Loading…
KVM Forum 2020 has ended
Simple
Expanded
Grid
By Venue
Intermediate [clear filter]
Wednesday, October 28
 

13:00 GMT

The Common Challenges of Secure VMs - Janosch Frank, IBM
Secure VM technology on multiple architectures has been introduced in the last few years and is slowly gaining ground. The goal of protecting VMs against accesses and manipulation from the hypervisor can be achieved in many ways. However the challenges to get a secure VM up and running are mostly the same no matter the architecture and secure VM technology.  Let's have a look at the goals that secure VMs want to achieve, the challenges that need to be overcome to run them and how the architectures solved them. Also let's try to have a look into the future which will bring us secure VM migration, dumping and more device support and try to anticipate the challenges that are still waiting.  If we take a step back and have a look at the problems that are common to all architectures we might be able to find a common solution.
Speakers
JF

Janosch Frank

Software Engineer, IBM
Janosch is a software engineer at IBM Germany and a s390 co-maintainer for KVM. He works on guest memory management, Protected Virtualization and KVM testing.

Janosch Frank pdf
Wednesday October 28, 2020 13:00 - 13:50 GMT
KVM Theater
  OSS - KVM Forum Track

17:15 GMT

Optimizing for NVMe Drives: The 10 Microsecond Challenge - Stefan Hajnoczi, Red Hat
Solid-state storage devices with request latencies of less than 10 microseconds pose challenges for virtualization. Even small overheads result in a visible reduction of I/O performance. Solving this requires changes to the I/O stack.

This talk covers recommended tuning and current work on improving I/O performance for QEMU guests with NVMe drives.

The first part to achieving good I/O performance is to ensure that the guest is taking advantage of multicore and NUMA effectively. This involves both manual tuning and recently added optimizations for getting the most out of the hardware.

The second part is efficient I/O request submission and completion. Traditionally this involved vmexits and eventfds, but improvements to QEMU's AioContext polling can eliminate them and achieve much higher performance.

Come find out how close to bare metal performance QEMU gets!
Speakers
avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan works on QEMU and Linux in Red Hat's Virtualization team with a focus on storage, VIRTIO, and tracing. Recent projects include libblkio, virtiofs, storage performance optimization for NVMe drives, and out-of-process device emulation. Stefan has been active in the QEMU community... Read More →

Wednesday October 28, 2020 17:15 - 18:05 GMT
KVM Theater
  OSS - KVM Forum Track

19:30 GMT

Panel Discussion: KVM-based Virtualization Contributor Q&A - Stefan Hajnoczi & Richard W.M. Jones, Red Hat; Susie Li, Intel; Hubertus Franke, IBM; David Kaplan, AMD; Peter Maydell, Arm
A Q&A panel discussion on a variety of topics (technical and non-technical) related to KVM, QEMU, securing virtual machines, and more. The discussion will be for about an hour. Topics will be chosen based on several sources: prepared list, audience questions on a live Etherpad, or interesting tangents based on live discussion.

Live Etherpad link - https://etherpad.opendev.org/p/KVMForum_2020_Panel
Speakers
RW

Richard W.M. Jones

Senior Principal Software Engineer, Red Hat
Richard Jones works at Red Hat. He works on virtualization, importing VMs from other hypervisors to KVM, RISC-V, Fedora, and Unikernels.
avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan works on QEMU and Linux in Red Hat's Virtualization team with a focus on storage, VIRTIO, and tracing. Recent projects include libblkio, virtiofs, storage performance optimization for NVMe drives, and out-of-process device emulation. Stefan has been active in the QEMU community... Read More →
avatar for Hubertus Franke

Hubertus Franke

Distinguished Research Staff Member, IBM Research
Dr. Hubertus Franke is a Distinguished Research Staff Member at the IBM T.J.Watson Research Center since 1993. His area of current work and interests are the area of operating systems, virtualization, processor architectures, cloud runtimes and security. Some time back he has also... Read More →
avatar for Susie Li

Susie Li

Senior Software Engineering Director, Intel
Susie Li is a Senior Software Engineering Director in Intel. She joined Intel in 1999 and had been involved in leadership roles for a variety of software projects, including UEFI/Tiano, virtualization (KVM, Xen, ACRN, HAXM), Linux kernel and OpenStack etc. Susie is a two-time winner... Read More →
DK

David Kaplan

Fellow, AMD
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Product Security Organization. He is the lead architect for the AMD encrypted virutalization features and has worked on both CPU and SOC level security features... Read More →
PM

Peter Maydell

Principal Software Engineer, Arm
Peter works for Arm, but has been seconded into Linaro for the last ten years to handle all things Arm in QEMU, including CPU architecture emulation, support for KVM virtualization on Arm servers, and herding an ever-increasing number of board, SoC and device models. He also didn't... Read More →

Wednesday October 28, 2020 19:30 - 20:20 GMT
KVM Theater
  OSS - KVM Forum Track
 
Thursday, October 29
 

06:00 GMT

vDPA Support in Linux Kernel - Jason Wang, Red Hat
vDPA device means a type of device whose datapath complies with the virtio specification but with a vendor specific control path. In this session, the support for vDPA in Linux Kernel will be presented. A brief review of vDPA about its history, motivation and status will be briefed first. Then the design and implementation of kernel vDPA subsystem will be discussed. vDPA kernel subsystem is designed to work for any type of vDPA device with the flexibility to be easily integrated with new hardware technologies. The vDPA kernel subsystem cooperates with virtio and vhost subsystem for providing a unified and safe API for kernel virtio and userspace vhost driver to use. Vendor vDPA hardware driver is required for accepting request from vDPA subsystem and translate them to vendor specific command. Management integration and future work will be covered at the end of the session.
Speakers
JW

Jason Wang

Senior Principal Software Engineer, Red Hat
Co-maintainer of kernel virtio, vdpa and vhost drivers. Maintainer of Qemu networking subsystems. Author of vDPA support in Kernel.

vDPA novideo pdf
Thursday October 29, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Track 2

06:30 GMT

AMD-vIOMMU: A Hardware-assisted Virtual IOMMU Technology - Suravee Suthikulpanit & Wei Huang, AMD
There have been various usages of IOMMU in virtual machines (VMs), especially for supporting pass-through devices within a VM. Several virtual IOMMU (vIOMMU) solutions have been proposed and implemented, which are mostly done in an emulated fashion. This talk will focus on the technical details of a new hardware-assisted vIOMMU technology introduced in the AMD second-generation EPYC platforms. The goal of this technology is to improve the performance of vIOMMU for pass-through devices. We will discuss how the support is implemented in AMD IOMMU driver for when it is running in the host, as well as how it is being modified to use the v2 I/O page table for DMA-API when running in the guest. As a proof of concept, QEMU is modified to leverage the vIOMMU hardware via a new ioctl interface. This presentation will cover the implementation details and performance results of our initial design.
Speakers
WH

Wei Huang

Open-Source Contributor, AMD
Wei Huang is a member of AMD Server Software Group, with current focus on server OS and x86 virtualization. Wei has contributed to Linux kernel and various open source virtualization projects (Xen, KVM/QEMU, etc.), and presented a number of times at various technical conferences... Read More →
avatar for Suravee Suthikulpanit

Suravee Suthikulpanit

Open-Source Contributor, AMD
Suravee Suthikulpanit works for AMD Server Software Group. His work mainly focus on Linux kernel and the open-source virtualization software. Within AMD, Suravee works with the hardware design and performance teams on future feature definitions. Suravee has been a regular contributor... Read More →

vIOMMU KVM Forum 2020 pdf
Thursday October 29, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Track 1

06:30 GMT

Evaluate Implementation Options of KVM-based Type1 (or 1.5) Hypervisor - Jun Nakajima, Intel
We share our evaluation of KVM-based Type1 (or 1.5) hypervisor (KVM++) to discuss which option is the best for the community, showing the pros and cons of the implementation options. At the last KVM Forum, we showed a high-level architecture of KVM++, where we can isolate guest memory from the host except the areas for I/O buffers, in order to better protect and isolate guests. In terms of the implementation, one extreme is to run it as a KVM guest on top of a hypervisor that consists of KVM/mini-Linux. At the other end, we deprivilege it with almost everything passthrough except memory access. The former requires nested virtualization if KVM is used on the host Linux. The latter doesn’t. Those implementations can affect overhead and latency of the systems as well, and the implication and impacts can depend on the platform (i.e. client vs. server).
Speakers
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corporation
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading virtualization and security for open source projects. Jun presented a number of times at technical conferences, including LSS, KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX... Read More →

Oct 29 Evaluate implementation options of KVM based Jun Nakaijma pdf
Thursday October 29, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Track 2

07:00 GMT

Hypervisor Based Integrity: Protect Guest Kernel in Cloud - Ning Yang & Forrest Yuan Yu, Google
There are multiple efforts from the community that tries to bring Virtualization based security into the industry and there are a number of papers published every year to discuss the benefit of this approach. Hypervisor Based Integrity(HBI) is product Google Cloud is currently investing to be the public offering for such security hardening in the Cloud. The talk will cover the place where this implementation fits in the Cloud environment, the relationship between this mechanism and other security enhancement for the Linux kernel, what HBI can protect/monitor, special challenges encountered along the road. In addition, it will also cover an overview of the new hypervisor security kernel module Google plans to upstream and show how all hypervisor/VMM can easily implement the support for it so guest VM can move across different providers while getting the same security guarantee.
Speakers
avatar for Ning Yang

Ning Yang

Senior Software Developer, Google Inc
Ning is a Senior Software Developer at Google Compute Infrastructure Team. He contributes to Google internal VMM, including device emulation and guest firmware/driver support. Worked on bringing UEFI(OVMF) into Google Cloud and the Google Cloud Shielded VM project, which provides... Read More →
FY

Forrest Yuan Yu

Software Developer, Google Inc
Forrest is a software engineer at Google working on firmware, virtualization and making GCP more secure for customers.

KVM Forum Hypervisor Based Integrity Protect Guest Kernel in Cloud pdf
Thursday October 29, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Track 1

07:00 GMT

A Virtual IOMMU With Cooperative DMA Buffer Tracking - Yu Zhang, Intel
Direct assignment of I/O devices requires the host to statically pin the entire guest memory, thus hindering the efficiency of memory management. Presenting a vIOMMU can fix this but suffers from non-negligible cost of emulating the guest DMA remapping operations. Yu proposes a new vIOMMU architecture with a cooperative DMA buffer tracking mechanism, which is dedicated to achieving fine-grained pinning and is orthogonal to the costly DMA remapping interface. The new mechanism minimizes the VM-exits when enabling host/guest to coordinate the mapping/pinning requirement of active DMA buffers. It is designed in a vendor-agnostic way, thus can be applied to either emulated or para-virtualized vIOMMUs, Paper of this idea was accepted by USENIX ATC’20. In this talk, Yu'd like to talk more about the design/implementation challenges in KVM/Qemu, current status and upstreaming plan.
Speakers
YZ

Yu Zhang

Virtualization Developer, Intel
Yu is a virtualization developer from Intel's virtualization team. He had 10+ years’ experiences in virtualization areas from I/O to CPU/memory virtualization, from performance tuning to security enhancements. Yu’s public presentation experience includes Xen summit/LC3 conference/Intel... Read More →

coIOMMU pdf
Thursday October 29, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Track 2

07:30 GMT

Speed Up Creation of a VM With Pass Through GPU - Liang Li, DIDI Chuxing
Creating a virtual machine (VM) instance with GPU will take more time than creating a VM without GPU, the gap depends on many factors, eg. System configuration, RAM size of VM, type of GPU and the count of GPU cards, from several seconds to serval minutes. It impacts user experience, and in some situation it becomes unacceptable. In this session, Liang will first introduce the factors affect the creation time of a VM with GPU, and then elaborate some issues in QEMU and linux kernel. In the end, Liang will show the solutions for these issues in detail and their achievement for the optimization.
Speakers
avatar for Liang Li

Liang Li

Senior Expert, Alibaba
Liang has worked in the area of system virtualization for many years. He had ever gave two talks about live migration on KVM forum in 2015 and in 2016. In KVM forum 2020, he gave a talk about GPU VM creation time optimization

Speed Up Creation of a VM With Passthrough GPU pdf
Thursday October 29, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Track 2

10:00 GMT

KVM Latency Performance Tuning - Wanpeng Li, Tencent
The KVM hypervisor is at the core of cloud computing, some customers from financial, online shopping, and gaming etc are sensitive to latency, IPI and Timer cause the main MSRs write vmexit in cloud environment. Preempted vCPU can block synchronized multicast function call IPIs or worse Lock Waiter Preemption Issue. In this presentation, we will introduce some features that can reduce latency in kvm hypervisor, including Fast IPI delivery, Fast timer emulation, and some features that can improve scalability, including Boost preempted vCPU, Yield to IPI target, and so on.
Speakers
avatar for Wanpeng Li

Wanpeng Li

Linux Kernel Contributor, Tencent Cloud
Wanpeng Li is a 9 years experienced Linux kernel/virtualization developer who works in Tencent Cloud currently. He mainly focuses on KVM, scheduler and memory management. In KVM, he contributes a lot of features to improve performance and stability. He has worked in the IBM LTC kernel... Read More →

KVM Latency and Scalability Performance Tuning pdf
Thursday October 29, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Track 2

10:30 GMT

Implementing SR-IOV Failover for Windows Guests During Migration - Yan Vugenfirer, Daynix & Annie Li, Oracle
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests.  In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.
Speakers
avatar for Yan Vugenfirer

Yan Vugenfirer

CEO, Daynix
Yan is the CEO of Daynix Computing. He is an upstream maintainer of the virtio-win drivers https://github.com/virtio-win/kvm-guest-drivers-windows/. Yan has more than 20 years of kernel development and 14 years of virtualization-related development.
avatar for Yansu Li

Yansu Li

Principal Software Engineer, Oracle
Annie is a principal software developer at Oracle America, Inc. Her role is developing Virtualization drivers in Windows, and currently, she is working on VirtIO 2-netdev model for supporting SR-IOV live migration in Windows. She has 10+ years experience of Windows driver develop... Read More →

Implementing SR IOV Failover for Windows Guests During Migration pdf
Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Track 1

10:30 GMT

The Practice Method to Speed Up 10x Boot-up Time for Guest in Alibaba Cloud - Weinan Li, Alibaba
When the hypervisor assigns memory to one virtual machine, it needs to pin the memory first. As you know, "pin memory" is one time-consuming work which is directly proportional to the amount of memory. If you just assign 8GB RAM to VM, that might be not a case at all, but that must be one big problem if the RAM is 300GB, the only "pin memory" process need more than 60s. 300G is one common configuration in the cloud, and 60s impacts the user experience seriously. This topic will present one simple solution for accelerating the boot process with virtio-balloon, then the hypervisor can pin the memory asynchronously. This whole process runs in the background with little user perception what can bring very good user experience. This solution could reduce around 90 percents boot-time compared with one normal use case.
Speakers
avatar for Weinan Li

Weinan Li

Software Engineer, Alibaba Cloud
Weinan is working on the produce-heterogeneous computing field since 2019 in Alibaba Cloud. Before that, he worked for Intel with Graphics Virtualization since Dec. 2014, was responsible for the enabling work and new features development of several generations of Intel GPU.

The Practice Method to Speed Up 10x Boot up Time for Guest in Alibaba Cloud pdf
Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Track 2

14:00 GMT

Keynote: KVM - Christian Bornträger, IBM
Speakers
avatar for Christian Borntraeger

Christian Borntraeger

CPO Linux on IBM Z Development, IBM

kvmforum2020 keynote kvm pdf
Thursday October 29, 2020 14:00 - 14:15 GMT
KVM Theater
  Keynote Sessions

14:30 GMT

Virtual Device Fuzzing Support in QEMU - Alexander Bulekov & Bandan Das, Red Hat
For some time, the community has been interested in fuzzing QEMU to identify potential security vulnerabilities. Last year, Dima Stepanov presented an approach for fuzzing VIRTIO devices using AFL at KVM Forum 2019, and there is an existing image-fuzzer tool in the tree. Since then our virtual-device fuzzing work has landed upstream and has identified dozens of bugs. In this talk, we will introduce our solution, based on QEMU’s existing qtest and qos frameworks. We will cover topics such as: - Why fuzz virtual devices? - How to build a fuzzer for a virtual-device. - Fuzzing a virtual device vs writing a test for it. - How to fuzz new devices/QEMU configurations without writing any code. - Plan for reporting and triaging crashes found by the fuzzer. - Options for fuzzing “external” devices (e.g vhost). - Fuzzing other attack surfaces in QEMU. - How to get involved
Speakers
avatar for Bandan Das

Bandan Das

Software Engineer, Red Hat
Bandan works on Virtualization at Red Hat. He is primarily interested in systems security and performance. Bandan has presented on various topics such as KVM, usb-mtp emulation in Qemu and the IIO interface in the Linux kernel.
AB

Fuzzing KVMForum 2020 pdf
Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Track 1

14:30 GMT

KVM-unit-tests: When "KVM" Doesn't Mean KVM - Andrew Jones, Red Hat
kvm-unit-tests is a tool created to help develop KVM. Like many tools, while it was initially intended for more specific tasks, other applications of it have emerged over time. For some of these new applications, KVM isn't even in the picture. We present the evolution of kvm-unit-tests, from its origins to current day, describing how the unit test framework can support multiple targets with no impact to test code. We also make suggestions of new targets and framework enhancements for the further generalization of the tool.
Speakers
avatar for Andrew Jones

Andrew Jones

Principal Software Engineer, Red Hat
Andrew (Drew) has been involved in system software development for almost 20 years. Drew has focused over half of those years on Virtualization, starting with pHype at IBM, and then continuing with Xen and KVM/QEMU at Red Hat. For the majority of the last decade he has been leading... Read More →

kvm unit tests When KVM doesn't mean KVM pdf
Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Track 2

15:00 GMT

Virtual Versus Physical: Virtio Changes for New Hardware - Michael S. Tsirkin, Red Hat
Virtio has been originally designed as a VM guest to hypervisor interface. As it became ubiquitious virtio hardware offload schemes began to pop up. These are typically designed to perform well with existing Virtio drivers without modifying guests. We are however finding out that to maximise performance, interface changes can be benefitial. Interestingly, as CPU technology changes, some of these become benefitial for guest to hypervisor communication, too. This talk will discuss changes in the Virtio specification for the benefit of new CPU and offload hardware: some of them already accepted for the next specification version, some still under discussion. Open questions will be presented in the hope to generate discussion.
Speakers
MS

Michael S. Tsirkin

Distinguished Engineer, Red Hat
Michael has been with Red Hat for more than 10 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and... Read More →

virtual versus physical 2020 final odp
Thursday October 29, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Track 1

15:00 GMT

A KVM-unit-tests and KVM selftests update for aarch64 - Eric Auger, Red Hat
The KVM/aarch64 code evolves very rapidly. There are lots of features brought by each and every new ARM specification revision. Unfortunately the ARM related commits in the KVM test frameworks does not really follow that pace and span. KVM-unit-tests and KVM selftests frameworks are the most popular ones. This talk will introduce both of them, explain what they are meant to be used for and how they complement one another. This will be illustrated by practical examples picked up from recently added tests (PMU event counters, ITS MSI controller, migration, microbenches, ...). The KVM/aarch64 test code base will be compared with other architectures and the most pressing needs will be highlighted for each test framework. This should be a valuable input for developers willing to lean about KVM/aarch64 and quickly ramp up on both the test frameworks and new KVM/guest features.
Speakers
avatar for Eric Auger

Eric Auger

Senior Software Engineer, Red hat
Eric has been involved in KVM/QEMU since 2014. He works at Red Hat, in the virtualization team. Eric has contributed to VFIO, KVM/ARM, and QEMU. He started to work on vIOMMU for ARM in 2017 and has contributed to the QEMU SMMUv3 and virtio-iommu devices. He has supported and promoted... Read More →

kvm unit tests selftests update for aarch64 Eric Auger pdf
Thursday October 29, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Track 2

15:30 GMT

Libvirt Status Report - Daniel Berrangé, Red Hat
Speakers
DB

Daniel Berrangé

Senior Principal Software Engineer, Red Hat
Daniel is a long term contributor in the open source virtualization space working at Red Hat. A lead architect of the libvirt project since its inception, frequent contributor & subsystem maintainer to QEMU and has involved in many other projects including OpenStack, GTK-VNC, libosinfo... Read More →

Thursday October 29, 2020 15:30 - 15:45 GMT
KVM Theater
  KVM Track 1

15:30 GMT

A Journey to Support vGPU in Firecracker - Liang Yan, SUSE
GPU virtualization for firecracker is quite a controversial topic inside community. One side,  people are quite interested in it as the current popularity of  AI. The other side, it is conflict with some design principal, such mas memory overcommit. This session will present a new proof of concept by refactoring vfio-bind and implementing vfio-ioctl from rust-vmm crates. Further more, we will have a dissuasion on vfio-mmio device experiment.
Speakers
LY

Liang Yan

Sr. Virtualization Engineer, SUSE
Liang is a Virtualization Software Engineer at SUSE Labs. He's been active in the Open Source virtualization area since 2012, mostly on the KVM and QEMU projects, working on IO virtualization and lightVM implementation. He's currently working on GPU virtualization, trying to import... Read More →

Thursday October 29, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Track 2

15:45 GMT

Rust-vmm Status Report - Andreea Florescu, Amazon
Speakers
avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →

KVM Forum rust vmm Status Report 2020 pdf
Thursday October 29, 2020 15:45 - 16:00 GMT
KVM Theater
  KVM Track 1

16:00 GMT

Challenges in Supporting Virtual CPU Hotplug on SoC Based Systems (like ARM64) - Salil Mehta, Huawei
Summary:

Recently some attempts have been made to add support of the Virtual CPU Hotplug for ARM64 in QEMU virtualizer and Linux Guest Kernel but this has got mixed reviews from the community. Where some vendors have practical reasons to have such a support added, on the other hand some community members have apprehensions about its support. Idea about this talk is to:
1. Present the motivation of Virtual CPU Hotplug support on ARM64
2. Quick Overview
3. Problems in supporting Virtual CPU Hotplug 
    - ARM64 System Arch constraints? 
    - Host KVM
    - QEMU Virtualizer
    - Guest Kernel
4. Discussed Workarounds to the knowm limitation or problems
5. Existing work/attempts made to upstream (short mention)
6. Problems being faced in up-streaming.
7. Question/Feedback's
    - Feedback from people how to proceed and avoid the current deadlock.
    - Should Virtual CPU Hotplug support depend upon existence of Physical CPU Hotplug support?

Speakers
avatar for Salil Mehta

Salil Mehta

System Software Architect, Huawei Technologies (U.K) R&D Ltd.
Salil works primarily on various system aspects of HiSilicon's ARM64 based Server chips. He is also a co-author and an official kernel maintainer of Huawei's on-chip integrated NIC driver HNS (HiSilicon Network Subsystem) across various multi-core server chips (Kunpeng920 and earlier... Read More →

Oct 29 Challenges in Supporting Virtual CPU Hotplug in SoC Based Systems like ARM64 Salil Mehta pdf
Thursday October 29, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Track 1

16:00 GMT

Changing Paravirt Lock-ops for a Changing World - Ankur Arora, Oracle
Paravirt ops are set in stone once a guest has booted. As an example we might expose `KVM_HINTS_REALTIME` to a guest and this hint is expected to stay true for the lifetime of the guest. However, events in a guest's life, like changed host conditions or migration might mean that it would be more optimal to revoke this hint. This talk discusses two aspects of this revocation: one, support for revocable `KVM_HINTS_REALTIME` and, second, work done in the paravirt ops subsystem to dynamically modify spinlock-ops.
Speakers
AA

Ankur Arora

PMTS, Oracle Corp
Ankur Arora is a PMTS in the Linux and Virtualization group at Oracle. His focus for the past few years has been on x86 virtualization for KVM and Xen. In past lives, he's worked on highly parallel HW for Oracle, and on near memory storage for Virident. In days of yore, he did research... Read More →

Dynamic lock ops KVM forum 2020 pdf
dynamic lock ops rst
Thursday October 29, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Track 2

16:30 GMT

HA-IOV: Applying Hardware-assisted Techniques to IO Virtualization Framework - Yifei Jiang & Bo Wan, Huawei
In I/O virtualization, notification mechanism, such as ioeventfd, achieves a significant fraction of request latency as long as I/O physical devices become faster. Polling techniques can reduce latency but prevents other threads from running and waste CPU if events are rare. This talk introduces HA-IOV, an efficient and flexible hardware-assisted I/O Virtualization framework, to obtain high CPU utilization as well as satisfying performance. First, VMs can deliver I/O requests to asynchronous I/O processing threads without trapping out by hardware support to reduce delivery latency. I/O processing threads are further wakened up by hardware-assisted scheduler with no kernel scheduler overheads. Polling mode can thus be eliminated in HA-IOV to improve CPU utilization. Second, HA-IOV allows VMs to trap out to user-level threads bypassing KVM, leading to a reduction of synchronous I/O path.
Speakers
YJ

Yifei Jiang

Chief Engineer, Huawei
Yifei Jiang is a chief engineer at Huawei, and has 9 years working experience on Virtualization. Currently working on next generation virtualization technology research.
BW

Bo Wan

Senior engineer, huawei
Bo Wan, Doctor of University of Science and Technology of China, is a senior engineer in Huawei. He is working on the ongoing next generation virtualization project.

HA IOV PDF
Thursday October 29, 2020 16:30 - 17:00 GMT
KVM Theater
  KVM Track 1
 
Friday, October 30
 

06:00 GMT

Live Migration With Hardware Acceleration - Wei Wang, Intel
Guests with memory write intensive workloads are difficult to live migrate and guests with large memory size take long time to migrate. The existing solutions reduce the amount of data to migrate using extra CPU cycles to compress the memory or perform delta operations to migrate the updated bytes. Those do not work as fast as expected, and optimizations like multi-threading compression consume lots of host CPUs. This talk introduces some features enhanced to the migration framework to use hardware accelerators to process the guest memory. Initial results with QAT-based compression show ~5x larger migration throughput compared to compression using 16 CPUs, which consequently supports higher guest dirty rate and has shorter migration time. DSA-based delta operation is work in progress and it performs better when the delta encoding rate is higher than the compress rate.
Speakers
avatar for Wei Wang

Wei Wang

Senior Software Engineer, Intel Corp.
Wei is currently a software developer at Intel. He earned a Master degree from the University of Ottawa, Canada. Wei has rich experience in the virtualization field and he worked on many projects such as network virtualization, live migration, memory ballooning, PMU virtualization... Read More →

Oct 30 Live Migration with Hardware Acceleration Wei Wang pdf
Friday October 30, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Track 1

06:00 GMT

Intel Virtualization Technology Extensions to Enable Hardware Isolated VMs - Sean Christopherson, Intel
Deploying virtual machines in an unsecured environment might expose a cloud tenant to risk of losing confidentiality and integrity of its sensitive data and IP, e.g. via attacks from privileged software, offline memory analysis, and active memory attacks at system interfaces. This talk will present an upcoming Intel technology to isolate VMs from many hardware and most software-based threats, by providing capabilities for confidentiality and integrity of memory, address translation, and cpu state, as well as secure interrupt and exception delivery, and remote attestation. Sean will provide an overview of the technology and its unique, novel features, and briefly cover the state of enabling in KVM and Qemu.
Speakers
avatar for Sean Christopherson

Sean Christopherson

Software Engineer, Google
Sean is an engineer at Google Cloud focused on KVM, and is an upstream co-maintainer for x86 KVM.

TDX KVM Forum 2020 pdf
Friday October 30, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Track 2

06:30 GMT

Scalable Work Submission in Device Virtualization - Hao Wu, Intel
Hardware I/O virtualization techniques, such as PCIe SR-IOV and Intel Scalable IOV, allows devices to be shared by multiple clients (e.g. VMs) with minimal emulation cost. However, some devices may not allow fine-grained partitioning of its backend resources, thus imposing a scalability limitation. ENQCMD (Enqueue Command) is a new instruction on future Intel platforms to allow scalable work submission for such devices. The instruction payload includes the work descriptor and a unique PASID to identify the client who is submitting the work, thus allowing a single work queue to be shared between multiple clients. In this talk, Hao will introduce the ENQCMD concept and how to efficiently virtualize it through hardware/software extensions, based on the example implementation on Scalable IOV based device.
Speakers
HW

Hao Wu

Software Engineer, Intel
Hao is a software engineer from Intel Virtualization Enabling team, focusing on I/O virtualization technology. His most recent interest and work is I/O support for Virtualization-based Trust Execution Environment (TEE). Prior to that, Hao worked on linux kernel and device drivers... Read More →

Scalable Work Submission In Device Virtualization pdf
Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Track 1

07:00 GMT

PASID Management in KVM - Yi Liu& Jacob Pan, Intel
PASID (Process Address Space ID) is a PCIe capability that enables sharing of a single device across multiple isolated address domains. It has been becoming a hot topic in I/O technology evolution. e.g. as the foundation of SVA (Shared Virtual Addressing) and SIOV (Scalable I/O Virtualization). Although PASID itself is a generic concept, different usages/requirements are imposed cross vendors thus bringing an interesting challenge to PASID management in Linux. This talk will first review the PASID usages, introduce the IOASID (I/O Address Space ID) core logic in Linux, and then elaborate the gaps/solutions for efficient PASID management in KVM/VFIO.
Speakers
avatar for Jacob Pan

Jacob Pan

Linux Kernel Developer, Intel Corporation
Jacob is a veteran Linux kernel developer at Intel. His most recent interest and work are on Shared Virtual Address/Memory as well as the IOMMU subsystem in general.Prior to that, Jacob contributed to power management, device drivers, interrupt, timers, and X86 core.
avatar for Yi Liu

Yi Liu

Senior Software Engineer, Intel
Yi is a software engineer from Intel Virtualization team, focusing on I/O virtualization technology. He works on Shared Virtual Memory, Scalable IOV and vIOMMU stuffs in recent years. He has been invited to give presentations at LPC 2017, LinuxCon Beijing 2018, KVM Forum 2018, Intel... Read More →

KVM forum 2020 PASID MGMT Yi Jacob final pdf
Friday October 30, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Track 1

07:30 GMT

Building a Cloud Infrastructure to Deploy Microservices as Microvm Guests - Matias Vara Larsen, Huawei
This talk presents a proof of concept solution that evaluates a cloud infrastructure to deploy microservices by relying on microvm Qemu machine, virtio-fs and virtio-vsocket. Microservices run as Toro's guest, a dedicated unikernel to deploy all-in-one embedded applications into the cloud. We highlight the following benefits when using microvm machine, virtio-fs and virtio-vsocket: reduced attack surface, deployment of several VMs in a single host, continuous deployment due to the short booting time, easily VMs configuration and simplified unikernel architecture. The infrastructure is built on top of a CephFS cluster thus allowing VMs to share a common filesystem. During the talk, we present the architecture of such a cloud infrastructure and the current implementation. We discuss technical challenges and ongoing work. The tutorial and scripts to reproduce this infrastructure can be found at https://github.com/torokernel/torocloudscripts.
Speakers
avatar for Matias Vara Larsen

Matias Vara Larsen

Software Engineer, Huawei
I am a Software Engineer at Huawei. I am interested in the use of formal languages and the development of Operating Systems.

microtoro kvmforum20 pdf
Friday October 30, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Track 1

10:00 GMT

Evolution of SPDK vhost Towards Secure Container Storage Service - Xiaodong Liu & Changpeng LIu, Intel
Secure container provides strong isolation for multi-tenant, serverless workloads. Generally, it is light VM based, like Kata containers and Firecracker. It is already used in production by top CSPs. Previously, SPDK vhost application has been widely adopted for storage virtualization. While SPDK applications are polling based, and require hugepage memory. But for container scenarios, host resources are always oversubscribed in order to serve thousands of light VMs. This means reserved hugepage and polling pinned CPU cores are hard to be tolerated. So SPDK vhost should keep evolving to fit the requirement from container scenarios. In this talk, we will go over what evolution SPDK vhost requires and how polling pinned CPU and hugepage are avoided. With the new improvement, SPDK vhost will be a good choice to provide storage service to secure containers.
Speakers
avatar for Changpeng Liu

Changpeng Liu

Cloud Software Engineer, Intel
Changpeng is a Cloud Software Engineer in Intel. He has been working on Storage Performance Development Kit since 2014. Currently, Changpeng is a core maintainer for the SPDK. His areas of expertise include NVMe, I/O Virtualization, and storage offload on IPU.
avatar for Xiaodong Liu

Xiaodong Liu

Senior Cloud Engineer, Intel
Xiaodong is a senior cloud software engineer at Intel. He works on the areas of cloud native storage, storage acceleration, storage protocols and storage virtualization, mainly contributing to Storage Performance Development Kit (SPDK) and Intel Intelligent acceleration Library (ISA-L... Read More →

KVM2020 Evolution Of SPDK towards secure container storage service Xiaodong Liu and Changpeng Liu pdf
Friday October 30, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Track 1

10:00 GMT

Hypervisor-managed Linear Address Translation - Chao Gao, Intel
Some security features (e.g. write-protect kernel code, SMEP) are deployed in kernel to raise the bar of vulnerability exploitation. In practice, attackers would defeat or turn off these security features first. A typical way is by breaking code/data integrity of security features through editing page tables. In this case, enforcing linear translation is important to prevent security features being bypassed. But existing approaches to enforce guest linear translation generally lead to much overhead as guest page table changes and CR3 loading must be trapped by VMM. With HLAT enabled, VMM don’t need to monitor guest CR3 page table changes, thus reduces most overhead and improve efficiency. This presentation will first introduce the hardware extensions in HLAT, and then discuss how to build an efficient solution in KVM to enforce guest linear translation.
Speakers
CG

Chao Gao

Cloud Software Engineer, Intel
Chao has work for Intel for 4 years as a software engineer. He is responsible for enabling new Intel virtualization features in KVM/Xen and is familiar with interrupt virtualization, performance tuning and virtualization base security. Currently, Chao is working on using HLAT to enhance... Read More →

kvm2020 hypervisor managed linear address translation v3 pdf
Friday October 30, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Track 2

14:00 GMT

Speeding Up VM’s I/O Sharing Host's io_uring Queues With Guests - Stefano Garzarella, Red Hat
io_uring is the newest Linux I/O interface. It provides submission and completion queues for performing asynchronous I/O operations.

The queues are located in a memory region shared between the userspace application and the kernel. This aims to reduce the number of syscalls required for I/O operations and provides a way to poll efficiently. io_uring achieves good performance and it makes exposing submission and completion queues to guests an attractive idea for improving I/O performance in virtualization.

Stefano will give a brief overview of io_uring API. Then, he will illustrate how the host's io_uring queues can be shared with guests to improve I/O performance of a block device and which io_uring changes are required to safely give queues access to the guest. Finally, Stefano will show the performance boost achieved with the proposed approach and future steps.
Speakers
avatar for Stefano Garzarella

Stefano Garzarella

Principal Software Engineer, Red Hat
Stefano is a Principal Software Engineer at Red Hat.He is working on virtualization and networking topics in QEMU and Linux kernel. He is the maintainer of Linux's vsock subsystem (AF_VSOCK).Current projects cover vDPA for virtio-blk devices, virtio-vsock, QEMU network and storage... Read More →

KVMForum 2020 io uring passthrough Stefano Garzarella pdf
Friday October 30, 2020 14:00 - 14:30 GMT
KVM Theater
  KVM Track 1

14:30 GMT

Virtio-(balloon|pmem|mem): Managing Guest Memory - David Hildenbrand & Michael S. Tsirkin, Red Hat
How to resize guest memory? Can we reduce host swapping? Can we shrink the guest page cache? Traditional ballooning has been the answer to these questions for more than a decade - with advantages but also well-known issues. There is ongoing work to answer these questions in a better way, slowly but steadily obsoleting the original basis of virtio-balloon: the balloon. In addition to recent virtio-balloon extensions (e.g., free page hinting), new approaches, like virtio-pmem and virtio-mem, can substitute or replace ballooning. However, supporting technologies that mess with guest memory in the hypervisor (e.g., vfio, encrypted VMs), and closed-source guest operating systems become more challenging. In this talk, we give an overview of the current state of virtio-balloon, virtio-pmem and virtio-mem, discussing advantages, issues, and open items of each, and draw a picture of the future.
Speakers
avatar for David Hildenbrand

David Hildenbrand

Senior Software Engineer, Red Hat
David has been working on QEMU/KVM for almost 6 years now. His current projects are mostly centered around memory hot(un)plug and memory overcommit in the context of virtual machines. While he's involved with QEMU/KVM on s390x and Linux memory management in general, his main projects... Read More →
MS

Michael S. Tsirkin

Distinguished Engineer, Red Hat
Michael has been with Red Hat for more than 10 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and... Read More →

KVM Forum 2020 Virtio (balloon pmem mem) Managing Guest Memory pdf
Friday October 30, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Track 1

14:30 GMT

Faster and Smaller qcow2 Files With Subcluster-based Allocation - Alberto Garcia, Igalia
qcow2 is QEMU's native format for disk images. qcow2 images are smaller and more flexible than raw files but are also slower. This problem can be partially mitigated by adjusting the cluster size when creating a new qcow2 image. However there is always a trade-off that needs to be considered: smaller cluster sizes result in smaller images and generally faster allocations but also in more metadata and larger memory requirements. Several approaches have been followed in order to improve this situation. In this presentation we introduce subcluster allocation: a new extension for the qcow2 file format that tries to combine the best of both worlds, producing images that are both faster and smaller.
Speakers
AG

Alberto Garcia

Software engineer, Igalia
Alberto Garcia is a software engineer working at Igalia. He has more than two decades of professional experience working with open source projects and Linux-based devices and operating systems. He is an active Debian developer and has years of contributions to projects like QEMU and... Read More →

qcow2 subcluster allocation pdf
Friday October 30, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Track 2

15:00 GMT

QEMU Snaphosts Are So Slow. Really? - Denis Lunev, Virtuozzo
QEMU snapshots made via savevm interface are at the moment synchronous and slow. This happens not only due to not optimal code but also due to a gap between migration and block layer concepts. This presentation tries to cover this gap and provides some approaches to faster make snapshot and revert to snapshot operations. The talk will cover optimizations to the currently available synchronous SaveVM interface and will also cover asynchronous operations, including asynchronous revert to snapshot, which would require developing a memory page index for migration stream.
Speakers
DL

Denis Lunev

Core Team Lead, Virtuozzo
Denis Lunev is working in Virtuozzo around 20 years dealing with various aspects of virtualization, both in virtual machine and container worlds. Right now is working on QEMU/KVM optimizations.

FastVM snapshots pdf
Friday October 30, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Track 2

15:30 GMT

Towards an Alternative Memory Architecture - Joao Martins, Oracle
We waste a lot of memory managing guest memory (ironic eh?). And in today's cloud ecosystem PCI passthrough is important and an increasing commodity. This gives us an opportunity to make a mean and lean hypervisor which can shed some of its layers. This talk discusses memory efficiency, particularly focusing on one of its oldest overheads: per page metadata. Particularly on what it means to strip that away, what it entails for security and performance, and how the DAX subsystem can be improved to fill in the gap, drawing KVM closer to that of a partitioned hypervisor.
Speakers
JM

João Martins

Snr Principal Software Engineer, Oracle
João is a Snr Principal Software Engineer working in the Oracle Linux Virtualization group. His work includes both Xen and more recently KVM, usually digging in networking performance and the hypervisor. Prior to Oracle, he did research on specialized OSes in the context of network... Read More →

Towards an Alternative Memory Architecture pdf
Friday October 30, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Track 1

15:30 GMT

Bitmaps and NBD: Building Blocks of Change Block Tracking - Eric Blake, Red Hat
The premise of incremental backups is simple: if you can keep track of what changed, you can optimize a backup to visit only those portions of a disk image. But under the hood, there are a lot of moving parts that have been added and refined in the past few years to make incremental backups a reality when using qcow2 images. In this talk, Eric Blake will explore recent work in qemu to make bitmap tracking more powerful, enabling libvirt to finally add support for incremental backups even when a disk image is split across a backing chain involving multiple qcow2 files. Whether deciding which bitmaps should be active, or accessing the contents of those bitmaps over Network Block Device (NBD) for consumption by an arbitrary client, having an understanding of change block tracking and related technology can help you get the most performance from your incremental backups.
Speakers
avatar for Eric Blake

Eric Blake

Software Engineer, Red Hat
Eric Blake is a software engineer at Red Hat, working on block device management in virtualization. He has contributed extensively to qemu and libvirt. He has spoken at several past KVM Forums, most recently about making the most of NBD in Oct 2019.

kvmforum 2020 Bitmaps and NBD pdf
Friday October 30, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Track 2

16:00 GMT

KVM Dirty Ring - A New Approach to Logging - Peter Xu, Red Hat
In this talk, Peter will present a new kvm dirty logging interface which is called kvm dirty ring. This is a carry-over work from Lei Cao and Paolo Bonzini which started a few years ago. Instead of using dirty bitmaps to record dirty pages, kvm dirty ring records the dirty pages in the form of an array of guest PFNs, which are recorded in per-vcpu ring structures. The memory consumption of dirty logging itself will be heavily reduced, and the size of the dirty rings will be configurable (via QEMU command lines). More importantly, dirty ring gives us a chance to be able to collect and sync dirty pages in a totally different way that will be extremely friendly to COLO-like applications. However, kvm dirty ring is not a super weapon to cover every single scenario. Peter will also talk about different user scenarios and on how to choose the correct logging method.
Speakers
avatar for Peter Xu

Peter Xu

Software Engineer, Red Hat
Peter Xu is a software engineer working for Red Hat Virtualization team. He's recently working on VM live migrations and some memory management problems of VMs or hosts.

kvm dirty ring peter pdf
Friday October 30, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Track 1

16:00 GMT

Bring SCSI Support Into QEMU Block Layer - Yaowei Bai, Chinamobile
Currently some storage technologies like Ceph already have the support of several SCSI interfaces like WRITE SAME and COMPARE AND WRITE, which can be called by QEMU block driver directly. However, QEMU still emulates them at the moment. We work on this by introducing SCSI support into QEMU block layer. This presentation will explain how this support is implemented and the problem it still has.
Speakers
YB

Yaowei Bai

Software engineer, Chinamobile
I'm a cloud software engineer focusing on virtualization and linux kernel in Chinamobile. Currently i'm working on high-performance distributed storage system basing on Ceph and spoke on Cephalocon 2020.

Chinamobile Bring SCSI support into QEMU block layer pdf
Friday October 30, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Track 2

16:30 GMT

Long Live Asynchronous Page Fault! - Vitaly Kuznetsov & Vivek Goyal, Red Hat
Asynchronous Page Fault mechanism for KVM guests is not new, it's been around for more than a decade. Recently virtio-fs developers made an attempt to add new features to it and his attracted the attention of kernel developers to the internals. Some flaws in the original design of asynchronous page fault on x86 architecture were revealed, these flaws currently block addition of the new features. There is, however, an ongoing work aimed at fixing these issues. In this talk we'll try to cover asynchronous page fault mechanism: what is it needed for and how it works, both in 'normal' and 'nested' virtualization scenarios. We'll explain what potential issues were recently revealed and how we're fixing them. We'll describe new use-cases and features, both in-development and waiting to be implemented.
Speakers
avatar for Vitaly Kuznetsov

Vitaly Kuznetsov

Principal Software Engineer, Red Hat
Software Engineer
VG

Vivek Goyal

Senior Principal Software Engineer, Red Hat
Vivek is a member of kernel storage team at Red Hat and has worked in various areas like Virtio FS, overlayfs SELinux support, docker storage, block cgroup controller, IO scheduler, kexec/kdump and secureboot. He frequently presents at LSF/MM, Linux plumbers and other technical c... Read More →

KVMForum2020 APF pdf
Friday October 30, 2020 16:30 - 17:00 GMT
KVM Theater
  KVM Track 1
 
Filter sessions
Apply filters to sessions.
Wednesday, October 28
Thursday, October 29
Friday, October 30
KVM Theater
  • Birds of a Feather Sessions (BoF)
  • Keynote Sessions
  • KVM Track 1
  • KVM Track 2
  • OSS - KVM Forum Track
  • Technical Skill Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Session Slides
  • Included