Loading…
Simple
Expanded
Grid
By Venue
Senior level [clear filter]
Monday, October 26
 

12:00 GMT

Container Live Migration - Adrian Reber, Red Hat
One of the main reasons Checkpoint/Restore in User-Space (CRIU) exists is to enabled container live migration and although container live migration is always viewed as an outlier or corner case of containers, because containers are supposed to be stateless, CRIU continues to get better at container live migration. Maybe containers are supposed to be stateless, but CRIU still sees growing interest in its container migration features and especially the integration in container runtimes. In this talk I want to present details about CRIU and with which clever tricks it provides the ability to checkpoint and restore processes and whole containers. I also want to show how it is integrated in container runtimes like runc, crun, lxc/lxd, borg and Podman. I want to close the talk with a few demos showcasing CRIU's features in Podman as presented before to live migrate containers and how to use checkpoints to decrease the container startup time. The goal of this talk is to give a technical presentation how containers can be live migrated, that it is easily possible to live migrate containers and that the container migration technology has additional use cases.
Speakers
avatar for Adrian Reber

Adrian Reber

Senior Principal Software Engineer, Red Hat
Adrian is a Senior Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Most of the time he is... Read More →

2020 osseu container live migration pdf
Monday October 26, 2020 12:00 - 12:50 GMT
Cloud Theater
  Cloud + Cloud Native, Containers and Distributed Edge
 
Tuesday, October 27
 

18:30 GMT

Unsolved Problems in Open Source Security - Rhys Arkins, WhiteSource
Very few people today doubt the principles and benefits of Open Source, but you can definitely be forgiven for having concerns about its security. Some of the ways we rely on Open Source today are fundamentally flawed, yet almost never discussed - from registries hosting unsigned artifacts of unreproducible source to package managers which propagate new versions of dependencies at the earliest opportunity. It's time to identify these unsolved - and mostly undiscussed - risks, evaluate their potential impact, and determine what can be done in the Open Source community to address them. This presentation will discuss why we need reproducible builds in open source, verified artifacts, and why the majority of package managers may need a substantial change, while one in particular got it right. It will also provide some recommendations on defensive use of open source particularly for products and industries at the highest risk of software supply chain attacks.
Speakers
avatar for Rhys Arkins

Rhys Arkins

VP of Product management, Mend
Rhys Arkins is responsible for developer solutions at WhiteSource. He was the founder of Renovate Bot, an automated tool for software dependency updating, which was acquired by Mend in 2019. Rhys is particularly fond of automation and a firm believer in never sending humans to do... Read More →

20201016 Open Source Summit Europe pdf
Tuesday October 27, 2020 18:30 - 19:20 GMT
OS Dependability Theater
  OS Dependability, Handling Security Issues in Safety-Critical Applications
 
Wednesday, October 28
 

12:00 GMT

Virtual Topology for Virtual Machines: Friend or Foe? - Dario Faggioli, SUSE
Being able to craft a detailed virtual topology for a VM may be crucial for achieving good performance. But it is also risky, as interfaces become more complex, and an inconsistent configuration may be selected, causing more harm than good.

E.g., it would be good to be able to specify the size of caches, for cases when some software (e.g., glibc) inside the VM checks it and decides whether or not to enable some optimizations depending right on that.

On the other hand, even just defining the vCPUs topology (threads, cores, NUMA nodes, etc) may lead to less stable or outright worse performance, if the vCPUs and the memory of the VM are not properly pinned at the host level.

In this talk, we will show some first-hand examples, we will outline what is currently there in Linux, libvirt and QEMU and we will discuss if it is possible to improve things even further.
Speakers
avatar for Dario Faggioli

Dario Faggioli

Virtualization Engineer, SUSE
Dario is a Virtualization Software Engineer at SUSE. He's been active in the Open Source virtualization space for a few years. Within the Xen-Project, he is still the maintainer of the Xen hypervisor scheduler. He also works on Linux kernel, KVM, Libvirt, and QEMU. Back during his... Read More →

Virtual Topology Friend or Foe pdf
Wednesday October 28, 2020 12:00 - 12:50 GMT
KVM Theater
  KVM Forum

12:00 GMT

A Faster Hibernation/Resume Using Opportunistic Memory Reclaim - Andrea Righi, Canonical
Hibernation is usually considered as an obsolete feature for laptops, but it can still provide significant benefits in many different scenarios, if it can be made to work reliably and efficiently. The main bottleneck of hibernation is the cost of I/O, both at hibernation and resume time, but it is possible to reduce this cost using opportunistic memory reclaiming techniques. Canonical has been actively experimenting hibernation in cloud computing and virtualized environments. In the process we had the opportunity to experiment some improvements and learn surprising lessons. This session shares some technical details of the solutions that we developed, the lessons learned and the results that we found.
Speakers
avatar for Andrea Righi

Andrea Righi

Kernel Engineer, Canonical
Andrea Righi works for Canonical as a Kernel Engineer, focusing on performance analysis, tracing, virtualization technologies and power management topics. Andrea started working with the Linux kernel in 2004 while he was a student at the University. His contributions were mostly focused... Read More →

A faster hibernation resume using opportunistic memory reclaim pdf
Wednesday October 28, 2020 12:00 - 12:50 GMT
Linux Systems Theater
  Linux Systems, Power Management

13:00 GMT

Real-time Linux: What is Next? - Daniel Bristot de Oliveira, Red Hat
With the PREEMPT_RT mainlining, is the real-time Linux development ended? - No! It is the beginning of a new era. The low latency provided by the nowadays communication channels and the need for a software stack for AI/ML present on Linux is enabling a new class of cyber-physical systems that depends on real-time kernel. But, is the real-time kernel ready to be used in such scenarios? This presentation is a discussion about the current state of Real-time Linux. It will talk about the kind of determinism that is possible to obtain with Linux and the type of determinism that is still not possible to achieve. The main goal is to point to the next opportunities in the development that can enable Linux for a class of systems that requires more robust evidence of correctness, including the formal verification of the kernel and the mathematical analysis of the timing properties of the kernel.
Speakers
avatar for Daniel Bristot de Oliveira

Daniel Bristot de Oliveira

Principal Software Engineer, Red Hat
Daniel is a Principal Software Engineer at Red Hat, working in the real-time kernel team, and has a Ph.D. in Automation Engineering (UFSC)/Computer Engineering (Scuola Superiore Sant'Anna). He works in the research and development of real-time features and runtime formal verification... Read More →

Wednesday October 28, 2020 13:00 - 13:50 GMT
Linux Systems Theater
  Linux Systems, Mission-Critical + Real-Time

16:15 GMT

A Technical Deep Dive into the QEMU Emulated NVMe Device - Klaus Jensen, Samsung Electronics
The QEMU generic machine emulator and virtualizer includes a wide range of emulated devices. These devices can be very useful for debugging a software stack and for prototyping new features that is yet to be available in hardware and firmware. In this technical talk we focus on "prototyping new features" in the emulated NVMe device. We will go through the core event loop of the upstream device and explore how the recently ratified Namespace Types and Zoned Namespaces NVMe Technical Proposals can be implemented. Finally, we will design a custom (non-spec) command and go through a prototype implementation. We will then discuss how such a QEMU prototype implementation helps when developing the associated software stack and see how the feature can be tested and verified from a Linux host.
Speakers
avatar for Klaus Jensen

Klaus Jensen

Staff Engineer, Samsung Electronics
Klaus Jensen is a software engineer with a background in academia. He has worked in the state-of-the-art area of High Performance Computing, avoided users as an old school conservative UNIX sysop, written a Ph.D. thesis on tape and been involved in the OpenChannel SSD community, and... Read More →

Wednesday October 28, 2020 16:15 - 17:05 GMT
Linux Systems Theater
  Linux Systems, Filesystems and Storage
 
Thursday, October 29
 

06:00 GMT

Look Ma’, No (Real) Interrupt Controller! - Marc Zyngier, Google & Christoffer Dall, Arm
Modern interrupt controllers are very complicated constructs with complex interfaces, only matched by the complexity of the software that emulates them. In a hypervisor, this software often lives at a privileged exception level, exposing an attractive attack surface for malicious actors, and making it difficult to verify the correctness of the hypervisor. This is problematic for many hypervisor deployments, especially when aiming to provide trusted execution environments. To address these concerns, we present a paravirtualized interrupt controller architecture, which is easier to verify, provides the minimum level of service that a VM requires as well as consistent semantics, and which has the potential to be used across CPU architectures. This gives the opportunity to consider trade-offs between performance and complexity, and the applicability to being built or accelerated in hardware.
Speakers
avatar for Christoffer Dall

Christoffer Dall

Senior Principal Engineer, Arm
Christoffer Dall is the original author of the 32-bit KVM/Arm port and co-maintained KVM/Arm64 for several years before moving on to computer architecture work at Arm. Christoffer works on the Arm Confidential Compute Architecture (CCA) and has +influenced the Arm virtualization architecture... Read More →
avatar for Marc Zyngier

Marc Zyngier

Kernel hacker, Google
Marc has been working on the Linux kernel for some time, starting with the MD subsystem in 1996, wasted too much time dealing with fault-tolerant systems, played with consumer electronics, spent a decade dealing with the ARM architecture, authoring and maintaining KVM/arm64 for most... Read More →

Thursday October 29, 2020 06:00 - 06:30 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Implementing SR-IOV Failover for Windows Guests During Migration - Yan Vugenfirer, Daynix & Annie Li, Oracle
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests.  In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.
Speakers
avatar for Yan Vugenfirer

Yan Vugenfirer

CEO, Daynix
Yan is the CEO of Daynix Computing. He is an upstream maintainer of the virtio-win drivers https://github.com/virtio-win/kvm-guest-drivers-windows/. Yan has more than 20 years of kernel development and 14 years of virtualization-related development.
avatar for Yansu Li

Yansu Li

Principal Software Engineer, Oracle
Annie is a principal software developer at Oracle America, Inc. Her role is developing Virtualization drivers in Windows, and currently, she is working on VirtIO 2-netdev model for supporting SR-IOV live migration in Windows. She has 10+ years experience of Windows driver develop... Read More →

Implementing SR IOV Failover for Windows Guests During Migration pdf
Thursday October 29, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM
 
Friday, October 30
 

06:30 GMT

Guest Memory Protection -- Current Status and Future - Isaku Yamahata, Intel
Recently there are several proposals for protect guest memory from KVM as VMM and qemu as user space in various ways of software and hardware. We discuss the guest memory protection and how we can proceed those efforts. As software solution, the proposal of KVM protected memory extension, the mapping of guest memory is removed from kernel address space (direct mapping area) and make user space mapping as NONE permittion. Also the proposal of execute only memory(XOM) introduce a new software type of guest memory as execute only. Also removing mapping from use space is also important part of guest memory protection which may require changes intrusive to KVM MMU. Live migration also needs attention for guest protection because guest memory protection means that qemu can't directly access guest memory/status. After summarizing proposals, consider how we can proceed them.
Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →

guest memory protection pdf
Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

06:30 GMT

Scalable Work Submission in Device Virtualization - Hao Wu, Intel
Hardware I/O virtualization techniques, such as PCIe SR-IOV and Intel Scalable IOV, allows devices to be shared by multiple clients (e.g. VMs) with minimal emulation cost. However, some devices may not allow fine-grained partitioning of its backend resources, thus imposing a scalability limitation. ENQCMD (Enqueue Command) is a new instruction on future Intel platforms to allow scalable work submission for such devices. The instruction payload includes the work descriptor and a unique PASID to identify the client who is submitting the work, thus allowing a single work queue to be shared between multiple clients. In this talk, Hao will introduce the ENQCMD concept and how to efficiently virtualize it through hardware/software extensions, based on the example implementation on Scalable IOV based device.
Speakers
HW

Hao Wu

Software Engineer, Intel
Hao is a software engineer from Intel Virtualization Enabling team, focusing on I/O virtualization technology. His most recent interest and work is I/O support for Virtualization-based Trust Execution Environment (TEE). Prior to that, Hao worked on linux kernel and device drivers... Read More →

Scalable Work Submission In Device Virtualization pdf
Friday October 30, 2020 06:30 - 07:00 GMT
KVM Theater
  KVM Forum, KVM

07:30 GMT

Device Keepalive State for Local Live Migration and VMM Fast Restart - Jason Zeng, Intel
Passthrough devices are painpoints of VM live migration or VMM/Host upgrade. Currently there are community discussions and approaches to support passthrough device live migration, however they usually require vendor specific driver support, which is also a painpoint for legacy devices. This topic will introduce a new device state, keepalive state, for passthrough devices and other related hardware and software components to support local migration and VMM/host reboot. The new keepalive state doesn’t require vendor specific driver support for most legacy devices. It keeps devices and other related hardware alive during the local live migration period. In this topic, we will present the design and implementation of the kernel and Qemu changes for supporting keepalive state.
Speakers
JZ

Jason Zeng

Software Engineer, Intel Coporation
Jason Zeng is a software engineer from Intel virtualization team, focusing on various KVM/virtualization features and projects. Currently he is working on VMM Fast Restart project which aims to provide a solution for fast upgrading and rebooting VMM/host kernel while impose less impact... Read More →

Device Keepalive State KVMForum2020 pdf
Friday October 30, 2020 07:30 - 08:00 GMT
KVM Theater
  KVM Forum, KVM

10:30 GMT

Debugging KVM Using Intel DCI Technology - Raymond Zhang, Xedge.AI
Debugging KVM using print/log is inefficient and has many limitations. This talk will introduce a new way to debug KVM using the Direct Connect Interface (DCI). DCI is a new technology introduced by Intel Skylake. It exposes the Intel Target Probe (ITP) and JTAG scan chain to USB 3 ports so that host computer can build a JTAG connection with Intel silicon via a USB 3 cable. For the transportation lay is USB 3, it's very fast. Besides the transferring speed, debugging via DCI controls CPU at hardware level, has no dependency on software. This brings several benefits, such as break in when interrupt is off, break on VM entry and VM exit and single stepping sensitive code in VMM etc. In this talk, Raymond, a veteran Intel architect, will explain the DCI technology and how to use it to debug KVM, both the VMM layer and VM layer.
Speakers
RZ

Raymond Zhang

Software Architect, Xedge.AI
Raymond (Yinkui Zhang) is a widely recognized expert on system software and low level debugging. He is author of the top-selling book on Software Debugging and columnist for the Debugging Sword column of the Programmer magazine. He has worked in the IT industry for over 20 years with... Read More →

Friday October 30, 2020 10:30 - 11:00 GMT
KVM Theater
  KVM Forum, KVM

14:00 GMT

QEMU Live Update - Steven J. Sistare, Oracle
The ability to update software with critical bug fixes and security mitigations while minimizing downtime is valued highly by customers and providers. In this talk, Steve presents a new method for updating a running instance of QEMU to a new version while minimizing the impact on the VM guest. The guest pauses briefly, for less than 200 msec in the prototype, without loss of internal state or external connections. The old QEMU process exec's the new QEMU binary, and preserves anonymous guest RAM at the same virtual address via a proposed Linux madvise variant. Descriptors for external connections are preserved, and VFIO pass through devices are supported by preserving the VFIO device descriptors and attaching them to a new KVM instance after exec. The update method requires code changes to QEMU, but no changes are required in system libraries or the KVM kernel module.
Speakers
SS

Steven Sistare

Software Architect, Oracle Corporation
Steve is a software architect for the Oracle Linux kernel team, with particular interests in virtualization, performance, scalability, virtual memory, scheduling, security, tools, boot time, and processor support. He previously did similar work in the Solaris kernel. Steve graduated... Read More →

qemu live update pdf
Friday October 30, 2020 14:00 - 14:30 GMT
KVM Theater
  KVM Forum, KVM
 

Twitter Feed

Filter sessions
Apply filters to sessions.
Monday, October 26
Tuesday, October 27
Wednesday, October 28
Thursday, October 29
Friday, October 30
101 Essentials Theater
AI/ML/DL Theater
Cloud Theater
Community & Business Leadership Theater
DES Theater
ELC Theater
IoT Theater
Keynote Theater
KVM Theater
LF Project Mini-Summit Theater
Linux Systems Theater
LSS Theater
OS Databases Theater
OS Dependability Theater
OS Program Office Management Theater
Sponsor Showcase
TBA
Wildcard Theater
Workshop Theater
  • 101 Essentials - Cloud Administration
  • 101 Essentials - Embedded Linux
  • 101 Essentials - Linux Administration
  • AI/ML/DL
  • Ask the Experts Sessions
  • Cloud + Cloud Native
  • Community Leadership
  • Diversity Empowerment Summit
  • Embedded Linux Conference (ELC)
  • Interactive Learning + Special Events
  • Internet of Things
  • Keynote Sessions
  • KVM Forum
  • LF Project Mini-Summits
  • Linux Security Summit (LSS)
  • Linux Systems
  • OS Databases
  • OS Dependability
  • OS Program Office
  • Sponsor Showcase Booth Hours
  • Wildcard
  • Skill Level
  • Advanced
  • Any
  • Entry level
  • Intermediate
  • Mid-level
  • Senior level
  • Technical Talk
  • No
  • Yes
  • Session Slides
  • Included