Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Yes [clear filter]
Monday, October 26
 

12:00 GMT

Simplifying First-boot Experience for Your Cloud VMs with Cloud-init - Ashish Sahu, Microsoft
Cloud-init may have started out as a way to customize the Amazon EC2 instance at first boot but it is now widely supported on every major Linux distribution and across many public and private clouds. With Cloud-init, you can perform any type or number of actions as it boots up on your favorite cloud - as it is designed to to run during the first boot, you don't really any additional steps or software to start utilizing it today. Join me in this demo-filled session to learn all about Cloud-init and how you can use it to customize/personalize your cloud VMs even before you log in to them for the first time!

Speakers
avatar for Ashish Sahu

Ashish Sahu

Partner Technology Strategist, Microsoft
Ashish Sahu is a cross-technology architect, working with Microsoft India in the OCP ISV team. His primary job responsibility is helping ISVs and startups overcome technical challenges, adopt latest technologies, and evolve their solutions to the next level. He has authored articles... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
101 Essentials Theater

12:00 GMT

Container Live Migration - Adrian Reber, Red Hat
One of the main reasons Checkpoint/Restore in User-Space (CRIU) exists is to enabled container live migration and although container live migration is always viewed as an outlier or corner case of containers, because containers are supposed to be stateless, CRIU continues to get better at container live migration. Maybe containers are supposed to be stateless, but CRIU still sees growing interest in its container migration features and especially the integration in container runtimes. In this talk I want to present details about CRIU and with which clever tricks it provides the ability to checkpoint and restore processes and whole containers. I also want to show how it is integrated in container runtimes like runc, crun, lxc/lxd, borg and Podman. I want to close the talk with a few demos showcasing CRIU's features in Podman as presented before to live migrate containers and how to use checkpoints to decrease the container startup time. The goal of this talk is to give a technical presentation how containers can be live migrated, that it is easily possible to live migrate containers and that the container migration technology has additional use cases.

Speakers
avatar for Adrian Reber

Adrian Reber

Principal Software Engineer, Red Hat
Adrian is a Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Most of the time he is now migrating... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
Cloud Theater

12:00 GMT

Beyond "Just" Booting: Barebox Bells and Whistles - Ahmad Fatoum, Pengutronix
Your bootloader can boot into Linux, what else could you possibly need? Originally started as a more structured U-Boot fork with a driver model, barebox has since grown into a versatile Swiss Army Knife for bootstrap, hardware bring-up and development of Linux-based systems. In his talk, Ahmad will show you how to get barebox running on your board and along the way, explain barebox' design choices, from multi-image support to virtual file systems, POSIX/Linux API, fail-safe updates, boot fall-back mechanisms, customizability and more.

Speakers
AF

Ahmad Fatoum

Embedded Linux Developer, Pengutronix
Ahmad joined the kernel team at Pengutronix in 2018 to work full-time on furthering Linux world domination. He does so by helping automotive and industrial customers build embedded Linux systems based on the mainline Linux kernel. Having a knack for digging in low-level guts, his... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
ELC Theater
  Embedded Linux Conference (ELC), SDKs

12:00 GMT

Upstream First is Our Principle - Toward Super Long-Term Support - Masashi Kudo, Cybertrust Japan Co., Ltd. & Chris Paterson, Renesas Electronics Europe
CIP (Civil Infrastructure Platform) project aims to support industrial-grade systems by fulfilling the required level of reliability, sustainability, and security during their life cycles which are long, typically more than 10 years. CIP kernel and test teams are working to provide and maintain Linux kernel to sustain CIP activities overall. In order to sustain activities for such a long period, the teams adopt "Upstream First" as development principle. The “Upstream First” principle allows patch commits only if those patches are already in the upstream. Having both pros and cons, this principle turned out to be crucial and essential to continue releases and maintenance. The CIP kernel team works with Linux Kernel LTS and other open source projects to share its findings and contribute outputs. The CIP test team has strengthened automated testing systems for CIP by working with KernelCI and LAVA. This presentation updates activities of the CIP kernel and test teams which follow the "Upstream First" principle, and features collaborative works with Linux Kernel LTS, KernelCI and LAVA.

Speakers
avatar for Chris Paterson

Chris Paterson

Project Leader, Renesas Electronics Europe
Project leader in the Linux team at Renesas Electronics Europe. Testing working group lead in the Civil Infrastructure Platform (CIP) project.
avatar for Masashi Kudo

Masashi Kudo

Technology Advisor, Cybertrust Japan Co., Ltd.
Masashi Kudo is working as Technology Advisor at Cybertrust Japan Co., Ltd. He has more than 30 year's experience in IT and network software development. He works for CIP (Civil Infrastructure Platform) project as representatives of Cybertrust Japan Co., Ltd, and acts as CIP Kernel... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
ELC Theater

12:00 GMT

Learning the Basics of Apache NiFi for IoT - Timothy J Spann, Cloudera
I will teach the basics of using Apache NiFi to process data commonly acquired from IoT including MQTT, REST, Kafka, Syslog, tailing files, python output, sFTP, files and more. We will walk through some best practices for building flows for solving IoT ingest issues for sensor data and other edge data sources. See: https://dzone.com/articles/lets-build-a-simple-ingest-to-cloud-data-warehouse https://dev.to/tspannhw/edgeai-google-coral-with-coral-environmental-sensors-and-tpu-with-nifi-and-minifi-updated-efm-oh9


https://github.com/tspannhw/EverythingApacheNiFi

Speakers
avatar for Timothy J Spann

Timothy J Spann

Principal DataFlow Field Engineer, Cloudera
Tim Spann is a Principal DataFlow Field Engineer at Cloudera, the Big Data Zone leader and blogger at DZone and an experienced data engineer with 15 years of experience. He runs the Future of Data Princeton meetup as well as other events. He has spoken at Philly Open Source, ApacheCon... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
IoT Theater
  Internet of Things, Edge Computing Considerations

12:00 GMT

Evolution of Suspend-to-Idle Support in the Linux Kernel - Rafael Wysocki, Intel
Suspend-to-idle is a system-wide suspend variant which in principle does not rely on platform support. The suspend-to-idle control flow does not take non-boot CPUs offline and expects all CPUs to enter idle states through the idle loop, like in the working state of the system. However, it assumes that the scheduler tick will be stopped on all CPUs and the timekeeping will be suspended, which is a source of significant complications. It also expects system wakeup devices selected by user space to be functional and it needs to prevent all of the other interrupt sources from waking up the system. In some cases one interrupt source can signal both wakeup and non-wakeup events, so it is necessary to distinguish the former from the latter. All of that together causes the suspend-to-idle support code in the Linux kernel to be quite complex, especially on systems using ACPI, and that code has changed for multiple times in response to additional pieces of information on what is needed coming mostly from the users in the form of problem reports. I will describe the evolution of that code since its inception in 2013 and explain the reasons for making the changes in it.

Speakers
avatar for Rafael Wysocki

Rafael Wysocki

Software Engineer, Intel
Rafael maintains the Linux kernel’s power management infrastructure and the core ACPI support code. He works at Intel and focuses on the mainline Linux kernel development. Rafael has been actively contributing to Linux since 2005, in particular to the kernel’s suspend/hibernate... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
Linux Systems Theater
  Linux Systems, Power Management

12:00 GMT

Distributed Revision Control for Structured Data - Gavin Mendel-Gleason, TerminusDB
Revision control for source code - and especially Git - has caused a great leap forward in software development and delivery. A similar revolution has not yet taken place in data. This talk will discuss the various open source databases that are approaching this problem, the underlying architectures and challenges in building both a 'Git for data' and a 'GitHub for data'. It will posit that to be a truly collaboration and distributed system, it must be: 1) decentralized 2) offline-first: work offline and then resync when online again 3) reliable: conflicts are handled properly 4) private: end-to-end-encrypted, if desired 5) efficient: only changes (diffs) to the data set are transmitted between participants 6) collaborative: multiple people can work on the same data set Many applications choose the SaaS-route with one central database behind a web service and every frontend displays an instantaneous view of some part of the data set. This breaks most requirements. The database-as-a-service approach with a MVCC database & the flexibility to version schemas is a prerequisite for success. Finally the talk will look to the future and the dawn of CI/CD for data.

Speakers
avatar for Gavin Mendel-Gleason

Gavin Mendel-Gleason

CTO, TerminusDB
Dr. Gavin Mendel-Gleason is CTO of TerminusDB. He is a former research fellow at Trinity College Dublin in the School of Statistics and Computer Science. His research focuses on databases, logic and verification in software engineering. His work includes contributing to the Seshat... Read More →


Monday October 26, 2020 12:00 - 12:50 GMT
OS Databases Theater

12:00 GMT

Tutorial: Hands-on with Red Hat OpenShift: Building and Deploying a Microservice-based Web Application - Sponsored by IBM
In this hands-on lab, participants will be walked through a deployment of “Example Bank”, a polyglot microservice-based application built on Red Hat OpenShift on IBM Cloud. We explore into the architecture of a conceptual credit card app, with backend microservices in Node.js and Java on OpenLiberty, and user authentication through App Id in IBM Cloud. Participants will be provided with access to an OpenShift cluster on IBM Cloud and guided through the process of building containers for a set of Node.js and Java images and deploying them to an instance of OpenShift on IBM Cloud.

Prereqs - Be sure to get your IBM Cloud account (https://ibm.biz/BdqkSW) and Docker hub account (https://hub.docker.com/) and can access the cloud editing environment at https://labs.cognitiveclass.ai/.


Speakers
avatar for Anton McConville

Anton McConville

Senior Technical Staff Member, Blockchain & Web Open Technologies, IBM
avatar for Olaph Wagoner

Olaph Wagoner

Software Engineer, IBM
avatar for Yan Koyfman

Yan Koyfman

IBM, Senior Software Engineer


Monday October 26, 2020 12:00 - 13:00 GMT
Cloud Theater
  Cloud + Cloud Native
  • Skill Level Any
  • Technical Talk Yes

12:00 GMT

Tutorial: From an Idea to a Patch in the Linux Mainline - Marta Rybczynska, Various Projects
In the tutorial we're going to cover the basics of Linux kernel development, from the idea (or a bug found!) to the change integrated into the Linux mainline. We'll start from setting up the environment: the Linux kernel source, the compiler and debugger. Options like embedded debugger and using virtual machines in case of kernel crashes will be taken into account too. Then we'll cover the implementation of the patch, showing where to look for the information about APIs, how to correctly use the Linux coding style and write patch descriptions. The audience will also learn about the unit test mechanism and testing in the kernel in general. Then we're going to move to the process of getting the patch to the mainline: starting from where and how to send it. One of the scary points for new developers is the review process and we're going to demystify it. As a bonus, we'll show how to make maintainers happy and build a good opinion about you and your work. Pre-requirements: C coding, usage of Makefiles. No previous Linux kernel development experience necessary.

Speakers
avatar for Marta Rybczynska

Marta Rybczynska

Open Source Enthusiast, Various Projects
Marta Rybczynska has network security background and 15 years of experience in embedded development. She has been working with embedded operating systems like Linux and various real-time ones, system libraries and frameworks up to user interfaces. Her specialties are architecture-specific... Read More →



Monday October 26, 2020 12:00 - 13:50 GMT
101 Essentials Theater
  101 Essentials - Embedded Linux, Kernel Basics

13:00 GMT

Cloud-Native App Development 101 - Avni Sharma, Red Hat
As the cloud becomes pervasive in IT, it then becomes increasingly important to adopt cloud-native technologies. For enterprises and vendors, building in the cloud is an opportunity to refresh applications and architectures in ways that make them more flexible, scalable and resilient.  Cloud Native technologies are used to develop applications built with services packaged in containers, deployed as microservices and managed on elastic infrastructure through agile DevOps processes and continuous delivery workflows. The session explains What is Cloud Native, Why, and How to adopt Cloud Native.  This session would shed light on Cloud Native technologies and containerization, moving from a monolithic based architecture to microservice architecture, and then implementing a demo where we build containers and also migrate it to a Kubernetes environment.  

Speakers
avatar for Avni Sharma

Avni Sharma

Software Engineer, Red Hat
Avni is an active Open Source contributor and works as Software Engineer at Red Hat. Along with that, she loves to attend conferences and participate in technical meetups in Bangalore, India. She strives to create a culture of belonging at her workplace and other tech spaces alike... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
101 Essentials Theater

13:00 GMT

K8S on the Edge: An Arm-based Implementation of Image Recognition - Thorsten Kukuk & John von Voros, SUSE
This session will discuss the many benefits of deploying Edge workloads with Kubernetes and containers.   In addition, we’ll give a demo on how to install and perform image classification using a 4-node Raspberry Pi-based cluster.

Speakers
avatar for Thorsten Kukuk

Thorsten Kukuk

Distinguished Engineer, SUSE
Thorsten is working since over 20 years for SUSE, he is a Distinguished Engineer, Senior Architect for SLES and MicroOS and leading the Future Technology Team. He started his Open Source Career about 25 years ago.
avatar for John von Voros

John von Voros

Director – Cloud Solutions, SUSE
John is currently focused on building the ecosystem around Edge Computing using SUSE’s industry-leading enterprise Linux expertise combined with low-footprint Kubernetes container technology.  His goal is to remove complexity and cost while simplifying all aspects of deploying... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
Cloud Theater
  Cloud + Cloud Native

13:00 GMT

A Checklist for Writing Linux Real-Time Applications - John Ogness, Linutronix GmbH
Writing effective real-time applications requires controlling latency. On a general purpose operating system such as Linux, there are many things happening "under the hood" that can dramatically affect latencies within applications. However, Linux does provide interfaces to control and monitor the latencies of an application. In this session, John Ogness will cover the various sources of latency, show which APIs a real-time developer can (and should!) use to avoid them, and present mechanisms to verify the controlled latencies of an application.

Speakers
avatar for John Ogness

John Ogness

Software Developer, Linutronix GmbH
John Ogness studied Computer Science at Utah State University (USA) and has been professionally involved with Linux since 2001. He has been working for the company Linutronix GmbH since 2008. There he specializes in Linux-based board support packages, real-time applications, and training... Read More →


Monday October 26, 2020 13:00 - 13:50 GMT
ELC Theater

13:00 GMT

Boot-Time Optimization for the Real World - Michael Olbrich, Pengutronix e.K.
There have been many talks about boot-time optimization in the past. For the most part, the only goal was a minimum boot-time. It's a good way to show the optimization techniques and gives a nice wow effect. But the end result is rarely usable in real world projects. So instead of looking for new ways to reduce the boot-time just a little bit more, this talk will look at boot-time optimization in a larger context. "The device needs to boot faster" is often stated but the actual requirements behind this are often more complex. We will look at typical requirements and possible solutions beyond general boot-time optimization. And while booting as fast as possible is nice, in most cases there are other more important requirements, which are often related to security or reliability. This talk will look at possible optimizations in this context. What are the consequences of an optimization and what trade-offs are possible? And last but not least, let's talk about the hardware. The choices made while designing a device can have a big impact on the boot-time. Therefore this talk will end with advices for hardware design criteria and component decisions to keep in mind to boot fast.

Speakers
MO

Michael Olbrich

Embedded Software Developer, Pengutronix e.K.
Michael Olbrich is an open-source developer with a focus on platform integration on embedded Linux. He works as a full-time Linux developer for Pengutronix. His job is to provide a smooth Linux experience on embedded devices from init systems to graphics and multimedia frameworks... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
ELC Theater
  Embedded Linux Conference (ELC), Boot Speed

13:00 GMT

Trusted Firmware: Building Secure Firmware Collaboratively - Shebu Varghese Kuriakose & Matteo Carlini, Arm
TrustedFirmware.org is an Open Governance Community Project providing reference open source implementation of Secure world software for Arm processors. Today the project includes Trusted Firmware-A, Trusted Firmware-M, OP-TEE, Hafnium, Mbed TLS and PSA Crypto enabling security on range of IoT devices and beyond The talk will give an architectural overview about these constituent projects and how they help build Secure devices. The entire Arm ecosystem is collaborating openly in the design, development and mor recently on an Open Test System and Security Vulnerability Process.

Speakers
avatar for Matteo Carlini

Matteo Carlini

Co-Chair, Trustedfirmware.org & Director, Software Technology Management, Arm, Arm
Matteo is Director of Software Technology Management at Arm and serves as Chairman of the Board for Trusted Firmware . He drives Arm's community effort into various open source projects, focusing on security architectures, firmware & kernel interfaces, platform security requirements... Read More →
avatar for Shebu Varghese Kuriakose

Shebu Varghese Kuriakose

Co-Chair, Trustedfirmware.org & Director, Software Technology Management, Arm, Arm
Shebu is the Technology Manager of Trusted Firmware-M (Open Source Reference Implementation of Platform Security Architecture). Mbed TLS (Open SOurce TLS Library) and the co-chair of the Open Governance community project Trustedfirmware.org. Shebu represents Arm in the Linaro IoT... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
IoT Theater
  Internet of Things, Open Source Firmware

13:00 GMT

Do We Need an Industrial Grade Linux? - Lars Geyer-Blaumeiser, Bosch.IO
Bosch as well as many other industrial companies use GNU/Linux as an operating system for a large portion of the devices they produce in particular in the IoT context. While Linux distributions have done a great job to compile and maintain a consistent set of packages to provide the software stack for these devices it still requires huge extra efforts to fulfill the increasing requirements over the entire device life cycle that is currently done internally for each device class. As it is based on open source the question is if a significant part of this work could also be done in an open source way with all the positive effects that we can see in the community. There are first approaches already in the open, like Apertis (https://www.apertis.org/) or the CIP project (https://www.cip-project.org). In the talk, we want to motivate the problem and describe collaboration potential.

Speakers
avatar for Lars Geyer-Blaumeiser

Lars Geyer-Blaumeiser

Senior Expert Open Source Services, Bosch.IO
Lars is a software engineer at Bosch.IO GmbH working in an organization that is supporting Open Source efforts within the Bosch Group. In his role, Lars is supporting strategic Open Source activities. In addition, he is working in the OSS Compliance Tooling Group of the Open Chain... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
Linux Systems Theater
  Linux Systems

13:00 GMT

Solving the Twelve Year Old ftrace Time Stamp Puzzle - Steven Rostedt, VMware
Since 2008, the ftrace ring buffer inside the Linux kernel has been used to debug numerous issues. With recording events within nanoseconds, it's streamlined processing that keeps overhead very low, hard to debug areas of Linux can easily be traced. It works in all sorts of context including non-maskable-interrupts (NMIs), that makes it an ideal debugging tool. With its incorporated timestamp counter, it can show how long functions last, or time the latency between events.

But this timestamp had a flaw for all these years; It would not give time deltas for events recorded in a context that interrupted the recording of another event on the buffer. This issue has now been solved.

This talk will go over why it was so difficult to solve the nested event timestamp issue, and then a step by step dive into its solution. If you like to geek-out over hard to solve problems, and then see how they are eventually solved, you will enjoy watching this talk.

Speakers
avatar for Steven Rostedt

Steven Rostedt

Open Source Engineer, VMWare, Inc.
Steven has been working on the Linux kernel since 1998 (started while working on his masters). He has been working on the Linux kernel professionally since 2001. Steven is one of the original developers of the PREEMPT_RT patch which turns Linux into a true real-time operating system... Read More →



Monday October 26, 2020 13:00 - 13:50 GMT
Linux Systems Theater
  Linux Systems

13:00 GMT

Distributed SQL vs Polyglot Persistence: Which Database Architecture for Cloud Native Microservices? - Karthik Ranganathan, Yugabyte Inc.
Microservices model and manage data with specific performance, availability and correctness needs. And they are increasingly deployed on Kubernetes-driven containerized infrastructure. There are two distinct architectural approaches for handling the database layer for such microservices. Polyglot persistence requires each data model to be powered by an independent database that is purpose-built for that model. Developers loved this approach because the traditional RDBMS lacked horizontal scalability and native resilience. End result was a proliferation of NoSQL databases. While developers had the best of intentions, operations became significantly complex with each database requiring its own operational runbook to be created prior to production rollout especially on newer environments managed by Kubernetes. Distributed SQL is an alternative approach where microservices exploit the native scalability, resilience and geo-distribution of a distributed RDBMS with SQL as the standard data modeling language. This session will explore the tradeoffs between the two approaches and highlight why distributed SQL is becoming a popular choice using an ecommerce application as an example.

Speakers
KR

Karthik Ranganathan

Founder & CTO,  YugaByte


Monday October 26, 2020 13:00 - 13:50 GMT
OS Databases Theater

14:15 GMT

Image Signal Processing (ISP) Drivers & How to Merge One Upstream - Helen Koike, Collabora
Image Signal Processing (ISP) units are hardware accelerators attached to camera sensors. Coming with more and more features, ISPs are essential nowadays for phones and tablet devices, capable of capturing pictures with high quality resolution and several image effects and filters.

The Media subsystem in the kernel offers a framework and defines APIs for ISP drivers to be upstreamed. There are different ways to model the hardware and expose its capabilities and features to userspace through a Media topology, which reflects the complexity of the hardware. Cameras are becoming more and more complex, making it necessary for drivers in userspace, and this is where the libcamera project comes into play.

In this talk, Helen will share a bit of her experience upstreaming the Rockchip ISP1 driver, going over the topics mentioned above, also comparing with other ISPs hardware/driver architectures and sharing tips and lessons learned along the way, to hopefully be useful for other willing to upstream another ISP driver.

Speakers
avatar for Helen Koike

Helen Koike

Outreachy Kernel Co-coordinator / Senior Software Engineer, Outreachy / Collabora
Helen Koike is a Software Engineer and Kernel developer with Collabora's kernel team. Her recent work includes the Rockchip ISP1 driver in the Video4Linux media subsystem. She has also contributed to other areas of the Kernel, including ASoC, device mapping, NVMe, maintains the Virtual... Read More →



Monday October 26, 2020 14:15 - 15:05 GMT
ELC Theater

14:15 GMT

Waylandifying Chromium - From Downstream to Shipping - Maksim Sisov, Igalia
Wayland is a protocol for communication between compositor and clients that is intended to fix long standing flaws of the X11 model. Its lightweight nature results in a significantly better performance in environments that are limited in resources. Since the demand for adding Wayland support to the Chromium browser is high, Igalia is sponsored to design, implement, and upstream that to the Chromium mainstream repository and verify the smoothness of the implementation. Igalia is also driving the effort to make official distribution of the Chrome browser support Wayland for Linux platforms so that users can simply download the browser and enjoy exceptionally good performance of their favourite browsing engine natively on Wayland. This talk will provide a history of the project, explain the idea behind Ozone component in the Chromium project, explore how the Wayland client implementation is designed in the Chromium browser, talk about limitations and design solutions we have had to come up with, compare the performance of Chromium running on X11 and Wayland on the RPi 3 Model B+ board, and close the talk telling the audience what we are currently doing to ship Wayland in Chrome.

Speakers
MS

Maksim Sisov

Browser Engineer, Igalia
Maksim Sisov is a browser engineer and a partner of Igalia, and one of the core owners of the Wayland client implementation in Chromium, who has been working in the project for the past 3.5 years. Over the course of this collaboration, Maksim has been responsible for designing and... Read More →



Monday October 26, 2020 14:15 - 15:05 GMT
ELC Theater

14:15 GMT

Tutorial: Debugging Embedded Devices using GDB - Chris Simmonds, 2net Ltd
Bugs happen. Identifying and fixing them is part of the development process. This tutorial demonstrates one of the key tools in the embedded Linux developer’s toolbox: the GNU Debugger, GDB. You will begin by using GDB to debug a program running on a target device. You will learn about debug symbols: how build them into programs and libraries, and the places that GDB will go looking for them. Next, you will perform basic debugging tasks, including setting breakpoints, stepping through code, examining variables and modifying variables. After that you will lean about GDB command files and how they can help you by automating certain tasks. You will receive a handy GDB cribsheet to help you with all of this. If time allows, we will discuss how to use GDB to analyse core dumps so that you can perform a post-mortem on a crashed program.

Speakers
avatar for Chris Simmonds

Chris Simmonds

Trainer, 2net
Chris Simmonds is a software consultant and trainer living in southern England. He has almost two decades of experience in designing and building open-source embedded systems. He is the founder and chief consultant at 2net Ltd, which provides professional training and mentoring services... Read More →



Monday October 26, 2020 14:15 - 16:05 GMT
101 Essentials Theater
  101 Essentials - Embedded Linux, GDB Debugging

15:15 GMT

Can I Build an Embedded Linux System with Clang - Khem Raj, Comcast
GCC has been primary C/C++ compiler for Linux in general and embedded Linux in particular for long however LLVM/Clang has been gaining support for many architectures prevalent in embedded designs e.g. RISCV, ARM, MIPS to name a few, however there are challanges in porting software from one compiler to another and clang has been inching steadily towards building many system components, this talk therefore will go in detail on where clang based toolchains stand in building embedded linux systems, and discuss challanges e.g. kernel and other key pieces e.g. system C libraries which are specialised pieces of software and how to port them effectively, It will also cover the additional tools coming with clang which makes it easy to develop software and provide additional tools to developers. Clang has become primary compiler for many major applications e.g. chromium browser etc. so it will also cover these areas too

Speakers
avatar for Khem Raj

Khem Raj

DISTINGUISHED ENGINEER, COMCAST
Khem Raj is a Linux architect at Comcast, helping several open source initiatives within the company: He is guiding the company's adoption of open source software, and becoming an active contributor to the open source components used in the RDK settop software stack. One of the most... Read More →



Monday October 26, 2020 15:15 - 16:05 GMT
ELC Theater
  Embedded Linux Conference (ELC), SDKs

16:15 GMT

Multi-Cloud Kubernetes: One GitOps Loop to Rule Them All - Jonathan Le Lous & Yoann Cormerais, Capgemini
In this session we will share our real-life experiences around implenting a Multi-Cloud Kubernetes GitOps approach to manage K8s Clusters and Forge-as-a-Service in one single DevOps loop. In our presentation we will highlight our global architecture around OSS: Gitlab, Jenkins, Flow, Ansible, OpenShift, Terraform, Vault, Consul, Thanos, Prometheus, Grafana, Harbor, OpenLDAP... Cloud Platform: Azure, AWS and OpenShift on-premise. We will show how we've been building communication capabilities across Clusters and how we manage Policies, overall installation and upgrade with a Centralized-Decentralized approach.

Speakers
avatar for Jonathan Le Lous

Jonathan Le Lous

Field CTO, Capgemini
VP Cloud/DevOps @ Paris Open source Summit 2019; Open Source Contributor for 15 years; France/Canada. For 15 years I have been passionate helping organizations being LeanAgile and modernizing their App Portfolios and Software Development Life Cycle. Using DevOps, Cloud, PaaS, Containers... Read More →
YC

Yoann Cormerais

DevOps Architect, Capgemini
Yoann has been working on IT for 7 years, passionate by Linux and OSS. Yoann has been active on several project around OpenStack, Kubernetes, DevOps and Linux of course!


Monday October 26, 2020 16:15 - 17:05 GMT
Cloud Theater
  Cloud + Cloud Native, Multi-Cloud

16:15 GMT

Creating Debian-Based Embedded Systems in the Cloud Using Debos - Christopher Obbard, Collabora Ltd.
Debian has traditionally been thought of by many as a desktop operating system but over the past few years significant effort has gone into enabling Debian to run on embedded targets. The result of this is system designers have a solid set of over 51,000 verified packages to choose from in their embedded system. In this talk Chris will describe the process of creating an embedded system derived from Debian packages in a few lines of YAML markup using an open-source tool called Debos: Debian OS builder. Pairing Debos with GitLab Chris will describe how Collabora are enabling manufacturers to automatically and securely deploy their new operating systems and custom packages nightly to developers for their upcoming system. Chris will share the complete back-story and steps to begin creating your own images. No previous experience of Debian or YAML is required for this talk.

Speakers
avatar for Christopher Obbard

Christopher Obbard

Engineer, Collabora Ltd
Christopher Obbard is a GNU/Linux developer focusing on embedded solutions, and a hardware engineer of medical and aerospace devices. Chris has recently contributed to a paper on multichannel embedded audio hardware for open source hearing aid research, submitted to the 2018 International... Read More →



Monday October 26, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

Embedded Linux Systems in Smart Agriculture - Ronald Kipkirui Mutai, Burphurm Enterprises LTD, Kenya
Advancement in technology is a huge improvement that may be a panacea to our global challenges relating to climate change. Embedded technology is the way to go in such fields since the growth of IoT is in an upward surge. In Africa there are countries that have started such ventures and their outcomes are to be envied and emulated. This proposal is aimed at enhancing the use of embedded Linux systems in both animal and crop farming. There are few and shallow but adequate technological uses on farming in terms of inputs and selling of the farm produce for example Digifarm championed by one of the mobile telephone service providers in Kenya, there are also other apps that are used to link farmers to consumers and farm inputs. With this proposal data can be collected, accumulated and stored on cloud infrastructure for research and development as well as management, pest control and marketing of the farm produce to other consumers who are interested in the produce.

Speakers
avatar for Ronald Kipkirui Mutai

Ronald Kipkirui Mutai

ICT Technician, Burphurm Enterprises LTD, Kenya
Ronald Mutai is an upcoming cybersecurity professional who has taken time to sett abase of his career in networking to have the technical know-how in cybersecurity. Since his first Bachelor's degree in computer science, Mutai has been growing his career as a Linux enthusiast, user... Read More →



Monday October 26, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

Fuzzing Linux Drivers with Syzkaller - Ricardo Cañuelo Navarro, Collabora
Fuzzing is a very valuable tool for software developers and maintainers, as it fits in an important part of the field of Software Testing that is not easy or viable to tackle with manually-written tests. A good fuzzing framework can automatically uncover many bugs that may otherwise only surface at runtime in a real-world scenario, and they are also a nice addition to a CI system. Syzkaller is a coverage-guided fuzzer that is being successfully used to find bugs in the Linux kernel. This talk shows a way to target it to specific drivers in dedicated hardware, reducing the search space and allowing for a more complete and focused code coverage.

Speakers
RC

Ricardo Cañuelo Navarro

Software Engineer, Collabora
Ricardo is a consultant software engineer working for Collabora in Linux kernel-related projects. He's experienced in embedded systems development on many different targets and environments and has previously worked in the semiconductor, printing and automotive industries doing BSP... Read More →


Monday October 26, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

Game of Protocols: How To Pick a Network Protocol for Your IoT Project - Frédéric Desbiens, Eclipse Foundation
MQTT, CoAP, DDS, OPC UA... IoT developers have many network protocols to choose from when starting an IoT project. But which one is the best for *your* specific use case? In this presentation, you will get an overview of the most widely supported IoT protocols and understand their pros and cons. You will also learn about applicable open source implementations supported on the Linux and Zephyr operating systems.

Speakers
avatar for Frédéric Desbiens

Frédéric Desbiens

Program Manager, IoT and Edge Computing, Eclipse Foundation
Frédéric Desbiens is managing IoT and Edge Computing programs at the Eclipse Foundation. His job is to help the community innovate by bringing devices and software together. He is a strong supporter of open source. In the past, he worked as a product manager, solutions architect... Read More →



Monday October 26, 2020 16:15 - 17:05 GMT
IoT Theater

16:15 GMT

Monitoring Linux Systems Using Kernel Audit Subsystem - Vandana Salve, Prasme Systems
Monitoring allows us to collect, store, and analyze the detailed information on the system at any given time.
Using the audit subsystem for monitoring these activities raises the level of security in Linux systems.
Although it doesn't offer additional security, it provides a detailed insight across the various critical kernel subsystems. With the help of detailed information on system activities and violations, it can be used to implement additional targeted security measures. The audit subsystem works by listening to the events reported by the kernel and logging them to a log file. In this talk, we will be taking a deeper look at the audit kernel subsystem and its use.

Speakers
avatar for Vandana Salve

Vandana Salve

Software Architect, Prasme Systems
Vandana Salve has been working with Linux and embedded systems for more than 18 years. She is a Linux open source professional, Linux trainer at Linux foundations and Co-founder of Prasme Systems, where she does product development and gives training's in Linux systems software, device... Read More →



Monday October 26, 2020 16:15 - 17:05 GMT
Linux Systems Theater
  Linux Systems, Monitoring

16:15 GMT

MySQL Performance for DevOps - Sveta Smirnova, Percona
MySQL performance can be improved by tuning queries, server options, and hardware. Traditionally it was an area of responsibility of three different roles: Development, DBA and System Administrators. Now DevOps handle these all. But there is a gap. Knowledge, gained by MySQL DBAs after years or focus on the single product is hard to gain when you focus on more than one. This is why I am doing this session. I will show minimal, but the most effective, set of options which will improve MySQL performance. For illustrations, I will use real user stories, gained by my Support experience, and Kubernetes operators, now available from all main MySQL eco-system vendors: Oracle, MariaDB, and Percona.

Speakers
avatar for Sveta Smirnova

Sveta Smirnova

Principal Support Escalation Specialist, Percona
Sveta Smirnova is a MySQL Support Engineer with over 10 years of experience. She currently works in Percona. Her main professional interests are problem-solving, working with tricky issues, bugs, finding patterns which can solve typical issues quicker,  teaching others how to deal... Read More →


Monday October 26, 2020 16:15 - 17:05 GMT
OS Databases Theater

16:15 GMT

Tutorial: DevOps_Training_Introduction-to-Containers-and Orchestrators - Rauno Riccardo De Pasquale, Newesis Srl
The session aims to provide an overview of containers and orchestrator technologies, with a practical focus on Docker and Kubernetes, with an introduction to the concepts and the architecture and practical examples on how to package and deploy an application into Kubernetes, using plain manifests, kustomize, helm or terraform, to show the difference between those approaches.   The session is a summary of the "Kubernetes - The Deltatre Way" series of video conferences (available here: https://www.youtube.com/watch?v=42QRgaOemqM&list=PL6vUc9GnRFV__5YsoKCRW2jRSQ47kygT2) and of the training courses about DevOps (available here: https://drive.google.com/drive/folders/1x7rfieee7yii575w7qRVB_y8TBpZI4XS?usp=sharing ).   Differently from what done in these previous versions, the session will be completely in English and will be condensed to fit in 2 hours (target 1.5 hours plus space for discussions and questions), with a focus on how to operate and control deployments.   Content used for the demonstrations is available in GitHub (https://github.com/raunodepasquale/ ) and will be updated to reflect the updated version of the presentation.  

Speakers
avatar for Rauno Riccardo De Pasquale

Rauno Riccardo De Pasquale

Co-Founder and CTO, Newesis Srl
Born 22 January 1974 in Turin; Co-Founder and CTO at Newesis Srl, constantly trying to reconcile my degree in Philosophy with a passion for computer science. After almost 18 year at Deltatre, at the beginning of 2019 I created Newesis, with the aim of simplifying the use of the most... Read More →


Monday October 26, 2020 16:15 - 18:05 GMT
101 Essentials Theater

17:15 GMT

Programming Extensions for Kubernetes and kubectl in Go - Philippe Martin, SFEIR
Kubernetes and its CLI kubectl are essentially written in the Go language. If you want to extend them by creating Kubernetes operators or kubectl plugins, you will need some knowledge on the client-go library, the Kubernetes API and the tools to create and test your solutions. Philippe will introduce the client-go library with some simple development and testing. Next, Philippe will present the KubeBuilder framework, one of the tools used to create Kubernetes operators, by demonstrating the development of a simple operator making easy the deployment of a series of static websites. Finally, Philippe will present the development of a kubectl plugin and its insertion in the krew index (krew is the kubectl plugin manager).

Speakers
avatar for Philippe Martin

Philippe Martin

Developer, SFEIR
Philippe works at SFEIR in Paris (France), as a developer and consultant. During his free time, Philippe participates in different parts of the Kubernetes project: the dashboard (he realized the french version of the interface), the online documentation (he participates on the french... Read More →



Monday October 26, 2020 17:15 - 18:05 GMT
Cloud Theater

17:15 GMT

FOSS Static Analysis Tools for Embedded Systems and How to Use Them - Jan-Simon Möller, The Linux Foundation
Static Analysis becomes an increasingly important topic when the project involves Functional Safety aspects. This is the case in Automotive and in Automation as well.

One requirement to fulfill for functional safety is to prove the robustness and quality of the code used. Static Analysis can provide evidence for this early in development. This talk will show ways to include static analysis tools in your Yocto Project / OpenEmbedded based distribution.

Key elements of the talk are to introduce meta-sca as well as CodeScanner and meta-codechecker. With these tools it is possible to evaluate the code quality and increase it.

This helps the ecosystem to expand into new areas within the automotive and automation industry.

Speakers
avatar for Jan-Simon Moeller

Jan-Simon Moeller

AGL Release Manager, The Linux Foundation
Jan-Simon Möller is Release Manager of the Automotive Grade Linux Project (AGL). He’s an active contributor to open source projects for over a decade. His dedication is to advance open source in general and Projects like AGL in particular. He holds a Dipl.-Ing. in Electrical Engineering... Read More →



Monday October 26, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

Getting a Time of Flight Camera Working in Linux, the Full Story from Kernel to User Space - Bogdan Togorean, Analog Devices
Video for Linux (v4l) is a well-established infrastructure for interfacing with video cameras, providing a comprehensive API for camera control and data acquisition. With the advent of the Time of Flight (TOF) cameras, outputting synchronized depth and IR images, there are a few challenges when writing kernel v4l drivers as well as user space applications since these cameras have different controls, more operating modes and, in many cases, different MIPI data formats and more virtual channels than traditional RGB cameras. This session talks about the implementation of the v4l driver for the Analog Devices ADDI9036 ToF processor, with an emphasis on the additional features that had to be implemented to expose the ToF camera's full functionality and on the changes that had to be made to get the same driver, or platform specific variants of it, working on different computing platforms such as Raspberry Pi, NXP i.MX8, Nvidia Xavier AGX or the Rockchip RK3399. It also introduces the user space software stack required to interface with the ToF camera, providing the full picture of the software components that are required to get a ToF camera working on embedded platforms running Linux.

Speakers
BT

Bogdan Togorean

Software Engineer, Analog Devices
Bogdan holds a MSc degree and a BSc degree in Electrical Engineering from the Techical University of Cluj-Napoca. Since joining Analog Devices (ADI) in 2019 as an Embedded Software Engineer he has been working on developing Linux drivers for various ADI parts such as high speed converters... Read More →



Monday October 26, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

Full Stack Debugging: From CI to ISS - Alexey Brodkin, Synopsys
Sometimes you find yourself looking at something a tiny bit incorrect, like your CI machinery reports a couple of more failures than you expect (surely you want zero failures). So you decide to fix it. You try to reproduce it outside the CI and... everything just works. OK, then you know who's guilty, right? That simple. And you ask your DevOps people to go fix their scripts. But apparently nothing helps, tests still fail in CI. And one fine day you decide to scratch that itch for real and start a journey down the rabbit hole. In this talk we'll reconstruct one very real debugging session which started from Zephyr RTOS tests failing in Jenkins-based CI flow and ended deep in the guts of the instruction set simulator (ISS). One by one we'll be inspecting possible faulty components (Jenkins, Shell & Python scripts used for test execution, Zephyr RTOS tests themselves and finally the simulator) until we may explain all the peculiarities observed before.

Speakers
avatar for Alexey Brodkin

Alexey Brodkin

Engineering Manager, Synopsys
Alexey Brodkin is an engineering manager at Synopsys. He's been working with embedded systems for years starting from 8-bit MCUs and gradually shifting to high-performance multi-core 32- & 64-bit CPUs. Alexey is the ARC architecture custodian at U-Boot bootloader, the co-maintainer... Read More →



Monday October 26, 2020 17:15 - 18:05 GMT
IoT Theater

17:15 GMT

Efficient Syscall Emulation on Linux - Gabriel Krisman Bertazi, Collabora
New DRM and Anti-cheating techniques used in modern Windows games proved to be a limitation for the emulated environment provided by the Wine layer. In particular, these techniques force games to issue syscalls directly without going through the Wine-implemented winAPI, which means that for Linux users, these games escape the Wine sandbox and invoke the kernel with a broken ABI. Current kernel mechanisms to intercept syscalls like ptrace and seccomp are inefficient to solve these problems, since there is no way for applications to filter these syscalls and dispatch efficiently. This talk will present the new Syscall User Dispatch mechanism arriving in Linux 5.9, which introduces a new design for very efficient syscall filtering based on a userspace accessible key switch.

Speakers
GK

Gabriel Krisman Bertazi

Senior Software engineer, Collabora
Gabriel Krisman Bertazi is a Senior Software Engineer with the Collabora kernel team, working to improve the experience of gaming on Linux. He implemented several kernel features to efficiently run Windows games over Valve's Proton emulation module, like the new Futex operation Futex... Read More →



Monday October 26, 2020 17:15 - 18:05 GMT
Linux Systems Theater
  Linux Systems, Kernel Syscall Handler

17:15 GMT

High Performance Database in Containerized World - Shuan Deng, PingCAP
Kubernetes becomes a de facto container orchestration tool, it dominates public cloud providers. However for mission-critical use cases such as distributed RDBMS, there are many caveats that makes poor performance in Kubernetes. In this talk, Shuan Deng will describe the common performance issues when running databases in Kubernetes and how to run distributed RDBMS such as TiDB efficiently in Kubernetes especially in public cloud. The experience is general enough and can be used for other databases too. It covers Linux kernel, cgroups, network and disk configuration tuning.

Speakers
SD

Shuan Deng

Cloud Team Tech Lead, PingCAP
Attended KubeCon China 2018 and gave an English talk about Cloud Native Database TiDB.


Monday October 26, 2020 17:15 - 18:05 GMT
OS Databases Theater

18:30 GMT

Lightning Talk: Beyond Service Meshes - Pranava Adduri, Greylock Partners
2020 is an exciting year for service mesh. It is clear that the mesh design pattern is here to stay and with the introduction of projects like Service Mesh Interface to the CNCF, users will adopt meshes with confidence. Service meshes offer a wealth of information, from how your microservices are connected, to the lineage of request flow. As control planes for meshes become standardized, innovation can and will move up the stack to leverage this information and provide new insights for customers. This talk will explore what is possible, startup trends, and innovations we can expect to see going forward.

Speakers
avatar for Pranava Adduri

Pranava Adduri

Entrepreneur in Residence, Greylock Partners
I am an Entrepreneur in Residence at Greylock Partners (an early-stage fund in the Valley). My background has been as a founding engineer for unicorn startups (Box and Rubrik) in the infrastructure software space, and most recently for Amazon Web Services, where I scaled a brand new... Read More →


Monday October 26, 2020 18:30 - 18:40 GMT
Cloud Theater

18:30 GMT

Debian and Yocto Project: a Tale of Two Distros (One of Which is Not a Distro) - Chris Simmonds, 2net Ltd
This is the choice: off-the-peg or bespoke. A mainstream distro such Debian can give you an instant, ready-to run system, great if you are using off-the-shelf hardware such as Raspberry Pi, or one of the Beagle Boards. Yocto Project, on the other hand, is the build tool you need to create a fully custom distro from scratch (you see, Yocto Project is not a distro, it *creates* distros) Each option has its advantages and disadvantages. There are a lot of things to consider. How much time and effort will it take to get my board up and running? How much storage will I need? How much control do I want to have over the software packages I deploy. How much effort do I want to devote to maintenance and security patches. All of these have an impact on the choice you will eventually make. This presentation will give you a roadmap that will help you decide.

Speakers
avatar for Chris Simmonds

Chris Simmonds

Trainer, 2net
Chris Simmonds is a software consultant and trainer living in southern England. He has almost two decades of experience in designing and building open-source embedded systems. He is the founder and chief consultant at 2net Ltd, which provides professional training and mentoring services... Read More →



Monday October 26, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

From the Camera Sensor to the User, the Journey of a Video Frame - Maxime Chevallier, Bootlin
Video cameras are ubiquitous devices nowadays, taking a wild range of forms, from tiny sensors in your smartphone to complex cameras requiring lots of analog circuitry and internal decoding. The V4L2 susbsystem handles all of these devices, with an architecture capable of representing complex interconnections of components : Sensors, encoders, decoders, controllers, and so on. In this talk, we'll see how all of these components are chained together, using examples from real-life devices, by following the path of a frame, from the sensor up to the final consumer of the frame, which can be a display, a file on a storage, or a network stream. We'll see the various physical protocols and standards used for video transmission typically found on embedded systems, how they are implemented in the kernel and how to interact with them as a driver developer or a simple user. We'll also follow the transformations that a frame can go through so that it can in the end be correctly processed by the consumer. This talk's main audience are people who want to discover the various technologies around video capture, and that want an introduction to the complex but fascinating world of Video4Linux.

Speakers
MC

Maxime Chevallier

Embedded Linux Engineer, Bootlin
Maxime joined Bootlin in 2018, where he does Embedded Linux and kernel development. Since then, he has been working on networking drivers for MACs and PHYs, Audio drivers and more recently, V4L2 work with a complex camera setup. He also has experience working on SPI drivers, Yocto... Read More →


Monday October 26, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

Gadgets and Trinkets, The Upstream Linux Way - Geert Uytterhoeven, Glider bv
The Arduino movement has popularized using micro-controllers to control simple low-speed devices like sensors and actuators. Hitting platform limitations, many people are stepping up to Linux systems. Affordable development boards capable of running Linux like Raspberry Pi and BeagleBone Black changed the scene, and joined people with an electronics and micro-controller background, and people from a traditional PC background, into a common community. Simple devices are typically connected to the system using serial busses like I2C, SPI, or UART, or even directly to General Purpose I/O pins. While the hardware side may be straight-forward, the software side became increasingly complex, and it is not always clear how to model your devices for use with Linux. In this presentation, targeting both makers and industrial automation, Geert will discuss your options for accessing such devices. He will cover topics like user-space versus kernel-space access, explain the why and how of Device Trees, and the desire for DT overlays, and identify gaps in current Linux support. All of this will be accompanied by examples, so attendees will be ready to apply this to their own projects.

Speakers
avatar for Geert Uytterhoeven

Geert Uytterhoeven

Embedded Linux Kernel Hacker, Glider bv
Geert Uytterhoeven became involved with Linux more than 25 years ago, when he started hacking the Linux kernel to make it work better on his Amiga. This paved the way for a long string of contributions to Linux. Geert may be most known as maintainer of Linux on the old m68k architecture... Read More →



Monday October 26, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

Mix Edge and Electric Vehicles to Get a Shot at Sustainability - Diana Atanasova & Tsvetomir Stoyanov, VMware
Electric Grid Modernization involves comprehending renewable sources of energy, storage systems, actively monitoring power use, anticipating demand, and possibly shifting demand to smooth usage peaks. The last particularly helps to decarbonize the grid through avoiding the need to bring online dirty sources of energy to meet demand peaks. Electric Vehicle charging lends itself well to demand shifting. Perhaps you are at home and can delay charging for several hours or at work with enough charge to get back home, or just opportunisticly charging while shopping. Our solution leverages the open source project EdgeX Foundry to monitor and control one or more ChargePoint (CP) Charge stations. We invite you to explore our open source project Kinney, which provides Go and Python clients for CP's SOAP API and both a replay and full simulator (Covid-19 lockdown accelerated) We share alternative curtailment algorithms that take into consideration location, time of day, amount of vehicle charge, and charging patterns. Towards grid modernization the capturing contextual importance of various loads will help developing trade-off algorithms. Learn, experiment, drive sustainability!

Speakers
avatar for Tsvetomir Stoyanov

Tsvetomir Stoyanov

Open Source Engineer, VMware
Tzvetomir Stoyanov is a software engineer in the Open Source Technology Center, VMware/Bulgaria. He works on the Linux kernel ftrace infrastructure and the ecosystem around it - user space programs tace-cmd and KernelShark. Before joining VMware, he worked for Telco Systems, a US... Read More →
DA

Diana Atanasova

Sr. Software Engineer, VMware
Diana Atanasova is a senior engineer with the Open Source Technology Center, VMware/Bulgaria. She works on EdgeX Foundry, an open source Edge IoT Project and has been redesigning several of its microservices to improve scalability and ease maintaining consistency. She leads the edgex-cli... Read More →



Monday October 26, 2020 18:30 - 19:20 GMT
IoT Theater
  Internet of Things, Edge Computing Considerations

18:30 GMT

A New Mount API - Christian Brauner, Canonical
Almost since its inception Linux had a single syscall for creating and changing mounts. It had to cover mounting of real filesystems, bind mounts, remounting to change superblock options, remounting to change mount-specific options, mount propagation and other filesystem specific options. This caused the syscall to be overloaded. The old syscalls also lacked desirable properties such as being able to apply mount options to a whole mount tree instead of just a single mount. The new mount api splits the single mount syscall into multiple syscalls effectively allowing to create a mount context that can be configured and interacted with before even making the mount visible in the filesystem hierarchy. In this talk we will cover the layout of the new mount api, how it can be used to replace the old mount api, and specifically focus on new features such as detached mounts, or mount notifications and why it is desirable for userspace to start switching to it rather sooner than later. We will also take the time to look at future extensions such as supervised mounts.

Speakers
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →


Monday October 26, 2020 18:30 - 19:20 GMT
Linux Systems Theater

18:30 GMT

Integrating Graph Databases Into Your Architecture With GraphQL - Rob Perry, FireEye
This talk is meant for attendees with at least some background of data modeling. In this talk, attendees will be given a brief overview of graph databases, followed by a walkthrough of graph database modeling by exploring a sample use case. Next, they will be introduced to Dgraph, a distributed, open source graph database that provides a GraphQL query interface. Attendees will come away from the talk with a concrete graph data model and learn how to apply the model as a schema in Dgraph. In addition, attendees will learn new tips and tricks on how to query the data model and demystify complex queries by breaking them down into manageable queries and then merging their results.

Speakers
RP

Rob Perry

Sr. Staff Software Engineer, FireEye
Rob is a Sr Staff Software Engineer with FireEye working with a team to redefine how analysts interact with threat intelligence. Rob is an insatiably curious software engineer, technical lead, and architect with over fifteen years of experience building and supporting large- scale... Read More →


Monday October 26, 2020 18:30 - 19:20 GMT
OS Databases Theater
  OS Databases, Graph Databases

18:40 GMT

Lightning Talk: Adopting Service Mesh Patterns for Cloud Native Microservices in the Telecommunications Industry - Sudeep Batra, Ericsson

Telecommunication Industry is adopting the cloud native principles in 5G Evolution. This involves complexity in terms of orchestration,security and management. Service Mesh resolves these challenges by providing various operational,development and security benefits which are otherwise a nightmare for any developer to adopt into his application.
Telecom Operators have to make a careful choice of their unique implementation based on their requirements.
This talk will address the service mesh patterns that can be adopted towards complex Telecommunications Industry and it assumes that you have some familiarity with kubernetes and Service Mesh(Istio). 

Speakers
avatar for Sudeep Batra

Sudeep Batra

Senior Cloud Architect, Ericsson
Sudeep Batra is a Senior Architect at Ericsson North America. In his current role, he manages Client operations for Telecommunication Solutions, Development and Deployments.Sudeep has over 22 years of experience in the Telecommunications Industry and Data Centers, with specialization... Read More →



Monday October 26, 2020 18:40 - 18:50 GMT
Cloud Theater

18:50 GMT

Lightning Talk: A Weather Balloon Example to Authenticate Data - Nicolas Lopez, Telokanda Remote Sensing Company
To address climate change and regional data collection issues in West Africa, we have begun a project of building weather balloons that cost well below typical radiosonde costs in the United States. Launching a weather balloon would reward local residents digital currency for their efforts, if the balloon was proven to reach a certain height. While pursuing this goal, we encountered some challenges that come from operating a business remotely. One of our obstacles was the need to develop a 2-factor authentication to ensure the owner of the device was indeed the same person using the web application. This is usually straightforward, but our application and network servers are owned and operated by multiple separate companies. Here we explore an authentication solution using blockchain that allows projects like these to become platform agnostic and able to be implemented when different companies own different parts of the data pipeline infrastructure.

Speakers
NL

Nicolas Lopez

Software Engineer, Telokanda Remote Sensing Company
Nicolas has an extensive background in weather and software, including a software engineering position at Boeing and an algorithm development position for the GOES-16 weather satellite at NASA Goddard Space Flight Center. He has interned and worked with NOAA in the past and has pursued... Read More →


Monday October 26, 2020 18:50 - 19:00 GMT
Wildcard Theater
  Wildcard, Blockchain

19:30 GMT

Container Security 101 - Sangram Rath, Cloud Architect & Technology Advisor
Cloud-Native computing is the hottest trend in the cloud ecosystem and is increasingly becoming the new norm for application development and deployment. At the core of Cloud-Native Computing infrastructure are containers and with the increasing adoption of it along with the scale of deployments, security becomes an important aspect of the adoption strategy. Of the 4C's of Cloud-Native Security, containers are one of the security layers.

The sesion will provide an introduction to Container Security covering the challenges & risks around containers and various tools that can be leveraged for implementing container security. The presentation starts with an overview of cloud-native security but focuses on container security, the challenges that come with using containers. In this session you will be introduced to the type of threats in scope and some of the container vulnerabilities that are out there. You will get an introduction to various tools (mostly open source) that can be used to provide a layer of protection for your containers.

Speakers
avatar for Sangram Rath

Sangram Rath

Cloud Architect & Technology Advisor
A multi-cloud professional with 15 years of technology experience primarily in the Cloud Computing & Virtualization domain. I have been a gigworker for 6 years and have had the opportunity to be a Cloud Architect, Startup Co-founder, Mentor/Trainer, Author and more importantly a Learner... Read More →


Monday October 26, 2020 19:30 - 20:20 GMT
101 Essentials Theater

19:30 GMT

BoF: Hybrid Cloud Data Management Across Heterogeneous Storages - Sanil Kumar D., Huawei / SODA Foundation & Kei Kusonoki, NTT Communications
There are data management solutions based on application platforms, storage vendors, and cloud vendors. This has created scattered dependent solutions to the users. Kei and Sanil will be discussing about unified data management across hybrid cloud and heterogeneous storage. The session will be supported with working demo for basic data management (CRUD) and data mobility operations on-prem and multiple clouds. It will also provide the key challenges, architecture proposal, and need for industry collaboration for unified data autonomy and an open ecosystem towards unified data framework and API standards. The focus in this session is on how the data management across on-prem and cloud be connected to achieve seamless data operations irrespective of application platforms, storage vendors, and cloud vendors.

Speakers
KK

Kei Kusunoki

Storage Architect, NTT Communications
Storage Architect at NTT Communications, Japan. Kei Kusunoki is a Storage Architect at NTT Communications R&D department and has worked on the storage service development for the telecom carrier’s cloud service since 2012. He has designed and evaluated block/file/object storages... Read More →
avatar for Sanil Kumar D

Sanil Kumar D

Chief Architect, TOC, SODA Foundation, Huawei / SODA Foundation
TSC Member, Architecture Lead, SODA Foundation, Maintainer KubeEdge(CNCF)Chief Architect, Head India SODA Team, Huawei Technologies.Sanil has over 20 years of Industry experience in Linux, Open Source, ARM Ecosystem, Cloud and Emerging Technologies(like Edge Computing, Blockchain... Read More →



Monday October 26, 2020 19:30 - 20:20 GMT
Cloud Theater
  Cloud + Cloud Native, Hybrid Cloud Data Management

19:30 GMT

BoF: The Yocto Project and OpenEmbedded - Nicolas Dechesne, Linaro & Armin Kuster, MontaVista Software, LLC
This BoF provides an open forum for the embedded Linux community to ask questions and discuss issues with Yocto Project and OpenEmbedded principals. We open with a Yocto Project summary and OpenEmbedded State of the Union.

Speakers
avatar for Armin Kuster

Armin Kuster

S/W Architect, MontaVista Software, LLC
He has been in the Embedded ecosystem for 20 years and is Employed at MontaVista, LLC. He in on the Yocto Project Avisory board , Yocto Avocacy committee and currently represents OpenEmbedded on the Yocto Project TSC. He has the privilege of being the meta-openembedded stable branch... Read More →
avatar for Nicolas Dechesne

Nicolas Dechesne

Yocto Project Community Manager, Linaro
Nicolas is working for Linaro and manages a team of developers focused on improving the state of Qualcomm chipset in upstream Linux. He maintains an OpenEmbedded BSP layer for Qualcomm chipset. When Nicolas joined Linaro he led a team of developers who designed and implemented the... Read More →


Monday October 26, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

What Differs the Android Open Source Project from Other Linux Distributions? - Sergio Prado, Toradex
Have you ever wondered what is running inside your Android device? Well, you know that you have a version of the Linux kernel there. But what about user-space? It is really a "different beast". If you log into an Android device, you won't find directories like /usr and /lib, or common init systems like systemd or sysvinit. X11, Wayland, dbus, glibc, the Android Open Source Project doesn't use any of that. For several reasons, Google decided to take the project in a different direction. What is the reason behind using bionic over glibc/uclibc/musl? Or Binder instead of D-Bus? In this presentation, let's have a deep look at the AOSP from the inside out and understand how this Linux based operating system really works.

Speakers
avatar for Sergio Prado

Sergio Prado

Software Team Lead, Toradex
Sergio Prado has been working with embedded systems for more than 20 years. He is an entrepreneur and founder of Embedded Labworks, where he gives several training sessions every year. He currently works as a Software Team Lead at Toradex, writes on his blog at embeddedbits.org and... Read More →



Monday October 26, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

Writing Your Own Kernel Cryptographic Accelerator Driver - Tero Kristo, Texas Instruments
Linux kernel crypto API provides ways to encrypt/decrypt data and to provide authentication info for the same. Some basic algorithms for this are gone over; hash algorithms for SHA1, SHA256, SHA512 and some basic cipher algorithms like AES / DES. Second part of the speak covers details how to implement a new cryptographic driver for one or more of these algorithms. In typical case this would be a new hardware accelerator driver for either a hash or cipher algorithm core. Driver level APIs required for these both are covered, in addition to the testing facilities provided by both kernel and userspace. In third part we go over performance and throughput measurements (openssl, tcrypt, IPSec), and how to optimize the driver to reach best possible results with these. Hardware vs. software cryptography performance is compared also with some TI SoCs used as reference platforms.

Speakers
TK

Tero Kristo

Technical Lead / Linux Baseport, Texas Instruments
Tero has ~12years of experience of working on various parts of Linux kernel on Texas Instruments SoCs. He is currently working as a technical lead at Texas Instruments for the baseport area. Tero's hands on Linux kernel work includes cryptographic accelerators, power management, clock... Read More →



Monday October 26, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

BoF: KernelCI: Lessons Learned - Guillaume Tucker, Collabora
A lot has happened since KernelCI was announced as a new Linux Foundation project at ELC-E 2019 in Lyon. One year on, what have we learnt?

We are witnessing an increasing number of individuals and organisations who are getting involved with the project and make it grow in some new ways. We now have much more build power, a fast-expanding functional testing coverage and a new database design to collate results from other existing kernel test systems. But what makes it truly special is how it has the potential to be driven by the kernel community at the same scale as the Linux kernel itself.

The KernelCI project team's main role is essentially to facilitate this to happen, by providing some technical solutions as well as an open forum for catalyzing progress in kernel automated testing and development workflows. Join the discussion in this BoF to take part in shaping another exciting year ahead! Key topics to get started include a follow-up from the community survey we did in June, what subsystem maintainers need in order to make KernelCI part of their workflow, how to run automated kernel tests in an effective way...

We'll be using a shared document to gather KernelCI Community Notes from the BoF discussions:
https://docs.google.com/document/d/1XNu00OmSo-CzFdYUBXJk0B8hKZnfQk8v49ZfX9C_bKM/edit?usp=sharing


Speakers
avatar for Guillaume Tucker

Guillaume Tucker

Software Engineer, Collabora
Originally with a hardware background, over the last fifteen years I have progressed as a low-level embedded software engineer while working at several start-ups and ARM. Since I joined Collabora in 2017, I have spent the best part of my time working on KernelCI. Initially adding... Read More →



Monday October 26, 2020 19:30 - 20:20 GMT
Linux Systems Theater
  Linux Systems, Testing & Fuzzing

19:30 GMT

Purpose-built Observability Solutions using Open Source Software: Lessons from the Field - Avthar Sewrathan, Timescale
Are proprietary monitoring solutions too clunky, rigid and expensive for the specific needs of your fast moving team? Join me as I detail how data collection, storage and visualization can be accomplished in simple, and cost effective ways using ALL open source software! You’ll hear stories from the field of how 3 different companies that I’ve worked with at Timescale have gone about implementing their open-source observability stack, how their configurations have fared and the pros and cons of each approach. We’ll also architect an application monitoring system using tools like Prometheus, PostgreSQL and Grafana. All of these technologies are open-source and provide the flexibility and extensibility to scale with your team’s needs. You’ll walk away with the foundation for how to implement your own observability system using open source software, as well as inspiration for how to proceed based on the real world experience of others.

Speakers
AS

Avthar Sewrathan

Developer Advocate, Timescale
Avthar’s mission is to use technology to empower people. That’s why he loves being a Developer Advocate at Timescale, where he helps developers leverage the power of time-series data to analyze the past, monitor the present and predict the future. He documents lessons from his... Read More →


Monday October 26, 2020 19:30 - 20:20 GMT
OS Databases Theater
 
Tuesday, October 27
 

12:00 GMT

Demystifying Linux Kernel Initcalls! - Mylène Josserand, Collabora
__initcalls are a very useful mechanism of the kernel boot process, it allows the developer to easily hook their code as part of the kernel boot process. This talk will demystify the magic behind kernel initcalls, look at the purpose and benefits, how they are implemented and finally cover ways to debug and trace them. You would be amazed, for example, by how much insight of a device's boot-time you can get by looking at how and when the initcalls are being executed.

Speakers
MJ

Mylène Josserand

Embedded Linux engineer, Collabora
Mylène Josserand joined Collabora as a Consultant Software Engineer. She has experiences in embedded Linux and kernel development. She worked on drivers and BSP development with Buildroot and the Yocto project / Open Embedded, contributing new features and fixes to these projects... Read More →



Tuesday October 27, 2020 12:00 - 12:50 GMT
101 Essentials Theater

12:00 GMT

High Performance Node.js Powered by Rust and WebAssembly - Michael Yuan, Second State Inc
In the post Moore’s Law era, we need to squeeze more performance from existing hardware. Native code provides the best performance. However, the prevalence of native code on the server-side presents challenges to application safety and manageability. The advent of Rust and WebAssembly offers new ways for developers to write high performance yet safe Node.js applications. The Rust programming language is Stackoverflow’s most beloved programming language for the past 4 years. WebAssembly, on the other hand, provides a fast and lightweight virtual machine for running and managing Rust programs. Through open source bridges between Node.js and WebAssembly / Rust, we can now create JavaScript and Rust hybrid applications for Node.js, and shift computing loads to Rust functions. In this talk, I will go over the basics of Rust and WebAssembly, as well as their integration into Node.js. You will learn when and how to design a hybrid web application, how to code the high performance functions in Rust, and how to tie everything together in a Node.js JavaScript application. At the end of this talk, you will have all the open source tools and resources you need to get started on your own.

Speakers
MY

Michael Yuan

CEO, Second State Inc
Dr. Michael Yuan is the author of 5 books on software engineering. His latest book Building Blockchain Apps was published by Addison-Wesley in Dec 2019. You can get started with your first decentralized web app in 5 minutes using the BUIDL online IDE (with tutorials from the book... Read More →


Tuesday October 27, 2020 12:00 - 12:50 GMT
Cloud Theater

12:00 GMT

Advanced Systemd for the Embedded Use-Case - Jeremy Rosen, Smile
When discussing systemd for embedded system, the discussion is usually limited to two aspects: * systemd boots faster * systemd is big. Though both points are valid, systemd brings much more to the table than an alternate method of booting and provides invaluable tools for the specific problems that embedded systems commonly face. This talk will list various features of systemd that deserve to be better known and that can greatly help embedded system development. Especially in the domains of security, reliability and reusability. Knowing the tools that systemd provide can greatly help the embedded engineer solve common integration problems and this talk's aim is to help embedded engineers know the tools that are available and the problems that have already been solved for them.

Speakers
avatar for Jeremy Rosen

Jeremy Rosen

Expertise Manager, Smile
Jérémy Rosen has been involved in various ways in the open-source world for more than 20 years, in various projects including Battle for Wesnoth and Darktable. Since 2012, Jeremy works for Smile embedded and connected system (previously known as OpenWide), one of the leading company... Read More →



Tuesday October 27, 2020 12:00 - 12:50 GMT
ELC Theater
  Embedded Linux Conference (ELC), Boot Speed

12:00 GMT

Graphical User Interface Using Flutter in Embedded Systems - Hidenori Matsubayashi, Sony
Sony has been researching open source Graphical User Interface (GUI) frameworks available for embedded products. There are many GUI frameworks in OSS, but there are some issues and trade-offs such as functionality, maintainability, compatibility with display manager (X11, Wayland), and software license. For example, in the case of consumer electronics products, higher designability is required. Furthermore, linking mobile apps and web apps and a development environment that facilitates development are required. Therefore, HTLM5/JavaScript using WebView (embedded browser) is often used. However, when using WebView, there are issues such as footprint and vulnerability countermeasure costs. Regarding Wayland, which is being mainly supported by Board Support Package (BSP) of SoC vendors, existing OSS sometimes lacks Wayland's support. And using it as is may cause stability problems. To solve above issues, we have adopted Flutter, which is a GUI framework for mobile and desktop in OSS, and developed to support Wayland protocol, application manager and development environment suitable for embedded systems. In this talk, we will talk about our challenge and exhibit demo applications.

Speakers
avatar for Hidenori Matsubayashi

Hidenori Matsubayashi

Software Engineer, Sony
Hidenori has been working for more than 10 years on Embedded Software for a lot of products. He mainly works on developing system software on embedded systems as full stack software engineer.Specialties: C/C++, Rust, Dart (Flutter), Embedded Linux, System Software, Middleware, Firmware... Read More →



Tuesday October 27, 2020 12:00 - 12:50 GMT
ELC Theater

12:00 GMT

ACRN Security: A Journey into Fuzzing and Hardening Edge Hypervisors - Mostafa Elsaid & Steffen Schulz, Intel
With the rise of data-centric IoT and Edge Compute, hypervisors have become a key component for real-time assurance, workload consolidation, and management. Unlike traditional cloud infrastructure, hypervisors at the Edge face an extended threat model with a broader set of threats and requirements (e.g. determinism, data privacy, etc..). As a result, ensuring the security and functional correctness of critical elements in the Trusted Computing Base (TCB) is crucial for the overall edge node security and dependability. Dynamic security validation methods like "Fuzzing" have been highly successful in uncovering novel bugs with runtime impact. However, as of now, there are no effective tools for covering the complex and diverse nature of components in the modern virtualization software stack. In this presentation, we discuss state-of-art fuzzing approaches that fit into the virtualized edge ecosystem. In addition, we share a set of Best Known Methods (BKMs) and techniques to execute a comprehensive fuzzing campaign for components scattered across different software layers; starting from the hypervisor, kernel service modules, and up to the Device Model (DM) in userspace.

Speakers
avatar for Mostafa Elsaid

Mostafa Elsaid

Security Engineer, Intel
Mostafa Elsaid is a Security Engineer/Researcher at Intel Internet of Things Group (IOTG). His main interests are offensive system security and product's security architecture. Currently, he is a core contributor to the penetration testing and fuzzing activities for the ACRN opensource... Read More →
SS

Steffen Schulz

Security Researcher, Intel
Steffen Schulz is a security researcher at Intel Labs Security and Privacy Research (SPR). His main interest is in foundational platform security and resilience features for emerging devices, such as IoT and accelerators. As part of the Intel Collaborative Research Institute for Collaborative... Read More →



Tuesday October 27, 2020 12:00 - 12:50 GMT
IoT Theater
  Internet of Things, Edge Computing Considerations

12:00 GMT

Atomic Updates and Configuration Files - Thorsten Kukuk, SUSE
Automatically updating and adjusting configuration files, especially if the admin made already changes to them, is not that easy and still one of the not solved problems under Linux. At the same time, more and more Linux Distributions provide variants with "Atomic Updates", which means either all updates are fully applied without error, or none. This makes updating configuration files even harder. In this talk I will explain the current problems, generic solutions for this, what various distributions choose to solve it and how we are planing to solve it.

Speakers
avatar for Thorsten Kukuk

Thorsten Kukuk

Distinguished Engineer, SUSE
Thorsten is working since over 20 years for SUSE, he is a Distinguished Engineer, Senior Architect for SLES and MicroOS and leading the Future Technology Team. He started his Open Source Career about 25 years ago.



Tuesday October 27, 2020 12:00 - 12:50 GMT
Linux Systems Theater

12:00 GMT

BPF Tales, or Why Did I Recompile the Kernel to Average Some Numbers? - Giulia Frascaria, Vrije Universiteit Amsterdam
“eBPF should stand for something meaningful, like Virtual Kernel Instruction Set”, says Brendan Gregg. Well we took that statement seriously, and had to put it to the test! Looking at current use cases we saw that eBPF can be used to filter and modify in-flight data for the networking stack, so we thought “why not storage?”, given the whole literature of work trying to reduce the size of data transfers. You know, end of Moore’s Law, blazing-fast new storage that outperforms CPU throughput, Big Data all over the place… Wouldn’t it be great if we could filter it with eBPF? Yes. Is it easy? Join the talk to find out (spoiler, not yet). In this talk we’ll stress-test eBPF, and see how it is tamed by the (very unforgiving) verifier, making it hard to even average a few numbers. Expect to hear about some kernel headaches.

Speakers
avatar for Giulia Frascaria

Giulia Frascaria

Research Assistant, Vrije Universiteit Amsterdam
Master student in Computer Science, soon-to-be PhD in the Vrije Universiteit of Amsterdam. Researching computer systems within the atLarge research group.Focusing on low-level systems, storage, networking and Linux kernel development



Tuesday October 27, 2020 12:00 - 12:50 GMT
Linux Systems Theater
  Linux Systems, BPF

12:00 GMT

From the Ground Up: How We Built the Nanos Unikernel - Will Jhun, NanoVMs, Inc.
A concept that has been kicking around in systems research for a few decades, the unikernel presents a compelling foundation for services in a modern context, both within the cloud and at the edge. Unikernels promise sub-second boot times, small footprints, small attack surfaces and a huge number of VMs per host, all highly desirable attributes for single application deployments in a virtualized environment. This talk will present Nanos, a new, open-source unikernel that runs a wide array of real-world applications. Nanos is lightweight (~1/2 MB kernel text and data), runs Linux ELF binaries (typically without patching or modification) and employs standard protections such as split kernel / user memory, page protections and ASLR. The talk will open with a practical walk-through, presenting the process of staging a Nanos unikernel, running it on a local hypervisor and deploying it on a cloud platform. The second part of the talk will discuss the development process and techniques atypical in a kernel environment, including type introspection, a tuple data store for configuration and metadata, and the use of closures (in C) to compose concurrent, asynchronous operations.

Speakers
avatar for Will Jhun

Will Jhun

Kernel Engineer, NanoVMs, Inc.
Will Jhun has developed systems software for a range of applications including enterprise-class network switches, packet switching paths for software-based routers, embedded software for consumer products and most recently OS kernel development for cloud deployments. He is the principal... Read More →



Tuesday October 27, 2020 12:00 - 12:50 GMT
Wildcard Theater

13:00 GMT

SSH and the Command Line - John Bonesio, The Linux Foundation
Join us for this talk and learn to manage servers more efficiently from the command line.

This talk is aimed at newer folk who are used to doing everything in a graphical interface

Speakers
JB

John Bonesio

Trainer for the Linux Foundation, The Linux Foundation
John Bonesio has over 25 years in software development. He has worked in systems level programming from large servers to small embedded real-time devices. John’s experience in the Linux kernel includes working on file systems, raid sets, network drivers, startup code for ARM and... Read More →


SSH 2 pdf

Tuesday October 27, 2020 13:00 - 13:50 GMT
101 Essentials Theater
  101 Essentials - Linux Administration

13:00 GMT

Enabling Observability with OpenTelemetry - Mauricio Vásquez Bernal, Kinvolk
OpenTelemetry is a CNCF sandbox project composed of a set of libraries, agents and other components that enable the generation and collection of telemetry data. In this talk, Mauricio will present an introduction to the project, the usage of the OpenTelemetry API to instrument an application and the usage of the automatic instrumentation agents to generate telemetry data without changing the code of the applications.

Speakers
avatar for Mauricio Vásquez Bernal

Mauricio Vásquez Bernal

Software Engineer, Kinvolk
Mauricio works as a software engineer in the Kinvolk Labs team. He is interested in eBPF, Kubernetes, networking and tracing technologies. In the previous years Mauricio has worked implementing high performance virtual network functions with eBPF. In 2019 he focused on the OpenTelemetry... Read More →


Tuesday October 27, 2020 13:00 - 13:50 GMT
Cloud Theater
  Cloud + Cloud Native, Observability

13:00 GMT

C++ for Real-Time Safety-Critical Linux Systems - Robin Rowe & Gabrielle Pantera, Venture Hollywood
Linux is not a real-time operating system, yet that doesn't stop its use in real-time, safety-critical systems. You may be using it every day. If you've driven past a traffic light or used a crosswalk in the United States, you've probably been trusting your life to Linux without realizing it. In this talk we'll describe using C++ in building a Linux embedded system where lives are at stake and the software must be responsive at all times. Discussion of best practices in embedded C++ software development, memory management, bring-up, high availability servers, watchdog timers, race conditions, threads and locks, fault tolerance, state machines, fail-safe design, cross-platform code, cmake build systems, static code analysis, TDD and automated QA, debugging embedded systems and avoiding the dreaded truck-roll.

Speakers
avatar for Robin Rowe

Robin Rowe

CEO, Venture Hollywood
Robin Rowe has produced animation and visual effects software used in making motion pictures, (Iron Man and Spider-Man films), hit animation series (Mattel Barbie Vlogger) and AAA games (Call of Duty). An innovation leader who's worked at Lenovo, AT&T DirecTV, GoPro, DreamWorks Animation... Read More →
GP

Gabrielle Pantera

Chairman, Venture Hollywood
Gabrielle Pantera is an innovator, writer and talk show host. Host and executive producer of 55 live 1-hour talk show episodes for a series sponsored by Universal. As a performer, a voice in film and AAA games. Produced a live theater comedy festival that ran for a year, hailed by... Read More →



Tuesday October 27, 2020 13:00 - 13:50 GMT
ELC Theater

13:00 GMT

Yocto Project and OpenEmbedded: A Collection of Best Practices - Alexandre Belloni, Bootlin
The Yocto Project and OpenEmbedded are among the most popular tools to build custom Linux systems for embedded devices. There is widespread documentation and past discussions at conferences on how to use them, but there is a more limited documentation about best practices. In this presentation, we want to share the best practices that we recommend to engineers and companies when using Yocto/OpenEmbedded:

-which OpenEmbedded distribution to use
-how to organize the layers
-how to write and organize recipes
-how to handle local.conf
-how to handle multiple machines
-how to update to newer Yocto/OpenEmebdded releases
-and more !

Speakers
AB

Alexandre Belloni

Kernel Engineer, Bootlin
Alexandre Belloni has 15 years of experience working on embedded systems, and joined Bootlin 2013. In the Linux kernel, Alexandre is the co-maintainer of the Microchip/Atmel processor support and the maintainer of the RTC subsystem. Alexandre is also one of Bootlin's Yocto expert... Read More →



Tuesday October 27, 2020 13:00 - 13:50 GMT
ELC Theater

13:00 GMT

LoRa/LoRaWAN in Zephyr - Manivannan Sadhasivam, Linaro
The Eclipse IoT Developer Survey 2019 showed that Zephyr had approximately 3% of the RTOS market share for IoT. And so the number should've increased by now. Zephyr is becoming the de facto Opensource RTOS for the IoT market due to its scalable and yet feature-rich nature. Zephyr already supports multiple SoC architectures and communication protocols. But for Zephyr to become an RTOS for Industrial and Smart city applications, it needs to support a communication technology that can transmit data at longer distances in a less congested spectrum. This is where LoRa (Long Range) communication technology by Semtech perfectly fits in. The basic LoRa support in Zephyr was added back in December 2019 and since then there has been a huge interest among the community to extend the support for it. More recently, the LoRaWAN support is also added to Zephyr. This will provide true networking support to Zephyr over LoRa. This talk will briefly go over the current LoRa/LoRaWAN support in Zephyr, the motivation, future plans, etc...

Speakers
avatar for Manivannan Sadhasivam

Manivannan Sadhasivam

Kernel Engineer, Linaro
Mani is a Kernel Engineer at the Qualcomm Landing team of Linaro. He maintains several ARM SoC architectures, drivers, MHI bus support in the Linux kernel. He also maintains LoRa, LoRaWAN and LED support in Zephyr RTOS.



Tuesday October 27, 2020 13:00 - 13:50 GMT
IoT Theater
  Internet of Things, Zephyr

13:00 GMT

DTrace: Leveraging the Power of BPF - Kris Van Hees, Oracle Corp.
BPF and the overall tracing infrastructure in the kernel has improved tremendously and provides a powerful framework for tracing tools. DTrace is a well known and versatile tracing tool that is being re-implemented to make use of BPF and kernel tracing facilities. The goal of this open source project (hosted on github) is to provide a full-featured implementation of DTrace, leveraging the power of BPF to provide well known functionality

The presentation will provide an update on the progress of the re-implementation project of DTrace. Kris will share some of the lessons learnt along the way, highlighting how BPF provides the building blocks to implement a complex tracing tool. He will provide examples of creative techniques that showcase the power of BPF as an execution engine.

Like any project, the re-implementation of DTrace has not been without some pitfalls, and Kris will highlight some of the limitations and unsolved problems the development team has encountered.

Speakers
KV

Kris Van Hees

Consulting Software Engineer, Oracle Corp.
Kris Van Hees works for Oracle Corp. He works primarily on tracing and debugging tools. Previously Linux projects (incl. with former employers) include OpenAFS, zLinux, and DTrace. His current project is the re-implementation of DTrace on top of Linux kernel tracing features like... Read More →



Tuesday October 27, 2020 13:00 - 13:50 GMT
Linux Systems Theater
  Linux Systems, Tracing

13:00 GMT

Panel Discussion: Outreachy Linux Kernel Internship Report - Helen Koike, Outreachy / Collabora; Jules Irenge, Lourdes Pedrajas, Kaaira Gupta & Shreeya Patel & Briana Oursler, Outreachy
Come learn about the amazing work our kernel interns have accomplished! Outreachy provides 3 months paid internships for people from groups traditionally underrepresented in tech to work on open source projects. The panel will present the following Linux kernel projects: * Briana Oursler: Improve and extend kernel networking self-tests running in namespaces * Jules Irenge: Fix lock-related warnings reported by sparse for core kernel code * Kaaira Gupta: Linux Media and libcamera: multi stream test support with VIMC * Lourdes Pedrajas: Improve and extend kernel networking self-tests running in namespaces * Shreeya Patel: Add SOF-Fuzzer support for i.MX8 platform

Speakers
BO

Briana Oursler

Outreachy Intern @ Linux Kernel, Outreachy
I am a Computer Science post baccalaureate student at Portland State University in Oregon, United States of America where I live with my husband and two cats. I have a background in logistics and administration and started learning Python code in 2017 to help with organizing data... Read More →
avatar for Helen Koike

Helen Koike

Outreachy Kernel Co-coordinator / Senior Software Engineer, Outreachy / Collabora
Helen Koike is a Software Engineer and Kernel developer with Collabora's kernel team. Her recent work includes the Rockchip ISP1 driver in the Video4Linux media subsystem. She has also contributed to other areas of the Kernel, including ASoC, device mapping, NVMe, maintains the Virtual... Read More →
avatar for Irenge Jules Bashizi

Irenge Jules Bashizi

PhD student, University of Manchester
Jules is a certified Linux administrator and has been using Linux as his main OS since 2008. He has been a student leader, a Linux computer Lab technician and a Computer Instructor prior to his postgraduate studies. Jules holds a Master of Science degree in Computer Science from The... Read More →
avatar for Lourdes Pedrajas

Lourdes Pedrajas

Outreachy Intern @ Linux Kernel, Outreachy
I worked as a system administrator and took care of documentation in development projects at companies. But always were interested of how the operating systems are made and give something in return to the OSes I was using. Then started to learn programming for this and read bits of... Read More →
avatar for Shreeya Patel

Shreeya Patel

Outreachy Intern @ Linux Kernel, Outreachy
I am a B.Tech. graduate in Information Technology. My journey with Linux Kernel started in second year of engineering and due to consistent contribution and involvement, I was offered to work on IIO subsystem’s drivers like adis16209, adt7316 where I learnt a lot of things related... Read More →
avatar for Kaaira Gupta

Kaaira Gupta

Outreachy Intern @ Linux Kernel, Outreachy
Kaaira Gupta is a junior undergrad pursuing her Bachelor of Technology with a Major in Geophysics and a Minor in Computer Science. She is exploring different domains of Computer Science and has a good command over Data Structures and Algorithms. She has tried Android development... Read More →


Tuesday October 27, 2020 13:00 - 13:50 GMT
Linux Systems Theater

13:00 GMT

Getting to Know Spectre & Meltdown Checker - Agata Gruza, Intel & Stéphane Lesimple, OVHcloud
Spectre & Meltdown Checker is a widely used open source hardware vulnerability checker tool. This simple to use application evaluates your system’s exposure to speculative execution side channel issues and detects the presence of security mitigations on your system. It is compatible with BSD and all Linux* flavors and distributions, and can be used on-premises, in virtual environments, and in containers.

In this session we'll take a trip back to early 2018, when Spectre & Meltdown changed the landscape of the IT security for years to come, which made this Spectre & Meltdown Checker a necessity. You will learn the process of contributing to Spectre & Meltdown Checker (what needs to be done between discovering a CVE vulnerability and pushing a patch to address the CVE to the public main repo). We will go over CVE nomenclature for new CPU vulnerabilities, creating a list of unaffected processors, new hardware capabilities, and the patch itself. From there Agata will cover steps on how to install the checker script, and then how to review and read the output from the tool. She will wrap up with what to do if you discover a vulnerability in your system.

Speakers
avatar for Agata Gruza

Agata Gruza

Lead Performance Engineer, Intel
Agata Gruza has been at Intel for over 5 years working on performance optimizations of Big Data frameworks like Cassandra, Spark, and Hadoop for Intel Architecture. Currently she is a Lead Performance Engineer and focuses on Linux kernel software mitigation. Agata is a Google (Android... Read More →



Tuesday October 27, 2020 13:00 - 13:50 GMT
OS Dependability Theater

13:00 GMT

Virtualization for Real-time Power Grid Substation Automation - Lucian Balea & Aurelien Watare, RTE
Energy Transition drives change in power transmission and distribution grids. Grid control architectures should adapt swiftly to manage more distributed renewable infeed and greater dynamics in power flows. In this context, grid operators require a new generation of digital automation system for power substations, enabling higher flexibility, scalability, cross-industry innovation while ensuring time and cost-efficiency. Following the path of other sectors such as telecommunication networks, open source and virtualization will be the mainstays of this new systems. In the first half of 2020, a Design Team was formed under LF Energy umbrella to draft the roadmap of an open source project aiming at developing a “reference design” and “industrial grade” platform that can run virtualized real-time automation applications. This group gathered several technology vendors and end-users. This session will present the works of the Design Team, touching upon the system architecture and technology stack implemented in the project (Yocto, KVM, OvS, DPDK, Docker, Kubernetes). It will also outline the specific requirements of the power grid industry and the next challenges of the project.

Speakers
avatar for Lucian Balea

Lucian Balea

R&D Program Director and Open Source Manager, RTE
Lucian is R&D Program Director and open source manager at RTE. He is leading the open source strategy of RTE which aims at moving the digitalization of the power grid into a new era. Early 2018 he started a collaboration with The Linux Foundation to launch LF Energy, an open source... Read More →
AW

Aurélien WATARE

Project Manager, RTE
Aurelien is Project manager at RTE, the French power transmission system operator. He is in charge of the virtualisation of  the digital substation.Aurelien has been with RTE since 2008 and worked as an R&D engineer and in the real time grid operation control center.



Tuesday October 27, 2020 13:00 - 13:50 GMT
Wildcard Theater
  Wildcard, Mission-Critical

14:15 GMT

Challenges of Using V4L2 to Capture and Process Video Sensor Images - Eugen Hristev, Microchip Technology, Inc.
The Video4Linux2(v4l2) is a complex subsystem in Linux that offers great capabilities for configuring a complete video capture pipeline. This presentation focuses on the challenges of taking a photo with a digital sensor, that in most cases is not adapted to the ambient scenery, and how dedicated hardware and software can help the simple photographer to take the best quality photo that they can. A hardware and software pipeline starts from the basic raw pixel data that comes from the sensor, and it goes through several processing stages, from interpolation of raw BAYER matrix and color space conversion to RGB space, color correction, brightness and contrast adjustment, white balance algorithms to adjust to ambient light, and in the end converting to a user friendly image format type. The presentation allows a non-experienced photographer, or a photographer used to classic cameras, to understand the difficulties of digital photography, and how Linux, and especially v4l2, can control, adjust, and automatically perform tasks that will help anyone take photos easy, with minimum amount of effort. The end goal is to understand the functionality of an Embedded Linux Camera.

Speakers
avatar for Eugen Hristev

Eugen Hristev

Software Engineer, Microchip Technology, Inc.
I have been working with Microchip Technology for more than three years, focusing on Linux kernel and bootloader development, mainly driver development for different hardware blocks inside Microchip's AT91 SAM series, mostly on Cortex-A5 based MPUs. My main areas of interest and focus... Read More →



Tuesday October 27, 2020 14:15 - 15:05 GMT
ELC Theater

14:15 GMT

Threat Modelling - Key Methodologies and Applications from OSS CIP (Civil Infrastructure Platform) Perspective - Dinesh Kumar, Toshiba Software India & SZ Lin, Moxa Inc
The focus of this talk would be to discuss key Threat Modelling methods as well as Open Source Tools available for creating Threat Model for your software. It will also cover few most common threats and mitigation methods as well as available open source tools which can help for mitigation planning. In addition, there will be update from CIP (Civil Infrastructure Platform) project how we are identifying threats in OSS and mitigating. It would help developers to get insight into threat modelling, tools and live example how one should approach threat modelling.

Speakers
avatar for SZ Lin

SZ Lin

Assistant Project Manager, Innovation R&D Center, Moxa Inc.
SZ Lin currently works for Moxa in the Innovation R&D Center, and his team helps develop industrial-grade Linux distribution to adapt to the various Industrial Internet of Things (IIoT) products. He is the technical steering committee member of the CIP (Civil Infrastructure Platform... Read More →
avatar for Dinesh Kumar

Dinesh Kumar

Project Manager, Toshiba Software India
Dinesh Kumar, working as Project Manager in Toshiba Software India for CIP(Civil Infrastructure Platform). Currently working for CIP security work group. Previously worked for embedded software development, cryptographic library development. My research interest includes embedded... Read More →



Tuesday October 27, 2020 14:15 - 15:05 GMT
ELC Theater

14:15 GMT

Tutorial: What The Clock! - Linux Clock Subsystem Internals - Neil Armstrong, BayLibre SAS
But what are these "Clocks" stuff I see in the kernel about ? Since first introduction of linux/clk.h in 2006 from Russel King, clock management was progressively part of the needed system management and resource handling in drivers. Then, in 2012, Mike Turquette introduced the "Common Clock Framework" he co-maintained with Steven Boyd, becoming a central "Framework" handling clocks over the system to provide controls by the device drivers. However, what are these clocks? What are they in physical terms? How are they modeled in Hardware? Why do we need them to control internal&external devices? Neil will make a full overview of the "Common Clock Framework", how it's integrated in the Linux Kernel and a brief overview of the physical implementation&requirement in Hardware.

Speakers
avatar for Neil Armstrong

Neil Armstrong

Embedded Linux Engineer, BayLibre SAS
Embedded Linux Engineer since 2008, Neil worked on designing and supporting small in-house designed SoCs for Digital TV Content Protection, Set-Top-Box or Security Co-Processor, and is now Embedded Linux Expert in the Baylibre team. He ports, maintains and upstreams Linux support... Read More →



Tuesday October 27, 2020 14:15 - 15:45 GMT
101 Essentials Theater

15:15 GMT

Building Embedded Debian and Ubuntu Systems with ELBE - Köry Maincent, Bootlin
One of the traditional approach to build custom Linux systems for embedded devices is to use build systems such as Yocto/OpenEmbedded or Buildroot. In some cases, using a more conventional binary distribution such as Debian or Ubuntu has interesting benefits: powerful package management system, a wide selection of available packages, no need to learn a new build system, excellent security updates, and more. However, Debian or Ubuntu themselves don't really come with appropriate tooling to easily generate ready-to-use filesystem images. This talk will therefore present ELBE, an open-source tool that generates, based on a description file, a complete Debian or Ubuntu filesystem image, cross-compiles additional packages if needed, adjust the filesystem contents, etc. We will start by comparing the different approaches to build an embedded Linux system, what is the approach taken by ELBE, how it can be used to generate systems for ARM and ARM64 targets, but also how we extended it to support generating Ubuntu-based systems in addition to Debian ones.

Speakers
KM

Köry Maincent

Embedded Linux and kernel engineer, Bootlin
Köry Maincent joined Bootlin in 2020 after working for a few years on embedded Linux systems in the transportation industry. At Bootlin, he has been working on multiple Linux BSPs, based on Yocto, Buildroot or ELBE. He has contributed Ubuntu support to the ELBE project.



Tuesday October 27, 2020 15:15 - 16:05 GMT
ELC Theater

15:15 GMT

Kselftest Running in Test rings - Where Are We? - Shuah Khan, The Linux Foundation
Kselftest is a developer test suite which has evolved to run in test rings, and by distributions. This evolution hasn't been an easy one.

In this talk, Shuah shares what it takes to get Kselftest running in test rings such as Kernel CI. She will go over the changes necessary to run Kselftests to fully support relocatable builds and enable integration into test rings.

The primary goal is discussion on existing problems and blockers to run Kselftest in Kernel CI.

Speakers
avatar for Shuah Khan

Shuah Khan

Linux Kernel Fellow, The Linux Foundation
Shuah Khan is a Linux Kernel Fellow at The Linux Foundation. She is an experienced Linux Kernel developer, maintainer, and contributor. She maintains Kernel Selftest framework, USB over IP driver, and cpupower. She is an active contributor to the Linux media subsystem. She has contributed... Read More →


Tuesday October 27, 2020 15:15 - 16:05 GMT
ELC Theater

16:15 GMT

Lightning Talk: Kuma - Envoy Control Plane for the Future - Nikolay Nikolaev, Kong Inc.
Kuma is a relatively young project to develop a completely open and community-driven control plane for xDS based L4-L7 application proxies like Envoy. Yet, within a year of its existence, it managed to get popular within a wide range of public and private cloud users. The project got accepted as a CNCF Sanbox project and is targeting to get into the Incubation state.


The talk briefly presents Kuma 1.0, its concepts, the approach to the Service Mesh problematics, the path forward, its goals and roadmap.

Speakers
avatar for Nikolay Nikolaev

Nikolay Nikolaev

Technical Lead, Kong Inc.
Nikolay Nikolaev is a Technical Lead in the Office of the CTO at Kong Inc. where he works on the Kuma Envoy Control Plane. For the last 17 years, he has been implementing networking software ranging from hardware boxes to powerful server applications and virtualized data planes. He... Read More →



Tuesday October 27, 2020 16:15 - 16:25 GMT
Cloud Theater
  Cloud + Cloud Native, Observability

16:15 GMT

Linux on RISC-V with Open Hardware - Drew Fustini, BeagleBoard.org Foundation
Want to run Linux on open hardware? This talk will explore how the RISC-V, an open instruction set (ISA), and open source FPGA tools can be leveraged to achieve that goal. I will explain how myself and others at Hackaday Supercon teamed up to get Linux running on a RISC-V soft-core in the ECP5 FPGA on the conference badge. I will introduce Migen, LiteX and Vexriscv, and explain how they enabled us to quickly implement an SoC in the FPGA capable of running Linux. I will also explore other Linux-capable open source RISC-V implementations, and how some are being used in industry. I will highlight that OpenHW Group has adopted the PULP Ariane from ETH Zurich for its Core-V CVA64 implementation. Finally, I will look at what Linux-capable "hard" RISC-V SoC's currently exist, and what is on the horizon for 2020 and 2021. This talk is should be relevant to people who are interested in building open hardware systems capable of running Linux. It should also be useful to people who are curious about RISC-V. Software engineers may find it exciting to learn how Python can be used to for chip-level design with Migen and LiteX, and simplify building a System-on-Chip (SoC) for an FPGA.

Speakers
avatar for Drew Fustini

Drew Fustini

Embedded Linux Developer, BeagleBoard.org Foundation
I am a hardware designer and embedded Linux developer, from Chicago, now living in Berlin. I serve on the board of directors for the BeagleBoard.org Foundation and the Open Source Hardware Association (OSHWA). I am a RISC-V Ambassador, and I organize the Berlin Embedded Linux meetup... Read More →



Tuesday October 27, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

Using the TPM - It's Not Rocket Science (Anymore) - Johannes Holland & Peter Huewe, Infineon Technologies AG
Nowadays, virtually all consumer PCs/laptops contain a TPM2.0 security chip, the Trusted Platform Module. Moreover, the TPM finds its way into more and more modern embedded devices. But what is the TPM and how can we use it on Linux? The TPM has the potential to enhance security in a variety of use cases ranging from SSH, VPN, disk encryption, and more. Since it is so powerful, it may be hard to use at times. But do not fret - the tpm2-software project, especially its new TPM Software Stack (TSS) Feature API (FAPI) library, enables anyone to use the TPM. This talk gives an introduction on how to use the TPM the easy way, using recent contributions to the TPM ecosystem like the TSS FAPI. After a brief overview of the involved hard- and software, this talk will dive into how to get started with the TPM and show how it can be used to perform fundamental security tasks. Afterwards, recent additions like the TPM PKCS11 middleware and the OpenSSL engine will be presented - enabling TPM integration, perhaps without writing a single line of code. In the end, the TPM open source ecosystem will be discussed, and how to become part of it. Want to start hacking? We got you.

Speakers
avatar for Peter Huewe

Peter Huewe

Principal Engineer, Infineon Technologies AG
Embedded Security Software Developer @ Infineon Technologies AG developing the next generation of Trusted Platform Modules (TPM) and ePassports. Former TPM Subystem Maintainer.OpenSource and Linux enthusiast for 15+ years - advocating the use and support for open source within my... Read More →
avatar for Johannes Holland

Johannes Holland

Embedded Software Developer, Infineon Technologies AG
@Infineon Technologies AG in Augsburg, Germany.Industrial Security (M.Sc.)@University of Applied Sciences Augsburg.Working on Embedded Security Solutions.Developing next-gen TPMs and ePassports.Contributor to the TPM Software Stack and Ecosystem.Open Source and Linux Enthusiast.



Tuesday October 27, 2020 16:15 - 17:05 GMT
ELC Theater
  Embedded Linux Conference (ELC), Security

16:15 GMT

New Power Management Framework in Zephyr - Wentong Wu, Intel APAC R&D Ltd.
Zephyr will provide new interfaces and APIs for power management which are designed to be conveniently adapted to different SOCs and architectures. Another goal of the new design is to consume as little power as possible in a given system state and don’t waste energy when idle. The power management components are classified into five categories: pm policy, pm core, platform pm, device pm, device runtime pm. Every layer has been well considered and designed, many new technologies have been used and the implementation is ongoing, it will be ready in early September. In this presentation, Wentong Wu, the maintainer of Zephyr power management, will provide as much technical detail as possible and the benefit of the new power management framework. And finally, the future technical plans of Zephyr power management will be presented and discussed.

Speakers
WW

Wentong Wu

Software Development Engineer, Intel APAC R&D Ltd.
Wentong currently works as software developer for Zephyr project in Intel company, contribute many areas for Zephyr OS. And internally I'm enabling Zephyr on many products as key person. Before Intel, Wentong has much experience on TCP/IP, wifi, arm arch, etc, involves many IOT p... Read More →


Tuesday October 27, 2020 16:15 - 17:05 GMT
IoT Theater

16:15 GMT

Rootless Containers from Scratch - Liz Rice, Aqua Security
Containers have taken off as one of the foundational technologies that enabled cloud native application development and deployment. But despite their widespread adoption through Docker, Kubernetes and other tools, there has been a significant security risk: users have effectively needed root privileges in order to run containers on a host. Recently there have been significant advances to enable “rootless containers” - containers that can be run without requiring root privileges. This talk will use live-coding in Go to illustrate how rootless containers are created, exploring why root was originally required and what has changed to enable rootless operation. This talk assumes that you have some familiarity with how containers are built using namespaces, cgroups and chroot.

Speakers
avatar for Liz Rice

Liz Rice

VP Open Source Engineering, Aqua Security
Liz Rice is VP Open Source Engineering with cloud native security specialists Aqua Security, looking after projects including Starboard, Trivy, Tracee, kube-hunter and kube-bench. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon... Read More →


Tuesday October 27, 2020 16:15 - 17:05 GMT
Linux Systems Theater

16:15 GMT

Demystifying Open Source Crash Reporter: An In-depth Security Analysis - Seong-Joong Kim, National Security Research Institute
Software vendors provide crash reporter to automatically collect crash reports from users to facilitate efficient handling of crash of their products. The crash reporter should be secure and reliable due to the fact that it handles sensitive information, such as core dump that captures the CPU context and memory contents of the crashed program, and helps to address the issue of crashed program. Unfortunately, several security flaws have been reported to the various crashing reporter for Windows, Mac OS X, Linux, Mozilla, etc. In this talk, Seong-Joong Kim will address security problems that reside in popular open source project for crash reporter. After auditing the source code, he found several flaws in the project, caused by unrestricted file upload vulnerability. When it allows the upload of an arbitrary crash report and the attacker may overflow a buffer on heap-memory, unhandled exception or cause resource exhaustion, which may lead to dreadful consequences. He will demonstrate those attacks and share the steps for improving security of the crash reporter.

Speakers
avatar for Seong-Joong Kim

Seong-Joong Kim

Security Researcher, National Security Research Institute
Seong-Joong Kim is a member of research staff at the National Security Research Institute. Prior to that, he was a researcher at TmaxSoft R&D Center for alternative service as mandatory military service duty. Also, he interned at Samsung Electronics in the capacity of a Software Engineer... Read More →



Tuesday October 27, 2020 16:15 - 17:05 GMT
OS Dependability Theater

16:15 GMT

Accelerating Network Device Automation Using a Model-Driven SDK - Santiago Alvarez, Cisco
This session describes how to significantly simplify device programmability using an open source SDK generated from YANG data models. The YANG Development Kit (YDK) provides a model-driven SDK that allows the network programmer to focus on the underlying structure of the configuration and operational data associated with the device. YDK abstract protocols, transports and encodings, plus free the programmer from having to master the specifics of the modeling language. The session will include a demonstration and pointers to get started.

Speakers
avatar for Santiago Alvarez

Santiago Alvarez

Distinguished TME, Cisco
Santiago is a distinguished engineer at Cisco Systems focused on network routing and programmability. He is responsible for influencing technology innovation and driving its adoption worldwide. He is a regular speaker at various networking conferences throughout the world and at Cisco... Read More →



Tuesday October 27, 2020 16:15 - 17:05 GMT
Wildcard Theater
  Wildcard, Networking & Orchestration

16:15 GMT

Tutorial: Firewalls with NFtables - John Hawley, VMware
Linux networking has gone through many changes over the years, and the ip filtering subsystem is no different. From ipchains, to iptables, and now to nftables, which is quickly becoming the defacto standard for network filtering on Linux. This talk is intended to get users who have a basic understanding of networking an overview of nftables, why it's a major step forward, why it's taken so long, and to get attendees the basics (including examples) they can take to deploy their own network filtering using nftables. This is primarily targeted as a teaching and 101 level discussion, and to give attendees a starting point to go further from. Basic concepts like tcp/ip, udp, network flows and such would be good understandings to have coming in, but the topics will be touched on briefly.

Speakers
avatar for John Hawley

John Hawley

Open Source Developer, VMware
John 'Warthog9' Hawley led the system administration team on kernel.org for nearly a decade, leading a team including four other administrators. His other exploits include working on Syslinux, OpenSSI, a caching Gitweb, and patches to bind to enable GeoDNS. He's the author of PXE... Read More →



Tuesday October 27, 2020 16:15 - 18:05 GMT
101 Essentials Theater

16:15 GMT

Tutorial: Running Your Own VM & Container Cluster at Home - Stephane Graber & Christian Brauner, Canonical Ltd.
LXD is an easy to use system container and virtual machine manager. On top of letting you create and run containers and virtual machines on a wide selection of storage and network options as well as featuring a modern REST API for remote management, it can also be very easily clustered. In this tutorial, we'll go over setting up LXD from scratch on 3 Raspberry Pi 4 and then configure it to allow remote systems to create and manage containers and virtual machines on those. Such a setup can be interacted with easily from the built-in command line tool available for Linux, macOS and Windows and can be shared with multiple users by using independent "projects" on that cluster. We'll also go over the most common web interface option to make it even easier to manage from any system on the network. This kind of setup can easily be replicated in the cloud or on any spare physical hardware and on the majority of hardware architectures. The Raspberry Pi 4 used in this case allows for someone to set such a redundant cluster for themselves at a very reasonable cost, making it a perfect way to experiment.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Project leader for LXD, LXC and LXCFS, Canonical Ltd.
Stéphane Graber is the engineering manager for the LXD team at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at events related to containers and Linux. Stéphane is also a longtime contributor to the Ubuntu Linux distribution... Read More →
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →



Tuesday October 27, 2020 16:15 - 18:05 GMT
Linux Systems Theater

16:25 GMT

Lightning Talk: A Brisk Introduction and Demo of KEDA - Kubernetes Event Driven Autoscaling - Sagar Joshi, Microsoft
KEDA (Kubernetes Event Driven Autoscaling) an opensource framework developed by Microsoft and Redhat which enables Kubernetes workloads (Pods) to scale according to events. The built-in HPA (Horizontal Pod Auoscaler) of Kubernetes scales according to CPU/memory of pods but autoscaling with custom events like queue length or number of events or other metrics requires large amount of coding and deep knowledge of operators. KEDA framework supports autoscaling pods with a variety of event-driven systems like Kafka topics, Redis cache, Prometheus metrics and many Cloud-based service-based messaging service. In this session we will see architecture of KEDA and a demo of POD autoscaling through one of Cloud-based messaging services.

KEDA can be paired with Virtual Kubelet to implement Serverless scaling scenarios,

Speakers
avatar for Sagar Joshi

Sagar Joshi

Partner Technology Strategist, Microsoft
Sagar works as a Partner Technology Strategist with Microsoft. He has a decade-long experience working with developers, architects and is a certified cloud professional with special interests in AI, ML and open-source technologies. He tweets at @sagarjms



Tuesday October 27, 2020 16:25 - 16:35 GMT
Cloud Theater

16:35 GMT

Lightning Talk: From PaaS to FaaS : Managing Serverless on Kubernetes - Suman Chakraborty, SAP Labs, India
Call it “serverless,” call it “event-driven compute” or call it “functions as a service (FaaS),” the idea is the same, allocate memory dynamically to event-driven functions to built microservices. Serverless computing platform allow developers to focus in building the application logic while abstracting away the infrastructure requirements and management details.

Many serverless offering from cloud-managed providers restrict the behavior of app logic that they run, sometimes making certain classes of applications impractical. Kubernetes has been the de-facto open source management platform for running applications in containers through a well-orchestrated tooling mechanism, taking care of the scalability, rolling updates, self-healing and load-balancing processes.
In this context, Suman Chakraborty will explain the major advantages Kubernetes provides in running serverless frameworks, the major open source projects that brings serverless functionality in Kubernetes and the challenges that has been reported by consumers in adopting Serverless frameworks in recent times.

Speakers
avatar for Suman Chakraborty

Suman Chakraborty

Senior Devops Engineer, SAP Labs, India
Suman Chakraborty is a Senior DevOps Engineer at SAP Labs, Bangalore (India). He is managing and supporting DevOps for SAP ABAP on Cloud Foundry & Kubernetes platform.Suman works both as an individual contributor role as well as drives the DevOps team that builds automation framework... Read More →



Tuesday October 27, 2020 16:35 - 16:45 GMT
Cloud Theater

17:15 GMT

Prometheus Enabled AI Deep Observability Based on eBPF - Ivy He, Huawei Technologies Co, LTD
AI training process is complex and invisible, when running the task, there are some monitoring blind spots by using the traditional tracing tools, which brings many difficulties to the developers to debug and tuning. For this reason, we choose eBPF to analyze the changes what we want to know in the real-time, such as: to understand whether a specific kernel function is called, short-lifetime processes, etc. With the data collected dynamically by eBPF, we choose the Prometheus to monitor and show them to the developers. In this topic, I will share the practice of eBPF in the observability of AI kernel. While running the AI training and reasoning tasks, we can dynamically inject the eBPF code into the kernel function to collect data, and report the data to the Prometheus in a unified format for visual management. The practice of the observability is currently in the experimental stage.

Speakers
avatar for Luwei He

Luwei He

Open Source Engineer, HUAWEI TECHNOLOGIES CO., LTD.
I am Ivy He, an open source engineer from Huawei. I was involved in open source work related to high-performance storage and edge computing. Contributed in SPDK, Kubernetes, Akraino and other open source communities. Currently I am mainly engaged in open source practice in AI obs... Read More →


Tuesday October 27, 2020 17:15 - 18:05 GMT
AI/ML/DL Theater
  AI/ML/DL, AI Observability

17:15 GMT

Knative: A Kubernetes Framework to Manage Serverless Workloads - Nikhil Barthwal, Google
Knative is a Kubernetes-based platform to build, deploy, and manage modern serverless workloads. It provides a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on-premises, in the cloud, or even in a third-party data center. Knative components are built on Kubernetes and codify the best practices shared by successful real-world Kubernetes-based frameworks. Knative components focus on solving many mundane but difficult tasks such as deploying a container, orchestrating source-to-URL workflows on Kubernetes, routing and managing traffic with blue/green deployment, automatic scaling and sizing workloads based on demand, and binding running services to eventing ecosystems. This talk explains how Knative enables you to focus just on writing interesting code without worrying about the boring but difficult parts of building, deploying, and managing an application. It shows how developers can even use familiar idioms, languages, and frameworks to deploy any workload: functions, applications, or containers.

Speakers
avatar for Nikhil Barthwal

Nikhil Barthwal

Sr. Software Engineer, Google
Nikhil Barthwal is a tech lead in the Google Cloud Platform at Google, working on Knative, a Kubernetes-based platform to build, deploy, and manage modern serverless workloads and is passionate about building distributed systems. He has several years of work experience in big companies... Read More →


Tuesday October 27, 2020 17:15 - 18:05 GMT
Cloud Theater

17:15 GMT

Using GitHub at Large Corporations to Unlock Sustainable Open Source Contribution - Charles Eckel, Cisco Systems
Creating a GitHub organization with public repos is free, fast, and easy. This fosters a wild west of GitHub usage within corporations that is as confusing and troubling as it is liberating and empowering. We explore how GitHub has been used organically throughout Cisco and efforts to establish best practices that enable efficient open source collaboration that is responsible and sustainable. The audience is anyone considering or already running a corporate GitHub organization as well as anyone considering or already collaborating with partners and customers through a corporate GitHub organization. The benefit is becoming better open source citizens by having consistency and transparency without sacrificing freedom and innovation.

Speakers
avatar for Charles Eckel

Charles Eckel

Principal Engineer, Global Technology Standards, Cisco Systems
Charles is a recognized champion of open source, standards, and interoperability. At Cisco, Charles is responsible for identifying and guiding open source efforts related to key standards initiatives. In addition to work in MEF, Charles is active in IETF, where he started and runs... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
Community & Business Leadership Theater

17:15 GMT

BoF: Automotive Grade Linux Developer Community - Walt Miner, The Linux Foundation
AGL provides an application framework with SMACK based security, a large number of micro services tailored for the automotive environment, and an SDK for app developers to get going quickly. AGL has attracted a large number of systems developers and app developers. This is an opportunity for developers to get together and discuss issues they have run into, potential roadmap ideas and to provide feedback to the community. Please bring your questions, comments and ideas to this session.

Speakers
avatar for Walt Miner

Walt Miner

AGL Community Manager, The Linux Foundation
Walt Miner has worked for The Linux Foundation as the Community Manager for Automotive Grade Linux since 2014. Walt has spoken at Automotive Linux Summit, Embedded World Conference in Nuremberg, Embedded Linux Conference, LinuxCon North America, and Open Source Summit North America... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

LibIIO - A Library for Interfacing with Linux IIO Devices - Dan Nechita, Analog Devices Inc
The LibIIO library exists in order to ease the development of software interfacing Linux Industrial I/O (IIO) devices. It has been around for more than 6 years and even though it has reached a maturity state, it is consistently being improved. It is cross-platform, supporting Linux, Window and Mac OS. Dan will describe the core functionality of the library and its structure which is based on one high-level API and several back-ends that facilitate different types of connections (USB, Ethernet, Serial and local) between hosts and embedded platforms. He will go through the available extensions: Python, C#, Node.js, Rust and integration with GNU Radio. Then he will show how LibIIO has evolved into a more robust library through its internal and external contributors and also through various practices such as Continuous Integration, Static Analysis and code review process.

Speakers
avatar for Dan Nechita

Dan Nechita

Software Development Engineer, Analog Devices Inc
Dan Nechita is a software development engineer for Analog Devices Inc., where he is maintaining the LibIIO code and IIO-Oscilloscope code while actively developing the AdiToF SDK. Dan holds a bachelor degree in Electronics and Communication from the Technical University of Cluj-Napoca... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
ELC Theater
  Embedded Linux Conference (ELC), SDKs

17:15 GMT

New Tools Improve Patch Submission, Review, and Other Processes - Frank Rowand, Sony
The Linux kernel patch submission, review, and acceptance process has long been email based. There have been both benefits and problems resulting from being email based. Some new tools appear to reduce or remove some of the problems. This presentation will describe the new tools, how to use them, and how they solve problems for submitters, reviewers, and maintainers. Any open source project whose contribution process uses email may be interested in considering these new tools.

Speakers
avatar for Frank Rowand

Frank Rowand

Senior Software Engineer, Sony
Frank has meddled in the internals of several proprietary operating systems, but has been loyal to the Linux kernel since 1999. He has worked in many areas of technology, including performance, networking, platform support, drivers, real-time, and embedded. Frank has shown poor judgement... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
ELC Theater
  Embedded Linux Conference (ELC), Process

17:15 GMT

Using Visual Studio Code for Embedded Development - Michael Opdenacker, Bootlin
"In the Stack Overflow 2019 Developer Survey, Visual Studio Code was ranked the most popular developer environment tool, with 50.7% of 87,317 respondents claiming to use it" (Wikipedia). This trend is also confirmed by Bootlin customers. In his very first talk about a project maintained by Microsoft (!), albeit an open-source one, Michael will share his research about how VS Code and its countless extensions can be used to explore, develop, cross-compile and debug userspace and kernelspace code. VS Code extensions can also help with other tasks, such as interfacing with git and ssh. As expected for this kind of presentation, there will of course be a Visual aspect to this presentation, with practical demos.

Speakers
avatar for Michael Opdenacker

Michael Opdenacker

CEO, Bootlin
Michael Opdenacker is the founder of Bootlin, an engineering company specializing on cool embedded Linux integration and porting projects. Michael always likes to explore new topics and tools, and share his findings with Bootlin customers and the embedded Linux community. Through... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

VM Forking & Hypervisor-Based Fuzzing with Xen - Tamas K Lengyel, Intel Corporation
In this talk we'll discuss Xen's new VM forking feature and the memory sharing subsystem it uses to achieve lightning-speed VM deployment. Forking a VM lends itself for use-cases where short-lived but identical VMs are useful, such as fuzzing. Using a hypervisor for fuzzing allows us to poke at code-locations that normally would be difficult or slow to fuzz, like the operating system itself. Without having to reboot the VM to recover it after a crash, fuzzing of the kernel and kernel modules can be achieved at great speed. We'll walk through the integration and harnessing required to start fuzzing a Linux kernel module using AFL on Xen. We'll further discuss other potential applications that are now achievable by combining Xen's VMI capability with VM forks. The presentation has been previously given at Xen Project Developer Summit 2020. This version of the talk will focus less on the hypervisor implementation details and more on the application of the system to fuzz various targets, such as system calls, kernel internal interfaces and even user-space applications.

Speakers
avatar for Tamas K Lengyel

Tamas K Lengyel

Senior Security Researcher, Intel Corporation
Tamas works as Senior Security Researcher at Intel corporation. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem... Read More →


Tuesday October 27, 2020 17:15 - 18:05 GMT
Linux Systems Theater
  Linux Systems, Testing & Fuzzing

17:15 GMT

Board Farm APIs for Automated Testing of Embedded Linux - Tim Bird, Sony & Harish Bansal, Timesys
For years, designers of automated testing systems have used ad-hoc designs for the interfaces between a test, the test framework and board farm software, and the device under test. This has resulted in a situation where hardware tests cannot be reused from one lab to another. This talk presents a proposal for a standard API between automated tests and board farm management software. The idea is to allow a test to query the farm about available bus connections, attached hardware and monitors, and other test installation infrastructure. The test can then allocate and use that hardware, in a lab-independent fashion. The proposal calls for a dual REST/command-line API, with support for discovery, control and operation - of hardware and network resources. It is hoped that establishing a standard in this area will allow for the creation of an ecosystem of shareable hardware tests and board farm software.

Speakers
avatar for Tim Bird

Tim Bird

Principal Software Engineer, Sony
Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the maintainer of the Fuego test framework, and is involved in various groups in the Linux Foundation, including LF Board of Directors... Read More →
avatar for Harish Bansal

Harish Bansal

Technical Engineer, Timesys
Harish Bansal is an Embedded Board Farm and Test Automation (TA) technical engineer manager at Timesys with 13+ years of applications development experience. Prior to joining Timesys, Harish worked for Honeywell India, Vocollect, and other companies. Harish holds a master's degree... Read More →



Tuesday October 27, 2020 17:15 - 18:05 GMT
OS Dependability Theater

17:15 GMT

Using Raspberry Pi With Connected Analog as Lab Instrumentation - Mark Thoren & Brandon Bushey, Analog Devices
Laboratory instrumentation - voltmeters, oscilloscopes or GHz network analyzers - have evolved from purely analog boxes (1970s), to incorporating digital control with rudimentary connectivity (1980s), to embedded systems (1990s), and finally, to fully connected machines running desktop operating systems, greatly simplifying automation tasks, and the (finally) simple task of getting a data file onto another machine for deeper data analysis. In this session, we will review how a number common tools like the Raspberrry Pi and the Linux kernel’s Industrial Input Output (IIO) framework can be leveraged with directly connected Analog I/O to speed up the development process, whether the end goal is performing a one-off experiment, inclusion in production automated test equipment, or prototyping designs for standalone benchtop instruments. Examples to be covered include: 1. A DC to 6GHz, low-distortion, RF signal source 2. A 24-bit, ultra-precise DC measurement system 3. A precision voltage source with 1 part per million linearity.

Speakers
MT

Mark Thoren

System Design / Architecture Engineer, Analog Devices
Most things electronic, electromechanical, instrumentation, test, measurement, system design, etc.I have sort of a random background, BS ag mechanical engineering, MSEE, 20 years in mixed signal electronics at Linear Tecnology and now Analog Devices.
BB

Brandon Bushey

Systems Design/Architecture Engineer, Analog Devices


Tuesday October 27, 2020 17:15 - 18:05 GMT
Wildcard Theater

18:30 GMT

OP-TEE is Ready: Let's Use It! - Rouven Czerwinski, Pengutronix e.K.
OP-TEE for i.MX6 SoCs is production ready, so we finally have a fully mainline way to use TrustZone on a widely available platform. So what are the scenarios where we it can increase security or allow new features? This talk will present the current state of OP-TEE from an upstream perspective on i.MX6 SoCs and show two different Trusted Applications (TAs) which provide secure data storage or TPM functionality. One of the presented applications will be the PKCS#11 TA which is currently being upstreamed into the mainline OP-TEE project. In conjunction with the OpenSSL PKCS#11 engine, it can be used to store client certificate data which can not be extracted from the device. The other application will be the Microsoft firmware TPM, which is provided as an out-of-tree TA with an upstream Linux kernel driver. It is meant as a replacement for conventional hardware TPMs and provides a tighter coupling to the chosen SoC. Furthermore this talk will highlight the necessary steps to actually secure OP-TEE on your chosen SoC, using the i.MX6 platform as an example.

Speakers
avatar for Rouven Czerwinski

Rouven Czerwinski

Embedded Software Developer, Pengutronix e.K.
Rouven works with security on embedded systems, specializing on i.MX6 processors.



Tuesday October 27, 2020 18:30 - 19:20 GMT
ELC Theater
  Embedded Linux Conference (ELC), Security

18:30 GMT

Optimizing and Developing Non-CPU Device Power Management by DEVFREQ - Chanwoo Choi, Samsung Electronics
Power Management is necessary for embedded devices because of the limited power capacity. Kernel provides DEVFREQ (Device Frequency) framework to optimize the power management for Non-CPU devices such as GPU, memory bus, storage and so on. The market requires high-quality image generated by GPU and data transfer via memory bus quickly and low latency for accessing the storage. In result, the power is more used than before. The power management for Non-CPU device is mandatory on embedded device. DEVFREQ provides the multiple governors for supporting DVFS and allows user to add their own governor instead of using default governors. But, DVFS feature is not enough to meet the performance demands. It supports PM_QOS interface to set the min/max requirements by user and collaborates with interconnect framework in order to guarantee the min/max bus bandwidth. Also, it is connected with thermal subsystem to protect overheat of device. Like this, DEVFREQ provides the power-management mechanism and the extensible flexibility to user. In this session, explain how to optimize the power management with DEVFREQ and how to develop DEVFREQ driver.

Speakers
avatar for Chanwoo Choi

Chanwoo Choi

Linux Kernel Developer, Samsung Electronics
Chanwoo Choi has been working in the Linux Kernel over 11 years as a Linux kernel developer and maintainer at Samsung Electronics since 2009. He has been working in Linux Kernel community as Maintainer for DEVFREQ, EXTCON and Samsung SoC Clock-Controller. He developed the ARM SoC's... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

Overview of the Open Source Vulkan Driver for Raspberry Pi 4 - Alejandro Piñeiro Iglesias, Igalia
Igalia has been developing a new open source Mesa driver for the Raspberry Pi 4 since December 2019. This talk will discuss the development story and current status of the driver, provide a high level overview of the major design elements, discuss some of the challenges we found in bringing specific aspects of Vulkan 1.0 to the V3D GPU platform and finally, talk about future plans and how to contribute to the on-going development effort.

Speakers
AP

Alejandro Piñeiro Iglesias

Developer, Igalia
Alejandro has been a free software developer since 2004. His experience includes a variety of GNOME and freedesktop.org projects, focusing since 2015 on Mesa, including the Intel OpenGL i965 driver, Broadcom OpenGL v3d driver, and Broadcom Vulkan v3dv driver. He is also the maintainer... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

The Fall of the Legacy - Vaibhav Gupta, Open Source Contributor
Power Management has always been a focal point in Linux, and along with PCI, it is like talking about fascinating powers subtle to handle. Among many ingredients of the magical PCI PM, PCI Core is a special one. The legacy framework provided good interaction between the Core and drivers, but a few years back, we came up with a generic approach that gave more control to the Core and made it possible for drivers to support PM without PCI helper functions. Vaibhav will discuss the simplification achieved after those unnecessary helper functions and the legacy support got removed as part of his project under the Linux Kernel Mentorship Program. He will talk about how this shift to the adoption of generic PM affects the performance and stability of PCI core functioning underneath. He will also discuss and share the work involved in converting drivers from legacy while balancing performance and stability along with changes to individual PCI drivers. You will come away with good knowledge of PCI PM and great respect for the community which has made it as performant as ever.

Speakers
avatar for Vaibhav Gupta

Vaibhav Gupta

Open-Source Contributor
Vaibhav Gupta is a senior year undergrad passionate about Kernel, Bootloader, Firmware, and any technology functioning closest to the hardware. He is an active contributor to Open-Source software. Recently, he worked on the Linux PCI Power-Management Framework under the Linux Kernel... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
Linux Systems Theater
  Linux Systems, Power Management

18:30 GMT

When You Come to a Fork in the Road, Take It: Finding Configuration Constraints from Kconfig, Kbuild, and the C Preprocessor - Paul Gazzillo, University of Central Florida
The Linux kernel source has thousands of compile-time configurations that allow for an enormous number of variations of the kernel binary. This extreme configurability enables the same codebase to be used for everything from refrigerators to cars to supercomputers. But such configurability also brings unique challenges to development and maintenance. Unexpected combinations of configuration options can expose unknown security holes, the sheer number of kernel variations makes testing all impossible, and the languages used to implement configurability hinder source-code tools such as IDEs, bug-finders, and refactoring tools. This talk will go over the challenges of scaling to Linux's massive configuration system and my research on using program analysis techniques and automated tools to extract configuration constraints from Kconfig, Kbuild, and the C preprocessor. I will demonstrate a free and open-source tool, klocalizer, resulting from this research. Given source files, klocalizer generates valid Kconfig kernel configurations that include the given source. Finally, I will go over future work and potential applications to testing, bug-finding, and security.

Speakers
avatar for Paul Gazzillo

Paul Gazzillo

Assistant Professor, University of Central Florida
Paul Gazzillo is an Assistant Professor of Computer Science at University of Central Florida. His research aims to make it easier to develop safe and secure software, and it spans programming languages, security, software engineering, and systems. Projects include program analysis... Read More →


Tuesday October 27, 2020 18:30 - 19:20 GMT
Linux Systems Theater

18:30 GMT

Unsolved Problems in Open Source Security - Rhys Arkins, WhiteSource
Very few people today doubt the principles and benefits of Open Source, but you can definitely be forgiven for having concerns about its security. Some of the ways we rely on Open Source today are fundamentally flawed, yet almost never discussed - from registries hosting unsigned artifacts of unreproducible source to package managers which propagate new versions of dependencies at the earliest opportunity. It's time to identify these unsolved - and mostly undiscussed - risks, evaluate their potential impact, and determine what can be done in the Open Source community to address them. This presentation will discuss why we need reproducible builds in open source, verified artifacts, and why the majority of package managers may need a substantial change, while one in particular got it right. It will also provide some recommendations on defensive use of open source particularly for products and industries at the highest risk of software supply chain attacks.

Speakers
avatar for Rhys Arkins

Rhys Arkins

Director of Product, WhiteSource
Rhys Arkins is the Director of Product at WhiteSource, where he focuses on Develop Solutions. Rhys joined WhiteSource in 2019 through the acquisition of the company he founded, Renovate Bot - an open source tool for automating dependency updates. He is a big proponent of using automation... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
OS Dependability Theater

18:30 GMT

Designing a Business Card that Runs DOOM - Exploring Low-Cost ARM Architecture - Ethan Sayre, Plano East High School
This talk discusses the exciting world of low-cost ARM processors and PCB design. How does one stand out in job interviews and networking events? By giving out business cards that run DOOM, of course! Ethan became interested in Embedded Systems after reading a blog post by George Hilliard, in which he describes the design and implementation processes of running Linux on a business card. This talk builds upon this idea, by explaining how anyone can build these barebones devices for themselves. In this talk, you'll learn about the criteria in selecting low-cost (

Speakers
ES

Ethan Sayre

Student, Plano East High School
Ethan Sayre is a student at Plano East High School. He has taken an interest in embedded systems and technologies, where he hopes to be in an engineering related career. Ethan is currently exploring mobile development, machine learning, and PCB/SBC design.



Tuesday October 27, 2020 18:30 - 19:20 GMT
Wildcard Theater
  Wildcard, Open Hardware

18:30 GMT

Tutorial: How to Ansible - John Hawley, VMware
Gone are the days when an administrator could, realistically, count the number of machines they were responsible for, and the days of very large scale deployments are here. This also means gone are the days when an admin could reasonably log into all of those machines to do the configuration by hand. Today it's best to rely on an automation framework to do this on a larger, more replicable, scale. Ansible is one such automation framework and this is a intended to walk folks through the very basics of Ansible, getting it set up, up and running, passing data, fetching information and generally getting comfortable with the basics of what configuration management is. This is a hands-on tutorial with specific walkthroughs by using virtual machines provided for the tutorial (a laptop sufficiently capable of running two virtual machines would be required).

Speakers
avatar for John Hawley

John Hawley

Open Source Developer, VMware
John 'Warthog9' Hawley led the system administration team on kernel.org for nearly a decade, leading a team including four other administrators. His other exploits include working on Syslinux, OpenSSI, a caching Gitweb, and patches to bind to enable GeoDNS. He's the author of PXE... Read More →



Tuesday October 27, 2020 18:30 - 20:20 GMT
101 Essentials Theater

18:30 GMT

Tutorial: Understanding What Happens Inside Kubernetes Clusters Using BPF Tools - Alban Crequy & Margarita Manterola Rivero, Kinvolk
Kubernetes provides a high-level abstraction layer that makes it easy to deploy distributed computing resources without knowing what’s happening in the kernel and applications. This is great when things work as expected, but when trying to root cause an issue, Kubernetes does not provide any help in inspecting these low-level details.

During this tutorial, we’ll look into how using tools based on eBPF functionality can help us better understand what’s going on inside our cluster. We’ll check out two tools that were specifically designed to run inside Kubernetes:
* Inspektor Gadget, which includes a few innovative gadgets as well as easy-to-use wrappers around BPF Compiler Collection (BCC)
* kubectl-trace, which allows to use the power of bpftrace on Kubernetes clusters

Using these tools, DevOps teams can answer debugging questions such as:
* What were the last system calls executed before the crash?
* What network policies do I need to apply in my cluster?
* What executables are being run on my cluster?
* What processes are reading to or writing to disk?

This is an interactive tutorial. To follow along, you'll need access to a test Kubernetes cluster. For simplicity, we recommend running a specific Minikube version, but other options are possible. Please check out the instructions at https://github.com/kinvolk/cloud-native-bpf-workshop in advance. This will help you make the most out of the workshop.

Speakers
avatar for Alban Crequy

Alban Crequy

Co-founder and Director of Kinvolk Labs, Kinvolk
Alban is Co-founder of Kinvolk and director of engineering for Kinvolk Labs. He has a particular interest in integrating BPF into Kubernetes. He’s a maintainer of the gobpf library and has worked on software in the cloud space using BPF with Golang: Weave Scope, Traceleft, Project... Read More →
avatar for Marga Manterola

Marga Manterola

Staff Software Engineer, Kinvolk
A Debian Developer and Open Source enthusiast, Marga has been working with Linux for over 15 years. Back in her hometown of Buenos Aires she led a large migration to Linux and open source tools, where she learned to navigate the tricky line between satisfying user needs and keeping... Read More →


Tuesday October 27, 2020 18:30 - 20:20 GMT
Cloud Theater
  Cloud + Cloud Native, Observability

19:30 GMT

PlutoSDR, the Making of an Ultra Low Cost, High Performance Linux Based Software Defined Radio - Michael Hennerich, Analog Devices GmbH
Building open but yet reliable and failsafe embedded hard and software systems from concept to production is a challenging task. This presentation introduces and explains in detail the hard- and software architecture, tips and tricks used in design of PlutoSDR. A high performance, low cost Linux based Software Defined Radio, aimed as Active Learning Module for students to introduce fundamentals of SDR, Radio Frequency (RF) and Communications, or for HAM Radio enthusiasts at all levels. The audience will learn about high speed streaming sampled data systems using the IIO subsystem. How to configure and interact with a device that has only one Button, LED but a also a USB OTG port. USB gadget configfs usage, mindful mtd partitioning, flash locking, u-boot DFU recovery, LEDs class, input event handling and how Gadget/Mass storage can be used for ease of use field firmware updates. The PlutoSDR allows students to better understand not just the real world RF around them, but also embedded Linux, open source software, FPGA HDL development and is applicable for all students, at all levels, from all backgrounds.

Speakers
MH

Michael Hennerich

Software Engineering Manager, Analog Devices GmbH
Michael is Open Source Engineering Manager at Analog Devices GmbH in Munich, and also passioned and licensed HAM Radio Amateur. He first talked about Embedded Linux for DSPs on the Embedded Systems Conference Silicon Valley back in 2006, since then Michael is an active Linux kernel... Read More →



Tuesday October 27, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

Precision Time Protocol (PTP) and Packet Timestamping in Linux - Antoine Tenart, Bootlin
Time synchronization is important when dealing with transactions, transmissions, logging, etc. on multiple machines and high accuracy can be required. The precision time protocol (IEEE 1588) aims at providing a clock synchronization protocol with an accuracy down to the sub-microsecond range. In this talk we'll see how the protocol works, what are its modes of operations (1-step, 2-step, grand master, etc.) and see what capabilities of the kernel are used, such as packet timestamping. We will also cover how and why timestamping can be offloaded to hardware devices (MAC, PHY, switches), in particular for PTP packets.

Speakers
AT

Antoine Tenart

Linux kernel engineer, Bootlin
Antoine is a Linux kernel engineer at Bootlin since 2014 and has been mostly working on networking (MAC, PHY, switch) and cryptography engines; on ARM, ARM64 and MIPS platforms. He also has experience in the Buildroot and Yocto/OE build systems.



Tuesday October 27, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

RunX: Deploy RTOSes and Baremetal Apps as Containers - Stefano Stabellini & Bruce Ashfield, Xilinx
Containers are incredibly convenient to package applications and deploy them quickly across the data center. This talk will introduce RunX, a new project under LF Edge that aims at bringing containers to the edge with extra benefits. At the core, RunX is an OCI-compatible containers runtime to run software packaged as containers as Xen micro-VMs. RunX allows traditional containers to be executed with minimal overhead as virtual machines, providing additional isolation and real-time support. It also introduces new types of containers designed with edge and embedded deployments in mind. RunX enables RTOSes, and baremetal apps to be packaged as containers, delivered to the target using the powerful containers infrastructure, and deployed at runtime as Xen micro-VMs. Physical resources can be dynamically assigned to them, such as accelerators and FPGA blocks. This presentation will go through the architecture of RunX and the new deployment scenarios it enables. It will provide an overview of the integration with Yocto Project via the meta-virtualization layer and describe how to build a complete system with Xen and RunX. The presentation will come with a demo on a Raspberry Pi 4.

Speakers
avatar for Stefano Stabellini

Stefano Stabellini

Principal Engineer, Xilinx
Stefano Stabellini serves as system software architect and virtualization lead at Xilinx, the world's largest supplier of FPGA solutions. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal... Read More →
avatar for Bruce Ashfield

Bruce Ashfield

Principal Engineer, Xilinx
Bruce Ashfield is currently a system software architect and Yocto technical lead at Xilinx, the worlds largest supplier of FPGA solutions. Previously, at Wind River, he created a embedded products based on the Yocto project. Bruce had a particular focus in virtualization and cloud... Read More →



Tuesday October 27, 2020 19:30 - 20:20 GMT
ELC Theater

19:30 GMT

State of Linux Gaming - Gabriel Krisman Bertazi, Collabora
For too long, Windows has been the de facto platform for any serious gaming on computers. In fact, there is still much resistance by game studios from supporting multiple platforms, which can be explained in part by the specific challenges of porting them. Computer games are prime examples of complex applications who need to squeeze every bit of processing performance possible out of the system, usually making use of very specialized engines who exploit very specific features of the platforms they were designed for. Instead of waiting for studios to port their games, Wine, and the more recent Proton effort, attempt to fully emulate the original environment these games rely on. Much of this work, though, can only be done efficiently with specialized support by the kernel. In this talk, we will review the recent efforts to improve Linux support for emulation, always with the goal of enabling and speeding up recently released games on Linux. In addition, we will discuss specific pain points for emulation on Linux that we plan to solve in the near future.

Speakers
GK

Gabriel Krisman Bertazi

Senior Software engineer, Collabora
Gabriel Krisman Bertazi is a Senior Software Engineer with the Collabora kernel team, working to improve the experience of gaming on Linux. He implemented several kernel features to efficiently run Windows games over Valve's Proton emulation module, like the new Futex operation Futex... Read More →



Tuesday October 27, 2020 19:30 - 20:20 GMT
Linux Systems Theater
  Linux Systems, Linux on the Desktop

19:30 GMT

Writing Robust Bash Scripts - Leonardo Gutierrez Ramirez, AutoZone
Over the years I have seen too many incidents in production due to developers not taking seriously shell scripts, this is a big mistake. Shell scripts usually helps us to perform simple tasks but also to wire important processes. It is possible to write robust and well crafted shell scripts as any other language. In this talk we will review a set of techniques to write safer and robust shell scripts to avoid any production incidents.

Speakers
LG

Leonardo Gutierrez Ramirez

Technical Architect, AutoZone
Leonardo Gutierrez is a passionate Java/Go/Shell Scripting/Rust Technical Architect at AutoZone, an American retailer of aftermarket automotive parts and accessories, the largest in the United States. Leonardo is currently working on several internal projects focused on improve Developer's... Read More →


Tuesday October 27, 2020 19:30 - 20:20 GMT
Linux Systems Theater

19:30 GMT

Deploying Linux in Safety Critical Applications - Three Key Challenges - Christopher Temple, Arm Germany GmbH
The next wave of highly automated and highly dependable automotive and industrial systems are driving a strong desire to deploy Linux in such systems. While dependability attributes like availability, safety and maintainability have already received attention in existing application domains like cloud computing the safety aspect is new. The safety aspect for Linux revolves around three key challenges. Firstly, the OS needs to provide specific services with sufficient safety properties to the safety application. Secondly, the OS needs to show intrinsic safety in a way that the OS itself does not become a source of hazardous operation. Thirdly, the OS needs to be able to interface adequately to underlying safety hardware such that safety properties provided by the hardware are enabled and maintained, and no new uncovered safety issues are introduced. The presentation will discuss issues and ideas around identifying sufficient safety properties, the challenges and potential solutions around intrinsic safety, and the state-of-the-art around safety enabled hardware and related integration needs in light of different application classes.

Speakers
avatar for Christopher Temple

Christopher Temple

Lead Safety and Reliability Systems Architect, Arm
As Lead Safety & Reliability Architect Dr. Chris Temple develops the safety and reliability technology roadmap, and drives thought leadership in next generation cost effective safety systems at Arm. Temple is active in the ELISA open source project, where he is investigating inter-dependencies... Read More →


Tuesday October 27, 2020 19:30 - 20:20 GMT
OS Dependability Theater

19:30 GMT

Ready to Switch to Open Hardware GNU/Linux PowerPC Laptop? - Roberto Innocenti, Not Profit Power Progress Community
Why today is possible to switch to a Open Hardware GNU/Linux PowerPC Laptop? As not profit association based only on volunteers I share the steps of our experience on design the eletrical schematics and the PCB of the Open Hardware PowerPC Notebook. Why we have choose the CERN Source Hardware License, and why we are ready for the OSHWA Certification process. How we have solved the problem to have the body of the laptop even for a small production in a non standardized and non-modular world of Notebook Chassis. Why thanks to FOSS its possible ( but not necessary simple) to have an OS and applications run in a today less Common Architecture in Consumer market, like Power Architecture ( PPC64) Big Endian. Good practice of writing open source codes not Endian Dependent its important to run GNU/Linux applications on every CPU Architecture. Our experience finding code written only for little-endian that we need that run on big-endian CPU.

Speakers
avatar for Roberto Innocenti

Roberto Innocenti

coord. PowerPC Notebook prj, Power Progress Community (not profit association)
Among the founders of the project Open Hardware PowerPC Notebook, presenter and ambassador of the project. President of the association Power Progress Community which deals with the promotion and dissemination of free software and open hardware. Ambassador and responsible in the last... Read More →



Tuesday October 27, 2020 19:30 - 20:20 GMT
Wildcard Theater
  Wildcard, Open Hardware
 
Wednesday, October 28
 

12:00 GMT

Linux Tracing with BPF, BCC and More - Mauricio Vásquez Bernal & Alban Crequy, Kinvolk
BPF is a virtual machine inside the Linux kernel that allows to load user defined programs that are attached to different kernel hooks (kprobes, tracepoints, uprobes, etc). One BPF’s application is to perform tracing at the kernel level as BPF programs can capture information about different kernel events. BCC (BPF Compiler Collection) is a set of libraries for different languages such as Python, C++, Lua and many ready-to-use tracing tools.  This talk will give a quick introduction of BPF. It’ll present an introduction to the BCC project and its features. A demo of the more popular BCC tools will be done. It’ll also show how to create (or customize) your own tools. Finally, it’ll show how BCC is integrated with other projects to perform tracing in cloud environments like Kubernetes.  

Speakers
avatar for Alban Crequy

Alban Crequy

Co-founder and Director of Kinvolk Labs, Kinvolk
Alban is Co-founder of Kinvolk and director of engineering for Kinvolk Labs. He has a particular interest in integrating BPF into Kubernetes. He’s a maintainer of the gobpf library and has worked on software in the cloud space using BPF with Golang: Weave Scope, Traceleft, Project... Read More →
avatar for Mauricio Vásquez Bernal

Mauricio Vásquez Bernal

Software Engineer, Kinvolk
Mauricio works as a software engineer in the Kinvolk Labs team. He is interested in eBPF, Kubernetes, networking and tracing technologies. In the previous years Mauricio has worked implementing high performance virtual network functions with eBPF. In 2019 he focused on the OpenTelemetry... Read More →


Wednesday October 28, 2020 12:00 - 12:50 GMT
101 Essentials Theater

12:00 GMT

Productionizing ML with ML Ops and Cloud AI - Kaz Sato, Google
The hardest part of ML adoption in enterprises is Productinization. As we see in recent discussions around ML Ops, there is a big gap between Data Scientists' PoC code and production ML development and operation with Ops team. Such as, preparing manageable ML dev environment, building a scalable ML serving infrastructure, setting up a ML pipeline for continuous training, and automated validation of data and model. In this session, we will learn how to leverage various Google's ML/AI offerings such as TensorFlow Extension (TFX), TensorFlow Enterprise, Cloud AI Platform Notebooks, Training, Prediction, and Pipelines for productionizing your ML service with the ML Ops best practices.

Speakers
avatar for Kaz Sato

Kaz Sato

Developer Advocate, Google
Kaz Sato is Staff Developer Advocate at Google Cloud for machine learning and AI products, such as TensorFlow, Cloud AI and BigQuery. Kaz has been invited as a speaker at major events including Google Cloud Next, Google I/O, NVIDIA GTC and etc. Also, authoring many GCP blog posts... Read More →


Wednesday October 28, 2020 12:00 - 12:50 GMT
AI/ML/DL Theater
  AI/ML/DL, MLOps

12:00 GMT

Comprehensive Observability of your Microservices Using Deep Linked Metrics and Traces - Ryan Allen, Chronosphere Inc.
Metrics are the perfect tool for setting up alerts and being notified when something goes wrong. Once you get notified, if the root cause of the issue is not obvious, it’s great to have other tools such as Distributed Tracing to get more details. It’s already hard enough to get from the metrics behind your alerts to the exact underlying problematic traces, but even when you get there, you often want to compare a problematic trace with a non-problematic one to determine the differentiators and help root cause the issue. This talk will demonstrate how you can link and jump straight from an alert notification to an underlying problematic trace along with how you can make use of the associations in the metrics space to get to a comparison with a non-problematic trace. This is accomplished with a combination of open source tools such as Prometheus, Jaeger, Grafana and M3. The audience will learn how recent advances in the community can enable them to reduce their time-to-mitigation by providing the relevant context of a good vs bad request directly from an alert notification. The talk will go over different scenarios and techniques from the one being presented at Kubecon EU.

Speakers
avatar for Ryan Allen

Ryan Allen

Senior Software Engineer, Chronosphere Inc.
Ryan is currently a Senior Software Engineer at Chronosphere working on M3 - an open-source distributed metrics engine. Previously he worked at Applied Predictive Technologies (APT) focusing on platform engineering and data analytics.


Wednesday October 28, 2020 12:00 - 12:50 GMT
Cloud Theater
  Cloud + Cloud Native, Observability

12:00 GMT

Development "Interrupt Storm Detection" Feature - Kento Kobayashi, Sony Corporation
While developing an embedded device, a developer may have to diagnose and fix an interrupt storm. An interrupt storm is when a continuous stream of interrupts occur due to hardware or device driver failures. Interrupt storms can hang the system and make debugging very difficult. Two ways to analyze interrupt storms are using a JTAG and using CONFIG_PSTORE_FTRACE functions. However, with these methods, it is required to prepare the JTAG hardware and JTAG settings file, analyze the acquired information, and so forth.  It also requires the user to specify the interrupt number related to the interrupt storm. To make debugging interrupt storms easier, we have developed an "interrupt storm detection" feature. This feature works by checking whether the number of interrupts within a certain period is over a threshold and then notifying the user. The Linux kernel already has an interrupt storm detection feature for spurious interrupts. However, this new feature detects storms for interrupts other than spurious interrupts and gives the developer control over the storm detection parameters.

Speakers
KK

Kento Kobayashi

Linux kernel developer, Sony Corporation
Kento Kobayashi is an software engineer in the Research and Development Lab of Sony Corporation. He has worked on various projects inside Sony, including software related to Sony's Aibo (personal/home robot dog) and Blu Ray Recorder. He works with the Linux kernel and develops technology... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
ELC Theater
  Embedded Linux Conference (ELC), Debugging

12:00 GMT

Issues with Open Source License Compliance in Consumer Electronics - Tim Bird, Sony
Complying with the myriad licenses for software that is used in a modern consumer electronics device can be a complicated process. In this talk, Tim will discuss lessons learned from license compliance activities with Sony consumer electronics products. Tim will describe best practices for things like offers for source, software distribution, and rebuildability of provided source. The GPL license requires ""complete and corresponding source"". Tim will explain what this means, and how that interacts with things like secure product lockdown. The history of the GPL v2 license, and intent of Linux kernel community leaders will be presented. Attendees should gain a better understanding of compliance requirements, and what issues to watch out for in managing the source code and requests for source for their embedded Linux products.

Speakers
avatar for Tim Bird

Tim Bird

Principal Software Engineer, Sony
Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the maintainer of the Fuego test framework, and is involved in various groups in the Linux Foundation, including LF Board of Directors... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
ELC Theater

12:00 GMT

Simplify and Reuse Your Driver's Code with Regmaps - Ioan Adrian Ratiu, Collabora Ltd
Regmaps allow you to abstract register-access by mapping memory regions to registers. At a first glance, one may not see the benefit of using regmap instead of directly calling the standard readl/writel functions. However, regmaps, as a register layout abstraction, bring more flexibility to the table: with regmaps you don't hold on to the specific details of your hardware register layout, opening the door to get your code to use slightly different variations of the same hardware platform just by setting the right register mapping at the driver's init phase. In this talk we will discuss this advantage and few others while looking at real examples where regmaps were used in mainline in the MIPI-DSI and Hantro media accelerator drivers.

Speakers
IR

Ioan-Adrian Ratiu

Senior Software Engineer, Collabora Ltd
Adrian Ratiu is a consultant Embedded Linux software engineer working for Collabora in its Core platform team. Recent areas of interest include SoC bringup, ASIC programming, display technologies like MIPI-DSI, media accelerators, PREEMPT_RT and others. Previously has attended and... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
ELC Theater

12:00 GMT

Virtual Topology for Virtual Machines: Friend or Foe? - Dario Faggioli, SUSE
Being able to craft a detailed virtual topology for a VM may be crucial for achieving good performance. But it is also risky, as interfaces become more complex, and an inconsistent configuration may be selected, causing more harm than good.

E.g., it would be good to be able to specify the size of caches, for cases when some software (e.g., glibc) inside the VM checks it and decides whether or not to enable some optimizations depending right on that.

On the other hand, even just defining the vCPUs topology (threads, cores, NUMA nodes, etc) may lead to less stable or outright worse performance, if the vCPUs and the memory of the VM are not properly pinned at the host level.

In this talk, we will show some first-hand examples, we will outline what is currently there in Linux, libvirt and QEMU and we will discuss if it is possible to improve things even further.

Speakers
avatar for Dario Faggioli

Dario Faggioli

Virtualization Software Engineer, SUSE
Dario is a Virtualization Software Engineer at SUSE. He's been active in the Open Source virtualization space for a few years. Initially, he worked only on Xen-Project, and he is still the maintainer of the Xen hypervisor scheduler. Back during his Ph.D., he worked on real-time scheduling... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
KVM Theater
  KVM Forum

12:00 GMT

A Faster Hibernation/Resume Using Opportunistic Memory Reclaim - Andrea Righi, Canonical
Hibernation is usually considered as an obsolete feature for laptops, but it can still provide significant benefits in many different scenarios, if it can be made to work reliably and efficiently. The main bottleneck of hibernation is the cost of I/O, both at hibernation and resume time, but it is possible to reduce this cost using opportunistic memory reclaiming techniques. Canonical has been actively experimenting hibernation in cloud computing and virtualized environments. In the process we had the opportunity to experiment some improvements and learn surprising lessons. This session shares some technical details of the solutions that we developed, the lessons learned and the results that we found.

Speakers
avatar for Andrea Righi

Andrea Righi

Kernel Engineer, Canonical
Andrea Righi works for Canonical as a Kernel Engineer, focusing on performance analysis, tracing, virtualization technologies and power management topics. Andrea started working with the Linux kernel in 2004 while he was a student at the University. His contributions were mostly focused... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
Linux Systems Theater
  Linux Systems, Power Management

12:00 GMT

Syscall Supervision - Christian Brauner, Canonical
Unprivileged programs such as containers employing user namespaces are severely restricted by the kernel to protect the host from malicious workloads. This means that certain syscalls are completely off-limits for critical workloads even when a privileged, supervising process such as the container manager can vouch for the safety. To solve this problem in a generic way we extended the Linux kernel to allow for syscall supervision. This means a process such as the container manager can receive notifications about the syscalls of a process running inside the container which remains blocked until the container manager allows it to proceed. In this talk we will look at how syscall supervision works in the kernel and how a container manager can use it to allow unprivileged containers to mount filesystems and create devices it would otherwise not be able to. We will also look at new features built on top of this enabling a container manager to inject and receive file descriptors from another process allowing to open() files for the container it would otherwise not be able to open.

Speakers
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →


Wednesday October 28, 2020 12:00 - 12:50 GMT
Linux Systems Theater

12:00 GMT

Panel Discussion: Bridging Modern DevOps and the Mainframe - John Mertic, Linux Foundation; Jenn Francis, IBM & Len Santalucia, Vicom Infinity, Inc.
Join this roundtable session to learn the latest approaches to integrating the mainframe into modern devops tooling and practices to accelerate delivery and drive true cross-platform applications. The panelists will discuss the challenges and opportunities that led to the creation of the Linux Foundation’s Open Mainframe Project and its Zowe initiative.  Launched last August, Zowe is the first open source project based on IBMz’s z/OS and serves as an integration platform for the next generation of tools for administration, management and development on z/OS mainframes. By utilizing new interfaces and an API mediation layer, enterprises can now more easily integrate rich mainframe resources and extend ‘API-first’ to the mainframe.

Speakers
avatar for Jenn Francis

Jenn Francis

Developer Advocate, IBM
During the day I am a Developer Advocate. In this role, I get the opportunity to work with customers, business partners, and vendors on leading-edge technologies and teaching developers how they can use them. I’m constantly challenged to find engaging ways to create technical material... Read More →
avatar for John Mertic

John Mertic

Director, Open Mainframe Project. Director of Program Management, Linux Foundation, Linux Foundation
John Mertic is the Director of Program Management for The Linux Foundation. Under his leadership, he has helped ASWF, ODPi, Open Mainframe Project, and R Consortium accelerate open source innovation and transform industries. John has an open source career spanning two decades, both... Read More →
avatar for Leonard Santalucia

Leonard Santalucia

Chief Technology Officer and the Business Development Manager, Vicom Infinity
Len Santalucia has been in the IT industry since 1973. He is presently the Chief Technology Officer and the Business Development Manager for Vicom Infinity, Inc, the Chairperson for the Linux Foundation Open Mainframe Project, a member of the IBM Z Academic Initiative advocate leadership... Read More →


Wednesday October 28, 2020 12:00 - 12:50 GMT
Wildcard Theater

12:25 GMT

The Importance of Non-code Contributions to Code-centric Open Source Projects - Marcel Kurzmann, Bosch
Handling Open Source Software in a compliant way requires a good Open Source Management that keeps you busy already. On the technical side, the component often can be downloaded, integrated and functionally tested within minutes. But what about the so called non-functional requirements.

For some Open Source Components, the necessary information as input for the Open Source Management is hard to find or even completely missing. Thus technically you can download and run the stuff, but from a legal perspective it might be, that you are not allowed to. Not because the Open Source Project wanted to actively avoid it, but the necessary "non-functional" requirements were not fulfilled yet.

This talk will show some examples for non-functional requirements, the experiences we have made at Bosch.IO with missing information and potential work-arounds. As the problem needs to be resolved at the root, the talk will highlight some community activities running that address these issues like clearlydefined.io, reuse.software, sharing-creates-value and sw360.


Speakers
avatar for Marcel Kurzmann

Marcel Kurzmann

Open Source Officer, Bosch.IO GmbH
Marcel Kurzmann joined Bosch in 1997. After establishing the test-automation service team at Bosch Engineering and Acquisition Project Management in the automotive section he took over the Quality Management of Bosch Software Innovations in 2008. From 2015 he is responsible for the... Read More →



Wednesday October 28, 2020 12:25 - 12:50 GMT
OS Program Office Management Theater

13:00 GMT

Releasing Code as Open Source Made Easy - SAP's Process and Tooling - Peter Giese, SAP SE
Managing open source at scale in global enterprises is all about continuous improvement. In this presentation, Peter will describe the evolution of SAP’s outbound open source process and tooling from its initial state that often took several weeks and required lots of manual steps to its current form that only takes a few days and is largely automated. SAP‘s new and improved process for releasing code as open source enables developers to easily start a new open source project and contribute code while being compliant and secure. The entire process workflow is automated and executed via GitHub in order to seamlessly integrate it into the standard development toolset of our developer community. This way our developers and our OSPO members benefit from using the same tooling that allows them to have full transparency into the status of any given request while being able to manage open source projects at scale with enterprise-grade quality and security.

Speakers
avatar for Peter Giese

Peter Giese

Director of Open Source Program Office, SAP SE
Peter Giese is Director of SAP Open Source Program Office. Peter is focusing on refining SAP’s open source strategy, developing new tools and approaches for managing open source at scale and on further promoting inner source at SAP. Since joining SAP in 1996, Peter has held several... Read More →



Wednesday October 28, 2020 13:00 - 13:25 GMT
OS Program Office Management Theater

13:00 GMT

Hands-On Real Time Stream Processing for Machine Learning - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning
This talk will provide a practical insight on how to build scalable data streaming machine learning pipelines to process large datasets in real time using Python Asyncio, Kafka, Faust, SpaCy and Seldon. We will be covering a case study performing automated content moderation on Reddit comments in real time. Our dataset will consist of 200k reddit comments from /r/science, 50,000 of which have been removed by moderators. We will be handling the stream data in a Kafka cluster, and the stream processing will be handled using the stream processing library Faust. We will be running the end-to-end pipeline in Kubernetes with various components legeraging SKLearn, SpaCy and Seldon. We will then dive into fundamental concepts on stream processing such as windows, watermarking and checkponting, and we will show how to use each of these frameworks to build complex data streaming pipelines that can perform real time processing at scale. Finally we will show best practices when using these frameworks, as well as a high level overview of tools that can be used for monitoring, including Grafana and Kafka Manager.

Speakers
avatar for Alejandro Saucedo

Alejandro Saucedo

Chief Scientist, The Institute for Ethical AI & Machine Learning
Alejandro is the Chief Scientist at the Institute for Ethical AI & Machine Learning, where he leads the development of industry standards on machine learning explainability, adversarial robustness and differential privacy. Alejandro is also the Director of Machine Learning Engineering... Read More →


Wednesday October 28, 2020 13:00 - 13:50 GMT
AI/ML/DL Theater
  AI/ML/DL, Data Versioning

13:00 GMT

Federated Monitoring Leveraging Open Source Technologies - Sanchit Sandeep Pathak & Akhil John, Platform9 Systems, Inc.
Since the advent of containerized infrastructure, one can’t simply extend the monitoring strategy that worked for VMs and expect it to work for containers. Due to container portability and the rise of Kubernetes, the need to adopt multi-cloud strategies has added even more complexity to application monitoring. The main reason is that Kubernetes adds another multi-component layer to software environments that must be monitored. One has to keep track of the health of the cluster, pods, containers, storage, and networking components within the cluster along with monitoring the applications and the underlying infrastructure itself. The application as a whole, Kubernetes itself, and the infrastructure can have issues under the unforeseen circumstances. To stay ahead of these issues, there is a need to have a comprehensive monitoring regime that addresses all the layers of a containerized, Kubernetes based environment. This proposal talks about taking a three-tiered approach to Kubernetes monitoring by identifying key pillars to adopt in order to monitor workloads most effectively with the use of open-source tools like Grafana, Prometheus, ELK and Cortex.

Speakers
SP

Sanchit Pathak

Sr. L1 Cloud Support Engineer, Platform9 Systems, Inc.
Employer: Platform9 Systems, Inc. Presented and won the Best Student Research Paper Award at the annual ITERA conference held in Indianapolis, Indiana in April 2019 for the topic "Native Cloud Implementations".
avatar for Akhil John

Akhil John

Sr. L1 Cloud Support Engineer, Platform9 Systems, Inc.
Employer: Platform9 Systems, Inc. Presented multiple conference papers on Open Source Technologies at DEFCON conferences. His expertise are in Linux/K8s networking.



Wednesday October 28, 2020 13:00 - 13:50 GMT
Cloud Theater
  Cloud + Cloud Native, Observability

13:00 GMT

Share System Resources on Multi-Processor System - Lionel Debieve, STMicroelectronics
New SoCs often embed multiple heterogeneous processors. Buses, memories or peripherals managed by the SoC could be allocated to different processors. Shared system resources, such as clocks or power controllers, might be critical in the system and need to be controlled by a high level privileged and trusted entity. Whatever the hardware solution used, software drivers must remain agnostics. The talk will present the shared resources constraints and how the STM32MP1 explores and extends the ARM System Control and Management Interface as solution for such shared resources management.

Speakers
LD

Lionel Debieve

Software Security developer, STMICROELECTRONICS
Security developer in STMicroelectronics, focus on MPU projects (STM32MP1), I'm fully engaged in the software boot chain development (Trusted firmware/OP-TEE based) and security constraint for IOT.



Wednesday October 28, 2020 13:00 - 13:50 GMT
ELC Theater
  Embedded Linux Conference (ELC), Security

13:00 GMT

Software Update Solutions for Yocto and OpenEmbedded - Leon Anavi, Konsulko Group
Software update of fleets of embedded Linux IoT devices has always been an important part of any product. In the past years several high-quality open source solutions for end to end updates emerged. The Yocto Project is an open source collaborative project of the Linux foundation for creating custom Linux-based systems for embedded devices using the OpenEmbedded build system. This session will explore the integration in Yocto and OpenEmbedded of A/B and binary delta updates over the air or through a USB stick. Comparison of four popular solutions will be provided: OSTree (meta-updater), Mender (meta-mender), RAUC (meta-rauc) and SWUpdate (meta-swupdate). We will discuss the advantages of each technology, review real life use cases, for example in Automotive Grade Linux (AGL), and provide the exact steps for using them on a Raspberry Pi. The Yocto Project and OpenEmbedded have been already adopted by a wide variety of industries. However, different industries have different requirements for software updates. This presentation will help you select the most appropriate solution for your use case based on practical examples. The talk is appropriate for anyone, including beginners.

Speakers
avatar for Leon Anavi

Leon Anavi

Senior Software Engineer, Konsulko Group
Leon Anavi is an open source enthusiast and a senior software engineer at Konsulko Group. He is an active contributor to various Yocto/OpenEmbedded meta layers, Automotive Grade Linux (AGL), Tizen any many other open source projects. His professional experience includes web and mobile... Read More →



Wednesday October 28, 2020 13:00 - 13:50 GMT
ELC Theater

13:00 GMT

The Common Challenges of Secure VMs - Janosch Frank, IBM
Secure VM technology on multiple architectures has been introduced in the last few years and is slowly gaining ground. The goal of protecting VMs against accesses and manipulation from the hypervisor can be achieved in many ways. However the challenges to get a secure VM up and running are mostly the same no matter the architecture and secure VM technology.  Let's have a look at the goals that secure VMs want to achieve, the challenges that need to be overcome to run them and how the architectures solved them. Also let's try to have a look into the future which will bring us secure VM migration, dumping and more device support and try to anticipate the challenges that are still waiting.  If we take a step back and have a look at the problems that are common to all architectures we might be able to find a common solution.

Speakers
JF

Janosch Frank

Software Engineer, IBM
Janosch Frank is a software engineer at IBM Germany and a s390 co-maintainer for KVM. He works on guest memory management, Protected Virtualization and KVM testing.



Wednesday October 28, 2020 13:00 - 13:50 GMT
KVM Theater
  KVM Forum

13:00 GMT

Real-time Linux: What is Next? - Daniel Bristot de Oliveira, Red Hat
With the PREEMPT_RT mainlining, is the real-time Linux development ended? - No! It is the beginning of a new era. The low latency provided by the nowadays communication channels and the need for a software stack for AI/ML present on Linux is enabling a new class of cyber-physical systems that depends on real-time kernel. But, is the real-time kernel ready to be used in such scenarios? This presentation is a discussion about the current state of Real-time Linux. It will talk about the kind of determinism that is possible to obtain with Linux and the type of determinism that is still not possible to achieve. The main goal is to point to the next opportunities in the development that can enable Linux for a class of systems that requires more robust evidence of correctness, including the formal verification of the kernel and the mathematical analysis of the timing properties of the kernel.

Speakers
avatar for Daniel Oliveira

Daniel Oliveira

Principal Software Engineer, Red Hat
Daniel is a Principal Software Engineer at Red Hat, working in the real-time kernel team, and has a Ph.D. in Automation Engineering (UFSC)/Computer Engineering (Scuola Superiore Sant'Anna). He works in the research and development of real-time features and runtime formal verification... Read More →


Wednesday October 28, 2020 13:00 - 13:50 GMT
Linux Systems Theater

13:00 GMT

The Compact C Type (CTF) Debugging Format in the GNU Toolchain: Progress Report - Elena Zannoni & Nicholas Alcock, Oracle
The Compact C Type Format (CTF) is a reduced form of debug information describing the type of C entities such as structures, unions, etc. It has been ported to Linux (from Solaris) and used to reduce the size of the debugging information for the Linux kernel and DTrace. It was extended to remove limits and add support for additional parts of the C type system. Last year, we integrated it into GCC and GNU binutils and added support for dumping CTF data in ELF objects and some support for linking CTF data into a final executable (and presented at this conference). This linking support was preliminary: it was slow and the CTF was large. Since last year, the libctf library and ld in binutils have gained the ability to properly deduplicate CTF with little performance hit: output CTF in linked ELF objects is now often smaller than the CTF in any input .o file. The libctf API has also improved, with support for new features, better error reporting, and a much-improved CTF iterator. This talk will provide an overview of CTF, the novel type deduplication algorithm used to reduce CTF size and discuss the other contributions of CTF to the toolchain, such as compiler and debugger support.

Speakers
EZ

Elena Zannoni

Senior Director, Oracle
Elena Zannoni is the manager for the Linux Toolchain and Tracing team at Oracle. The team covers the GNU toolchain and DTrace for Linux, among other things. Elena was one of the original GDB global maintainers and has spoken worldwide on topics related to tracing at many conferences... Read More →
avatar for Nick Alcock

Nick Alcock

Senior Staff Engineer, Oracle
Nick (Nix) is a Senior Staff engineer at Oracle. Among Nick's tasks is DTrace for Linux, and now he is focusing on Binutils and CTF.



Wednesday October 28, 2020 13:00 - 13:50 GMT
Linux Systems Theater
  Linux Systems, Programming Languages and Toolchains

13:00 GMT

Matrix - Open, Secure, Decentralised, Real-Time Communication Across Networks - Oleg Fiksel, Deutsche Telekom
Matrix is an open source project that publishes and implements the open standard for secure, decentralized, real-time communication.

In this talk I want to introduce Matrix as a Chat platform. Thanks to it’s unique functionality of Bridges it can unite other networks and has additional, cool features.

If you are privacy aware and still want to reach your friends on other networks - Matrix is the right choice.

Speakers
avatar for Oleg Fiksel

Oleg Fiksel

Technical Cloud Architect
Oleg started working in IT when he was 16 years old as a computer repair technician in a small IT company.He has extended his knowledge in his study of informatics on the RWTH Aachen University. Now Oleg has over 19 years of planing, customizing and maintaining IT projects for various... Read More →



Wednesday October 28, 2020 13:00 - 13:50 GMT
Wildcard Theater
  Wildcard, Open Source Project Updates

16:15 GMT

Collaborative Leadership: Governance Beyond Company Affiliation - Dawn Foster, VMware
The unbridled success of Kubernetes can be attributed in part to being in the CNCF. Putting Kubernetes under a neutral foundation provided a level playing field where each of us could contribute, collaborate, and innovate as equals to create a widely adopted solution that we can all use. Open source projects that are controlled by a single company are at a greater risk of changes that are not aligned with community interests, whereas projects that are under neutral foundations have a lower risk both for end users and software vendors. With advantages that include community building, innovation, and wider adoption, we should consider contributing more of our open source projects to neutral foundations, like the CNCF.

This talk will cover:
  • Challenges of giving up control and why it might be worth it.
  • Selecting a foundation and how to determine neutrality.
  • Creating a fair and neutral governance structure and processes for your project.
  • Tips for contributing and maintaining your project. 

The audience will get practical advice about whether they should contribute their projects to neutral foundations along with how and when to do it.

Speakers
avatar for Dawn Foster

Dawn Foster

Director of Open Source Community Strategy, VMware
Dawn is Director of Open Source Community Strategy within VMware’s Open Source Program Office. She is on the board of OpenUK, an organization committed to developing and sustaining UK leadership in Open Technology. Dawn is on the Governing Board and is a maintainer for the Linux... Read More →



Wednesday October 28, 2020 16:15 - 16:40 GMT
OS Program Office Management Theater

16:15 GMT

Preparing for Kubernetes Certification Exams - Tim Serewicz, The Linux Foundation
People of have stress about the unknowns of taking a practical exam. In this session, we will discuss an approach to preparing for Kubernetes certification. In keeping with the exam requirements we will not discuss specific exam content, rather use provided documentation to understand what to expect and suggestions for preparation. Question and answer session after the presentation.


Speakers
avatar for Tim Serewicz

Tim Serewicz

Course Developer / Technical Trainer, Training - The Linux Foundation
When Tim Serewicz started teaching Linux system administration classes at IBM, his boss thought Linux was “just a fad.” Serewicz has since made a full-time career out of teaching admins the latest technologies in the ever-evolving and growing Linux ecosystem. He has taught at... Read More →



Wednesday October 28, 2020 16:15 - 17:05 GMT
101 Essentials Theater

16:15 GMT

Milvus, How to Accelerate Approximate Nearest Neighbor Search (ANNS) for Large Scale Dataset - Jun Gu, Zilliz
Deep learning models has been proven to be an effective method to extract content from unstructured data like image, video, sound and text. When using pre-trained DL models in production, people will need to handle huge amount of feature vectors. Milvus is an open source vector similarity search engine, which could help users to perform efficient similarity search over billions of vectors. Jun has already introduced the big picture of Milvus project in previous OSS North America event. This time Jun will introduce the technology used in Milvus project, and how Milvus would accelerate ANNS for large scale dataset. Milvus is an incubation project in LF AI foundation.

Speakers
JG

Jun Gu

Technology evangelist, Zilliz
Jun Gu is the partner of Zilliz, performing the Senior Architect role. Before joined Zilliz, Jun received his under graduate degree of Computer Science from Peking University and worked as database technician for 14 years in companies like ICBC, IBM, Morgan Stanley and Huawei. Jun... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
AI/ML/DL Theater
  AI/ML/DL, Data Versioning

16:15 GMT

Fast Execution for Function Compositions in Serverless Computing - Ruichuan Chen & Istemi Ekin Akkus, Nokia Bell Labs
Serverless computing has rapidly gained traction with its promise of continuous scaling and low costs without the hassle of managing servers. Though it was originally aimed for running single functions, developers have embraced it to compose scalable applications with multiple interacting functions. However, many platforms map individual functions of an application into their own containers and require them to be stateless. This creates the biggest downside of serverless computing: serverless applications suffer high performance penalties from long invocation delays among functions and slow access to externalized application state. In this presentation, Ruichuan and Ekin revisit these design choices and propose an alternative with KNIX: grouping an application’s functions in the same container as separate processes while isolating different applications in different containers. Coupled with process forking and locality mechanisms, this design allows function executions to start and interact about an order of magnitude faster compared to current serverless platforms. In addition, it examines the use of stateful, addressable function executions for fast access to application state.

Speakers
RC

Ruichuan Chen

Research Scientist, Nokia Bell Labs
Ruichuan Chen received the Ph.D. degree in computer science from Peking University in 2009. He was a Postdoctoral Researcher at the Max Planck Institute for Software Systems, Germany. He is currently a Research Scientist at Nokia Bell Labs, Stuttgart, Germany. His works have been... Read More →
IE

Istemi Ekin Akkus

Research Scientist, Nokia Bell Labs
Istemi Ekin Akkus received the Ph.D. degree from Max Planck Institute for Software Systems, Germany, in cooperation with the Technical University of Kaiserslautern, Germany. In the past, he was involved in Web privacy, data recovery for Web applications, and peer-to-peer systems... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
Cloud Theater

16:15 GMT

Supporting Hardware-Accelerated Video Encoding with Mainline - Paul Kocialkowski, Bootlin
The media subsystem and the V4L2 API have recently been extended to support hardware-accelerated video decoding for stateless implementations, with drivers such as cedrus and hantro supporting embedded platforms like Allwinner and Rockchip. While the stateless decoding work is being finalized, the next order of business is stateless video encoding. This talk will present the research and first implementation attempts to support H.264 encoding, using the Hantro H1 hardware. It will start with an introduction to H.264 encoding and rate-control approaches, one of the key aspects of encoding. It will follow with details about the hardware and provide an overview of the implementation challenges, choices that were made and their limitations for a common interface that can apply to any kind of stateless H.264 encoder. With that, a general picture of what a generic stateless encoding API for V4L2 would look like will be drawn.

Speakers
avatar for Paul Kocialkowski

Paul Kocialkowski

Embedded Linux Engineer, Bootlin
Paul joined Bootlin in 2018 and started with bringing support for the Allwinner VPU to mainline Linux. He went on to cover more topics related to graphics and multimedia, with various contributions to the DRM Linux subsystem and related projects. Before that, Paul worked on boot software... Read More →



Wednesday October 28, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

The Yocto Project on Windows - Alejandro Enedino Hernandez Samaniego, Microsoft
The Yocto Project and OpenEmbedded are widely used across the world for their great capability for building customized Linux distributions and applications for embedded products. However, due to inherent characteristics of the compilation process and toolchain, the build required being executed on a native Linux host, this is sometimes a limitation since Windows is used by most companies employees and in this case can't be used as a development system. The previous statement is no longer true, the Yocto Project can be used under Windows, allowing developers to have easy access to a development system increasing productivity and efficiency. This presentation will guide the audience through the process of creating Linux operating systems and applications on Windows, introducing them to the Windows Subsystem for Linux (WSLv2), compare usability, performance and include personal experience while performing this task, performing a demonstration of its usage interactively.


Wednesday October 28, 2020 16:15 - 17:05 GMT
ELC Theater

16:15 GMT

Virtualization for the Masses: Exposing KVM on Android - Will Deacon, Google
Despite virtualisation hardware being implemented in all arm64 Android devices, it is seldom available to KVM and instead tends to run bespoke payloads targeting security and data isolation.

The Android-KVM project at Google aims to extend upstream arm64 KVM to cater for the requirements of mobile guest payloads. Of critical importance is the notion that the host cannot access guest memory without the explicit permission of that guest. This requires a split between the KVM code at EL2 and the host kernel at EL1, along with standardised communication between the host and its guests for mutually controlled shared memory instantiation and a degree of portability between hypervisor implementations.

This presentation will offer a quick tour of the arm64 virtualisation architecture before diving into some of the challenges and open problems that we have faced while enabling KVM for Android.

Speakers
WD

Will Deacon

Software engineer, Google
Will is a software engineer in the Android Systems team at Google, where he divides his time between co-maintaining the upstream arm64 Linux port and leading the project to enable KVM on Android devices. He has previously spoken about the Arm architecture and concurrency topics at... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
KVM Theater
  KVM Forum
  • Skill Level Any
  • Technical Talk Yes

16:15 GMT

A Technical Deep Dive into the QEMU Emulated NVMe Device - Klaus Jensen, Samsung Electronics
The QEMU generic machine emulator and virtualizer includes a wide range of emulated devices. These devices can be very useful for debugging a software stack and for prototyping new features that is yet to be available in hardware and firmware. In this technical talk we focus on "prototyping new features" in the emulated NVMe device. We will go through the core event loop of the upstream device and explore how the recently ratified Namespace Types and Zoned Namespaces NVMe Technical Proposals can be implemented. Finally, we will design a custom (non-spec) command and go through a prototype implementation. We will then discuss how such a QEMU prototype implementation helps when developing the associated software stack and see how the feature can be tested and verified from a Linux host.

Speakers
avatar for Klaus Jensen

Klaus Jensen

Staff Software Engineer, Samsung Electronics
Klaus is a Software Engineer with a background in academia. He has worked in the area of High Performance Computing, old school UNIX systems, taken a stint in an IT consultancy and written a PhD on tape. He has been involved in the OpenChannel SSD community, and currently, in the... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
Linux Systems Theater

16:15 GMT

Software Quality and Testing – Recognize and Fix the Risks - Boris Cipot, Synopsys
Software development is continually changing and in doing so, it is becoming more complex. To keep up with this evolution the landscape of development, testing tools and security requirements have all progressed. Development teams are finding themselves under more pressure, to not only build quality software with tight time pressures, but ensuring it is compliant with both internal and external standards, for example GDPR. In this session, we will look at what these problems are and how you can combat them.

Key takeaways:
  • Understand what are the problems are in today’s software development and testing
  • Understand solutions for secure software development and testing
  • How to find vulnerabilities and other risks earlier in the software development lifecycle
  • How to reduce operational, security and license compliance risk

What will we talk about:
  • What are today's problems in Software testing?
  • Why is it so hard to keep the quality of the software high?
  • What to consider when using tools as a solution?
  • What is SCA and why it matters?

Speakers
avatar for Boris Cipot

Boris Cipot

Senior Security Engineer, Synopsys
Boris Cipot is a senior security engineer at Synopsys. He helps companies of all shapes and sizes to create secure software. Boris joined Synopsys when Black Duck Software was acquired in 2017.  He specializes in open source software security, robotics, and artificial intelligence... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
OS Dependability Theater
  OS Dependability

16:15 GMT

Skynet - Peer to Peer Application Hosting - Chris Schinnerl, Skynet Labs
User content on the Internet today is controlled by a small number of corporations. Most content has one of these corporations as a single point of failure and is subject to arbitrary terms and moderation policies. We present Skynet, an open-source peer to peer blockchain network for hosting content and applications. We describe how Skynet combines encryption, erasure coding, and an open marketplace that allows anyone to sell their spare storage and bandwidth to the network to create an alternative infrastructure for content creators. We will describe in detail some of the game theory, economic incentives, and content delivery algorithms that allow our live network to achieve extreme uptime and performance that is comparable to the modern web. We showcase that the decentralized Internet has reached a turning point of reliability and usability.

Speakers
avatar for Chris Schinnerl

Chris Schinnerl

Vice President of Engineering, Skynet Labs
I grew up in Austria and studied Computer Science at the Technical University of Graz starting 2011.During that period (starting 2013) I also worked as a Software Engineer for AVL List Gmbh in Graz.I joined SkynetLabs (formerly Nebulous) in 2017 as a Core Developer and since summer... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
Wildcard Theater
  Wildcard, Blockchain

17:15 GMT

Leveraging an Open Source Project Catalogue to Select the Right Project - Marcel Kurzmann, Bosch.IO GmbH
As one of our tasks in the Open Source Office, we need to check Open Source Projects for their suitability of our company's corporate participation. In the course of these checks we collect a lot of necessary "public" information (e.g. URLs, CLA yes/no, ... ) that we currently try to document in a standardized way and reuse within the company. We see a potential to share and collaborate with other companies having the same interest as well as other interested parties that could reuse the data for different use cases. In the talk we would like to share our current metadata-model-ideas and our vision for a common Open Source Project Catalogue to make the life for Open Source Program Offices easier.

Speakers
avatar for Marcel Kurzmann

Marcel Kurzmann

Open Source Officer, Bosch.IO GmbH
Marcel Kurzmann joined Bosch in 1997. After establishing the test-automation service team at Bosch Engineering and Acquisition Project Management in the automotive section he took over the Quality Management of Bosch Software Innovations in 2008. From 2015 he is responsible for the... Read More →



Wednesday October 28, 2020 17:15 - 17:40 GMT
OS Program Office Management Theater

17:15 GMT

Monitoring: A New Approach - Tom King, The Linux Foundation
Monitoring consists of Collecting, Storing, Displaying and Graphing operating data for your Systems and networks. We do this to allow us to locate problems, optimize resource usage, notify personnel of issues that need resolving. In this talk, we will talk about where things are going with Monitoring/Alerting and demonstrate some current trends on the subject.

Speakers
TK

Tom King

Instructor, The Linux Foundation
40yrs working in Embedded, 14yrs working with Embedded Linux Build Systems(buildroot and OE/YP). Instructor for Linux Foundation. Specializes in embedded system for Broadcast Applications.


Wednesday October 28, 2020 17:15 - 18:05 GMT
101 Essentials Theater

17:15 GMT

Become a Data Driven Organization through Unified Metadata Using ODPi Egeria - Mandy Chessell, IBM
Become a data-driven organization through exploration of the latest developments and trends in managing compliance, GDPR, data catalogs and governance. The ODPi Egeria project at the Linux Foundation will share how IBM, ING and others are collaborating to build an open ecosystem (interfaces, repositories, tools and experts to collaborate and exchange content) while adhering to governance guidelines and imperatives. Join this session to learn how an open metadata and governance and how you can benefit from it.

Speakers
avatar for Mandy Chessell

Mandy Chessell

ODPi TSC Chairperson and ODPi Egeria project chairperson. IBM Distinguished Engineer, IBM
Mandy Chessell CBE FREng CEng FBCS is an IBM Distinguished Engineer, Master Inventor and Fellow of the Royal Academy of Engineering. Mandy is a trusted advisor to executives from large organisations, working with them to develop their strategy and architecture relating to the governance... Read More →


Wednesday October 28, 2020 17:15 - 18:05 GMT
AI/ML/DL Theater
  AI/ML/DL, Data Versioning

17:15 GMT

Being Fluentd with Logs - Phil Wilkins, Capgemini UK
Understanding what is happening with applications, particularly in a distributed solution (microservice or scaled monolith) can be challenging. Whilst the solution space for monitoring and application log management is mature, there is a tendency for organizations to end up with multiple tools which overlap in this space to meet different needs, or one tool not meeting all needs. Many of these tools work by bulk central analysis rather than enabling events of interest to be spotted as they’re logged. Fluentd presents us with a means to achieve a monitoring capability allows us to choose the log analytics tool(s) that meet our needs. We can create the chance to become more reactive or even proactive. Ease the complexity of hyper-distribution with microservice and serverless solutions. In this session we’ll explore the challenges of modern log management. We’ll look at how Fluentd works and what it can bring to making both development and ops activities easier. To do this we’ll explore and demo some examples of Fluentd and how it makes life easier & more effective.

Speakers
PW

Phil Wilkins

Enterprise Integration Architect (Technology Evangelist, Ace Director), Capgemini UK
Phil Wilkins has spent over 25 years in the software industry with a breadth of experience in different types of businesses and environments from multinationals to software startups and consumer organizations including a global optical and auditory healthcare provider. He started... Read More →


Wednesday October 28, 2020 17:15 - 18:05 GMT
Cloud Theater

17:15 GMT

Burnout - When Your Mind is Tired - Jan Altenberg, Continental Automotive GmbH
Over the past few years burnout has become an increasingly serious topic for companies and for Open-Source communities. High demands in our working environments and constant availability by email, phone and social media are only a few of the factors that can increase our stress level drastically. People working on Open-Source are usually highly skilled and passioned for what they are doing. Bringing all these facts together the risk of suffering a burnout can be extremely high. Therefor it is essential for all of us to get a better understanding for this topic: As a company, as a community and as a developer. Based on personal experience Jan Altenberg will give some insights about the phenomenon of burnout, how to spot symptoms early and how to deal with it as an affected person, as a co-worker and as a team leader. Furthermore, this presentation wants to raise awareness for this subject which still seems to be a “taboo topic” in many companies and communities.

Speakers
avatar for Jan Altenberg

Jan Altenberg

Open-Source Compliance Officer, Continental Automotive GmbH
Jan Altenberg has more than 15 years of experience in developing and maintaining Embedded Linux systems. He studied information technologies at the University of Cooperative Education in Stuttgart (Germany). From 2002 - 2006 he was involved in the OCEAN project, a european research... Read More →



Wednesday October 28, 2020 17:15 - 18:05 GMT
Community & Business Leadership Theater
  Community Leadership, Community Management

17:15 GMT

Let’s Test with KernelCI - Khouloud Touil, Baylibre
A growing number of Linux developers want to use KernelCI to run their test suites, but there’s a bit of a learning curve for how to make test suites work with KernelCI.  “Let’s Test with KernelCI” will give an overview of the ways to integrate test suites and/or test results into the KernelCI modular pipeline. One option discussed will be having the kernelci.org service run the test suites for you and collect the results. But many developers and companies have existing test and automation infrastructure already running, so we will also discuss how to leverage existing infrastructure. Another option is to take advantage of already running test infrastructure and submit test results to KernelCI.

Speakers
KT

Khouloud Touil

Embedded Software Engineer, Baylibre
Khouloud is a junior embedded software engineer working for BayLibre in France. She has worked on a variety of embedded Linux based products, including VR headsets, contributes to the CI and automated testing (CIAT) project of Automotive Grade Linux and is also active in the new KernelCI... Read More →


Wednesday October 28, 2020 17:15 - 18:05 GMT
ELC Theater
  Embedded Linux Conference (ELC)

17:15 GMT

The State of PTXdist - Roland Hieber, Pengutronix
PTXdist has been around as a build tool for Embedded Linux systems for more than 16 years now. During its monthly release cycle, besides the usual maintenance tasks, useful features are continuously being added. In the last years, these included support for kconfig deltas and layered BSPs, infrastructure for cryptographic code signing and license compliance, support for reproducible builds, and online reference documentation. With its configuration menu for selecting the software packages for your target system, and a template wizard for creating new packaging rules, PTXdist makes it possible to get a booting BSP in almost no time. Advanced users will feel familiar with PTXdist's makefiles, and can profit from fast edit-compile-run cycles by using nfsroot and cross-gdb integration. This talk gives an overview over the core concepts and the current feature set of PTXdist, and is intended for new as well as old users. This talk is based on a submission from FOSDEM 2020, and will also include the developments in the last six months, as well as set its focus more on the usability features.

Speakers
avatar for Roland Hieber

Roland Hieber

Integration Hacker, Pengutronix
Roland is a systems and integration hacker at Pengutronix and therefore has been sending patches for many different open source projects over the years. He feels at home in bash and GNU make code, and is not afraid of autotools.



Wednesday October 28, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

The Yocto Project's First Decade - Jeffrey Osier-Mixon, Linux Foundation & Nicolas Dechesne, Linaro
This presentation is a retrospective of the first ten years of the Yocto Project, from technical, governance, and community perspectives. The Yocto Project launched at the Embedded Linux Conference Europe in 2010. The last ten years have seen the project evolve from a joint venture among several initial stakeholders to a global de facto standard for building embedded Linux distributions at scale. With a huge community of embedded Linux professionals, operating systems providers, silicon companies, and tens of thousands of users in every capacity, the Yocto Project has encountered a number of challenges and opportunities, and continues to be a key technology across many industries. Presented by the past and present Yocto Project community managers, this presentation includes technical highlights as well as trips down memory lane, with tributes from past and present figures in the project, many photographs, and a view toward the future. Please join us in this virtual celebration.

Speakers
avatar for Jefro Osier-Mixon

Jefro Osier-Mixon

Program Manager, Linux Foundation
"Jefro" Osier-Mixon has been an open source professional since the early 1990s as a technical writer and occasional developer as well as community manager, program manager, and OSPO leader. His primary activities over the years have included the Yocto Project, Zephyr Project, GNU... Read More →
avatar for Nicolas Dechesne

Nicolas Dechesne

Yocto Project Community Manager, Linaro
Nicolas is working for Linaro and manages a team of developers focused on improving the state of Qualcomm chipset in upstream Linux. He maintains an OpenEmbedded BSP layer for Qualcomm chipset. When Nicolas joined Linaro he led a team of developers who designed and implemented the... Read More →



Wednesday October 28, 2020 17:15 - 18:05 GMT
ELC Theater

17:15 GMT

Optimizing for NVMe Drives: The 10 Microsecond Challenge - Stefan Hajnoczi, Red Hat
Solid-state storage devices with request latencies of less than 10 microseconds pose challenges for virtualization. Even small overheads result in a visible reduction of I/O performance. Solving this requires changes to the I/O stack.

This talk covers recommended tuning and current work on improving I/O performance for QEMU guests with NVMe drives.

The first part to achieving good I/O performance is to ensure that the guest is taking advantage of multicore and NUMA effectively. This involves both manual tuning and recently added optimizations for getting the most out of the hardware.

The second part is efficient I/O request submission and completion. Traditionally this involved vmexits and eventfds, but improvements to QEMU's AioContext polling can eliminate them and achieve much higher performance.

Come find out how close to bare metal performance QEMU gets!

Speakers
avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan has been active in QEMU since 2010 and is a Senior Principal Software Engineer in Red Hat's virtualization team with a focus on storage. He works on virtio drivers in Linux and helps maintain the block layer and tracing in QEMU. He also organizes and mentors in the Google Summer... Read More →


Wednesday October 28, 2020 17:15 - 18:05 GMT
KVM Theater
  KVM Forum

17:15 GMT

Customized Trace Data Visualization with KernelShark - How to Write User Plugins. - Yordan Karadzhov, VMware
KernelShark is a front-end reader of tracing data and its data visualization capabilities have been proven very useful. Nevertheless, there are cases when the user has specific needs, that go beyond what is provided by the built-in visualization model. Although, the user customization was one of the key features incorporated in the design of KernelShark v1, the possibility to write plugins was not taken advantage by the KernelShark users. We believe that this will change with the release of KernelShark 2.0. The new version includes a substantial improvement to the infrastructure for plugins. The plugin development process was greatly simplified, while at the same time the user has more ways to customize. This talk will be a brief overview of how to create your own plugins and will demo some of the new key features in KernelShark 2.0, that are implemented in the form of plugins.

Speakers
avatar for Yordan Karadzhov

Yordan Karadzhov

Open source engineer, VMware
Yordan Karadzhov has more than 12 years of experience as experimental physicist, includes a Ph.D. in particle physics. During this period Yordan worked in some of the world's largest physics laboratories, like CERN, FermiLab and RAL, developing software for particle physics experiments... Read More →



Wednesday October 28, 2020 17:15 - 18:05 GMT
Linux Systems Theater
  Linux Systems, Tracing

17:30 GMT

Lightning Talk: Unravelling the Linux Kernel Using BPF Raw Tracepoints - Abhijit Singh, Uber
This talk aims at presenting the potential of BPF raw tracepoints. In a static tracepoints present in the Linux kernel, a dynamic tracer like ftrace or kprobe+bpf, might not get desired information about arguments passed in the tracepoint(e.g. many fields related to the task_switch struct aren't accessible such as nvcsw and nivcsw in the sched_switch tracepoint). With the introduction of BPF raw tracepoints, we can create a BPF program which can investigate each argument being passed to the tracepoint upon its invocation. The talk will commence with the rationale to introduce a raw BPF tracepoint. It would then present the signature of the BPF_RAW_TRACEPOINT api. It would also present a couple of example BPF programs which use raw tracepoints. 1) a program which prints the arguments being passed to the openat system call 2) a program which calculates total involuntary context switches, voluntary context switches over time for a system The talk would also highlight the low performance overhead of raw tracepoint as compared to other tracing infrastructure like kprobe+bpf.

Speakers
avatar for Abhijit Singh

Abhijit Singh

Software Engineer, Uber
I'm a software engineer, currently working in Uber. Previously, I used to work as a Performance Engineer at Azul Systems where I conducted thorough performance analysis of JVM applications and the underlying systems. I'm a keen systems performance enthusiast and follow Linux kernel... Read More →


Wednesday October 28, 2020 17:30 - 17:40 GMT
Linux Systems Theater
  Linux Systems, Tracing

17:40 GMT

Are You Wise in the Ways of Open Source Compliance? Taxonomy and the Tools of Open Source Compliance - Gergely Csatari, Nokia & Yann Jorelle, Nokia/Aalto University
Different organizations do open source compliance differently. The approach, the level of automation and the compliance practices vary. In addition different open source communities have created a selection of tools for the compliance verification. Some tools fit some approaches better than other. But how does my organization’s approach compare to another organization’s? What tools could be useful for me? Are the tools any good? In order to compare approaches, tools and see what fits and what doesn't, the industry needs a common way to name and address the different steps in the open source compliance process. This presentation dissects the open source compliance checking steps, names and describes them (Sir Bedevere, wood, and a duck. Or was it lead?). It also describes the different approaches different companies take to executing these steps, particularly describing the Nokia approach. As a practical step, the presentation shows the results of our study to investigate how the current open source compliance tools perform the different steps of open source compliance. We might also relieve if the tools weigh the same as a duck…

Speakers
avatar for Gergely Csatari

Gergely Csatari

Senior Open Source Specialist, Nokia
Gergely is working in the central part of Nokia-s OSPO and partially responsible for the outgoing contributions. He is also responsible for cloud infrastructures a contributor to CNTT, the OpenStack ECG and the CNCF TUG. Speaker experiences cover several presentations in OpenStack... Read More →
YJ

Yann Jorelle

Summer Trainee, Nokia / Aalto University
I'm a third year computer science bachelor student at Aalto University, Espoo Finland. I have been working during the summer of 2020 as a trainee at Nokia Open Source Initiatives, mainly focusing on investigating and testing the different open source tools for open source complia... Read More →



Wednesday October 28, 2020 17:40 - 18:05 GMT
OS Program Office Management Theater

18:30 GMT

Inference on (the) KubeEdge - Adrian Gonzalez-Martin, Seldon
Machine learning models usually make predictions based on data coming from a wide range of IoT devices. If we think of images, audio recordings or brain waves we can see that they are all measured using hardware sensors. After being read, this data is usually sent to remote clusters where inference is performed. Wouldn’t it be great if we could expand these devices to also make predictions? Edge computing can help to address the privacy, latency and data ownership concerns by bringing this computation to the “edge”. In this talk we will discuss these concerns and we will introduce KubeEdge as a solution to treat our edge devices as Kubernetes nodes, which will enable us to use existing Kubernetes tools to deploy machine learning models and perform real-time inference.

Speakers
avatar for Adrian Gonzalez-Martin

Adrian Gonzalez-Martin

Machine Learning Engineer, Seldon
Adrian is a Machine Learning Engineer at Seldon, where his focus is to extend Seldon’s open source and enterprise machine learning operations products to solve large scale problems at leading organisations in the Automotive, Pharmaceutical and Technology sectors. When he is not... Read More →



Wednesday October 28, 2020 18:30 - 19:20 GMT
AI/ML/DL Theater
  AI/ML/DL, AI on the Edge

18:30 GMT

Monitoring at Global Scale with M3 and Prometheus - Gibbs Cullen, Chronosphere
For the past few years Prometheus has solved the monitoring needs of many and it is exceptional at what it does. Prometheus has exploded in popularity and now many wish to store more metrics, at longer retention and establish a single pane of glass on top of Prometheus for their monitoring needs across regions.

 M3 is an open source metrics platform that you can deploy and run using Kubernetes and Helm that integrates with Prometheus. It can store petabytes of metrics data with replication for high availability in a cost efficient manner, with compaction averse time series storage and index that can efficiently index and run dimension based regexp queries on billions of metrics.

 Using a real world example we will cover in this talk how to deploy M3Coordinator and M3DB using the M3 Kubernetes operator and connect your Prometheus instances together into a single global monitoring system.

Speakers
avatar for Gibbs Cullen

Gibbs Cullen

Developer Advocate, Chronosphere
Gibbs Cullen is a developer advocate at Chronosphere and makes it possible for the community to understand the concepts behind Prometheus and using M3 as a long term storage, in addition to helping the community with best practices in alerting, monitoring and configuring their deployment... Read More →


Wednesday October 28, 2020 18:30 - 19:20 GMT
Cloud Theater

18:30 GMT

U-Boot: Porting and Maintaining a Bootloader for a Multimedia SoC Family - Neil Armstrong, BayLibre SAS
Porting and maintaining Linux for a Multimedia SoC is one thing (already very complex), but without a proper Bootloader, how would we do ? For the last 4 Years, we were pushing Upstream Linux support for the Amlogic Multimedia SoCs with very well-known Single Board Computers like Odroid-C2, Libre Computer Le Potato, Khadas VIMs... but a key point was missing until 2 years ago: a clean Bootloader. We only relied on the Vendor Bootloader, but it quickly became an issue for various reasons: - was complex to rebuild - even more complex to enhance and fix - did some weird and quirkly hardware enablement before linux - was confusing because the vendor Bootloader behavior changed over time So we implemented an all-most complete U-Boot support for these Amlogic SoCs, including HDMI video support and support Android AOSP boot. And a big bonus appeared: we got UEFI support for free ! Neil will go through all the development process, what we achieved, the remaining work and how U-Boot maintenance and code quality evolved over time.

Speakers
avatar for Neil Armstrong

Neil Armstrong

Embedded Linux Engineer, BayLibre SAS
Embedded Linux Engineer since 2008, Neil worked on designing and supporting small in-house designed SoCs for Digital TV Content Protection, Set-Top-Box or Security Co-Processor, and is now Embedded Linux Expert in the Baylibre team. He ports, maintains and upstreams Linux support... Read More →



Wednesday October 28, 2020 18:30 - 19:20 GMT
ELC Theater
  Embedded Linux Conference (ELC), Bootloader

18:30 GMT

Understand ECC Support for NAND Flash Devices in Linux - Miquèl Raynal, Bootlin
Due to its physical characteristics, NAND flash technology requires the use of Error Correction Codes to detect and correct bit flips in the data stored on such devices. The NAND subsystem in Linux has recently seen some improvements in its support for ECC, and this talk is an opportunity to review what are the basic principles of ECC algorithms, what are the common algorithms used for NAND flashes, and how ECC is supported in Linux for both parallel NAND flashes and SPI NAND flashes. We will discuss how ECC can be done by the NAND chip itself, by the NAND controller, by an external controller, or on the CPU, and how these different possibilities are integrated in the Linux MTD subsystem.

Speakers
avatar for Miquèl Raynal

Miquèl Raynal

Embedded Linux engineer and kernel maintainer, Bootlin
Miquèl Raynal joined Bootlin in 2017 as an embedded Linux engineer. He is the maintainer of the NAND subsystem in the Linux kernel, and a co-maintainer of the MTD subsystem. Over the past years, he has made significant contributions to the Linux MTD subsystem, and has already spoken... Read More →



Wednesday October 28, 2020 18:30 - 19:20 GMT
ELC Theater

18:30 GMT

KVM Address Space Isolation - Alexandre Chartre, Oracle & Ofir Weisse, Google
First investigations about Kernel Address Space Isolation (ASI) were presented at Linux Plumber and KVM Forum last year. Kernel Address Space Isolation aims to mitigate some cpu hyper-threading data leaks possible with speculative execution attacks (like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS)). In particular, Kernel Address Space Isolation will provide a separate kernel address space for KVM when running virtual machines, in order to protect against a malicious guest VM attacking the host kernel using speculative execution attacks.

Several RFCs for implementing this solution have been submitted. This presentation will describe the current state of the Kernel Address Space Isolation proposal with focusing on its usage with KVM, in particular the page table mapping requirements and the performance impact.

Speakers
avatar for Ofir Weisse

Ofir Weisse

Senior Software Engineer, Google
Ofir is a senior software engineer at the Google Cloud kernel team. His work focuses on providing better security for the cloud without compromising performance. Ofir received his PhD from the University of Michigan, where his research focused on micro-architecture and security. His... Read More →
AC

Alexandre Chartre

Consulting Developer, Oracle
Alexandre Chartre is a Consulting Developer in the Linux and Virtualization engineering team at Oracle. Lately, he has been focusing on security issues on Linux, in particular on Spectre and Meltdown issues (and all variants and derivatives) and their impact on virtualization and... Read More →



Wednesday October 28, 2020 18:30 - 19:20 GMT
KVM Theater
  KVM Forum

18:30 GMT

Building Linux Distributions for Fun and Profit - Margarita Manterola, Kinvolk
There's many different approaches to building a linux distribution. Should we aim to have one distro to rule them all? Or should we have a specialized distro for each need? When does it make sense to go for one or the other? When running software on Kubernetes, does the distro running on the nodes make a difference? What about the distros in the containers? Marga has been building linux distributions for over 15 years. She started as a volunteer in the Debian project, continued as an engineer at Google, building the operating system used by other Google engineers. Currently, she is working on Flatcar Container Linux, Kinvolk's container optimized OS. This talk will build upon her experience to shed light on the advantages and disadvantages of having general purpose distributions vs narrow focus ones. Focusing in particular on the manageability and security implications at scale for cloud native applications. It will touch upon the redefined boundaries between the software running on the base OS and the containers, how to keep everything up to date, and how to stay sane in our current containerized world.

Speakers
avatar for Marga Manterola

Marga Manterola

Staff Software Engineer, Kinvolk
A Debian Developer and Open Source enthusiast, Marga has been working with Linux for over 15 years. Back in her hometown of Buenos Aires she led a large migration to Linux and open source tools, where she learned to navigate the tricky line between satisfying user needs and keeping... Read More →


Wednesday October 28, 2020 18:30 - 19:20 GMT
Linux Systems Theater

18:30 GMT

Making it Easier to Make Things: WebAssembly and the Internet of Things - Jonathan Beri, Golioth, Inc. & Alvaro Viebrantz, Leverege
WebAssembly is moving beyond the browser - but is it ready for IoT apps and tiny embedded devices? Yes...ish. In this talk, learn about the state of running Wasm on embedded devices (as low as 512kb of RAM & 64 MHz) and what's left to solve. Also learn where Wasm can today help with IoT protocols and tools. Since February there has been a significant development in Wasm runtimes and the developer of WASI - the WebAssembly System Interface. This talk will focus on the latest developments in WebAssembly beyond the browser and IoT.

Speakers
avatar for Alvaro Viebrantz

Alvaro Viebrantz

Product Engineer, Leverege
avatar for Jonathan Beri

Jonathan Beri

CEO, Golioth, Inc.
Jonathan is a product guy who has been building developer platforms for more than a decade. During his time at Google he worked on teams like Android, Firebase and Nest. At Nest he worked on the open standard Thread networking protocol and the open source implementation OpenThread... Read More →


Wednesday October 28, 2020 18:30 - 19:20 GMT
Wildcard Theater
  Wildcard, WebAssembly (Wasm)

18:30 GMT

Tutorial: In Linux System Security, WE believe! - Panos Kalorogiannis, National Bank of Greece
The presentation aims and deepens the security of Linux operating systems. Specifically, it concerns system administrators and engineers, system architects, and everyday users in general.  After the presentation, the user will be able to provide optimum security to their system through SELinux, Linux pluggable authentication modules, process monitoring, manage users whether they are regular users or system users, and perform system auditing. In addition, users will be able to scan their system for vulnerabilities and check whether an update is necessary to be applied.  Finally, it would be important to note that to accelerate such actions, automation is important. This will, of course, be achieved through bash scripts.

Speakers
avatar for Panos Kalorogiannis

Panos Kalorogiannis

System Security Engineer, National Bank of Greece


Wednesday October 28, 2020 18:30 - 20:20 GMT
101 Essentials Theater

18:55 GMT

If You Can't Measure It, You Can't Manage It - How to Assess Project Health - Ivana Atanasova & Stefka Dimitrova, VMware
Open Source is already established as a standard for many evolving technologies and there is almost no project that is not based on it or using it in some aspect. This type of software can give maintainers and contributors independence on how they can lead and develop their projects, but more freedom means higher responsibility for the project leadership. One major role of an Open Source Program Office (OSPO) is to assist projects to become sustainable and recognized as reliable for adoption. In this talk, we will share the example criteria that measure a project’s “health” and will discuss how to interpret the data to identify potential problems. The CHAOSS project’s Augur tool has developed over the past years to enable this type of data collection and metrics measurement. Prior talks from the CHAOSS community have covered details about the analysis approach that Augur is using, while we will focus more on the OSPO perspective as project adopters. We will show demos of projects we are working with and how we assess their health. We believe that such knowledge can benefit the whole ecosystem and provide guidance that is highly useful for all stakeholders.

Speakers
avatar for Ivana Atanasova

Ivana Atanasova

Open Source Engineer, VMware
Ivana Atanasova is an engineer within VMware's Open Source Program Office. She’s been contributing to various projects including OpenFaaS, Network Service Mesh, and Augur. Previously she’s been working as a contractor for NLP related projects in the Bulgarian Academy of science... Read More →
avatar for Stefka Dimitrova

Stefka Dimitrova

Open Source Program Manager, VMware
As a Program Manager in the Open Source Community Strategy team within VMware’s OSPO, Stefka is working on guidelines and tools to foster community development and improving project health of VMware-Originated Open Source projects. Her work includes driving metrics that help automate... Read More →



Wednesday October 28, 2020 18:55 - 19:20 GMT
OS Program Office Management Theater

19:30 GMT

How Jina Saves Your Time on Building Cloud-Native Neural Search Systems - Han Xiao, Jina AI
Today, with the ever more long documents and multimedia data, finding the right information is more important and challenging than ever. The rise of deep learning has ushered in a new era of "neural search". However, building a neural search system is non-trivial work for most of the engineers. The main challenges are: (1) long dev cycle due to the complex tech stack (2) poor scalability due to the glued-architecture (3) strong requirements on the domain knowledge to fine-tune the results. With Jina (https://github.com/jina-ai/jina), engineers can quickly build up a search engine powered by state-of-the-art AI in just minutes. In this talk, I will introduce the design philosophy and the key features of Jina; and showcase how Jina bootstraps a QA semantic search system and a short-video search system in just lines of code.

Speakers
HX

Han Xiao

CEO, Jina AI
Dr. Han Xiao is the Founder & CEO of Jina AI. Han has worked in AI OSS for quite some time. His Fashion-MNIST and bert-as-service were listed as the most popular AI open-source projects in 2017&18 world-widely. In 2018-2020, Han led a team on neural information retrieval at Tencent... Read More →


Wednesday October 28, 2020 19:30 - 20:20 GMT
AI/ML/DL Theater
  AI/ML/DL, Machine and Deep Learning

19:30 GMT

Panel Discussion: KVM-based Virtualization Contributor Q&A - Stefan Hajnoczi & Richard W.M. Jones, Red Hat; Susie Li, Intel; Hubertus Franke, IBM; David Kaplan, AMD; Peter Maydell, Arm
A Q&A panel discussion on a variety of topics (technical and non-technical) related to KVM, QEMU, securing virtual machines, and more. The discussion will be for about an hour. Topics will be chosen based on several sources: prepared list, audience questions on a live Etherpad, or interesting tangents based on live discussion.

Speakers
PM

Peter Maydell

Principal Software Engineer, Arm
Peter works for Arm, but has been seconded into Linaro for the last ten years to handle all things Arm in QEMU, including CPU architecture emulation, support for KVM virtualization on Arm servers, and herding an ever-increasing number of board, SoC and device models. He also didn't... Read More →
RW

Richard W.M. Jones

Senior Principal Software Engineer, Red Hat
Richard Jones works at Red Hat. He works on virtualization, importing VMs from other hypervisors to KVM, RISC-V, Fedora, and Unikernels.
avatar for Stefan Hajnoczi

Stefan Hajnoczi

Senior Principal Software Engineer, Red Hat
Stefan has been active in QEMU since 2010 and is a Senior Principal Software Engineer in Red Hat's virtualization team with a focus on storage. He works on virtio drivers in Linux and helps maintain the block layer and tracing in QEMU. He also organizes and mentors in the Google Summer... Read More →
HF

Hubertus Franke

Distinguished Research Staff Member, IBM
Dr. Hubertus Franke is a Distinguished Research Staff Member at the IBM T.J.Watson Research Center since 1993. His area of current work and interests are the area of operating systems, virtualization, processor architectures, cloud runtimes and security. Some time back he has also... Read More →
SL

Susie Li

Software Engineering Director, Intel
Susie Li is an Software Engineering Director in Intel. She joined Intel in 1999 and had been involved in leadership role for a variety of software projects, including UEFI/Tiano, virtualization (KVM, Xen, ACRN, HAXM), Yocto Linux, Linux kernel and OpenStack, etc. Susie is a two-time... Read More →
DK

David Kaplan

Fellow, AMD
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Product Security Organization. He is the lead architect for the AMD encrypted virutalization features and has worked on both CPU and SOC level security features... Read More →


Wednesday October 28, 2020 19:30 - 20:20 GMT
KVM Theater
  KVM Forum

19:30 GMT

A New Futex2() System Call - André Almeida, Collabora
System calls grow old and show their age too. That is exactly the case of futex(), a fast synchronization mechanism for userspace added in the good old days 2.X kernels, hence kernel developers have been trying to improve its performance and add new features to cope with the requirements of more modern workloads. However, during these discussions in the mailing list one thing became very clear: we need a new version of the syscall, that can enable not only more complex use cases but also key performance improvement inside the kernel. This talk will present the challenges the new interface should address, the current progress on this new interface development, besides the outcomes from Linux Plumbers Conferece 2020.

Speakers
avatar for André Almeida

André Almeida

Consultant Associate Software Engineer, Collabora
André Almeida is a Linux Kernel Developer and an Associate Software Engineer at the open-source consultancy Collabora, where he's currently hacking core kernel subsystems, like futex and storage. He had previously spoken at Open Source Summit and DebConf.


Wednesday October 28, 2020 19:30 - 20:20 GMT
Linux Systems Theater

21:00 GMT

BoF Discussions: To Be Announced
There will be 4 topic-specific BoF discussions for KVM Forum Attendees to participate in during the event. 
Topics and access links will be coming soon! 

Wednesday October 28, 2020 21:00 - 23:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes
 
Thursday, October 29
 

06:00 GMT

Look Ma’, No (Real) Interrupt Controller! - Marc Zyngier, Google & Christoffer Dall, Arm
Modern interrupt controllers are very complicated constructs with complex interfaces, only matched by the complexity of the software that emulates them. In a hypervisor, this software often lives at a privileged exception level, exposing an attractive attack surface for malicious actors, and making it difficult to verify the correctness of the hypervisor. This is problematic for many hypervisor deployments, especially when aiming to provide trusted execution environments. To address these concerns, we present a paravirtualized interrupt controller architecture, which is easier to verify, provides the minimum level of service that a VM requires as well as consistent semantics, and which has the potential to be used across CPU architectures. This gives the opportunity to consider trade-offs between performance and complexity, and the applicability to being built or accelerated in hardware.

Speakers
avatar for Christoffer Dall

Christoffer Dall

Principal Engineer, Arm
Christoffer Dall wrote the first implementation of KVM for the Arm architecture and co-maintained KVM/Arm in Linux for several years. Christoffer currently works for Arm, doing computer architecture with a focus on security and virtualization technologies. Christoffer Dall has a PhD... Read More →
MZ

Marc Zyngier

Software Engineer, Google
Marc has been working on the Linux kernel since an unexpected encounter with 0.99pl13 in 1993. His first contribution was merged in 1996 in the form of the original version of the MD driver. Having played with fault tolerant systems at Bull, worked on exotic (and ultimately doomed... Read More →


Thursday October 29, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

06:00 GMT

vDPA Support in Linux Kernel - Jason Wang, Red Hat
vDPA device means a type of device whose datapath complies with the virtio specification but with a vendor specific control path. In this session, the support for vDPA in Linux Kernel will be presented. A brief review of vDPA about its history, motivation and status will be briefed first. Then the design and implementation of kernel vDPA subsystem will be discussed. vDPA kernel subsystem is designed to work for any type of vDPA device with the flexibility to be easily integrated with new hardware technologies. The vDPA kernel subsystem cooperates with virtio and vhost subsystem for providing a unified and safe API for kernel virtio and userspace vhost driver to use. Vendor vDPA hardware driver is required for accepting request from vDPA subsystem and translate them to vendor specific command. Management integration and future work will be covered at the end of the session.

Speakers
JW

Jason Wang

Principal Software Engineer, Red Hat
Experienced Senior Software Engineer working for Red Hat with a demonstrated history of working in the computer software industry. Maintainer of qemu networking subsystem. Co-maintainer of Linux virtio, vhost and vdpa driver.



Thursday October 29, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

AMD-vIOMMU: A Hardware-assisted Virtual IOMMU Technology - Suravee Suthikulpanit & Wei Huang, AMD
There have been various usages of IOMMU in virtual machines (VMs), especially for supporting pass-through devices within a VM. Several virtual IOMMU (vIOMMU) solutions have been proposed and implemented, which are mostly done in an emulated fashion. This talk will focus on the technical details of a new hardware-assisted vIOMMU technology introduced in the AMD second-generation EPYC platforms. The goal of this technology is to improve the performance of vIOMMU for pass-through devices. We will discuss how the support is implemented in AMD IOMMU driver for when it is running in the host, as well as how it is being modified to use the v2 I/O page table for DMA-API when running in the guest. As a proof of concept, QEMU is modified to leverage the vIOMMU hardware via a new ioctl interface. This presentation will cover the implementation details of our initial design.

Speakers
avatar for Suravee Suthikulpanit

Suravee Suthikulpanit

Linux Contributor, Open-Source Contributor, AMD
Suravee Suthikulpanit works for AMD Server Software Group. His work mainly focus on Linux kernel and the open-source virtualization software. Within AMD, Suravee works with the hardware design and performance teams on future feature definitions. Suravee has been a regular contributor... Read More →
WH

Wei Huang

Open-Source Contributor, AMD
Wei Huang is a member of AMD Server Software Group, with current focus on server OS and x86 virtualization. Wei has contributed to Linux kernel and various open source virtualization projects (Xen, KVM/QEMU, etc.), and presented a number of times at various technical conferences... Read More →



Thursday October 29, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

Evaluate Implementation Options of KVM-based Type1 (or 1.5) Hypervisor - Jun Nakajima, Intel
We share our evaluation of KVM-based Type1 (or 1.5) hypervisor (KVM++) to discuss which option is the best for the community, showing the pros and cons of the implementation options. At the last KVM Forum, we showed a high-level architecture of KVM++, where we can isolate guest memory from the host except the areas for I/O buffers, in order to better protect and isolate guests. In terms of the implementation, one extreme is to run it as a KVM guest on top of a hypervisor that consists of KVM/mini-Linux. At the other end, we deprivilege it with almost everything passthrough except memory access. The former requires nested virtualization if KVM is used on the host Linux. The latter doesn’t. Those implementations can affect overhead and latency of the systems as well, and the implication and impacts can depend on the platform (i.e. client vs. server).

Speakers
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corp.
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Jun presented a number of times at technical conferences, including KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX. He has... Read More →


Thursday October 29, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

07:00 GMT

A Virtual IOMMU With Cooperative DMA Buffer Tracking - Yu Zhang, Intel
Direct assignment of I/O devices requires the host to statically pin the entire guest memory, thus hindering the efficiency of memory management. Presenting a vIOMMU can fix this but suffers from non-negligible cost of emulating the guest DMA remapping operations. Yu proposes a new vIOMMU architecture with a cooperative DMA buffer tracking mechanism, which is dedicated to achieving fine-grained pinning and is orthogonal to the costly DMA remapping interface. The new mechanism minimizes the VM-exits when enabling host/guest to coordinate the mapping/pinning requirement of active DMA buffers. It is designed in a vendor-agnostic way, thus can be applied to either emulated or para-virtualized vIOMMUs, Paper of this idea was accepted by USENIX ATC’20. In this talk, Yu'd like to talk more about the design/implementation challenges in KVM/Qemu, current status and upstreaming plan.

Speakers
YZ

Yu Zhang

Virtualization Developer, Intel Corporation
Yu is a virtualization developer from Intel's virtualization team. He had 10+ years’ experiences in virtualization areas from I/O to CPU/memory virtualization, from performance tuning to security enhancements. Yu’s public presentation experience includes Xen summit/LC3 conference/Intel... Read More →



Thursday October 29, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Forum, KVM

07:00 GMT

Hypervisor Based Integrity: Protect Guest Kernel in Cloud - Ning Yang & Forrest Yuan Yu, Google
There are multiple efforts from the community that tries to bring Virtualization based security into the industry and there are a number of papers published every year to discuss the benefit of this approach. Hypervisor Based Integrity(HBI) is product Google Cloud is currently investing to be the public offering for such security hardening in the Cloud. The talk will cover the place where this implementation fits in the Cloud environment, the relationship between this mechanism and other security enhancement for the Linux kernel, what HBI can protect/monitor, special challenges encountered along the road. In addition, it will also cover an overview of the new hypervisor security kernel module Google plans to upstream and show how all hypervisor/VMM can easily implement the support for it so guest VM can move across different providers while getting the same security guarantee.

Speakers
avatar for Ning Yang

Ning Yang

Senior Software Developer, Google Inc
Ning is a Senior Software Developer at Google Compute Infrastructure Team. He contributes to Google internal VMM, including device emulation and guest firmware/driver support. Worked on bringing UEFI(OVMF) into Google Cloud and the Google Cloud Shielded VM project, which provides... Read More →
FY

Forrest Yuan Yu

Software Developer, Google Inc
Forrest is a software engineer at Google working on firmware, virtualization and making GCP more secure for customers.



Thursday October 29, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Speed Up Creation of a VM With Pass Through GPU - Liang Li, DIDI Chuxing
Creating a virtual machine (VM) instance with GPU will take more time than creating a VM without GPU, the gap depends on many factors, eg. System configuration, RAM size of VM, type of GPU and the count of GPU cards, from several seconds to serval minutes. It impacts user experience, and in some situation it becomes unacceptable. In this session, Liang will first introduce the factors affect the creation time of a VM with GPU, and then elaborate some issues in QEMU and linux kernel. In the end, Liang will show the solutions for these issues in detail and their achievement for the optimization.

Speakers
avatar for Liang Li

Liang Li

Senior Expert Engineer, DIDI Chuxing
Liang has 7 years experience in embedded system software development and 7 years experience in system virtualization. He is working for DIDI and focus in the area of system virtualization and public cloud. He had two topics about live migration optimization on KVM forum in 2015 and... Read More →



Thursday October 29, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Trap-less Virtual Interrupt for KVM on RISC-V - Siqi Zhao, Huawei
Virtual interrupt is an integral part in virtualization. However, so far the handling of virtual interrupt always involve traps to the host with the exception only in the case of passthrough devices. For example, interrupts from the timer, the virtual device and between virtual CPUs still need the host software to inject. This situation incurs non-negligible overhead in interrupt-intensive scenarios. A design that eliminates most of the traps to host for handling interrupts is presented. The solution includes a new virtualization-aware interrupt controller and the accompanying software implementation in KVM. With this design, delivery of the above interrupts on longer involve traps to the host, improving performance. The interrupt controller design has been implemented on an emulated RISC-V platform due to its simplicity in design and potential for pioneering new virtualization ideas.

Speakers
SZ

Siqi Zhao

Senior Engineer, Huawei Technologies Co., Ltd
Siqi Zhao is a Senior Engineer currently in Huawei Technologies Co., Ltd. He is working on the ongoing next generation virtualization project. Before joining Huawei, he had spoken in conferences such as Usenix Security and Euro S&P during his Ph.D. studies.



Thursday October 29, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

10:00 GMT

Advanced Parallel Memory Virtualization - Yulei Zhang, Tencent
Nowadays AI, machine learning are dominating the computing world, companies in this industry are willing to deploy their infrastructure in the machines with massive amount of memory and processors to train their algorithms. However, currently the cloud providers map the resources to virtual machines on demand by using the hardware provided mechanisms (such as page fault, etc.), this way is flexible indeed, unfortunately it will introduce tremendous performance drop for the guest with massive memory during migration or other scenarios. In this presentation, we propose our solution to this challenge, we developed a lockless mechanism to boost the concurrency while mapping guest memory. Relay on this solution, we could provide a faster and consistent environment to perform DL model training, inference and other workload which request substantial resources.

Speakers
YZ

Yulei Zhang

Senior Software Engineer, Tencent
Yulei has more than 10 years experienced software developer working in Virtualization area. Used to work on GFX driver and involve in Intel GPU virtualization technology(a.k.a Intel GVT-g). He is currently a senior software developer Tencent Cloud, his recent presentations were: "Adaptive... Read More →



Thursday October 29, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Forum, KVM

10:00 GMT

KVM Latency Performance Tuning - Wanpeng Li, Tencent
The KVM hypervisor is at the core of cloud computing, some customers from financial, online shopping, and gaming etc are sensitive to latency, IPI and Timer cause the main MSRs write vmexit in cloud environment, preempted vCPU also blocks synchronized multicast function call IPIs or worse Lock Waiter Preemption Issue. In this presentation, we will introduce some features that can reduce latency in kvm hypervisor, including Fast IPI delivery, Fast timer emulation, Boost preempted vCPU, and so on. We will also introduce other further work to improve the latency on AMD.

Speakers
avatar for Wanpeng Li

Wanpeng Li

Linux Kernel Contributor, Tencent Cloud
Wanpeng Li is a 8 years experienced Linux kernel/virtualization developer who works in Tencent Cloud currently. He mainly focus on KVM, scheduler and memory management. In KVM, he contributes a lot of features to improve performance and stability. He has experience worked in IBM LTC... Read More →



Thursday October 29, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Implementing SR-IOV Failover for Windows Guests During Migration - Yan Vugenfirer, Daynix & Annie Li, Oracle
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests.  In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.

Speakers
avatar for Yan Vugenfirer

Yan Vugenfirer

CEO, Daynix
Yan is the CEO of Daynix Computing. He is an upstream maintainer fo the virtio-win drivers https://github.com/virtio-win/kvm-guest-drivers-windows/. Yan has more than 20 years of kernel development and 14 years of virtualization related development.
avatar for Yansu Li

Yansu Li

Principal Software Engineer, Oracle
Annie is a principal software developer at Oracle America, Inc. Her role is developing Virtualization drivers in Windows, and currently, she is working on VirtIO 2-netdev model for supporting SR-IOV live migration in Windows. She has 10+ years experience of Windows driver develop... Read More →



Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

The Practice Method to Speed Up 10x Boot-up Time for Guest in Alibaba Cloud - Weinan Li, Alibaba
When the hypervisor assigns memory to one virtual machine with pass-through devices, it needs to pin the memory first. As you know, "pin memory" is one time-consuming work which is directly proportional to the amount of memory. If you just assign 8GB RAM to VM, that might be not a case at all, but that must be one big problem if the RAM is 300GB, the only "pin memory" process need more than 60s. 300G is one common configuration in the cloud, and 60s impacts the user experience seriously. This topic will present one simple solution for accelerating the boot process with virtio-balloon, then the hypervisor can pin the memory asynchronously. This whole process runs in the background with little user perception what can bring very good user experience. This solution could reduce around 90 percents boot-time compared with one normal use case.

Speakers
avatar for Weinan Li

Weinan Li

Software Engineer, Alibaba Cloud
Weinan is working on the produce-heterogeneous computing field since 2019 in Alibaba Cloud. Before that, he worked for Intel with Graphics Virtualization since Dec. 2014, was responsible for the enabling work and new features development of several generations of Intel GPU.



Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM

11:00 GMT

KVM BoF Discussions: Out-of-Process Device Emulation
There will be 4 topic-specific BoF discussions for KVM Forum Attendees to participate in during the event. 
Topics and access links will be coming soon! 
The VIRTIO topics session begins at 12:00. The Out-of-Process Device Emulation session begins at 11:00.

Thursday October 29, 2020 11:00 - 12:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes

11:00 GMT

KVM BoF Discussions: Virtio topics
There will be 4 topic-specific BoF discussions for KVM Forum Attendees to participate in during the event.
Topics and access links will be coming soon!
The VIRTIO topics session begins at 12:00. The Out-of-Process Device Emulation session begins at 11:00.

Thursday October 29, 2020 11:00 - 12:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes

13:00 GMT

Opening Remarks - Elena Reshetova, Security Engineer, Intel Corporation
Speakers
avatar for Elena Reshetova

Elena Reshetova

Security engineer, Intel
Elena Reshetova is a security engineer and researcher at the Intel System Software Products Security group in Finland working with various Open Source platform security projects across the whole Linux platform security community.


Thursday October 29, 2020 13:00 - 13:05 GMT
LSS Theater
  Linux Security Summit (LSS)
  • Skill Level Any
  • Technical Talk Yes

13:05 GMT

Block Me if You Can: Subverting IMA - Tobias Mueller, University of Hamburg
This presentation investigates the resilience of IMA against malicious block devices. While it is not too surprising that all hope is lost if the hardware betrays you, we note that reprogramming hard-disk controllers is still relatively easy and the results may surprise some who sought to protect their machines with IMA. We find that users, in particular in the domain of critical infrastructure, may be susceptible in ways they have not considered. In this presentation, we demonstrate that the security guarantees of IMA can be undermined by way of a specially-crafted malicious block device, which delivers different data depending on whether the block has already been accessed. We extensively analyse the conditions which allow the attack to be launched and discuss how the attack affects certain use cases of IMA and discuss potential mitigations.

Speakers
TM

Tobias Mueller

Academic, University of Hamburg
Tobias is a German Free Software advocate, former member of the GNOME Foundation's Board of Directors, and Pythonista. He acquired a Masters degree in Security and Forensic computing from Dublin, is now working in the area of applied cryptography, and loves to build and break stuff... Read More →



Thursday October 29, 2020 13:05 - 13:50 GMT
LSS Theater
  Linux Security Summit (LSS)

14:00 GMT

Keynote: KVM - Christian Bornträger, IBM
Speakers
avatar for Christian Borntraeger

Christian Borntraeger

CPO Linux on IBM Z Development, IBM



Thursday October 29, 2020 14:00 - 14:15 GMT
KVM Theater
  KVM Forum, KVM

14:00 GMT

Kernel Integrity Enforcement with HLAT In a Virtual Machine - Chao Gao, Intel Corporation
Some VMMs are using virtualization technology to enhance guest kernel security. Enforcing guest kernel integrity is a topic that has been explored many times. Read-only page where guest kernel locates can help to prevent tampering but cannot effectively prevent “remapping” attacks which edit guest page table to hijack control flow. Some solutions have to introduce complex mechanism (for example, track all guest page table changes somehow) to defend against “remapping” attack at the cost of performance. Hypervisor-manage linear address translation (HLAT), a new extension to Intel VT-x, provides an efficient solution to enforce guest kernel integrity. This presentation will analyze the challenges in kernel integrity enforcement, then describe how to enforce kernel integrity in a virtual machine with HLAT.

Speakers
CG

Chao Gao

Cloud Software Engineer, Intel
Chao has work for Intel for 4 years as a software engineer. He is responsible for enabling new Intel virtualization features in KVM/Xen and is familiar with interrupt virtualization, performance tuning and virtualization base security. Currently, Chao is working on using HLAT to enhance... Read More →



Thursday October 29, 2020 14:00 - 14:30 GMT
LSS Theater
  Linux Security Summit (LSS)

14:00 GMT

Mentorship Session: Writing Change Logs That Make Sense
Join us for a Mentorship Session: Writing Change Logs That Make Sense, with Shuah Khan, Kernel Maintainer & Fellow, The Linux Foundation.

Commit describes what the commit does and why the commit is needed in the first place. In this webinar we will go over why it is beneficial to write meaningful commit logs and important considerations while writing a commit log.

The session will begin with an overview by Shuah Khan (45 minutes) and will be followed by Q&A – an opportunity to both ask Shuah questions and for group discussion (45 minutes).

Speakers
avatar for Shuah Khan

Shuah Khan

Linux Kernel Fellow, The Linux Foundation
Shuah Khan is a Linux Kernel Fellow at The Linux Foundation. She is an experienced Linux Kernel developer, maintainer, and contributor. She maintains Kernel Selftest framework, USB over IP driver, and cpupower. She is an active contributor to the Linux media subsystem. She has contributed... Read More →


Thursday October 29, 2020 14:00 - 15:30 GMT
Workshop Theater
  Interactive Learning + Special Events
  • Skill Level Any
  • Technical Talk Yes

14:15 GMT

Keynote: QEMU - Paolo Bonzini, Red Hat
Speakers
avatar for Paolo Bonzini

Paolo Bonzini

Distinguished Engineer, Red Hat, Inc.
Paolo is a long-time KVM contributor and co-maintainer; he also co-maintains some subsystems in QEMU. He works at Red Hat.



Thursday October 29, 2020 14:15 - 14:30 GMT
KVM Theater
  KVM Forum, KVM

14:30 GMT

KVM-unit-tests: When "KVM" Doesn't Mean KVM - Andrew Jones, Red Hat
kvm-unit-tests is a tool created to help develop KVM. Like many tools, while it was initially intended for more specific tasks, other applications of it have emerged over time. For some of these new applications, KVM isn't even in the picture. We present the evolution of kvm-unit-tests, from its origins to current day, describing how the unit test framework can support multiple targets with no impact to test code. We also make suggestions of new targets and framework enhancements for the further generalization of the tool.

Speakers
avatar for Andrew Jones

Andrew Jones

Principal Software Engineer, Red Hat
Andrew (Drew) has been involved in system software development for almost 20 years. Drew has focused over half of those years on Virtualization, starting with pHype at IBM, and then continuing with Xen and KVM/QEMU at Red Hat. For the majority of the last decade he has been leading... Read More →



Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Forum, KVM

14:30 GMT

Virtual Device Fuzzing Support in QEMU - Alexander Bulekov & Bandan Das, Red Hat
For some time, the community has been interested in fuzzing QEMU to identify potential security vulnerabilities. Last year, Dima Stepanov presented an approach for fuzzing VIRTIO devices using AFL at KVM Forum 2019, and there is an existing image-fuzzer tool in the tree. Since then our virtual-device fuzzing work has landed upstream and has identified dozens of bugs. In this talk, we will introduce our solution, based on QEMU’s existing qtest and qos frameworks. We will cover topics such as: - Why fuzz virtual devices? - How to build a fuzzer for a virtual-device. - Fuzzing a virtual device vs writing a test for it. - How to fuzz new devices/QEMU configurations without writing any code. - Plan for reporting and triaging crashes found by the fuzzer. - Options for fuzzing “external” devices (e.g vhost). - Fuzzing other attack surfaces in QEMU. - How to get involved

Speakers
avatar for Bandan Das

Bandan Das

Software Engineer, Red Hat
Bandan works on Virtualization at Red Hat. He is primarily interested in systems security and performance. Bandan has presented on various topics such as KVM, usb-mtp emulation in Qemu and the IIO interface in the Linux kernel.
avatar for Alexander Bulekov

Alexander Bulekov

Intern at Red Hat Research and PhD Candidate at Boston University, Red Hat
Alex is PhD Student at Boston University and an Intern at Red Hat Research.



Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Forum, KVM

14:40 GMT

Introducing TPM NV Storage with E/A Policies and TSS-FAPI - Andreas Fuchs, Fraunhofer SIT
The TPM contains two major features; a certain amount of NV memory and the so-called Enhanced Authorization framework. The former can be configured as simple storage, but also as monotonic counter, or bitfield. The latter can be used to implement fine-grained access policies for access TPM objects, such as NV memory. This presentation will give an introduction into these concepts and demonstrates how the features of TPM NV and E/A policies can easily be used via the TPM Software Stacks's (TSS) Feature API (FAPI). This API includes a declarative language and processing engine for TPM E/A policies which for the first time make their use very easy. In order to illustrate their usefulness, a set of example use cases and configurations, such as WriteOnceReadMany (WORM) storage (for device serial numbers) or role-based access on a per-operation level for NV storage will be presented.

Speakers
AF

Andreas Fuchs

Head of Trustworthy Platform, Fraunhofer SIT
Andreas Fuchs is a TPM and OpenSource enthusiast involved with TCG. He is a maintainer of the OpenSource TPM Software Stack (TSS) 2.0, the tpm2tss OpenSSL engine and the tpm2-totp project. Andreas Fuchs studied computer science at the Technische Universität Darmstadt and the University... Read More →



Thursday October 29, 2020 14:40 - 15:25 GMT
LSS Theater
  Linux Security Summit (LSS)

15:00 GMT

A KVM-unit-tests and KVM selftests update for aarch64 - Eric Auger, Red Hat
The KVM/aarch64 code evolves very rapidly. There are lots of features brought by each and every new ARM specification revision. Unfortunately the ARM related commits in the KVM test frameworks does not really follow that pace and span. KVM-unit-tests and KVM selftests frameworks are the most popular ones. This talk will introduce both of them, explain what they are meant to be used for and how they complement one another. This will be illustrated by practical examples picked up from recently added tests (PMU event counters, ITS MSI controller, migration, microbenches, ...). The KVM/aarch64 test code base will be compared with other architectures and the most pressing needs will be highlighted for each test framework. This should be a valuable input for developers willing to lean about KVM/aarch64 and quickly ramp up on both the test frameworks and new KVM/guest features.

Speakers
EA

eric auger

Senior Software Engineer, Red Hat
Eric has been involved in KVM/QEMU since March 2014. He started as a Linaro assignee and currently works for Red Hat, in the Virtualization team. Eric has contributed to VFIO, KVM and QEMU on various features for aarch64 including platform/PCIe passthrough, VGIC, VIOMMU, VIRT machine... Read More →



Thursday October 29, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Forum, KVM

15:00 GMT

Virtual Versus Physical: Virtio Changes for New Hardware - Michael S. Tsirkin, Red Hat
Virtio has been originally designed as a VM guest to hypervisor interface. As it became ubiquitious virtio hardware offload schemes began to pop up. These are typically designed to perform well with existing Virtio drivers without modifying guests. We are however finding out that to maximise performance, interface changes can be benefitial. Interestingly, as CPU technology changes, some of these become benefitial for guest to hypervisor communication, too. This talk will discuss changes in the Virtio specification for the benefit of new CPU and offload hardware: some of them already accepted for the next specification version, some still under discussion. Open questions will be presented in the hope to generate discussion.

Speakers
MS

Michael S. Tsirkin

Distinguished Engineer, Red Hat Inc
Michael has been with Red Hat for more than 10 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and... Read More →



Thursday October 29, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Forum, KVM

15:30 GMT

Libvirt Status Report - Daniel Berrangé, Red Hat



Speakers
DB

Daniel Berrangé

Senior Principal Software Engineer, Red Hat
Daniel is a long term contributor in the open source virtualization space working at Red Hat. A lead architect of the libvirt project since its inception, frequent contributor & subsystem maintainer to QEMU and has involved in many other projects including OpenStack, GTK-VNC, libosinfo... Read More →


Thursday October 29, 2020 15:30 - 15:45 GMT
KVM Theater
  KVM Forum, KVM

15:30 GMT

A Journey to Support vGPU in Firecracker - Liang Yan, SUSE
GPU virtualization for firecracker is quite a controversial topic inside community. One side,  people are quite interested in it as the current popularity of  AI. The other side, it is conflict with some design principal, such mas memory overcommit. This session will present a new proof of concept by refactoring vfio-bind and implementing vfio-ioctl from rust-vmm crates. Further more, we will have a dissuasion on vfio-mmio device experiment.

Speakers
LY

Liang Yan

Sr. Virtualization Engineer, SUSE
Liang is a Virtualization Software Engineer at SUSE Labs. He's been active in the Open Source virtualization area since 2012, mostly on the KVM and QEMU projects, working on IO virtualization and lightVM implementation. He's currently working on GPU virtualization, trying to import... Read More →


Thursday October 29, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Forum, KVM

15:40 GMT

Architectural Extensions for Hardware Virtual Machine Isolation to Advance Confidential Computing in Public Clouds - Ravi Sahita & Jun Nakajima, Intel Corporation
Confidential computing focuses on data-in-use protection - a large volume of sensitive data-in-use is processed in public clouds, where the trusted computing base (TCB) is large including hypervisors, host operating system, operators, orchestration software, devices (with firmware), and BIOS. This talk describes the architectural extensions (CPU and platform) to enable hardware-isolated virtual machines for confidential computing in an untrustworthy public cloud environment. The proposed architecture enables the TCB of the cloud environment to be reduced substantially while providing the ability to shift existing applications without recompilation. The talk will describe the platform capabilities to address the threats and security objectives, starting with a threat model and will discuss future requirements for an increasingly heterogeneous computing environment with diverse workloads.

Speakers
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corp.
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Jun presented a number of times at technical conferences, including KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX. He has... Read More →
avatar for Ravi Sahita

Ravi Sahita

Sr. Principal Engineer and Security Architect, Intel Corp.
Ravi Sahita is a Senior Principal Engineer at Intel in the Data Platforms Group. He has 20 years of experience in computer security, hardware virtualization, systems and platform software, CPU ISA and applying machine learning for security. His current focus is on architecture development... Read More →


Thursday October 29, 2020 15:40 - 16:25 GMT
LSS Theater
  Linux Security Summit (LSS)

15:45 GMT

Rust-vmm Status Report - Andreea Florescu, Amazon



Speakers
avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →



Thursday October 29, 2020 15:45 - 16:00 GMT
KVM Theater
  KVM Forum, KVM

16:00 GMT

Challenges in Supporting Virtual CPU Hotplug on SoC Based Systems (like ARM64) - Salil Mehta, Huawei
Summary: Recently some attempts have been made to add support of the Virtual CPU Hotplug for ARM64 in QEMU virtualizer and Linux Guest Kernel but this has got mixed reviews from the community. Where some vendors have practical reasons to have such an support added on the other hand some community members have apprehensions about its support. Idea about this talk is to: 1. Present the motivation of Virtual CPU Hotplug support on ARM64 2. Quick overview 3. Problems in supporting Virtual CPU Hotplug - KVM/QEMU Virtualizer - Guest Kernel - ARM64 System Arch constraints? - Other 4. Problems being faced in up-streaming. 5. Existing work/attempts made to upstream (short mention) 6. Question/Feedback's: - Feedback from people how to proceed and avoid the current deadlock. - Should Virtual CPU Hotplug support depend upon existence of Physical CPU Hotplug support?

Speakers
avatar for Salil Mehta

Salil Mehta

System Software Architect, Huawei Technologies (U.K) R&D Ltd.
Salil works primarily on various system aspects of HiSilicon's ARM64 based Server chips. He is also a co-author and an official kernel maintainer of Huawei's on-chip integrated NIC driver HNS (HiSilicon Network Subsystem) across various multi-core server chips (Kunpeng920 and earlier... Read More →



Thursday October 29, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Forum, KVM

16:00 GMT

Changing Paravirt Lock-ops for a Changing World - Ankur Arora, Oracle
Paravirt ops are set in stone once a guest has booted. As an example we might expose `KVM_HINTS_REALTIME` to a guest and this hint is expected to stay true for the lifetime of the guest. However, events in a guest's life, like changed host conditions or migration might mean that it would be more optimal to revoke this hint. This talk discusses two aspects of this revocation: one, support for revocable `KVM_HINTS_REALTIME` and, second, work done in the paravirt ops subsystem to dynamically modify spinlock-ops.

Speakers
AA

Ankur Arora

PMTS, Oracle Corp
Ankur Arora is a PMTS in the Linux and Virtualization group at Oracle. His focus for the past few years has been on x86 virtualization for KVM and Xen. In past lives, he's worked on highly parallel HW for Oracle, and on near memory storage for Virident. In days of yore, he did research... Read More →



Thursday October 29, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Forum, KVM

16:30 GMT

Extremely Fast and Efficient NFV with Unikraft - Sharan Santhanam, NEC Laboratories Europe GmbH
DPDK is the golden standard for high performance networking, but that performance comes at the cost of high memory consumption, high CPU utilization, and long start-up times. In this talk we introduce a highly efficient port of DPDK to Unikraft, a Linux Foundation open source project consisting of a micro-library operating system and build system that is able to seamlessly generate purpose-built KVM virtual machines. In this talk we will introduce Unikraft and the DPDK port, and show how these make a powerful combination towards building truly high performance, efficient and quick-to-boot virtual functions. In particular, we will show throughput numbers equivalent to Linux while consuming a fraction of the memory it uses, using a single CPU core as opposed to several ones, and significantly reducing boot times on multiple VMMs. Finally, we will show a brief demo of Unikraft in action.

Speakers
avatar for Sharan Santhanam

Sharan Santhanam

Software Specialist, NEC Laboratories Europe GmbH


dpdk pdf

Thursday October 29, 2020 16:30 - 17:00 GMT
KVM Theater
  KVM Forum, KVM

16:30 GMT

HA-IOV: Applying Hardware-assisted Techniques to IO Virtualization Framework - Yifei Jiang & Bo Wan, Huawei
In I/O virtualization, notification mechanism, such as ioeventfd, achieves a significant fraction of request latency as long as I/O physical devices become faster. Polling techniques can reduce latency but prevents other threads from running and waste CPU if events are rare. This talk introduces HA-IOV, an efficient and flexible hardware-assisted I/O Virtualization framework, to obtain high CPU utilization as well as satisfying performance. First, VMs can deliver I/O requests to asynchronous I/O processing threads without trapping out by hardware support to reduce delivery latency. I/O processing threads are further wakened up by hardware-assisted scheduler with no kernel scheduler overheads. Polling mode can thus be eliminated in HA-IOV to improve CPU utilization. Second, HA-IOV allows VMs to trap out to user-level threads bypassing KVM, leading to a reduction of synchronous I/O path.

Speakers
YJ

Yifei Jiang

Chief Engineer, Huawei
Yifei Jiang is a chief engineer at Huawei, and has 9 years working experience on Virtualization. Currently working on next generation virtualization technology research.
BW

Bo Wan

Senior engineer, huawei
Bo Wan, Doctor of University of Science and Technology of China, is a senior engineer in Huawei. He is working on the ongoing next generation virtualization project.


HA IOV PDF

Thursday October 29, 2020 16:30 - 17:00 GMT
KVM Theater
  KVM Forum, KVM

16:40 GMT

Network File System Security Overview: Securing SMB3 - Steven French, Microsoft
Network file systems on Linux present challenging security problems, especially as data moves to the cloud and clustered storage. This presentation will provide an overview of security considerations, focusing on the most popular file system protocol (SMB3), its security features, and areas its integration with Linux security components. Access to storage over these protocols is often encrypted, and relies on other security protocols for authentication, verifying claims and id mapping. Integration with future security protocols will be needed, and also finding better interfaces to map a user's identity among the 4 ways it is represented in Linux (username, POSIX UID, SID, OID). As more data moves to remote storage, the importance of network file system security becomes more critical. This presentation will discuss where we are and areas where additional improvements are needed.

Speakers
SF

Steven French

Principal Software Engineer - Azure Storage, Microsoft
Steve French is a member of the Samba team, and Principal Software Engineer at Microsoft (Azure Storage), and long time maintainer (as well as original author) of one of the more active Linux file systems (cifs.ko), and a frequent presenter at SMB and storage conferences (including... Read More →



Thursday October 29, 2020 16:40 - 17:25 GMT
LSS Theater
  Linux Security Summit (LSS)

17:25 GMT

Overview of the Crypto-engine Improvements - Iuliana Prodan, NXP Semiconductors
dm-crypt is the Linux kernel's device mapper that provides transparent encryption of block devices using the kernel Crypto API. Linaro provided crypto engine framework to replace the in-house solutions provided by various hardware drivers. Crypto engine framework implements the queue and thread for pushing requests to the hardware, as the hardware becomes free so that drivers could use it. This talk will first detail the basics about crypto-engine framework, highlighting how it works and how hardware drivers use it. Then, some information about the new added features: support for executing multiple, independent or not, requests based on a retry mechanism, support for batch requests. At the end will draw some conclusions regarding performance improvements and why should be crypto engine the de facto crypto queue manager.

Speakers
avatar for Iuliana Prodan

Iuliana Prodan

Software engineer, NXP Semiconductors
Currently part of the NXP Security Technology Excellence Center (STEC) in Romania. Working on adding new features to CAAM (Cryptographic Accelerator and Assurance Module) driver and looking to improve crypto frameworks/API.



Thursday October 29, 2020 17:25 - 17:55 GMT
LSS Theater
  Linux Security Summit (LSS)

21:00 GMT

BoF Discussions: To Be Announced
There will be 4 topic-specific BoF discussions for KVM Forum Attendees to participate in during the event. 
Topics and access links will be coming soon! 

Thursday October 29, 2020 21:00 - 23:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes
 
Friday, October 30
 

06:00 GMT

Intel Virtualization Technology Extensions to Enable Hardware Isolated VMs - Sean Christopherson, Intel
Deploying virtual machines in an unsecured environment might expose a cloud tenant to risk of losing confidentiality and integrity of its sensitive data and IP, e.g. via attacks from privileged software, offline memory analysis, and active memory attacks at system interfaces. This talk will present an upcoming Intel technology to isolate VMs from many hardware and most software-based threats, by providing capabilities for confidentiality and integrity of memory, address translation, and cpu state, as well as secure interrupt and exception delivery, and remote attestation. Sean will provide an overview of the technology and its unique, novel features, and briefly cover the state of enabling in KVM and Qemu.

Speakers
avatar for Sean Christopherson

Sean Christopherson

Software Engineer, Intel
Sean is a reviewer for x86 KVM's VMX and MMU sub-sub-systems, and a prolific contributor to KVM. Sean is the lead KVM developer for SGX and TDX.



Friday October 30, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

06:00 GMT

Live Migration With Hardware Acceleration - Wei Wang, Intel
Guests with memory write intensive workloads are difficult to live migrate and guests with large memory size take long time to migrate. The existing solutions reduce the amount of data to migrate using extra CPU cycles to compress the memory or perform delta operations to migrate the updated bytes. Those do not work as fast as expected, and optimizations like multi-threading compression consume lots of host CPUs. This talk introduces some features enhanced to the migration framework to use hardware accelerators to process the guest memory. Initial results with QAT-based compression show ~5x larger migration throughput compared to compression using 16 CPUs, which consequently supports higher guest dirty rate and has shorter migration time. DSA-based delta operation is work in progress and it performs better when the delta encoding rate is higher than the compress rate.

Speakers
avatar for Wei Wang

Wei Wang

Senior Software Engineer, Intel Corp.
Wei is currently a software developer at Intel. He earned a Master degree from the University of Ottawa, Canada. Wei has rich experience in the virtualization field and he worked on many projects such as network virtualization, live migration, memory ballooning, PMU virtualization... Read More →



Friday October 30, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

Guest Memory Protection -- Current Status and Future - Isaku Yamahata, Intel
Recently there are several proposals for protect guest memory from KVM as VMM and qemu as user space in various ways of software and hardware. We discuss the guest memory protection and how we can proceed those efforts. As software solution, the proposal of KVM protected memory extension, the mapping of guest memory is removed from kernel address space (direct mapping area) and make user space mapping as NONE permittion. Also the proposal of execute only memory(XOM) introduce a new software type of guest memory as execute only. Also removing mapping from use space is also important part of guest memory protection which may require changes intrusive to KVM MMU. Live migration also needs attention for guest protection because guest memory protection means that qemu can't directly access guest memory/status. After summarizing proposals, consider how we can proceed them.

Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →



Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

Scalable Work Submission in Device Virtualization - Hao Wu, Intel
Hardware I/O virtualization techniques, such as PCIe SR-IOV and Intel Scalable IOV, allows devices to be shared by multiple clients (e.g. VMs) with minimal emulation cost. However, some devices may not allow fine-grained partitioning of its backend resources, thus imposing a scalability limitation. ENQCMD (Enqueue Command) is a new instruction on future Intel platforms to allow scalable work submission for such devices. The instruction payload includes the work descriptor and a unique PASID to identify the client who is submitting the work, thus allowing a single work queue to be shared between multiple clients. In this talk, Hao will introduce the ENQCMD concept and how to efficiently virtualize it through hardware/software extensions, based on the example implementation on Scalable IOV based device.

Speakers
HW

Hao Wu

Senior Software Engineer, Intel
Hao is from Intel Virtualization Enabling Team and now working on ENQCMD virtualization support and also other Scalable IOV related development. Hao joined Intel at 2009, besides virtualization, he also has a lot of experience on Linux Kernel and device drivers development.



Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

07:00 GMT

KVM Live Upgrade with Properly Handling of Passthrough Devices - Zhimin Feng, ByteDance
VMM live upgrade is an emerging approach to upgrade the VMM without the host shutdown. There are several implementations of live upgrade for KVM. However, none of them seems handling the passthrough devices flawlessly. In this talk, we will analyze the requirements for the passthrough devices handling, and present how we follow those requirements to properly handle passthrough devices in our KVM live upgrade implementation. In addition, we also optimize the startup and suspend of VM, Our experiment shows that the total downtime is 13ms for VMM live upgrade(VM has 8 virtual CPUSs, 8GB memory, 1 disk and 1 network card.)

Speakers
ZF

Zhimin Feng

Software Engineer, ByteDance
I am now working for ByteDance., currently focusing on QEMU/Virtualization related projects.


Friday October 30, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes

07:00 GMT

PASID Management in KVM - Yi Liu& Jacob Pan, Intel
PASID (Process Address Space ID) is a PCIe capability that enables sharing of a single device across multiple isolated address domains. It has been becoming a hot topic in I/O technology evolution. e.g. as the foundation of SVA (Shared Virtual Addressing) and SIOV (Scalable I/O Virtualization). Although PASID itself is a generic concept, different usages/requirements are imposed cross vendors thus bringing an interesting challenge to PASID management in Linux. This talk will first review the PASID usages, introduce the IOASID (I/O Address Space ID) core logic in Linux, and then elaborate the gaps/solutions for efficient PASID management in KVM/VFIO.

Speakers
avatar for Jacob Pan

Jacob Pan

Linux Kernel Developer, Intel Corporation
Jacob is a veteran Linux kernel developer at Intel. His most recent interest and work are on Shared Virtual Address/Memory as well as the IOMMU subsystem in general.Prior to that, Jacob contributed to power management, device drivers, interrupt, timers, and X86 core.
avatar for Yi Liu

Yi Liu

Software Engineer, Intel Corporation
Yi is a software engineer from Intel Virtualization team, focusing on I/O virtualization technology. He works on Shared Virtual Memory, Scalable IOV and vIOMMU stuffs in recent years. He has been invited to give presentation at LPC 2017, LinuxCon Beijing 2018 and KVM Forum 2018, Intel... Read More →



Friday October 30, 2020 07:00 - 07:30 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Building a Cloud Infrastructure to Deploy Microservices as Microvm Guests - Matias Vara Larsen, Huawei
This talk presents a proof of concept solution that evaluates a cloud infrastructure to deploy microservices by relying on microvm Qemu machine, virtio-fs and virtio-vsocket. Microservices run as Toro's guest, a dedicated unikernel to deploy all-in-one embedded applications into the cloud. We highlight the following benefits when using microvm machine, virtio-fs and virtio-vsocket: reduced attack surface, deployment of several VMs in a single host, continuous deployment due to the short booting time, easily VMs configuration and simplified unikernel architecture. The infrastructure is built on top of a CephFS cluster thus allowing VMs to share a common filesystem. During the talk, we present the architecture of such a cloud infrastructure and the current implementation. We discuss technical challenges and ongoing work. You can find the tutorial that explains how to build this cloud infrastructure at https://github.com/torokernel/torocloudscripts.

Speakers
avatar for Matias Vara Larsen

Matias Vara Larsen

Software Engineer, Huawei
I am a Software Engineer at Huawei. I am interested in the use of formal languages and the development of Operating Systems.



Friday October 30, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Device Keepalive State for Local Live Migration and VMM Fast Restart - Jason Zeng, Intel
Passthrough devices are painpoints of VM live migration or VMM/Host upgrade. Currently there are community discussions and approaches to support passthrough device live migration, however they usually require vendor specific driver support, which is also a painpoint for legacy devices. This topic will introduce a new device state, keepalive state, for passthrough devices and other related hardware and software components to support local migration and VMM/host reboot. The new keepalive state doesn’t require vendor specific driver support for most legacy devices. It keeps devices and other related hardware alive during the local live migration period. In this topic, we will present the design and implementation of the kernel and Qemu changes for supporting keepalive state.

Speakers
JZ

Jason Zeng

Software Engineer, Intel Coporation
Jason Zeng is a software engineer from Intel virtualization team, focusing on various KVM/virtualization features and projects. Currently he is working on VMM Fast Restart project which aims to provide a solution for fast upgrading and rebooting VMM/host kernel while impose less impact... Read More →



Friday October 30, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

10:00 GMT

Evolution of SPDK vhost Towards Secure Container Storage Service - Xiaodong Liu & Changpeng LIu, Intel
Secure container provides strong isolation for multi-tenant, serverless workloads. Generally, it is light VM based, like Kata containers and Firecracker. It is already used in production by top CSPs. Previously, SPDK vhost application has been widely adopted for storage virtualization. While SPDK applications are polling based, and require hugepage memory. But for container scenarios, host resources are always oversubscribed in order to serve thousands of light VMs. This means reserved hugepage and polling pinned CPU cores are hard to be tolerated. So SPDK vhost should keep evolving to fit the requirement from container scenarios. In this talk, we will go over what evolution SPDK vhost requires and how polling pinned CPU and hugepage are avoided. With the new improvement, SPDK vhost will be a good choice to provide storage service to secure containers.

Speakers
CL

Changpeng Liu

Senior Software Engineer, Intel
Changpeng Liu is a senior software engineer in Intel and a core maintainer of SPDK (storage performance development kit) project. His working areas include NVMe, NVMf, virtualization and block storage.
avatar for Xiaodong Liu

Xiaodong Liu

Senior Cloud Engineer, Intel
Xiaodong Liu is a senior cloud engineer at Intel, working on storage related areas like Storage Performance Development Kit (SPDK) and Intel Intelligent acceleration Library (ISA-L). He focuses on acceleration, protocols and innovations among virtualization, cloud native storage and... Read More →



Friday October 30, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Forum, KVM

10:00 GMT

Hypervisor-managed Linear Address Translation - Chao Gao, Intel
Some security features (e.g. write-protect kernel code, SMEP) are deployed in kernel to raise the bar of vulnerability exploitation. In practice, attackers would defeat or turn off these security features first. A typical way is by breaking code/data integrity of security features through editing page tables. In this case, enforcing linear translation is important to prevent security features being bypassed. But existing approaches to enforce guest linear translation generally lead to much overhead as guest page table changes and CR3 loading must be trapped by VMM. With HLAT enabled, VMM don’t need to monitor guest CR3 page table changes, thus reduces most overhead and improve efficiency. This presentation will first introduce the hardware extensions in HLAT, and then discuss how to build an efficient solution in KVM to enforce guest linear translation.

Speakers
CG

Chao Gao

Cloud Software Engineer, Intel
Chao has work for Intel for 4 years as a software engineer. He is responsible for enabling new Intel virtualization features in KVM/Xen and is familiar with interrupt virtualization, performance tuning and virtualization base security. Currently, Chao is working on using HLAT to enhance... Read More →



Friday October 30, 2020 10:00 - 10:30 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Debugging KVM Using Intel DCI Technology - Raymond Zhang, Xedge.AI
Debugging KVM using print/log is inefficient and has many limitations. This talk will introduce a new way to debug KVM using the Direct Connect Interface (DCI). DCI is a new technology introduced by Intel Skylake. It exposes the Intel Target Probe (ITP) and JTAG scan chain to USB 3 ports so that host computer can build a JTAG connection with Intel silicon via a USB 3 cable. For the transportation lay is USB 3, it's very fast. Besides the transferring speed, debugging via DCI controls CPU at hardware level, has no dependency on software. This brings several benefits, such as break in when interrupt is off, break on VM entry and VM exit and single stepping sensitive code in VMM etc. In this talk, Raymond, a veteran Intel architect, will explain the DCI technology and how to use it to debug KVM, both the VMM layer and VM layer.

Speakers
RZ

Raymond Zhang

Software Architect, Xedge.AI
Raymond (Yinkui Zhang) is a widely recognized expert on system software and low level debugging. He is author of the top-selling book on Software Debugging and columnist for the Debugging Sword column of the Programmer magazine. He has worked in the IT industry for over 20 years with... Read More →


Friday October 30, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Minimizing VMExits in Private Cloud by Aggressive PV IPI and Passthrough Timer - Qiao Hua & Zhou Yibo, ByteDance
VMExits caused by guest accesses to IPIs and timers have been observed as two of major overheads in virtualization. Lots of efforts have been taken in the community to reduce them. Most of them are designed for the public cloud scenarios and must follow the assertion that everything in VMs is untrusted. However, such assertion can be loosen in the private cloud scenarios where VMs can be partially trusted. Therefore, more aggressive optimization can be applied. In this talk, we will introduce our optimizations on guest IPIs and timers for KVM VMs in a private cloud. The optimizations are composed of an aggressive PV IPIs and a passthrough timer, which can eliminate most VMExits on both the setup and the interrupt injection paths. According to our early evaluation in a production environment, above optimizations can bring near bare-metal performance for certain guest workloads.

Speakers
ZY

Zhou Yibo

Engineer, Bytedance
zhou yibo is from bytedance, focus on the linux and Virtualization.
QH

Qiao Hua

Software Engineer, Bytedance


Friday October 30, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes

11:00 GMT

CIP (Civil Infrastructure Platform) Mini-Summit
The CIP Mini-Summit is a 90-minute, single-track event on the topic of industrial open source system which is based on Linux. The main goal of this event is to provide technical details and overview to develop industrial grade CIP open source base layer. Sub-groups of CIP will talk about current development activities as well as future plans. Attendees will get to know how their products can leverage CIP’s SLTS(Super Long Term Support) to develop Industrial grade products.

Topics to be covered:
  • State of Civil Infrastructure Platform 
  • CIP Kernel Team Activities towards Super Long Term Support 
  • Status update for testing within CIP
  • CIP Security towards achieving industrial grade security

AGENDA:
  • 11:00 am - 11:25 am  State of Civil Infrastructure Platform - Yoshitake Kobayashi, Toshiba Corporation; Urs Gleim, Siemens AG 
  • 11:25 am - 11:50 am  CIP Security towards achieving industrial grade security - Dinesh Kumar, Toshiba Software India Pvt. Ltd.; Kento Yoshida, Renesas Electronics Corporation
  • 11:50 am - 12:10 pm  CIP Kernel Team Activities based on “Upstream First” Principle - Masashi Kudo, Cybertrust Japan Co., Ltd.
  • 12:10 am - 12:30 pm  My experiences integrating the CIP SLTS Kernel into a fully-fledged BSP - Minh Tran, Renesas Design Vietnam Co., Ltd.

Speakers
avatar for Dinesh Kumar

Dinesh Kumar

Project Manager,, Toshiba Software India Pvt. Ltd.
More than 12 years of work experience, predominantly worked in Embedded Systems software development, cryptographic library development, hardware crypto accelerators. In addition worked for application development of Digital Rights Management as well as development of Android Application... Read More →
avatar for Yoshitake Kobayashi

Yoshitake Kobayashi

Senior Manager of Open Source Technology department, Toshiba Corporation
Yoshitake Kobayashi is the Senior Manager of The Open Source Technology Department at Toshiba Corporation. The team provides a Linux based system and related technologies such as Database and Web application frameworks for various Toshiba products. His research interests include operating... Read More →
avatar for Urs Gleim

Urs Gleim

Head of Smart Embedded Systems, Siemens AG
Urs Gleim is leading the embedded systems group at Siemens Corporate Technology which hosts the Corporate Competence Center Embedded Linux. This team centrally provides Linux and related technologies for various Siemens products. Additionally, he is the Chair of the Governing Board... Read More →
avatar for Masashi Kudo

Masashi Kudo

Technology Advisor, Cybertrust Japan Co., Ltd.
Masashi Kudo is working as Technology Advisor at Cybertrust Japan Co., Ltd. He has more than 30 year's experience in IT and network software development. He works for CIP (Civil Infrastructure Platform) project as representatives of Cybertrust Japan Co., Ltd, and acts as CIP Kernel... Read More →
avatar for Kento Yoshida

Kento Yoshida

Senior Staff Engineer, Renesas Electronics Corporation
Kento Yoshida leads the RZ/G security solution especially specialized in the cyber security for the Industrial automation and control system (IACS) using high-performance industrial MPUs at Renesas Electronics Corporation. He has more than 12 years experience in IT and network software... Read More →
avatar for Minh Tran

Minh Tran

Senior Staff Engineer, Renesas Design Vietnam Co., Ltd.
Project leader in the RZ Linux team at Renesas Design Vietnam - provide Verified Linux Package (VLP) integrating the Civil Infrastructure Platform (CIP) Super Long-Term Support (SLTS) kernel.



Friday October 30, 2020 11:00 - 12:30 GMT
LF Project Mini-Summit Theater
  LF Project Mini-Summits

11:00 GMT

BoF Discussions: To Be Announced
There will be 4 topic-specific BoF discussions for KVM Forum Attendees to participate in during the event. 
Topics and access links will be coming soon! 

Friday October 30, 2020 11:00 - 13:00 GMT
KVM Theater
  KVM Forum, KVM
  • Skill Level Any
  • Technical Talk Yes

13:00 GMT

State of the User Namespace - Stephane Graber & Christian Brauner, Canonical
The user namespace first started off as a way to run safer containers, preventing trivial container escapes and privilege escalations. It has since evolved into a versatile tool used by container managers as well as a growing number of other software, ranging from network services to web browsers. In this talk we'll go over the main characteristics of the user namespace, its current uses, recent improvements and new features as well as going over some of the upcoming work on it.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Project leader for LXD, LXC and LXCFS, Canonical Ltd.
Stéphane Graber is the engineering manager for the LXD team at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at events related to containers and Linux. Stéphane is also a longtime contributor to the Ubuntu Linux distribution... Read More →
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →



Friday October 30, 2020 13:00 - 13:45 GMT
LSS Theater
  Linux Security Summit (LSS)

14:00 GMT

QEMU Live Update - Steven J. Sistare, Oracle
The ability to update software with critical bug fixes and security mitigations while minimizing downtime is valued highly by customers and providers. In this talk, Steve presents a new method for updating a running instance of QEMU to a new version while minimizing the impact on the VM guest. The guest pauses briefly, for less than 200 msec in the prototype, without loss of internal state or external connections. The old QEMU process exec's the new QEMU binary, and preserves anonymous guest RAM at the same virtual address via a proposed Linux madvise variant. Descriptors for external connections are preserved, and VFIO pass through devices are supported by preserving the VFIO device descriptors and attaching them to a new KVM instance after exec. The update method requires code changes to QEMU, but no changes are required in system libraries or the KVM kernel module.

Speakers
SS

Steven Sistare

Software Architect, Oracle Corporation
Steve is a software architect for the Oracle Linux kernel team, with particular interests in virtualization, performance, scalability, virtual memory, scheduling, security, tools, boot time, and processor support. He previously did similar work in the Solaris kernel. Steve graduated... Read More →



Friday October 30, 2020 14:00 - 14:30 GMT
KVM Theater
  KVM Forum, KVM

14:00 GMT

Speeding Up VM’s I/O Sharing Host's io_uring Queues With Guests - Stefano Garzarella, Red Hat
io_uring is the newest Linux I/O interface. It provides submission and completion queues for performing asynchronous I/O operations.

The queues are located in a memory region shared between the userspace application and the kernel. This aims to reduce the number of syscalls required for I/O operations and provides a way to poll efficiently. io_uring achieves good performance and it makes exposing submission and completion queues to guests an attractive idea for improving I/O performance in virtualization.

Stefano will give a brief overview of io_uring API. Then, he will illustrate how the host's io_uring queues can be shared with guests to improve I/O performance of a block device and which io_uring changes are required to safely give queues access to the guest. Finally, Stefano will show the performance boost achieved with the proposed approach and future steps.

Speakers
avatar for Stefano Garzarella

Stefano Garzarella

Senior Software Engineer, Red Hat
Stefano is a Senior Software Engineer at Red Hat. He is working on virtualization and networking topics in QEMU and Linux kernel. He is a co-maintainer of Linux's virtio-vsock. Current projects cover virtio-vsock, QEMU network and storage, and lightweight VMs.



Friday October 30, 2020 14:00 - 14:30 GMT
KVM Theater
  KVM Forum, KVM

14:00 GMT

TBOOT and Secure Boot Coexistence to Launch OS Even More Securely - Łukasz Hawryłko, Intel Corporation
Intel TXT is a D-RTM technology that allows to set-up trusted environment by measuring boot process components. Measurements, stored in TPM, can be verified by local or remote attestation to detect any inconsistency in the boot process. UEFI Secure Boot has a similar goal, however, it is achieved in different ways. In opposite to Intel TXT, Secure Boot is an S-RTM technology that requires to maintain trusted chain from the beginning of system power up. TBOOT is an implementation of MLE in Intel TXT dedicated for Linux kernel based OS and Xen VMM. The current version does not support Secure Boot, so there is no possibility to enable Intel TXT and Secure Boot simultaneously when using TBOOT. This presentation discusses the possibilities of enabling Secure Boot in TBOOT and what benefits come from that.

Speakers
LH

Łukasz Hawryłko

Security Engineer, Intel
I am working at Intel in BIOS Security team, where I am an architect and leading developer of TBOOT project. In my job, I am also working with Open Source community to help in enabling Intel TXT on Linux based systems.



Friday October 30, 2020 14:00 - 14:45 GMT
LSS Theater
  Linux Security Summit (LSS)

14:30 GMT

Faster and Smaller qcow2 Files With Subcluster-based Allocation - Alberto Garcia, Igalia
qcow2 is QEMU's native format for disk images. qcow2 images are smaller and more flexible than raw files but are also slower. This problem can be partially mitigated by adjusting the cluster size when creating a new qcow2 image. However there is always a trade-off that needs to be considered: smaller cluster sizes result in smaller images and generally faster allocations but also in more metadata and larger memory requirements. Several approaches have been followed in order to improve this situation. In this presentation we introduce subcluster allocation: a new extension for the qcow2 file format that tries to combine the best of both worlds, producing images that are both faster and smaller.

Speakers
AG

Alberto Garcia

Software Engineer, Igalia
Alberto Garcia is a software engineer working at Igalia. He has two decades of professional experience working with Linux-based systems and has been contributing to the QEMU project for more than five. In addition to that he was also involved in the development of the Maemo and MeeGo... Read More →



Friday October 30, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Forum, KVM

14:30 GMT

Virtio-(balloon|pmem|mem): Managing Guest Memory - David Hildenbrand & Michael S. Tsirkin, Red Hat
How to resize guest memory? Can we reduce host swapping? Can we shrink the guest page cache? Traditional ballooning has been the answer to these questions for more than a decade - with advantages but also well-known issues. There is ongoing work to answer these questions in a better way, slowly but steadily obsoleting the original basis of virtio-balloon: the balloon. In addition to recent virtio-balloon extensions (e.g., free page hinting), new approaches, like virtio-pmem and virtio-mem, can substitute or replace ballooning. However, supporting technologies that mess with guest memory in the hypervisor (e.g., vfio, encrypted VMs), and closed-source guest operating systems become more challenging. In this talk, we give an overview of the current state of virtio-balloon, virtio-pmem and virtio-mem, discussing advantages, issues, and open items of each, and draw a picture of the future.

Speakers
avatar for David Hildenbrand

David Hildenbrand

Senior Software Engineer, Red Hat
David has been working on QEMU/KVM for almost 6 years now. His current projects are mostly centered around memory hot(un)plug and memory overcommit in the context of virtual machines. While he's involved with QEMU/KVM on s390x and Linux memory management in general, his main projects... Read More →
MS

Michael S. Tsirkin

Distinguished Engineer, Red Hat Inc
Michael has been with Red Hat for more than 10 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and... Read More →



Friday October 30, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Forum, KVM

15:00 GMT

Comparing Performance of NVMe Hard Drives in KVM, Baremetal, and Docker Using Fio and SPDK for Virtual Testbed Applications - Mauricio Tavares, RENCI
As it is known, the highest performance using a NVMe hard drive in a KVM guest is achievable using vfio-pci passthrough. Docker also allows PCI devices to be passed through. A lot of work has been done comparing some combination of drives in some combination of those platforms using some industry standard methods and parameters. But, how do they scale up when we want to add multiple drives per guest/container vs multiple guests/containers with one drive each? How about fine tuning memory/numa/iommu as we might also be passing out other CPI devices? And, and we want to build, test, and collect data in a reproducible way? Some ansible and shell scripting involved.

Speakers
MT

Mauricio Tavares

Creator of shiny thingies, RENCI
Mauricio Tavares (BS Aerospace Engineering) has worked with small and large companies in education, finance, and medical fields building and protecting user data. Currently a researcher at RENCI involved in next generation network research and an instructor with the Chameleon experimental... Read More →



Friday October 30, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Forum, KVM

15:00 GMT

QEMU Snaphosts Are So Slow. Really? - Denis Lunev, Virtuozzo
QEMU snapshots made via savevm interface are at the moment synchronous and slow. This happens not only due to not optimal code but also due to a gap between migration and block layer concepts. This presentation tries to cover this gap and provides some approaches to faster make snapshot and revert to snapshot operations. The talk will cover optimizations to the currently available synchronous SaveVM interface and will also cover asynchronous operations, including asynchronous revert to snapshot, which would require developing a memory page index for migration stream.

Speakers
DL

Denis Lunev

Team Lead, Virtuozzo
Denis Lunev is working in Virtuozzo around 20 years dealing with various aspects of virtualization, both in virtual machines and container worlds. Right now is working QEMU optimizations.



Friday October 30, 2020 15:00 - 15:30 GMT
KVM Theater
  KVM Forum, KVM

15:00 GMT

Bypassing Many Kernel Protections Using Elastic Objects - Yueqi Chen & Zhepeng Lin, Ph.D. Students
We will analyze an anecdotal exploit that demonstrates the capability of bypassing KASLR, using an elastic object in the Linux kernel implementation. We justify this exploit could be abstracted and extended as a general exploitation practice. First, the Linux kernel contains a large number of such elastic objects, by using which, nearly any kernel vulnerabilities (with an overwriting capability) could enable the adversary to easily bypass heap cookie protector, KASLR, stack canary, and even realize an arbitrary read attack. Second, we show that Linux is not the only kernel using these objects for implementation. Other OS kernels, e.g., XNU, also adopt the same practice. Third, we conclude that elastic kernel objects are perilous as they provide a new, general approach to breaking existing protection mechanisms, and thus new defense should be designed as a part of kernel hardening.

Speakers
avatar for Yueqi Chen

Yueqi Chen

Ph.D. Student, Pennsylvania State University
Yueqi (Lewis) Chen received his B.Sc degree from Nanjing University in 2017 and is currently a Ph.D. student with Dr. Xinyu Xing at Pennsylvania State University. He was awarded the IBM Ph.D. Fellowship 2020. His research focuses on OS security and vulnerability analysis. He is particularly... Read More →
ZL

Zhenpeng Lin

Ph.D. Student, Pennsylvania State University
Zhenpeng Lin is a first-year Ph.D. student advised by Dr. Xinyu Xing at Pennsylvania State University. His research focuses on vulnerability discovery and exploitation. He plays CTF a lot. As a core member of Nu1L, he won 1st place in BCTF 2017, BCTF 2018, Baidu AI CTF, WCTF Junior... Read More →


Friday October 30, 2020 15:00 - 15:45 GMT
LSS Theater
  Linux Security Summit (LSS)

15:30 GMT

Bitmaps and NBD: Building Blocks of Change Block Tracking - Eric Blake, Red Hat
The premise of incremental backups is simple: if you can keep track of what changed, you can optimize a backup to visit only those portions of a disk image. But under the hood, there are a lot of moving parts that have been added and refined in the past few years to make incremental backups a reality when using qcow2 images. In this talk, Eric Blake will explore recent work in qemu to make bitmap tracking more powerful, enabling libvirt to finally add support for incremental backups even when a disk image is split across a backing chain involving multiple qcow2 files. Whether deciding which bitmaps should be active, or accessing the contents of those bitmaps over Network Block Device (NBD) for consumption by an arbitrary client, having an understanding of change block tracking and related technology can help you get the most performance from your incremental backups.

https://static.sched.com/hosted_files/osseu2020/59/kvmforum_2020_Bitmaps_and_NBD.pdf

Speakers
avatar for Eric Blake

Eric Blake

Software Engineer, Red Hat
Eric Blake is a software engineer at Red Hat, working on block device management in virtualization. He has contributed extensively to qemu and libvirt. He has spoken at several past KVM Forums, most recently about making the most of NBD in Oct 2019.



Friday October 30, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Forum, KVM

15:30 GMT

Towards an Alternative Memory Architecture - Joao Martins, Oracle
We waste a lot of memory managing guest memory (ironic eh?). And in today's cloud ecosystem PCI passthrough is important and an increasing commodity. This gives us an opportunity to make a mean and lean hypervisor which can shed some of its layers. This talk discusses memory efficiency, particularly focusing on one of its oldest overheads: per page metadata. Particularly on what it means to strip that away, what it entails for security and performance, and how the DAX subsystem can be improved to fill in the gap, drawing KVM closer to that of a partitioned hypervisor.

Speakers
JM

João Martins

Snr Principal Software Engineer, Oracle
João is a Snr Principal Software Engineer working in the Oracle Linux Virtualization group. His work includes both Xen and more recently KVM, usually digging in networking performance and the hypervisor. Prior to Oracle, he did research on specialized OSes in the context of network... Read More →



Friday October 30, 2020 15:30 - 16:00 GMT
KVM Theater
  KVM Forum, KVM

16:00 GMT

Bring SCSI Support Into QEMU Block Layer - Yaowei Bai, Chinamobile
Currently some storage technologies like Ceph already have the support of several SCSI interfaces like WRITE SAME and COMPARE AND WRITE, which can be called by QEMU block driver directly. However, QEMU still emulates them at the moment. We work on this by introducing SCSI support into QEMU block layer. This presentation will explain how this support is implemented and the problem it still has.

Speakers
YB

Yaowei Bai

Software engineer, Chinamobile
I'm a cloud software engineer focusing on virtualization and linux kernel in Chinamobile. Currently i'm working on high-performance distributed storage system basing on Ceph and spoke on Cephalocon 2020.



Friday October 30, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Forum, KVM

16:00 GMT

KVM Dirty Ring - A New Approach to Logging - Peter Xu, Red Hat
In this talk, Peter will present a new kvm dirty logging interface which is called kvm dirty ring. This is a carry-over work from Lei Cao and Paolo Bonzini which started a few years ago. Instead of using dirty bitmaps to record dirty pages, kvm dirty ring records the dirty pages in the form of an array of guest PFNs, which are recorded in per-vcpu ring structures. The memory consumption of dirty logging itself will be heavily reduced, and the size of the dirty rings will be configurable (via QEMU command lines). More importantly, dirty ring gives us a chance to be able to collect and sync dirty pages in a totally different way that will be extremely friendly to COLO-like applications. However, kvm dirty ring is not a super weapon to cover every single scenario. Peter will also talk about different user scenarios and on how to choose the correct logging method.

Speakers
avatar for Peter Xu

Peter Xu

Senior Software Engineer, Red Hat
Working for virtualization team of Red Hat. Presented talks in previous KVM forums related to vIOMMUs, vhost and device assignments.



Friday October 30, 2020 16:00 - 16:30 GMT
KVM Theater
  KVM Forum, KVM

16:00 GMT

Container Runtime Support for SGX and TEE Environment - Isaku Yamahata, Intel Corporation
Recently Trusted Execution Environment(TEE) is getting momentum as Linux Foundation founded Confidential Computing Consortium(CCC) and cloud service providers have already provided such environments. Container runtime support is key feature so that TEE can be easily managed in cloud environment like kubernetes. We discuss taxonomy of container support of TEE first and then how it will be implemented concretely. For example, Function-As-A-Service requir es different characteristic from normal container support, so does its design for container runtime. Lastly Graphene-LibOS Shielded Container(GSC) is introduced as concrete Example.

Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →



Friday October 30, 2020 16:00 - 16:45 GMT
LSS Theater
  Linux Security Summit (LSS)

16:30 GMT

Long Live Asynchronous Page Fault! - Vitaly Kuznetsov & Vivek Goyal, Red Hat
Asynchronous Page Fault mechanism for KVM guests is not new, it's been around for more than a decade. Recently virtio-fs developers made an attempt to add new features to it and his attracted the attention of kernel developers to the internals. Some flaws in the original design of asynchronous page fault on x86 architecture were revealed, these flaws currently block addition of the new features. There is, however, an ongoing work aimed at fixing these issues. In this talk we'll try to cover asynchronous page fault mechanism: what is it needed for and how it works, both in 'normal' and 'nested' virtualization scenarios. We'll explain what potential issues were recently revealed and how we're fixing them. We'll describe new use-cases and features, both in-development and waiting to be implemented.

Speakers
avatar for Vitaly Kuznetsov

Vitaly Kuznetsov

Principal Software Engineer, Red Hat
Vitaly works at Virtualization Engineering team at Red Hat focusing on KVM development as well as making Linux the best guest for other hypervisors. He frequently presents at FOSDEM, KVM Forum, DevConf and other technical conferences.
VG

Vivek Goyal

Senior Principal Software Engineer, Red Hat
Vivek is a member of kernel storage team at Red Hat and has worked in various areas like Virtio FS, overlayfs SELinux support, docker storage, block cgroup controller, IO scheduler, kexec/kdump and secureboot. He frequently presents at LSF/MM, Linux plumbers and other technical c... Read More →