removal of legacy emulation has many benefits including reducing attack surface and reduced binary size.

In this presentation we will describe our effort to produce a legacy free platform using QEMU and the progress so far. We outline the issues we encountered with tightly coupled dependencies, firmware expectations and operating system assumptions and how we go about resolving those. The features required to run Kata Containers, which utilises QEMU functionality not ordinarily used, guides our direction on what our platform needs to look like and acts as one of our validation tools.

Speakers
RB

Rob Bradford

Software Engineer, Intel Corporation
Rob has worked on Open Source at Intel for over 10 years on a wide variety of projects spanning from client user experiences, to graphics, to system software and now cloud technologies. In the field of cloud technologies Rob has been a key contributor to the Cloud Integrated Advanced... Read More →


Thursday October 25, 2018 14:15 - 14:45
Fintry Auditorium

14:45

Device Assignment with Nested Guests and DPDK - Peter Xu, Red Hat
I/O virtualization is one of the most important aspect of virtualization technology. Generally speaking we can have three types of I/O devices in a virtual machine: emulated, para-virtualized, and device assignment. Here device assignment plays a vital role in performance critical scenarios, which allows a guest to seamlessly manipulate a real hardware device. However it was never safe to run DPDK with such a device before in the guest, and even impossible for nested virtualization due to lack of IO page mapping mechanism. In this presentation, Peter Xu will introduce his work on QEMU/KVM vIOMMU to enable these scenarios. It will contain not only how new users can start using the new feature, but also technical details and challenges on the project.

Speakers
avatar for Peter Xu

Peter Xu

Senior Software Engineer, Red Hat
Peter Xu works for Red Hat virtualization team. He is working on QEMU/KVM project with vIOMMUs, migrations, interrupts and other miscelleneous stuff. He has given a talk in KVM Forum 2016 together with Wei Xu on vhost DMA Remapping.



Thursday October 25, 2018 14:45 - 15:15
Fintry Auditorium

15:45

Taking it to the Nest Level - Nested KVM on the POWER9 Processor - Suraj Jitindar Singh, IBM
Nested virtualisation refers to the idea of running a virtual machine within another virtual machine. The new IBM POWER9 PowerPC processor has increased hardware support for nested virtualisation and Suraj has been in the process of developing software support for this feature. In this talk he will delve into the rational behind developing this, the implementation details including the changes involved to KVM and qemu to support this feature, the challenges faced, and finally a discussion about the current state of the project and future work still to be completed. Suraj will also attempt to answer the question on everybody's lips "but how deep can you nest?"

Speakers
SJ

Suraj Jitindar Singh

Software Engineer, IBM Australia
Software engineer at IBM where I work on virtualisation for the IBM PowerPC processor architecture. While working in this area for the past 2 and a half years I have made contributions to both the KVM and qemu projects. No previous speaking experience however looking forward to the... Read More →


Thursday October 25, 2018 15:45 - 16:15
Fintry Auditorium

16:15

"Hybrid" Nesting: KVM on Hyper-V - Vitaly Kuznetsov, Red Hat & Tianyu Lan, Microsoft
This may come as a surprise but it is already possible to run nested KVM inside Hyper-V VMs and this includes several instance types on Azure. Such workloads, however, may not always perform very well. Some limitations come from x86 architecture and conceptual differences between KVM and Hyper-V, other issues could be dealt with within KVM. In this talk we will go through different performance bottlenecks of nested KVM-on-Hyper-V deployments. The presentation will highligh recent developments in the area: Englightened VMCS, Enlightened MSR-Bitmap, stable clocksource and others. We will also try to describe our work in progress and possible future improvements for nested KVM in general and KVM on Hyper-V in particular.

Speakers
avatar for Vitaly Kuznetsov

Vitaly Kuznetsov

Principal Software Engineer, Red Hat
Vitaly works at Red Hat and among other things he's focusing on third party hypervisors support in Linux kernel, Hyper-V enlightenments and nesting features in KVM. He's a regular speaker at DevConf, FOSDEM, LinuxCon, KVM Forum and other conferences.
TL

Tianyu Lan

Senior Software Engineer, Microsoft
Tianyu is Senior Software Engineer in COSINE(Core OS & Intelligent Edge) at Microsoft. He focuses on the performance optimization of Linux VMs on Hyper-V. Previously, Tianyu worked on ACPI, power management, KVM and Xen opens source projects at Intel Open source technology center... Read More →


Thursday October 25, 2018 16:15 - 16:45
Fintry Auditorium

16:45

Improving KVM x86 Nested-Virtualization - Liran Alon, Oracle
In this presentation, we will share our insights on current state and issues of KVM nVMX support in various mechanisms.
We will deep dive into a nVMX mechanism which had many issues: nVMX event-injection. We will cover how it works, examine an interesting issue we have encountered, analyze it's root-cause and explain the fix we have upstream. Then, we will cover recent work done on other nVMX mechanisms in high-level and highlight pending nVMX issues which are still not resolved and suggest possible directions for the future of nVMX.

Speakers
avatar for Liran Alon

Liran Alon

Virtualization Architect, Oracle
Liran Alon is the Virtualization Architect of OCI Israel (Oracle Cloud Infrastructure). He is involved and lead projects in multiple areas of the company's public cloud offering such as Compute, Networking and Virtualization. In addition, Liran is a very active KVM contributor (mostly... Read More →



Thursday October 25, 2018 16:45 - 17:15
Fintry Auditorium
 
Friday, October 26
 

09:30

Hardware-Assisted Mediated Pass-Through with VFIO - Kevin Tian, Intel
Hardware-assisted I/O virtualization techniques (e.g. PCI Express® SR-IOV) have limitations on enabling hyper-scale usages, dynamic resource management and software composability, etc. While bringing improvements in those areas, mediated pass-through techniques (e.g. VFIO mediated device) suffer from software complexity and inefficiency problems, due to lacking of finer-grained hardware assistance for guaranteed efficiency and protection.
In this talk, Kevin Tian will introduce necessary architecture changes to enable finer-grained hardware assistance for mediated pass-through I/O virtualization, with Intel® Scalable I/O Virtualization technology as the example. A deep dive will be provided for key software framework changes, including design considerations spanning multiple components (VFIO, IOMMU, Qemu, etc.). Last is an overview of current enabling status and remaining opens.

Speakers
KT

Kevin Tian

Principal Engineer, Intel
Kevin is a virtualization veteran from Intel with 16 years experience in open source virtualization projects (KVM, Xen, etc.), including multiple presentations in associated conferences. He is currently a software architect in Open source Technology Center of Intel, with current focus... Read More →


Friday October 26, 2018 09:30 - 10:00
Fintry Auditorium

10:00

SPDK vhost Target: A Practical Solution to Accelerate Storage I/Os Inside VMs - Ziye Yang & Changpeng Liu, Intel
In this presentation, we would like to introduce SPDK’s user space vhost* solution (including vhost-scsi/blk/NVMe), which can collaborate with QEMU & KVM to accelerate virtio-scsi, virtio-blk and even emulated NVMe controller inside guest OS. Relying on SPDK vhost* solution, the performance of I/Os inside VMs can be greatly improved compared (e.g., with I/O IOPS increasing, I/O latency decreasing) compared with the existing solutions (e.g., original QEMU emulation solution, kernel vhost* solution). Moreover, we compare our SPDK vhost-scsi/blk/NVMe with other approaches like other solutions (e.g., direct device pass-through solution, SR-IOV solution, Zheng’s VFIO based solution in KVM 2017, FPGA acceleration solution, etc). Generally, our solution is much more scalable and practical. Currently, SPDK vhost* solution is adopted by many cloud service providers (e.g., Alibaba).

Speakers
CL

Changpeng Liu

Cloud Software Engineer, Intel
Changpeng Liu is a senior software engineer at Intel and a core maintainer of SPDK (Storage Performance Development Kit) project.
avatar for Ziye Yang

Ziye Yang

Senior software engineer, Intel
Ziye Yang is a senior software engineer at Intel and involved in SPDK (storage performance development kit) development work. Before that, Ziye worked at EMC for 4.5 years. Ziye is interested in system virtualization, file system and storage related research and development work... Read More →



Friday October 26, 2018 10:00 - 10:30
Fintry Auditorium

11:00

VFIO Device Assignment Quirks, How to use Them and How to Avoid Them - Alex Williamson, Red Hat
In order to assign a peripheral I/O device to a virtual machine, the device needs to be isolated from the host and aspects of the hardware need to be virtualized for transparency to the guest. Some devices and platforms are better at this than others. Nonobservance to specifications and creative backdoors through hardware can present challenges to device assignment. In this presentation, Alex Williamson will look at some of the common mistakes found in hardware that make device assignment more challenging, how we work around those challenges, and how devices and platforms can better enable device assignment.

Speakers
avatar for Alex Williamson

Alex Williamson

Senior Principal Software Engineer, Red Hat
Alex Williamson is a Senior Principal Software Engineer with Red Hat, maintainer of VFIO, Linux’s secure userspace driver framework, for both the kernel and QEMU components, and regular contributor to the Linux kernel IOMMU and PCI subsystems. Alex has given previous talks on VFIO... Read More →


Friday October 26, 2018 11:00 - 11:30
Fintry Auditorium

11:30

Shared Virtual Addressing in KVM - Yi Liu & Jacob Pan, Intel Corporation
Shared Virtual Addressing in KVM (Liu Yi, Intel) - Shared Virtual Addressing (SVA) is a hardware extension to allow device directly accessing CPU virtual address, thus enables efficient workload submission on accelerators. SVA requires support in PCI bus, endpoint device and IOMMU, which has been made available by major hardware vendors (Intel, AMD, ARM, etc.). Then it becomes a hot area in cloud and data center, where same level of efficiency is expected when those accelerators are assigned to VMs.

This talk will first provide an overview of SVA and then the envisioned architecture of virtualizing SVA in KVM. Following that will be a deep dive of main SVA working flow cross multiple kernel/user components (Qemu, VFIO, IOMMU, etc.), especially about how to design neutral kernel APIs to work with different IOMMU vendors and also different vIOMMU models (emulated or para-virtualized).

Speakers
avatar for Yi Liu

Yi Liu

Software Engineer, Intel
Yi is a software engineer from Intel SSP, focusing on I/O virtualization technology. He works on Shared Virtual Memory, Scalable IOV and vIOMMU stuffs in recent years. He has been invited to give presentation at LPC 2017, LinuxCon Beijing 2018 and KVM Forum 2018. Before joining Intel... Read More →
JP

Jacob Pan

Linux Kernel Developer, Intel Corp
Jacob is a Linux kernel developer at Intel since 2005. He worked on PowerPC at Freescale prior to joining Intel. He has worked in many areas around Linux kernel, including arch/x86, device drivers (USB, I2C, PMIC, sensors, timers). His recent interest and work is on power management... Read More →



Friday October 26, 2018 11:30 - 12:00
Fintry Auditorium

12:00

A Perfect Solution for Live Migration with Pass-through Devices - Quan Xu, Alibaba
Several efforts have been made on enabling live migration with pass-through devices, however, it is inevitable to modify device driver to save and restore device states, and mark a page as dirty after DMA memory access. These ‘ugly’ modifications are not compatible with legacy drivers or Windows virtual machine.
We design new virtio hardware devices (virtio-net based Nic and virtio-blk based storage). These devices can be pass-through with VFIO, then the legacy virtio-net/virtio-blk drivers are working without any modification in virtual machine, including Windows. We also extend the capability of devices to support live migration, including being aware of live migration, logging the page of DMA memory access, saving and restoring device states on run-time. And then we extend the migration and VFIO code to support live migration with pass-through these devices as QEMU 'emulated' devices.

Speakers
QX

Quan Xu

staff engineer, alibaba
Xen community vTPM maintainer, committer KVM committer


Friday October 26, 2018 12:00 - 12:30
Fintry Auditorium

13:45

Live Migration Support for GPU with SRIOV: Challenges and Solution - Zheng Xiao, Alibaba Cloud; Jerry Jiang & Ken Xue, AMD
As we all known pass-through device is not migration-friendly because of hypervisor hard to track device hardware's internal status. While there are still chance for specific device to support live migration: for example AMD GPU devices. AMD GPU product with SRIOV virtualization already deployed in alibaba cloud to support graphic remote rendering. Right now there are increasing demands from customers to support migration of vGPU. In this session, alibaba engineers will introduce a generic solution in VFIO how to migrate GPU device within VFIO framework, expose what's challenges we have. while AMD engineers will expose details what need to do inside SRIOV PF device driver to overcome these challenges. Last, there will be a short demo video how it looks like for audiences.

Speakers
YJ

Yinan Jerry Jiang

staff engineer, Advanced Micro Device Inc.
Jerry is AMD staff engineer working on AMD GPU device driver developing as well as GPU silicon design many years.
avatar for XIAO ZHENG

XIAO ZHENG

staff engineer, Alibaba Group/Alibaba Cloud
Xiao is now staff engineer in alibaba cloud responsible for GPU virtualization and heterogeneous computing service developing. Xiao has many years experience in KVM hypervisor design and implementation, especially skillful in GPU virtualization. During the past few years.Xiao was... Read More →


Friday October 26, 2018 13:45 - 14:15
Fintry Auditorium

14:15

vdpa: vhost-mdev as a New vhost Protocol Transport - Cunming Liang & Tiwei Bie, Intel
vdpa is introduced to vhost so as to hookup with a virtio compatible DMA controller. It allows whatever HW device being represented as emulated virtio device being able to DMA buffers to guest directly.
vhost-mdev constructs a new transport carrying vhost protocol message, which leverages mdev framework to expose virtio compatible portion from its parent device. Qemu vhost takes vhost-mdev instances as general VFIO devices.
The talk is going to introduce all building blocks including qemu vhost-vfio adapter, kernel vhost-mdev helpers and a driver provider. Meanwhile, it will touch some points relevant to the new feature bits in virtio spec.

Speakers
TB

Tiwei Bie

Software Engineer, Intel
Tiwei is DPDK virtio/vhost maintainer. The major effort recently is on qemu/kernel vdpa enabling and virtio 1.1 kernel driver.
CL

Cunming Liang

Architect, Intel
Cunming is architect of data plane software, spending years on high performance network I/O of general purpose CPU and its virtualization includes para-virtualization and SR-IOV. One of the recent effort is to drive NFV grade virtual network device towards higher performance, smaller... Read More →


Friday October 26, 2018 14:15 - 14:45
Fintry Auditorium

14:45

Empty Promise: Zero-Copy Receive for vhost - Mike Rapoport, IBM
In para-virtual networking with virtio-net/vhost, the copying of packet between the hypervisor and the guest is one of the major sources of the overhead, especially for the large packets. And, although, zero-copy transmit was merged into the Linux kernel a few years ago, the "receive side zero copy" item is still in the KVM NetworkingTodo, and probably will remain there for some more time.

Our attempted approach to implementation of zero-copy receive for virtio-net and vhost that leveraged receive-side steering abilities of the modern high speed network cards didn't improve anything and just moved the bottleneck to another place.

The talk presents what we've tried, why we thought there will be an improvement and what were the reasons for their absence .

Speakers
MR

Mike Rapoport

Researcher, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →


Friday October 26, 2018 14:45 - 15:15
Fintry Auditorium

15:45

RAM is Getting More Complex - Dr. David Alan Gilbert, Red Hat
QEMU models 'RAMBlocks' which used to mostly actually be RAM or ROM; over time they've slowly got more complex. We've got huge pages, non volatile storage, devices, shared memory.
I'll talk about the different types, and talk about some of the problems they can cause from migrations point of view.

Speakers
avatar for Dr. David Alan Gilbert

Dr. David Alan Gilbert

Principal Software Engineer, Red Hat Limited
I work on Red Hat's QEMU/KVM team on live migration. I've previously spoken at KVM Forum on how to avoid migration failures, and with Andrea Arcangeli on Postcopy migration.



Friday October 26, 2018 15:45 - 16:15
Fintry Auditorium

16:15

Guest Free Page Hinting - Nitesh Narayan Lal, Red Hat, Inc.
KVM guest suffers a major setback when it comes to freeing the unused memory. With the current implementation, when a guest frees certain memory chunk its availability for reuse is never communicated back to the host. Due to which the host fails to reclaim the memory freed by the guest for any other purpose. This talk presents the idea of guest free page hinting for efficiently handing freed memory between the guest and the host. This presentation also briefly covers memory ballooning and its pros and cons compared to this approach, the current design, challenges, performance, and possible improvement areas.

Speakers
avatar for Nitesh Narayan Lal

Nitesh Narayan Lal

Software Engineer, Red Hat Inc
Nitesh is a Software Engineer in the Virtualization team at Red Hat. He is currently working on projects related to memory management and Fuzzers. He likes to research and read about latest security breaches, and breakthroughs. Nitesh first presented a talk on KVM & Virtio Introduction... Read More →


Friday October 26, 2018 16:15 - 16:45
Fintry Auditorium

16:45

virtio-mem: Paravirtualized Memory - David Hildenbrand, Red Hat
Memory hot(un)plug is a complicated matter. Especially when it comes to reliable memory hotunplug. While some architectures in KVM support memory hot(un)plug (e.g. x86), others have limited or no support (e.g. s390x).

Most hardware interfaces (like ACPI) are clearly focused on the concept of DIMMs. This usually implies that only fairly huge pieces of memory can be plugged and unplugged, whereby the latter can be problematic and easily fail.

In some virtual environments, people use ACPI for memory hotplug and balloon devices (e.g. virtio-balloon) as a mean for more reliable unplug of memory - which has a different set of restrictions.

In this talk, an introduction to the topic is given, the involved problems are outlined and virtio-mem is introduced, providing a single paravirtualized interface for fine grained memory hot(un)plug.

Speakers
DH

David Hildenbrand

Software Engineer, Red Hat GmbH
David has been working on QEMU/KVM for almost 4 years now. After focusing mainly on s390x (implementing things like nested virtualization or CPU model support), he recently started looking into memory hot(un)plug in the context of virtual machines. In this context he developed the... Read More →


Friday October 26, 2018 16:45 - 17:15
Fintry Auditorium