KVM Forum 2018 has ended
October 24-26, 2018 - Edinburgh, Scotland, UK
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

OSS - KVM Forum Track [clear filter]
Wednesday, October 24

11:15 BST

L1TF and KVM - Alexander Graf, SUSE
Recently a new speculative execution side channel was unvealed, which
could potentially result in leakage of arbitrary memory contents into
unprivileged virtual machines on most recent Intel CPUs. This
presentation will give insights as to what the L1 Terminal Fault (L1TF)
Spectre vulnerability is. It will show how it can be exploited and based
on that knowledge it will take a look at how KVM mitigates those
issues. It will also show performance penalties these mitigations incur.

On top of that, the presentation will present an alternative work in
progress approach to mitigate L1TF that may recover some of the
performance penalties by leveraging unrelated CPU features.

avatar for Alexander Graf

Alexander Graf

Principal Software Engineer, SUSE :)
Alexander started working for SUSE about 10 years ago. Since then he worked on fancy things like SUSE Studio, QEMU, KVM, openSUSE and SLES on ARM and U-Boot. Whenever something really useful comes to his mind, he tends to implement it. Among others he did Mac OS X virtualization using... Read More →

Wednesday October 24, 2018 11:15 - 11:55 BST
Lowther Suite

12:05 BST

Security in QEMU: How Virtual Machines Provide Isolation - Stefan Hajnoczi, Red Hat
Is it safe to use QEMU to do X? This talk explains the security model and use cases that QEMU is designed for.

Understanding the security model is critical for deploying virtual machines as well as contributing code to QEMU. This talk gives an overview of the attack surfaces, including emulated devices, the monitor, remote desktop, disk images, and the CPU accelerators.

Virtual machines offer isolation from each other and the host if QEMU is configured properly. Most of these best practices are encapsulated in libvirt, but not all users choose to use it, so it is worth understanding them.

Finally, no discussion of security in QEMU would be complete without reviewing CVEs and the lessons learnt from them.

avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan works on QEMU and Linux in Red Hat's Virtualization team with a focus on storage, VIRTIO, and tracing. Recent projects include virtiofs, storage performance optimization for NVMe drives, and out-of-process device emulation. Stefan has been active in the QEMU community since... Read More →

Wednesday October 24, 2018 12:05 - 12:45 BST
Lowther Suite

14:15 BST

Painting a Picture of the KVM Use-cases in the Container World - Fabian Deutsch, Red Hat
KVM is a hypervisor offering strong hardware isolation of a guest from it's hosts.

Containers are now a new software based isolation mechanism for workloads, and it might be a small surprise to see that KVM is surfacing in this context quite often.

In this talk we'll look at how KVM is used on the containers and Kubernetes context.
Specifically we'll be looking at the projects KubeVirt, Katacontainers, gVisor, and virtlet, to understand how KVM is used by them to support certain use-cases.

avatar for Fabian Deutsch

Fabian Deutsch

Engineering Manager, Red Hat
Fabian Deutsch is working for Red Hat and has been working in the virtualization space for the last couple of years. Initially covering some node level aspects in oVirt and now building a robust virtual machine add-on for Kubernetes with KubeVirt. Throughout the years he spoke at... Read More →

Wednesday October 24, 2018 14:15 - 14:55 BST
Lowther Suite

15:05 BST

Getting Some Peace and Quiet as an Open Source Maintainer - Cornelia Huck, Red Hat
So you came for the glory of being listed as a maintainer, only to discover that work is continuing to pile up, random people are bothering you on mailing lists, and users are asking for help to actually use your code?

Fear not, this talk is here to help. It will explore some strategies for handling contributions and discussions that leave you breathing space while still encouraging people to do more good work. After all, a burned out maintainer is bad news for everyone.


Cornelia Huck

Senior Software Engineer, Red Hat
Cornelia is a Senior Software Engineer at Red Hat, working mainly on virtualization and s390x related topics in QEMU and the Linux kernel. She has been acting as a maintainer for s390x virtualization topics in QEMU and the Linux kernel for several years.Previously, she has given talks... Read More →

Wednesday October 24, 2018 15:05 - 15:45 BST
Lowther Suite

16:15 BST

Memory Overcommit for Overcommitted Admins - Jonathan Davies, Nutanix
Overcommitting memory is a useful tool for increasing VM density but typically comes with a increased administration cost as either a) "safe" memory limits need to configured for each VM; or b) unexpected performance problems need to be identified and addressed.

An automatic and lightweight method for determining a VMs working set is described with suggestions on how this could be used in clustered and non-clustered environments to increase VM density with less of an administrative burden.

The presentation also includes a look at the simple model of Linux's paging subsystem that was used to rapidly prototype and evaluate the method's behaviour with different workloads.

avatar for Jonathan Davies

Jonathan Davies

Software Engineer, Nutanix
Jonathan is a software engineer working on Nutanix's Acropolis Hypervisor (AHV). He specialises in performance engineering.Jonathan has worked in virtualization for over 10 years and was previously System Architect for XenServer at Citrix.Jonathan holds a PhD in Computer Science... Read More →

Wednesday October 24, 2018 16:15 - 16:55 BST
Lowther Suite

17:05 BST

Scalability and Stability of libvirt: Experiences with Very Large Hosts - Marc Hartmayer, IBM
With huge servers like IBM z there are many resources available so it was quite obvious to test the limits of libvirt. For example, one of the questions was how fast and how many minimal guests could be started in a short time period. How high is the system load for that? In times of CI and TDD this is especially interesting since thousands of guests are started and destroyed for regression tests.

This presentation will give an overview of bottlenecks in libvirt, what the reasons are and what problems came up during these tests.


Marc Hartmayer

Software Engineer, IBM R&D
Marc Hartmayer is a software engineer working at IBM Germany. The main project he works on is libvirt.

Wednesday October 24, 2018 17:05 - 17:45 BST
Lowther Suite