Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Senior level [clear filter]
Monday, October 26
 

12:00 GMT

Container Live Migration - Adrian Reber, Red Hat
One of the main reasons Checkpoint/Restore in User-Space (CRIU) exists is to enabled container live migration and although container live migration is always viewed as an outlier or corner case of containers, because containers are supposed to be stateless, CRIU continues to get better at container live migration. Maybe containers are supposed to be stateless, but CRIU still sees growing interest in its container migration features and especially the integration in container runtimes. In this talk I want to present details about CRIU and with which clever tricks it provides the ability to checkpoint and restore processes and whole containers. I also want to show how it is integrated in container runtimes like runc, crun, lxc/lxd, borg and Podman. I want to close the talk with a few demos showcasing CRIU's features in Podman as presented before to live migrate containers and how to use checkpoints to decrease the container startup time. The goal of this talk is to give a technical presentation how containers can be live migrated, that it is easily possible to live migrate containers and that the container migration technology has additional use cases.

Speakers
avatar for Adrian Reber

Adrian Reber

Principal Software Engineer, Red Hat
Adrian is a Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Most of the time he is now migrating... Read More →



Monday October 26, 2020 12:00 - 12:50 GMT
Cloud Theater
 
Tuesday, October 27
 

18:30 GMT

Unsolved Problems in Open Source Security - Rhys Arkins, WhiteSource
Very few people today doubt the principles and benefits of Open Source, but you can definitely be forgiven for having concerns about its security. Some of the ways we rely on Open Source today are fundamentally flawed, yet almost never discussed - from registries hosting unsigned artifacts of unreproducible source to package managers which propagate new versions of dependencies at the earliest opportunity. It's time to identify these unsolved - and mostly undiscussed - risks, evaluate their potential impact, and determine what can be done in the Open Source community to address them. This presentation will discuss why we need reproducible builds in open source, verified artifacts, and why the majority of package managers may need a substantial change, while one in particular got it right. It will also provide some recommendations on defensive use of open source particularly for products and industries at the highest risk of software supply chain attacks.

Speakers
avatar for Rhys Arkins

Rhys Arkins

Director of Product, WhiteSource
Rhys Arkins is the Director of Product at WhiteSource, where he focuses on Develop Solutions. Rhys joined WhiteSource in 2019 through the acquisition of the company he founded, Renovate Bot - an open source tool for automating dependency updates. He is a big proponent of using automation... Read More →



Tuesday October 27, 2020 18:30 - 19:20 GMT
OS Dependability Theater
 
Wednesday, October 28
 

12:00 GMT

Virtual Topology for Virtual Machines: Friend or Foe? - Dario Faggioli, SUSE
Being able to craft a detailed virtual topology for a VM may be crucial for achieving good performance. But it is also risky, as interfaces become more complex, and an inconsistent configuration may be selected, causing more harm than good.

E.g., it would be good to be able to specify the size of caches, for cases when some software (e.g., glibc) inside the VM checks it and decides whether or not to enable some optimizations depending right on that.

On the other hand, even just defining the vCPUs topology (threads, cores, NUMA nodes, etc) may lead to less stable or outright worse performance, if the vCPUs and the memory of the VM are not properly pinned at the host level.

In this talk, we will show some first-hand examples, we will outline what is currently there in Linux, libvirt and QEMU and we will discuss if it is possible to improve things even further.

Speakers
avatar for Dario Faggioli

Dario Faggioli

Virtualization Software Engineer, SUSE
Dario is a Virtualization Software Engineer at SUSE. He's been active in the Open Source virtualization space for a few years. Initially, he worked only on Xen-Project, and he is still the maintainer of the Xen hypervisor scheduler. Back during his Ph.D., he worked on real-time scheduling... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
KVM Theater
  KVM Forum

12:00 GMT

A Faster Hibernation/Resume Using Opportunistic Memory Reclaim - Andrea Righi, Canonical
Hibernation is usually considered as an obsolete feature for laptops, but it can still provide significant benefits in many different scenarios, if it can be made to work reliably and efficiently. The main bottleneck of hibernation is the cost of I/O, both at hibernation and resume time, but it is possible to reduce this cost using opportunistic memory reclaiming techniques. Canonical has been actively experimenting hibernation in cloud computing and virtualized environments. In the process we had the opportunity to experiment some improvements and learn surprising lessons. This session shares some technical details of the solutions that we developed, the lessons learned and the results that we found.

Speakers
avatar for Andrea Righi

Andrea Righi

Kernel Engineer, Canonical
Andrea Righi works for Canonical as a Kernel Engineer, focusing on performance analysis, tracing, virtualization technologies and power management topics. Andrea started working with the Linux kernel in 2004 while he was a student at the University. His contributions were mostly focused... Read More →



Wednesday October 28, 2020 12:00 - 12:50 GMT
Linux Systems Theater
  Linux Systems, Power Management

13:00 GMT

Real-time Linux: What is Next? - Daniel Bristot de Oliveira, Red Hat
With the PREEMPT_RT mainlining, is the real-time Linux development ended? - No! It is the beginning of a new era. The low latency provided by the nowadays communication channels and the need for a software stack for AI/ML present on Linux is enabling a new class of cyber-physical systems that depends on real-time kernel. But, is the real-time kernel ready to be used in such scenarios? This presentation is a discussion about the current state of Real-time Linux. It will talk about the kind of determinism that is possible to obtain with Linux and the type of determinism that is still not possible to achieve. The main goal is to point to the next opportunities in the development that can enable Linux for a class of systems that requires more robust evidence of correctness, including the formal verification of the kernel and the mathematical analysis of the timing properties of the kernel.

Speakers
avatar for Daniel Oliveira

Daniel Oliveira

Principal Software Engineer, Red Hat
Daniel is a Principal Software Engineer at Red Hat, working in the real-time kernel team, and has a Ph.D. in Automation Engineering (UFSC)/Computer Engineering (Scuola Superiore Sant'Anna). He works in the research and development of real-time features and runtime formal verification... Read More →


Wednesday October 28, 2020 13:00 - 13:50 GMT
Linux Systems Theater

16:15 GMT

A Technical Deep Dive into the QEMU Emulated NVMe Device - Klaus Jensen, Samsung Electronics
The QEMU generic machine emulator and virtualizer includes a wide range of emulated devices. These devices can be very useful for debugging a software stack and for prototyping new features that is yet to be available in hardware and firmware. In this technical talk we focus on "prototyping new features" in the emulated NVMe device. We will go through the core event loop of the upstream device and explore how the recently ratified Namespace Types and Zoned Namespaces NVMe Technical Proposals can be implemented. Finally, we will design a custom (non-spec) command and go through a prototype implementation. We will then discuss how such a QEMU prototype implementation helps when developing the associated software stack and see how the feature can be tested and verified from a Linux host.

Speakers
avatar for Klaus Jensen

Klaus Jensen

Staff Software Engineer, Samsung Electronics
Klaus is a Software Engineer with a background in academia. He has worked in the area of High Performance Computing, old school UNIX systems, taken a stint in an IT consultancy and written a PhD on tape. He has been involved in the OpenChannel SSD community, and currently, in the... Read More →


Wednesday October 28, 2020 16:15 - 17:05 GMT
Linux Systems Theater
 
Thursday, October 29
 

06:00 GMT

Look Ma’, No (Real) Interrupt Controller! - Marc Zyngier, Google & Christoffer Dall, Arm
Modern interrupt controllers are very complicated constructs with complex interfaces, only matched by the complexity of the software that emulates them. In a hypervisor, this software often lives at a privileged exception level, exposing an attractive attack surface for malicious actors, and making it difficult to verify the correctness of the hypervisor. This is problematic for many hypervisor deployments, especially when aiming to provide trusted execution environments. To address these concerns, we present a paravirtualized interrupt controller architecture, which is easier to verify, provides the minimum level of service that a VM requires as well as consistent semantics, and which has the potential to be used across CPU architectures. This gives the opportunity to consider trade-offs between performance and complexity, and the applicability to being built or accelerated in hardware.

Speakers
avatar for Christoffer Dall

Christoffer Dall

Principal Engineer, Arm
Christoffer Dall wrote the first implementation of KVM for the Arm architecture and co-maintained KVM/Arm in Linux for several years. Christoffer currently works for Arm, doing computer architecture with a focus on security and virtualization technologies. Christoffer Dall has a PhD... Read More →
MZ

Marc Zyngier

Software Engineer, Google
Marc has been working on the Linux kernel since an unexpected encounter with 0.99pl13 in 1993. His first contribution was merged in 1996 in the form of the original version of the MD driver. Having played with fault tolerant systems at Bull, worked on exotic (and ultimately doomed... Read More →


Thursday October 29, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Implementing SR-IOV Failover for Windows Guests During Migration - Yan Vugenfirer, Daynix & Annie Li, Oracle
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests.  In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.

Speakers
avatar for Yan Vugenfirer

Yan Vugenfirer

CEO, Daynix
Yan is the CEO of Daynix Computing. He is an upstream maintainer fo the virtio-win drivers https://github.com/virtio-win/kvm-guest-drivers-windows/. Yan has more than 20 years of kernel development and 14 years of virtualization related development.
avatar for Yansu Li

Yansu Li

Principal Software Engineer, Oracle
Annie is a principal software developer at Oracle America, Inc. Her role is developing Virtualization drivers in Windows, and currently, she is working on VirtIO 2-netdev model for supporting SR-IOV live migration in Windows. She has 10+ years experience of Windows driver develop... Read More →



Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM
 
Friday, October 30
 

06:30 GMT

Guest Memory Protection -- Current Status and Future - Isaku Yamahata, Intel
Recently there are several proposals for protect guest memory from KVM as VMM and qemu as user space in various ways of software and hardware. We discuss the guest memory protection and how we can proceed those efforts. As software solution, the proposal of KVM protected memory extension, the mapping of guest memory is removed from kernel address space (direct mapping area) and make user space mapping as NONE permittion. Also the proposal of execute only memory(XOM) introduce a new software type of guest memory as execute only. Also removing mapping from use space is also important part of guest memory protection which may require changes intrusive to KVM MMU. Live migration also needs attention for guest protection because guest memory protection means that qemu can't directly access guest memory/status. After summarizing proposals, consider how we can proceed them.

Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →



Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

Scalable Work Submission in Device Virtualization - Hao Wu, Intel
Hardware I/O virtualization techniques, such as PCIe SR-IOV and Intel Scalable IOV, allows devices to be shared by multiple clients (e.g. VMs) with minimal emulation cost. However, some devices may not allow fine-grained partitioning of its backend resources, thus imposing a scalability limitation. ENQCMD (Enqueue Command) is a new instruction on future Intel platforms to allow scalable work submission for such devices. The instruction payload includes the work descriptor and a unique PASID to identify the client who is submitting the work, thus allowing a single work queue to be shared between multiple clients. In this talk, Hao will introduce the ENQCMD concept and how to efficiently virtualize it through hardware/software extensions, based on the example implementation on Scalable IOV based device.

Speakers
HW

Hao Wu

Senior Software Engineer, Intel
Hao is from Intel Virtualization Enabling Team and now working on ENQCMD virtualization support and also other Scalable IOV related development. Hao joined Intel at 2009, besides virtualization, he also has a lot of experience on Linux Kernel and device drivers development.



Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Device Keepalive State for Local Live Migration and VMM Fast Restart - Jason Zeng, Intel
Passthrough devices are painpoints of VM live migration or VMM/Host upgrade. Currently there are community discussions and approaches to support passthrough device live migration, however they usually require vendor specific driver support, which is also a painpoint for legacy devices. This topic will introduce a new device state, keepalive state, for passthrough devices and other related hardware and software components to support local migration and VMM/host reboot. The new keepalive state doesn’t require vendor specific driver support for most legacy devices. It keeps devices and other related hardware alive during the local live migration period. In this topic, we will present the design and implementation of the kernel and Qemu changes for supporting keepalive state.

Speakers
JZ

Jason Zeng

Software Engineer, Intel Coporation
Jason Zeng is a software engineer from Intel virtualization team, focusing on various KVM/virtualization features and projects. Currently he is working on VMM Fast Restart project which aims to provide a solution for fast upgrading and rebooting VMM/host kernel while impose less impact... Read More →



Friday October 30, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Debugging KVM Using Intel DCI Technology - Raymond Zhang, Xedge.AI
Debugging KVM using print/log is inefficient and has many limitations. This talk will introduce a new way to debug KVM using the Direct Connect Interface (DCI). DCI is a new technology introduced by Intel Skylake. It exposes the Intel Target Probe (ITP) and JTAG scan chain to USB 3 ports so that host computer can build a JTAG connection with Intel silicon via a USB 3 cable. For the transportation lay is USB 3, it's very fast. Besides the transferring speed, debugging via DCI controls CPU at hardware level, has no dependency on software. This brings several benefits, such as break in when interrupt is off, break on VM entry and VM exit and single stepping sensitive code in VMM etc. In this talk, Raymond, a veteran Intel architect, will explain the DCI technology and how to use it to debug KVM, both the VMM layer and VM layer.

Speakers
RZ

Raymond Zhang

Software Architect, Xedge.AI
Raymond (Yinkui Zhang) is a widely recognized expert on system software and low level debugging. He is author of the top-selling book on Software Debugging and columnist for the Debugging Sword column of the Programmer magazine. He has worked in the IT industry for over 20 years with... Read More →


Friday October 30, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM

14:00 GMT

QEMU Live Update - Steven J. Sistare, Oracle
The ability to update software with critical bug fixes and security mitigations while minimizing downtime is valued highly by customers and providers. In this talk, Steve presents a new method for updating a running instance of QEMU to a new version while minimizing the impact on the VM guest. The guest pauses briefly, for less than 200 msec in the prototype, without loss of internal state or external connections. The old QEMU process exec's the new QEMU binary, and preserves anonymous guest RAM at the same virtual address via a proposed Linux madvise variant. Descriptors for external connections are preserved, and VFIO pass through devices are supported by preserving the VFIO device descriptors and attaching them to a new KVM instance after exec. The update method requires code changes to QEMU, but no changes are required in system libraries or the KVM kernel module.

Speakers
SS

Steven Sistare

Software Architect, Oracle Corporation
Steve is a software architect for the Oracle Linux kernel team, with particular interests in virtualization, performance, scalability, virtual memory, scheduling, security, tools, boot time, and processor support. He previously did similar work in the Solaris kernel. Steve graduated... Read More →



Friday October 30, 2020 14:00 - 14:30 GMT
KVM Theater
  KVM Forum, KVM
 

Twitter Feed