{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.0.dev0"}, "schedule": {"url": "https://pretalx.com/kvm-forum-2024/schedule/", "version": "0.11", "base_url": "https://pretalx.com", "conference": {"acronym": "kvm-forum-2024", "title": "KVM Forum 2024", "start": "2024-09-22", "end": "2024-09-23", "daysCount": 2, "timeslot_duration": "00:05", "time_zone_name": "Europe/Rome", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Hall A+B", "slug": "3302-hall-ab", "guid": "5e59d34f-20a5-5bd1-ac4f-86666bb9c07f", "description": null, "capacity": 200}, {"name": "Hall C+D", "slug": "3303-hall-cd", "guid": "21264cdc-040f-5336-be23-c02e2a2528c9", "description": null, "capacity": 100}], "tracks": [{"name": "KVM", "slug": "4961-kvm", "color": "#0042D4"}, {"name": "Userspace", "slug": "4963-userspace", "color": "#B30707"}, {"name": "VFIO", "slug": "4962-vfio", "color": "#116B1A"}], "days": [{"index": 1, "date": "2024-09-22", "day_start": "2024-09-22T04:00:00+02:00", "day_end": "2024-09-23T03:59:00+02:00", "rooms": {"Hall A+B": [{"guid": "798fb267-d8e5-5836-a792-606e05bd8275", "code": "YUS9Z8", "id": 52628, "logo": null, "date": "2024-09-22T09:00:00+02:00", "start": "09:00", "duration": "00:15", "room": "Hall A+B", "slug": "kvm-forum-2024-52628-kvm-keynote", "url": "https://pretalx.com/kvm-forum-2024/talk/YUS9Z8/", "title": "KVM Keynote", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "Summary of the work done to KVM over the past year, highlighting the significant contributions that have landed upstream.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HSEJYD", "name": "Oliver Upton", "avatar": null, "biography": null, "public_name": "Oliver Upton", "guid": "af155fed-4115-5f20-b9a6-7a1ff2d4828b", "url": "https://pretalx.com/kvm-forum-2024/speaker/HSEJYD/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/YUS9Z8/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/YUS9Z8/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/YUS9Z8/resources/KVM_Status_Update_2024_nIcvtmj.pdf", "type": "related"}]}, {"guid": "8a82be4b-3d16-5528-a5c0-087ec8224dc7", "code": "YSCDLL", "id": 51889, "logo": null, "date": "2024-09-22T09:15:00+02:00", "start": "09:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51889-oh-plugins-where-are-we-now", "url": "https://pretalx.com/kvm-forum-2024/talk/YSCDLL/", "title": "Oh Plugins, where are we now?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "QEMU has long had a number of downstream forks that seek to take\r\nadvantage of its flexible TCG emulation layer and combine it with\r\nvarious approaches to instrumentation. The TCG plugin sub-system\r\nintroduced 5 years ago was an attempt to provide for the needs of\r\ninstrumentation in an upstream compatible way. Recent enhancements\r\ninclude the ability to read register values and a more efficient way\r\nto implement thread safe counters.\r\n\r\nAlex asks have we done enough to enable the more interesting use cases\r\nsuch as binary analysis and fuzzing?\r\n\r\nIs it time to revisit the limitations introduced to avoid GPL end-runs\r\nand allow plugins to affect system state?\r\n\r\nAre there any more features tools like AFL+ or ThreadSan need to be\r\nable to introspect and analysis a system running in QEMU.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "BFWUWN", "name": "Alex Benn\u00e9e", "avatar": "https://pretalx.com/media/avatars/BFWUWN_w2KEVlI.webp", "biography": "Long time systems and embedded developer with a side of Dynamic Binary Translation.\r\nAlex started learning to program in the 80s in an era of classic home computers that allowed you to get down and dirty at the system level. After graduating with a degree in Chemistry he's worked on a variety of projects including Fruit Machines, Line Cards, CCTV recorders and point-to-multipoint wireless microwave systems. Since the turn of the century his primary focus has been working with FLOSS platforms, especially Linux. An alumni of Transitive he has a broad experience of cross-platform virtualization as well as a strong background in telecommunications and networking. A keen Emacs user he will happily answer questions and proselytise for the One True Editor (tm).", "public_name": "Alex Benn\u00e9e", "guid": "f632a3fc-a4bb-537c-bc3d-e9c673c92b76", "url": "https://pretalx.com/kvm-forum-2024/speaker/BFWUWN/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/YSCDLL/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/YSCDLL/", "attachments": [{"title": "Slides for the talk", "url": "/media/kvm-forum-2024/submissions/YSCDLL/resources/Oh_Plugins_where_are_we_now_9v8yPmL.pdf", "type": "related"}]}, {"guid": "e822d798-2397-5163-9e28-58e09b48d095", "code": "CYEGXD", "id": 51852, "logo": null, "date": "2024-09-22T09:45:00+02:00", "start": "09:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51852-tcg-plugin-in-practice-a-case-of-microarchitecture-research", "url": "https://pretalx.com/kvm-forum-2024/talk/CYEGXD/", "title": "TCG Plugin in Practice: A Case of Microarchitecture Research", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "While KVM and other virtualization tools dominate the scene, QEMU's TCG emulation deserves a second look. Sure, it excels at cross-development and retro gaming, but what if it could do more? This talk explores using TCG not just to mimic processors, but to create a new one.\r\nDesigning a processor microarchitecture involves a selection of various options. Implementing them all in silicon takes forever. A common methodology for microarchitecture design exploration is to use simulators. Simulators focus on replicating execution timing, eliminating details for faster implementation. However, they lack a mechanism to perform operations and make decisions about branches and memory access. Interpreters, a typical solution, are slow, unreliable, and feature-poor.\r\nHere's where TCG shines. Compared to interpreters, TCG boasts impressive speed, supports multiple architectures, allows debugging with GDB, and handles both system and user space emulation. To showcase its potential, we describe a practical case of employing TCG for RISC-V emulation and integrating it with a simulator through a custom TCG plugin. In the process, we contributed to the upstream development of a new feature of the TCG plugin infrastructure to read registers, crucial for our use case. Finally, we discuss possibilities to extend QEMU to empower future microarchitecture research further.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "9YBKQT", "name": "Akihiko Odaki", "avatar": null, "biography": "Akihiko Odaki, a Ph.D. student at the University of Tokyo, is passionate about designing faster processors. His research focuses on processor microarchitecture, specifically using QEMU to analyze RISC-V programs and optimize processor designs for their execution speed.\r\n\r\nHe is also a software engineer at Daynix Computing, Ltd., and his contribution to the development of the TCG plugin\u2019s register reading feature was supported by the company. His primary focus at the company is QEMU's networking subsystem. Notably, he is the maintainer of igb, a critical component that emulates an Intel network interface card with advanced virtualization capabilities. Akihiko's interests extend beyond networking and include macOS support, Asahi Linux (a port of Linux for Apple Silicon) support, and para-virtualized graphics.", "public_name": "Akihiko Odaki", "guid": "1a98ecbf-22df-515a-bb19-834b40853a11", "url": "https://pretalx.com/kvm-forum-2024/speaker/9YBKQT/"}], "links": [{"title": "Google Slides", "url": "https://docs.google.com/presentation/d/1oIhVzWdpL1wWNXt5aOw8_iMpdBv_guXd9884yyCHC_c/edit?usp=sharing", "type": "related"}], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/CYEGXD/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/CYEGXD/", "attachments": [{"title": "PDF", "url": "/media/kvm-forum-2024/submissions/CYEGXD/resources/TCG_Plugin_in_Practice__A_Case_of_Microarchi_n72obKO.pdf", "type": "related"}]}, {"guid": "3c4d4d5c-a004-5523-9d50-6eb8adaf23ce", "code": "8SWRCB", "id": 50490, "logo": null, "date": "2024-09-22T10:45:00+02:00", "start": "10:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-50490-getting-qemu-ready-for-the-automotive-industry", "url": "https://pretalx.com/kvm-forum-2024/talk/8SWRCB/", "title": "Getting QEMU ready for the Automotive Industry", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The advent of the Software Defined Vehicle (SDV) comes with its unique set of opportunities and challenges. Consolidation of control units (CUs) into a single, central computer, implies the potential need for relying on Virtualization for running multiple Operating Systems on a single system.\r\n\r\nFor QEMU, this means new challenges. In addition of growing to support new paravirtual interfaces required by the Automotive Industry, it also needs to be able to provide optimal data paths for data intensive virtual devices, such as GPUs, NPUs, DSPs, video and media devices. And, at the same time, it needs to offer excellent uptime and accept being encapsulated in a context that guarantees proper spatial and temporal separation between it and other components in the system.\r\n\r\nIn this talk, I'll detail these challenges and the work we're doing to overcome them while building the Virtualization feature for Automotive Stream Distribution (AutoSD), the distribution maintained by the CentOS Automotive SIG.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HQG8WB", "name": "Sergio Lopez Pascual", "avatar": "https://pretalx.com/media/avatars/HQG8WB_6io931F.webp", "biography": "Sergio is a Senior Principal Software Engineer at Red Hat. After a tenure in the Virtualization Team, he joined the Automotive Team to help building a car-friendly Virtualization stack for CentOS AutoSD. He's also the maintainer of the microvm machine type in QEMU, main author and maintainer of libkrun (an opinionated VMM written in Rust and based on rust-vmm components) and co-maintainer of various crates from the rust-vmm project.", "public_name": "Sergio Lopez Pascual", "guid": "9b912a56-5f5c-528d-8810-99405bf9027b", "url": "https://pretalx.com/kvm-forum-2024/speaker/HQG8WB/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/8SWRCB/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/8SWRCB/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/8SWRCB/resources/Getting_QEMU_ready_for_the_Automotive_Indust_coRy2md.pdf", "type": "related"}]}, {"guid": "f94e4ea3-aedd-5f4b-9c36-ed07b9375921", "code": "YTTNYF", "id": 50819, "logo": null, "date": "2024-09-22T11:15:00+02:00", "start": "11:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-50819-automated-hypervisor-testing-and-benchmarking-on-hardware", "url": "https://pretalx.com/kvm-forum-2024/talk/YTTNYF/", "title": "Automated hypervisor testing and benchmarking on hardware", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Automated testing is a very important tool in modern software engineering, and is often implemented through runners in virtualized environments. Low-level domains, such as kernel development, have unique requirements that are not covered in these environments, but automation of all different kinds of hardware comes with additional challenges. In this talk, we will deep-dive into some of the challenges we encountered during development and use of SoTest, a custom-made service for automatically testing and benchmarking virtualization workloads on a broad variety of hardware, including:\r\n\r\n* How can we make arbitrary hardware remote-controllable?\r\n\r\n* How do we integrate these tests into the developer workflow? \r\n\r\n * How can we optimize the throughput?\r\n\r\n* How do we enable performance benchmarking?\r\n\r\n* How do we handle, e.g., network infrastructure flakiness?", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GVJ33R", "name": "Markus Napierkowski", "avatar": null, "biography": "Markus Napierkowski is Technical Lead at Cyberus Technology GmbH, where he contributed to different low-level virtualization projects, helped build an internal hardware test automation service, and is currently responsible for the overall software engineering methodology.", "public_name": "Markus Napierkowski", "guid": "a6b9e0fa-f180-5823-9db1-300540b63d02", "url": "https://pretalx.com/kvm-forum-2024/speaker/GVJ33R/"}, {"code": "L9MNNG", "name": "Sebastian Eydam", "avatar": null, "biography": "Software Engineer at Cyberus Technology", "public_name": "Sebastian Eydam", "guid": "d520c79a-9813-5411-90be-28d3b82b7647", "url": "https://pretalx.com/kvm-forum-2024/speaker/L9MNNG/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/YTTNYF/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/YTTNYF/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/YTTNYF/resources/KVM_Forum_MeNkzd3.pdf", "type": "related"}]}, {"guid": "b290e1e6-7e9d-5494-9e35-53ac0abd29a5", "code": "SPEZMB", "id": 51795, "logo": null, "date": "2024-09-22T11:45:00+02:00", "start": "11:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51795-virtual-device-for-testing-the-linux-pcie-endpoint-framework", "url": "https://pretalx.com/kvm-forum-2024/talk/SPEZMB/", "title": "Virtual device for testing the Linux PCIe endpoint framework", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Linux PCI endpoint framework enables Linux to operate as a PCIe Endpoint device by interacting with hardware. It provides functions for describing PCIe configuration space content and transferring data via the PCIe bus. However, testing the framework and its implementations can be challenging due to the limited availability of real PCIe endpoint hardware for testing purposes. To address this limitation, we are proposing  a virtual device that allows the PCIe endpoint framework to function without relying on physical hardware. This virtual device can improve the testability, leading to more robust and reliable implementations. In this session, we will introduce the design and implementation of this virtual device.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "3NWGSW", "name": "Shunsuke Mie", "avatar": "https://pretalx.com/media/avatars/3NWGSW_mzeeEUD.webp", "biography": "Software Engineer at IGEL Co., Ltd.", "public_name": "Shunsuke Mie", "guid": "3e953750-5158-5076-a0fc-410e925b9381", "url": "https://pretalx.com/kvm-forum-2024/speaker/3NWGSW/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/SPEZMB/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/SPEZMB/", "attachments": [{"title": "kvmforum2024-qemu-epc", "url": "/media/kvm-forum-2024/submissions/SPEZMB/resources/KVMForum2024-qemu-epc_zkHMcQv.pdf", "type": "related"}]}, {"guid": "51f906c6-2c21-5882-9c6b-40bd104ef281", "code": "WNKVUG", "id": 46510, "logo": null, "date": "2024-09-22T13:45:00+02:00", "start": "13:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-46510-vm-crash-investigation-unmasking-the-culprits", "url": "https://pretalx.com/kvm-forum-2024/talk/WNKVUG/", "title": "VM crash investigation: Unmasking the culprits", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "We all know that debugging containers can be tough. In immutable pods, with limited capabilities and minimal packages, we can be additionally hindered without our favorite debugging tools or even the required privileges; it can be downright frustrating. And containerized virtual machines aka KubeVirt? It's another layer again!\r\n\r\nBut there's hope. Join us as we explore common problems and repeatable solutions to debug KubeVirt failures and how to mix Kubernetes debugging techniques with more traditional virtualization debugging methods.\r\n\r\nIn this session you will learn:\r\n  - How to do privileged debugging on the node\r\n  - How we can bring additional tools into the target container as a regular user\r\n  - How to use traditional VM debugging in Kubernetes\r\n\r\nAll of which will help you to find your way in the container world.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "FYGKEP", "name": "Alice Frosi", "avatar": null, "biography": "Alice is a Principal Software Engineer working on KubeVirt, virtualization, and containers. She focuses mostly on storage topics but she has fun exploring all possible combinations of containers and VMs.", "public_name": "Alice Frosi", "guid": "41ffa760-fa58-5af2-a706-7bd1119dd139", "url": "https://pretalx.com/kvm-forum-2024/speaker/FYGKEP/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/WNKVUG/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/WNKVUG/", "attachments": [{"title": "Slides for \"KVM forum 2024 - VM crash investigation: Unmasking the culprits\" talk", "url": "/media/kvm-forum-2024/submissions/WNKVUG/resources/KVM_forum_2024_-_VM_crash_investigation__Unm_vIgm7rt.pdf", "type": "related"}]}, {"guid": "76dd6567-b481-588b-b61d-730f7691b9c1", "code": "BFULKK", "id": 46467, "logo": null, "date": "2024-09-22T14:15:00+02:00", "start": "14:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-46467-live-updates-akamai", "url": "https://pretalx.com/kvm-forum-2024/talk/BFULKK/", "title": "Live Updates @ Akamai", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Live Updates are an increasingly successful way to update the host kernel and userland on a KVM host with very little downtime, and without the need for Live Migration. It works by leaving VM state in memory and switching to a new kernel via kexec without a full power cycle. For our cloud computing business @ Akamai, this is a game changer. Capacity constraints are a driving motivator for us to use live updates, particularly with the way we operate at the edge. We operate a product named Akamai Cloud Computing (formerly [www.linode.com](https://www.linode.com)). Oftentimes, live migration is very not an option due to those capacity constraints. In working with the recently merged CPR (Checkpoint Restart) feature, we are putting this new QEMU functionality to good use. We are actively productionizing the use of Live Updates and in this talk we describe some of the challenges we went through to make Live Updates work. We're hoping that tales from a cloud provider will motivate more companies to get engaged with this powerful support from QEMU so that Live Updates can become a routine operation in the cloud.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "F7L33H", "name": "Michael Galaxy", "avatar": "https://pretalx.com/media/avatars/F7L33H_xVVcj6d.webp", "biography": "Michael works on cloud performance @ Akamai as well as KVM performamce engineering for Linode customers. https://www.linkedin.com/in/mrgalaxy/", "public_name": "Michael Galaxy", "guid": "aed0d67e-5163-577d-9c43-63b2ba7a2539", "url": "https://pretalx.com/kvm-forum-2024/speaker/F7L33H/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/BFULKK/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/BFULKK/", "attachments": [{"title": "Powerpoint Slides", "url": "/media/kvm-forum-2024/submissions/BFULKK/resources/Live_Updates__Akamai_-_KVM_Forum_2024_1_RSxTQDH.pdf", "type": "related"}]}, {"guid": "e85ed9c8-2fb4-5962-821c-b811d52b86d1", "code": "ZSYR9Z", "id": 51294, "logo": null, "date": "2024-09-22T14:45:00+02:00", "start": "14:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51294-qemu-live-migration-device-state-transfer-parallelization-via-multifd-channels", "url": "https://pretalx.com/kvm-forum-2024/talk/ZSYR9Z/", "title": "QEMU live migration device state transfer parallelization via multifd channels", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Current QEMU live migration device state transfer is done via the (single) main migration channel.\r\n\r\nSuch way of transferring device state migration data reduces performance and severally impacts the migration downtime for VMs having large device state that needs to be transferred during the switchover phase.\r\n\r\nSome examples of devices that have such large switchover phase device state are some types of VFIO SmartNICs and GPUs.\r\n\r\nThis talk describes the efforts to parallelize the transfer and loading of device state for these VFIO devices by utilizing QEMU existing support for having multiple migration connections - that is, by utilizing multifd channels for their transfer, together with other parallelization improvements.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "QVCNRP", "name": "Maciej S. Szmigiero", "avatar": null, "biography": "Maciej S. Szmigiero is a Principal MTS in the Linux Virtualization and Security engineering team at Oracle, where he is responsible both for giving Windows guests a comfortable ride on top of KVM/QEMU virtualization stack and also for researching future guests live migration performance improvements.\r\n\r\nOutside of work, in his (sadly limited) spare time he loves working on improving other FOSS projects, doing DIY electronics stuff, and generally reading and learning about new developments in technology and the people behind it.", "public_name": "Maciej S. Szmigiero", "guid": "165b2aa7-c462-5111-902c-c6d72e4328ba", "url": "https://pretalx.com/kvm-forum-2024/speaker/QVCNRP/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/ZSYR9Z/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/ZSYR9Z/", "attachments": [{"title": "Slideshow", "url": "/media/kvm-forum-2024/submissions/ZSYR9Z/resources/kvm-forum-2024-multifd-device-state-transfer_3K5EQIG.pdf", "type": "related"}]}, {"guid": "34d7a323-4950-58ee-aae1-f884b0309ce3", "code": "A3S9DF", "id": 51798, "logo": null, "date": "2024-09-22T15:15:00+02:00", "start": "15:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51798-userfaultfd-based-memory-overcommitment", "url": "https://pretalx.com/kvm-forum-2024/talk/A3S9DF/", "title": "UserfaultFD-based Memory Overcommitment", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Linux virtualization environments support memory overcommitment for VMs using techniques such as host-based swapping and ballooning. Ballooning is not a complete solution, and we have observed significant performance bottlenecks with the native Linux swap system. Swapping also degrades live migration performance, since QEMU reads a VM\u2019s entire address space, including  swapped-out pages that must be faulted in to migrate their data. QEMU accesses to pages during live migration also pollute the active working set of the VM process, causing unnecessary thrashing. As a result,  both guest performance and live migration times can be severely impacted by native Linux memory overcommitment.\r\nThese problems motivated us to develop a custom memory manager (external to QEMU) for VM memory. We propose leveraging UserfaultFD to take full control of the VM memory space via an external memory manager process, exposed to QEMU as a new memory backend. QEMU requests memory from this external service and registers the userfaultFD of shared memory address spaces with the memory manager process. This approach allows us to implement a lightweight swap system that can take advantage of a multi-level hierarchy of swap devices with different latencies that can be leveraged to improve performance. More generally, gaining control over guest memory enables a wide range of additional optimizations as future work.\r\nThis approach also offers significant opportunities to improve live migration.  With full visibility into the swap state of guest physical memory, we can avoid costly accesses to swapped-out pages, skipping over them during live migration.  By using shared remote storage accessible to both the source and destination hosts, we transfer only their swap locations, instead of their page contents. This eliminates the page faults associated with swapped-out pages, and also reduces pollution of the guest's active working set.\r\nWe will present the design and implementation of our prototype userfaultFD-based memory overcommitment system, and explain how it interoperates with QEMU for effective VM memory management.  We will also demonstrate its improved performance on several VM workloads, and discuss various tradeoffs and areas for future improvement.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZDWQXR", "name": "Tejus GK", "avatar": null, "biography": "Hypervisor Engineer @ Nutanix", "public_name": "Tejus GK", "guid": "472236d4-6a0f-5b0f-a69e-ae7fe9d85575", "url": "https://pretalx.com/kvm-forum-2024/speaker/ZDWQXR/"}, {"code": "7RM3PP", "name": "Manish Mishra", "avatar": null, "biography": "Manish Mishra is a software engineer, currently working for Nutanix's Acropolis HyperVisor team. He has work experience in virtualisation and core kernel. His recent works has been around live migrations and memory management.", "public_name": "Manish Mishra", "guid": "51148aee-686b-5368-b84d-22c41919f9a2", "url": "https://pretalx.com/kvm-forum-2024/speaker/7RM3PP/"}, {"code": "VLS7H3", "name": "Rohit Kumar", "avatar": null, "biography": "System Engineer @ Nutanix", "public_name": "Rohit Kumar", "guid": "6473a10e-2c1f-5e9f-814a-75eb42fe3a45", "url": "https://pretalx.com/kvm-forum-2024/speaker/VLS7H3/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/A3S9DF/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/A3S9DF/", "attachments": [{"title": "VM Memory Overcommitment with Userfaultfd", "url": "/media/kvm-forum-2024/submissions/A3S9DF/resources/VM_Memory_Overcommitment_with_Userfaultfd_2Fl36r7.pdf", "type": "related"}]}, {"guid": "d5719516-3f8d-53bc-965a-c8f8aa10e7bb", "code": "7FMW8B", "id": 52686, "logo": null, "date": "2024-09-22T16:15:00+02:00", "start": "16:15", "duration": "01:30", "room": "Hall A+B", "slug": "kvm-forum-2024-52686-birds-of-a-feather-bof-sessions", "url": "https://pretalx.com/kvm-forum-2024/talk/7FMW8B/", "title": "Birds of a Feather (BoF) sessions", "subtitle": "", "track": null, "type": "BoF", "language": "en", "abstract": "Birds of a Feather sessions are a place for informal meetings where attendees group together based on a shared interest.\r\n\r\nA topic lead (submitter) will propose a BoF for their area of interest during the first day of the conference and will drive the conversations.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/7FMW8B/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/7FMW8B/", "attachments": []}], "Hall C+D": [{"guid": "47ffca9f-2946-5c13-a941-ebbcb8ea357c", "code": "KLHRUW", "id": 51941, "logo": null, "date": "2024-09-22T09:15:00+02:00", "start": "09:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51941-the-confidential-computing-story-part-i-rivers-dams-and-kernel-development", "url": "https://pretalx.com/kvm-forum-2024/talk/KLHRUW/", "title": "The Confidential Computing Story part I: Rivers, dams and kernel development", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Confidential Story\r\nRivers, dams and kernel development\r\nFor a new hardware feature to be available to users, Linux and often other levels of the virtualization stack have to support it. The time needed for development and upstream acceptance can be substantial and difficult to predict.\r\n\r\nThis talk will analyze the past, present and future of enabling confidential computing on both the kernel and the QEMU sides. It will show how hardware vendors can benefit from working as closely as possible with upstream communities during \u201cin-house\u201d development, and how this can reduce the friction caused by different approaches coming in concurrently from multiple hardware vendors. I will also present the work done by Red Hat and Intel as part of the CentOS Stream Virtualization SIG, and how a stable base kernel facilitates work on confidential computing at the higher levels of the stack.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "9DM8WB", "name": "Paolo Bonzini", "avatar": null, "biography": "Paolo Bonzini works on virtualization for Red Hat, where he is a Distinguished Engineer. He is currently the maintainer of the KVM hypervisor and a contributor and submaintainer for QEMU.", "public_name": "Paolo Bonzini", "guid": "7e8129ac-bcfe-5e52-847a-f66e22028960", "url": "https://pretalx.com/kvm-forum-2024/speaker/9DM8WB/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/KLHRUW/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/KLHRUW/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/KLHRUW/resources/kvmforum24-tdx_GhPzxFo.pdf", "type": "related"}]}, {"guid": "a0fe37fe-82a7-5f20-a830-2e94252c1fdb", "code": "ZRA33Z", "id": 51773, "logo": null, "date": "2024-09-22T09:45:00+02:00", "start": "09:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51773-the-confidential-computing-story-part-ii-early-development-across-the-stack-living-in-stilt-house", "url": "https://pretalx.com/kvm-forum-2024/talk/ZRA33Z/", "title": "The Confidential Computing Story part II: Early development across the stack: living in stilt house", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "**The Confidential Story**\r\n\r\n**Early development across the stack: living in stilt houses**\r\n\r\nIn the second session of the Confidential Story, we will cover the adoption of the Confidential Compute stack which, at the time of this abstract submission, is not yet fully up streamed in the Linux Kernel, QEMU, or in the Kata and Confidential Containers projects. \r\n \r\nKata and Confidential Containers projects are two of the main consumers of the Confidential Compute stack, and aim to leverage it in the Cloud Native ecosystem, relying heavily on the work presented during the first part of this session. The Kata and Confidential Containers teams at Intel worked closely with distributions to make the development process easier and efficient for both developers and adopters of those projects.\r\n\r\nWe will cover the challenges of building a reasonable upper stack for early adopters, and doing so on top of moving pieces. We will show that working with moving parts is actually normal, and that collaboration is the way to make sure that a solution will be ready without many delays from the moment that the foundation is solid.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "AVXE3J", "name": "Fabiano Fid\u00eancio", "avatar": "https://pretalx.com/media/avatars/AVXE3J_bkQ3Jot.webp", "biography": "Fabiano Fid\u00eancio is a clumsy code janitor who happened to work as software engineer, and has a strong passion for easing the usability of the projects he works on. He's been working on the Kata Containers project for the past 3 years, and has been involved with Confidential Containers since its embrionary stages.", "public_name": "Fabiano Fid\u00eancio", "guid": "7269923b-06f9-57ab-874e-0e5ef84866dc", "url": "https://pretalx.com/kvm-forum-2024/speaker/AVXE3J/"}, {"code": "KNB8P9", "name": "Mikko Ylinen", "avatar": "https://pretalx.com/media/avatars/KNB8P9_vUe6sVg.webp", "biography": "Mikko is a cloud software architect at Intel\u2019s Cloud Software Engineering team. He comes with an embedded Linux and operating systems engineering background but has most recently worked on security related topics in confidential computing/containers and cloud infrastructure. He has given presentations in Linux foundation events, such as Cloud Native Security Con NA 2022 and Confidential Computing Developer Summit \u201821. In his free time, he enjoys ultra distance sports and sailing.", "public_name": "Mikko Ylinen", "guid": "1dc99a3f-c668-5623-ad28-f5d6674b4a92", "url": "https://pretalx.com/kvm-forum-2024/speaker/KNB8P9/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/ZRA33Z/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/ZRA33Z/", "attachments": [{"title": "Presentation slides", "url": "/media/kvm-forum-2024/submissions/ZRA33Z/resources/KVM_FORUM_2024_-_20240922_-_THE_CONFIDENTIAL_G8CR3jL.pdf", "type": "related"}]}, {"guid": "58258c5d-f607-5cf3-98be-7031a97240b6", "code": "MGDBUU", "id": 50613, "logo": null, "date": "2024-09-22T10:45:00+02:00", "start": "10:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-50613-beneath-the-surface-analyzing-nested-cvm-performance-on-kvm-qemu-and-linux-root-partition-for-microsoft-hyper-v-cloud-hypervisor", "url": "https://pretalx.com/kvm-forum-2024/talk/MGDBUU/", "title": "Beneath the Surface: Analyzing Nested CVM Performance on KVM/QEMU and Linux Root Partition for Microsoft Hyper-V/Cloud-Hypervisor", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As cloud technologies continue to advance at a rapid pace, there arises a critical need to assess the performance disparities among various virtualization stacks. This presentation aims to shed light on the comparative performance, scalability, and efficiency of two prominent hypervisor technologies\u2014KVM/QEMU and Linux as Root Partition for Microsoft Hyper-V with Cloud-Hypervisor as VMM \u2014within the realm of nested virtualization. Through a comprehensive evaluation, we will scrutinize diverse performance metrics encompassing CPU utilization, memory consumption, I/O throughput, and latency across varying workloads and configurations. Also, we try to examine the guest attestation process and the security aspects within these distinct hypervisor stacks. By delving into these key aspects, we seek to offer valuable insights into the operational characteristics and suitability of each hypervisor technology for nested confidential guest environments.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "YJS77B", "name": "Muminul Islam", "avatar": "https://pretalx.com/media/avatars/YJS77B_0fKGGyd.webp", "biography": "I am a Senior Software Engineer with Microsoft Linux Platform Group. Before that I worked for Oracle and Sandisk. I have been working on Linux and Virtualization technologies for more than a decade. I grew up in a countryside in Bangladesh and completed my bachelor's in computer science and engineering from Bangladesh University of Engineering and Technology. Later I got my MS in computer science from Florida International University. During my free time I like to hike and do gardening.", "public_name": "Muminul Islam", "guid": "1a1e0f25-d848-52fe-b96b-9e65f1a7cae8", "url": "https://pretalx.com/kvm-forum-2024/speaker/YJS77B/"}, {"code": "NAT3SH", "name": "Jinank Jain", "avatar": "https://pretalx.com/media/avatars/NAT3SH_MOs1aF3.webp", "biography": "Linux Kernel Engineer at Microsoft", "public_name": "Jinank Jain", "guid": "2a306485-b695-5fca-8a2f-75a29c8a4d3d", "url": "https://pretalx.com/kvm-forum-2024/speaker/NAT3SH/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/MGDBUU/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/MGDBUU/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/MGDBUU/resources/KVM-Forum-CVM_gPyfHKy.pdf", "type": "related"}]}, {"guid": "9d2d106f-fa58-5ac3-8612-a91a48847462", "code": "ZKJPRG", "id": 51746, "logo": null, "date": "2024-09-22T11:15:00+02:00", "start": "11:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51746-svsm-and-vm-privilege-level-instantiation-and-execution", "url": "https://pretalx.com/kvm-forum-2024/talk/ZKJPRG/", "title": "SVSM and VM Privilege Level instantiation and execution", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The VM Privilege Level (VMPL) feature of SEV-SNP allows for privilege separation within an SEV-SNP guest. Each VMPL will require its own execution state for each vCPU.  A Secure VM Service Module (SVSM) runs at the highest privilege level to provide services to lower privilege levels (such as a Linux guest OS). This talk looks to investigate how to maintain VMPL state for each guest vCPU and how to efficiently switch between VMPL levels of the guest vCPU.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "WGMM9H", "name": "Tom Lendacky", "avatar": null, "biography": "Tom Lendacky is a member of the Linux OS group at Advanced Micro Devices where he is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support in the Linux kernel to further enhance the features and capabilities of SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging). He has spoken at various Linux events, including KVM Forum a few times.", "public_name": "Tom Lendacky", "guid": "f0e7e449-3d5b-51e5-8002-72a5303cf63f", "url": "https://pretalx.com/kvm-forum-2024/speaker/WGMM9H/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/ZKJPRG/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/ZKJPRG/", "attachments": [{"title": "Presentation", "url": "/media/kvm-forum-2024/submissions/ZKJPRG/resources/KVM_Forum_VMPLs_3mtnk4V.pdf", "type": "related"}]}, {"guid": "e948e9df-4484-5f2b-8ec9-bef0e725121e", "code": "CXLAWJ", "id": 51822, "logo": null, "date": "2024-09-22T11:45:00+02:00", "start": "11:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51822-guest-side-changes-for-confidential-guests-in-android", "url": "https://pretalx.com/kvm-forum-2024/talk/CXLAWJ/", "title": "Guest-side changes for confidential guests in Android", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Android Virtualisation Framework supports the creation of confidential (aka \"protected\") guests which provide a native code environment for confidential payloads that require isolation from the rest of the Android Operating System. However, the guest kernel requires a little enlightenment to function usefully in a protected environment.\r\n\r\nThis talk will describe the protected VM environment provided by pKVM, the guest changes necessary for it to work properly, how it differs from some of the other CoCo efforts and finally demonstrate the guest-side changes running on top of the latest upstream kernel as a protected guest on a real Android phone.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ECQMVJ", "name": "Will Deacon", "avatar": null, "biography": "Android kernel hacker at Google.", "public_name": "Will Deacon", "guid": "3ed761b5-a847-59e2-b305-2d9b9a2a450f", "url": "https://pretalx.com/kvm-forum-2024/speaker/ECQMVJ/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/CXLAWJ/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/CXLAWJ/", "attachments": []}, {"guid": "3772d69b-65d7-531e-acbc-7158c17d2da0", "code": "HJSKRQ", "id": 50050, "logo": null, "date": "2024-09-22T13:45:00+02:00", "start": "13:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-50050-empowering-confidential-vms-in-the-cloud-to-use-their-own-firmware-upon-instantiation", "url": "https://pretalx.com/kvm-forum-2024/talk/HJSKRQ/", "title": "Empowering confidential VMs in the cloud to use their own firmware upon instantiation.", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "All virtual machines, in the most common use case, use system firmware present in the \u2018standard\u2019 path inside the hypervisor host while booting. For BIOS-booted VM, the firmware is normally SeaBIOS-based and for UEFI-booted VMs, it is edk2-based. Currently, when a cloud VM is launched, the firmware binary is supplied by the cloud provider and the end user has no control over it. For confidential VMs, this represents problems both for the end user and for the cloud provider.\r\n- The end user gets firmware measurements for the attestation purposes, however, without an ability to provide a self built (or trusted) binary, these measurements can only indicate that the firmware hasn\u2019t changed. The end user has to implicitly place some trust in the cloud-provider supplied firmware binary.\r\n- The cloud provider can\u2019t update the firmware (e.g. to fix a vulnerability) without disturbing user workloads. As firmware is included into launch measurements, just swapping the firmware will cause attestation errors. The problem is even worse for embargoed vulnerabilities.\r\n\r\nThis talk describes a method of supplying system (UEFI) firmware for VMs as part of the VM disk image. The cloud-provider would not need to look into/get access to the VM disk image. The VM will use the proposed mechanism to provide the firmware binary to the hypervisor. The hypervisor will use this mechanism to install the firmware binary into the guest ROM and regenerate the VM. Our initial approach will be solely based on QEMU/KVM/EDK2/UKI. The approach should eventually become widely adopted across the industry (other cloud providers, hypervisors/VMMs, etc ).\r\nOur approach has several advantages compared to using an IGVM container image with an embedded firmware passed to the hypervisor when starting the guest. \r\n- First of all, the firmware image is provided along with the guest VM image (using a UKI add-on). Therefore, the guest image and the firmware binary can be packaged together as one single unit. There is no need to store the firmware blob (inside an IGVM container) somewhere separately in the hypervisor host to pass it to the hypervisor when starting the guest. \r\n- Secondly, the request to the hypervisor to install the firmware image is directly initiated by the guest. Therefore, the guest controls when to upgrade the firmware and which firmware image to upgrade to. There is no need for the hypervisor to make any decision on this issue. The hypervisor also does not need access to the VM image either. \r\n- Lastly, it is possible to upgrade the firmware without re-deploying a new guest VM image (and a new IGVM image containing the new firmware image) . Upgrading to a new firmware image is possible by an already existing VM spawned from the current VM image by simply updating the UKI firmware add-on to a new updated PE binary and using the mechanism to install it in the guest ROM.\r\n\r\nWe intend to give a demo of our prototype in action.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "JN83VH", "name": "Anirban (Ani) Sinha", "avatar": "https://pretalx.com/media/avatars/JN83VH_pOJ3MBd.webp", "biography": "Anirban (Ani) Sinha is a software engineer who works for Red Hat in the virtualization engineering group. His primary focus areas are Confidential computing, QEMU, KVM, libvirt and open source cloud virtualization tools like cloud-init, Microsoft WALA agent, hyperv-daemons etc.  Ani is now settled in India but has previously worked in Canada for quite some time after completion of his masters program at University of BC there. Ani's Red Hat personal page is https://people.redhat.com/~anisinha/", "public_name": "Anirban (Ani) Sinha", "guid": "492c48b8-d0f4-5499-b9e2-afc882044e76", "url": "https://pretalx.com/kvm-forum-2024/speaker/JN83VH/"}, {"code": "PZSV9P", "name": "Alexander Graf", "avatar": null, "biography": "Alexander currently works at AWS and is responsible for the Nitro Hypervisor. Previously, he worked on QEMU, KVM, openSUSE / SLES on ARM and U-Boot. Whenever something really useful comes to his mind, he implements it. Among others he did Mac OS X virtualization using KVM, nested SVM, KVM on PowerPC, a lot of work in QEMU for openSUSE on ARM and the UEFI compatibility layer in U-Boot.", "public_name": "Alexander Graf", "guid": "92702099-6383-5b3f-8471-63fbf6565ecf", "url": "https://pretalx.com/kvm-forum-2024/speaker/PZSV9P/"}, {"code": "SAXB9H", "name": "Vitaly Kuznetsov", "avatar": "https://pretalx.com/media/avatars/SAXB9H_SBdbmfi.webp", "biography": "Vitaly works at Red Hat Virtualization Engineering team focusing on KVM development as well as making Linux the best guest for other hypervisors. He frequently presents at FOSDEM, KVM Forum, DevConf and other technical conferences.", "public_name": "Vitaly Kuznetsov", "guid": "323adef5-be16-53c7-be01-91949adccfaf", "url": "https://pretalx.com/kvm-forum-2024/speaker/SAXB9H/"}], "links": [{"title": "Demo", "url": "https://drive.google.com/file/d/1m6vkH-AENIt6pM9Onb98jyjloR1NP0lQ/view?usp=drive_link", "type": "related"}], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/HJSKRQ/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/HJSKRQ/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/HJSKRQ/resources/BYOF_-_KVM_Forum_2024_iWTioIP.pdf", "type": "related"}]}, {"guid": "f68eea10-4544-583a-af4e-277e0b82d36d", "code": "7LELGG", "id": 51915, "logo": null, "date": "2024-09-22T14:15:00+02:00", "start": "14:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51915-virtio-and-the-chamber-of-secrets", "url": "https://pretalx.com/kvm-forum-2024/talk/7LELGG/", "title": "Virtio and the chamber of secrets", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Confidential computing - making VM guest secrets harder for\r\nthe hypervisor to access - is getting more and more important as\r\ntime goes by.\r\n\r\nVirtio (and paravirtualization generally), fundamentally, can be thought of as\r\na means of improving guests by making use of hyprevisor functionality.  To what\r\nlevel can this still be beneficial when the guest does not want to fully trust\r\nthe hypervisor?\r\n\r\nThis talk will try to address these questions, by touching on the following\r\nareas:\r\n\r\n- review of new features / devices and how they interact with\r\n  confidential computing\r\n- status and plans of hardening (improving confidentiality)\r\n  with virtio on Linux \r\n- known open issues and how you can help", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CJEPE9", "name": "Michael S. Tsirkin", "avatar": null, "biography": "Michael S. Tsirkin\r\nRed Hat\r\nDistinguished Engineer\r\nMichael has been with Red Hat for more than 15 years. In his role as a Distinguished Engineer he acts as a chair of the Virtio Technical Committee, overseeing the development of the virtio specification for virtual devices. He also maintains several subsystems in QEMU and Linux and has over the years made multiple contributions to QEMU, Linux and KVM.", "public_name": "Michael S. Tsirkin", "guid": "6be37f0f-c50a-5510-b206-254ec1e27181", "url": "https://pretalx.com/kvm-forum-2024/speaker/CJEPE9/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/7LELGG/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/7LELGG/", "attachments": [{"title": "Presentation in pdf format", "url": "/media/kvm-forum-2024/submissions/7LELGG/resources/virtio-2024-v07_8B1czyP.pdf", "type": "related"}]}, {"guid": "9ea21053-e176-57af-8780-faaeabdcfa09", "code": "7NVTCC", "id": 51937, "logo": null, "date": "2024-09-22T14:45:00+02:00", "start": "14:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51937-coconut-svsm-on-kvm-progress-plans-and-challenges", "url": "https://pretalx.com/kvm-forum-2024/talk/7NVTCC/", "title": "COCONUT-SVSM on KVM: Progress, Plans, and Challenges", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The COCONUT Secure VM Service Module (COCONUT-SVSM) is evolving from a service module for confidential VMs to a paravisor layer for running unenlightened operating systems. This talk will highlight the COCONUT-SVSM community's achievements in the past year and introduce the project's direction towards paravisor support.\r\n\r\nWhile significant progress has been made, challenges remain within the COCONUT codebase and upstream adoption within the KVM hypervisor. The presentation will delve into proposed solutions to enable support for AMD SEV-SNP VMPLs and Intel TDX partitioning within KVM and QEMU. A particular focus will be placed on the intricacies and challenges associated with the IRQ delivery architecture.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CBSB8K", "name": "J\u00f6rg R\u00f6del", "avatar": "https://pretalx.com/media/avatars/CBSB8K_ivE4wIl.webp", "biography": "J\u00f6rg is a long-term Linux kernel developer with a history of working on virtualisation, IOMMUs, and the X86 architecture. In the past years his focus has shifted towards Confidential Computing, where J\u00f6rg brought guest support for AMD SEV-ES into the upstream Linux kernel.\r\nFrom there he moved on to initiate the COCONUT-SVSM project, which was published in March 2023 and gained a broad developer community since then.", "public_name": "J\u00f6rg R\u00f6del", "guid": "46050759-4486-526f-a197-e8f1b1741f4a", "url": "https://pretalx.com/kvm-forum-2024/speaker/CBSB8K/"}, {"code": "AEL877", "name": "Roy Hopkins", "avatar": "https://pretalx.com/media/avatars/AEL877_dHDIa40.webp", "biography": "Roy Hopkins has over 15 years of software development experience in the field of\r\ndata protection. Specialising in confidential computing, he has extensive\r\nknowledge of isolation technologies including Intel SGX and AMD SEV and related\r\nhardware. He is currently working on enabling KVM for the COCONUT-SVSM project.", "public_name": "Roy Hopkins", "guid": "698d63f4-1625-562c-83ac-b823b9257748", "url": "https://pretalx.com/kvm-forum-2024/speaker/AEL877/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/7NVTCC/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/7NVTCC/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/7NVTCC/resources/COCONUT-SVSM_on_KVM__Progress_Plans_and_Chal_KUUSUF7.pdf", "type": "related"}]}, {"guid": "09ebb4f9-8d3c-5ecc-b3fa-807e832dcfdb", "code": "JCG88R", "id": 51637, "logo": null, "date": "2024-09-22T15:15:00+02:00", "start": "15:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51637-coconut-svsm-early-attestation-to-unlock-persistent-state", "url": "https://pretalx.com/kvm-forum-2024/talk/JCG88R/", "title": "Coconut-SVSM: Early attestation to unlock persistent state", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Coconut-SVSM is a platform to provide secure services to Confidential Virtual Machine guests. On AMD SEV-SNP, it runs inside the guest context at an elevated privilege level (VMPL).\r\nSVSM is not yet able to preserve the state across reboots, so it provides services with limited functionality, such as a non-stateful virtual TPM for measured boot.\r\n\r\nIn this talk, we will describe the ongoing work towards stateful services, including a fully functional vTPM and a persistent and secure UEFI variable store, which can be employed for Secure Boot. This is achieved by adding encrypted persistent storage to the Coconut-SVSM, which is backed by the host hypervisor. The decryption key is received from the attestation server after a successful remote attestation during the early boot phase of the SVSM. The attestation covers the integrity of the platform, including SVSM and OVMF firmware. A host-side proxy is used to communicate with the server to keep the code in the SVSM context small.\r\n\r\nDuring the talk we will look at the current challenges we are facing, potential attacks to defend against, and future developments to support a persistent state in SVSM.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "NTKW8M", "name": "Stefano Garzarella", "avatar": "https://pretalx.com/media/avatars/NTKW8M_ajsoYl9.webp", "biography": "Stefano is a Principal Software Engineer at Red Hat. He is the maintainer of Linux's vsock subsystem (AF_VSOCK) and co-maintainer of rust-vmm. Current projects cover Confidential VMs, virtio devices, storage for VMs.", "public_name": "Stefano Garzarella", "guid": "45d5dfcd-2a84-5688-906e-46405cc1d90a", "url": "https://pretalx.com/kvm-forum-2024/speaker/NTKW8M/"}, {"code": "QT8XVY", "name": "Oliver Steffen", "avatar": "https://pretalx.com/media/avatars/QT8XVY_aurHJsu.webp", "biography": "Oliver is a Software Engineer in the Virtualization Team at Red Hat, working on confidential virtualization, virtual firmware, and other boot related topics.", "public_name": "Oliver Steffen", "guid": "db2a2796-9a67-5964-8136-c0b2e360d0bb", "url": "https://pretalx.com/kvm-forum-2024/speaker/QT8XVY/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/JCG88R/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/JCG88R/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/JCG88R/resources/KVMForum_2024_SVSM_attestation.v2_N45MQqI.pdf", "type": "related"}]}]}}, {"index": 2, "date": "2024-09-23", "day_start": "2024-09-23T04:00:00+02:00", "day_end": "2024-09-24T03:59:00+02:00", "rooms": {"Hall A+B": [{"guid": "33940373-6318-5e06-87d8-c05e1c95bff2", "code": "VTTVXD", "id": 52643, "logo": null, "date": "2024-09-23T09:00:00+02:00", "start": "09:00", "duration": "00:15", "room": "Hall A+B", "slug": "kvm-forum-2024-52643-qemu-keynote", "url": "https://pretalx.com/kvm-forum-2024/talk/VTTVXD/", "title": "QEMU Keynote", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "Summary of the work done on QEMU over the past year, highlighting the significant contributions that have landed upstream.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "9DM8WB", "name": "Paolo Bonzini", "avatar": null, "biography": "Paolo Bonzini works on virtualization for Red Hat, where he is a Distinguished Engineer. He is currently the maintainer of the KVM hypervisor and a contributor and submaintainer for QEMU.", "public_name": "Paolo Bonzini", "guid": "7e8129ac-bcfe-5e52-847a-f66e22028960", "url": "https://pretalx.com/kvm-forum-2024/speaker/9DM8WB/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/VTTVXD/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/VTTVXD/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/VTTVXD/resources/kvmforum24-qemu_zrJkkBY.pdf", "type": "related"}]}, {"guid": "c6a8e579-ab45-53e6-879c-56db22a8a6dd", "code": "7AP9JW", "id": 51912, "logo": null, "date": "2024-09-23T09:15:00+02:00", "start": "09:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51912-unleashing-vfio-s-potential-code-refactoring-and-new-frontiers-in-device-virtualization", "url": "https://pretalx.com/kvm-forum-2024/talk/7AP9JW/", "title": "Unleashing VFIO's Potential: Code Refactoring and New Frontiers in Device Virtualization", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "VFIO has transformed virtual machine (VM) performance by enabling\r\ndirect device assignment.  This presentation delves beyond a status\r\nreport, showcasing the exciting advancements realized over the past few\r\nyears.\r\n\r\nCentral to these improvements is a comprehensive code refactoring\r\neffort.  The vfio-pci driver has been split into a core library, paving\r\nthe way for a new generation of variant drivers.  These drivers unlock\r\ndevice-specific functionalities, pushing the boundaries of VM\r\ncapabilities.\r\n\r\nExamples include:\r\n\r\n * Enhanced Migration: Leveraging the new vfio migration interface\r\n   (version 2), variant drivers from NVIDIA/Mellanox, Huawei/HiSilicon,\r\n   and Intel enable seamless VM migration with VFIO devices.\r\n * Advanced BAR Management: A dedicated NVIDIA variant driver\r\n   demonstrates the power of the core library by recomposing device PCI\r\n   BARs through a coherent memory region exposed by the SoC\r\n   interconnect.\r\n * Direct Device Access: A further refactoring of the VFIO container\r\n   and group code introduces a new character device interface (cdev).\r\n   This interface allows direct device access and native support for\r\n   VFIO devices utilizing the cutting-edge userspace IOMMU interface,\r\n   IOMMUFD.\r\n\r\nThis presentation delves into these advancements, along with other\r\nexciting developments in the VFIO ecosystem.  It will showcase how these\r\ninnovations are empowering users to achieve unprecedented levels of\r\nperformance and flexibility in virtualized environments.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "S8CXBK", "name": "Alex Williamson", "avatar": "https://pretalx.com/media/avatars/S8CXBK_jzq3EIR.webp", "biography": "Alex is a Senior Principal Software Engineer working for Red Hat from his home in Fort Collins, Colorado. Alex is the maintainer of the VFIO subsystem in the Linux kernel and contributor to IOMMU, PCI, and KVM subsystems, as well as co-maintainer of VFIO support in QEMU.", "public_name": "Alex Williamson", "guid": "104d9f96-6f0a-51ca-b9b4-866bfb60613c", "url": "https://pretalx.com/kvm-forum-2024/speaker/S8CXBK/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/7AP9JW/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/7AP9JW/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/7AP9JW/resources/KVM_Forum_2024_-_VFIO_5LSTtyJ.pdf", "type": "related"}]}, {"guid": "e197e4ec-0625-5043-8413-3dd89b6c43cc", "code": "ZA8KPD", "id": 51583, "logo": null, "date": "2024-09-23T09:45:00+02:00", "start": "09:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51583-unleashing-sr-iov-on-virtual-machines", "url": "https://pretalx.com/kvm-forum-2024/talk/ZA8KPD/", "title": "Unleashing SR-IOV on Virtual Machines", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Multi-tenant cloud environments demand secure and cost-effective workload isolation. Single Root I/O Virtualization (SR-IOV) tackles this challenge by extending PCI multifunction's capabilities. It introduces lightweight and isolated \"virtual functions (VFs)\" managed by a central \"physical function (PF)\". A PF exposes interfaces to configure the device for specific scenarios and optimize resource allocation.\r\n\r\nFor example, SR-IOV-enabled network interfaces can create VFs representing virtual network interfaces. This allows a host to assign VFs to guest VMs and configure the offloading of packet switching with the PF, minimizing network virtualization overhead.\r\n\r\nHowever, current SR-IOV utilization is limited because the controllability of SR-IOV is not exposed to guests. We propose emulating SR-IOV on QEMU and integrating it with vDPA to grant guests control over SR-IOV while offloading the data path.\r\nTo showcase the effectiveness of this approach, we'll present a detailed performance benchmark using a PoC that offloads network containerazation on the guest. We'll also introduce a design for SR-IOV emulation that provides packet-switching configurability, further motivating its adoption.\r\n\r\nNext, we describe the current development status of SR-IOV emulation on QEMU. QEMU already includes some SR-IOV device implementations, but they are based on physical designs, limiting flexibility, and lack datapath offloading. We're addressing this by developing an SR-IOV feature for virtio-net devices, which is fully configurable and enables integration with vDPA. While we leverage QEMU's existing PCI multifunction mechanism to support configuration flexibility, SR-IOV emulation presents unique implementation challenges that we'll discuss as well. The new SR-IOV feature in virtio-net will be valuable for immediate testing and serve as a foundation for the future development of practical SR-IOV designs.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "WMDPEL", "name": "Yui Washizu", "avatar": "https://pretalx.com/media/avatars/WMDPEL_6mOicBC.webp", "biography": "Yui Washizu works for NTT (Nippon Telegraph and Telephone Corporation) Open Source Software Center,\r\nwhere she has been in charge of research and development in system software for several years.\r\nHer main focus is high-performance virtual networking of Linux and Qemu, such as hardware offload.\r\nShe also discussed this feature at Netdev 0x17, a conference for Linux network developers, with a presentation titled \"Unleashing SR-IOV Offload on Virtual Machines.\"", "public_name": "Yui Washizu", "guid": "421d776d-9894-56f7-85e9-f1bf49940856", "url": "https://pretalx.com/kvm-forum-2024/speaker/WMDPEL/"}, {"code": "9YBKQT", "name": "Akihiko Odaki", "avatar": null, "biography": "Akihiko Odaki, a Ph.D. student at the University of Tokyo, is passionate about designing faster processors. His research focuses on processor microarchitecture, specifically using QEMU to analyze RISC-V programs and optimize processor designs for their execution speed.\r\n\r\nHe is also a software engineer at Daynix Computing, Ltd., and his contribution to the development of the TCG plugin\u2019s register reading feature was supported by the company. His primary focus at the company is QEMU's networking subsystem. Notably, he is the maintainer of igb, a critical component that emulates an Intel network interface card with advanced virtualization capabilities. Akihiko's interests extend beyond networking and include macOS support, Asahi Linux (a port of Linux for Apple Silicon) support, and para-virtualized graphics.", "public_name": "Akihiko Odaki", "guid": "1a98ecbf-22df-515a-bb19-834b40853a11", "url": "https://pretalx.com/kvm-forum-2024/speaker/9YBKQT/"}], "links": [{"title": "Google Slides", "url": "https://docs.google.com/presentation/d/1KIwOhNP-aVWqdUYc7yRBnJsPSAPExT9GIXEiYQLZw28/edit?usp=sharing", "type": "related"}], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/ZA8KPD/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/ZA8KPD/", "attachments": [{"title": "PDF", "url": "/media/kvm-forum-2024/submissions/ZA8KPD/resources/Unleashing_SR-IOV_on_Virtual_Machines_qSX9OJ9.pdf", "type": "related"}]}, {"guid": "81aed2e7-af7d-5987-b100-568b951fb5ed", "code": "MRDPBG", "id": 51860, "logo": null, "date": "2024-09-23T10:45:00+02:00", "start": "10:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51860-vfio-platform-live-and-let-die", "url": "https://pretalx.com/kvm-forum-2024/talk/MRDPBG/", "title": "vfio-platform: live and let die?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "vfio-platform driver and QEMU integration were introduced in 2015.\r\nSince then not much has been contributed upstream in terms of device\r\nintegration. For instance the last kernel reset module was contributed\r\nin 2017 emphasizing the lack of in-kernel device growth. It is known\r\nvfio-platform is used, sometimes for evil motivations such as obfuscation,\r\nbut the infrastructure is not really used for the original intent it\r\nwas contributed for. To help things evolving, this talk aims at\r\npresenting the steps to be carried out at kernel and QEMU level\r\nto enable safe passthrough of a DMA capable platform device.\r\nKernel reset modules and device tree node generation in QEMU will be\r\ncovered. Examples will be presented based on already integrated\r\ndevices and other candidate devices. This should help attendees\r\nto identify or design devices that can be easily integrated\r\nand understand showstoppers with regard to resource dependencies.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "YEJ9XX", "name": "Eric Auger", "avatar": "https://pretalx.com/media/avatars/YEJ9XX_gv071f6.webp", "biography": "Eric has been involved in KVM/QEMU since 2014. He works\r\nat Red Hat, in the virtualization team. Eric has contributed\r\nto VFIO, KVM/ARM and QEMU. He was the original contributor\r\nof the VFIO-PLATFORM QEMU device and VFIO reset modules.", "public_name": "Eric Auger", "guid": "12f55583-57c5-510a-b5a6-c95928727acc", "url": "https://pretalx.com/kvm-forum-2024/speaker/YEJ9XX/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/MRDPBG/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/MRDPBG/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/MRDPBG/resources/vfio-platform-kvm-forum24-landscape_TtZ3SnC.pdf", "type": "related"}]}, {"guid": "4347dfd6-aec1-5452-bdef-87ae4de70f56", "code": "8W8ALY", "id": 51136, "logo": null, "date": "2024-09-23T11:15:00+02:00", "start": "11:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51136-vfio-cxl-cxl-type-2-device-passthrough-with-vfio", "url": "https://pretalx.com/kvm-forum-2024/talk/8W8ALY/", "title": "vfio-cxl: CXL Type 2 Device Passthrough With VFIO", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Compute Express Link (CXL) is an open standard interconnect built upon industrial PCI layers to enhance the performance and efficiency of data centers by enabling high-speed, low-latency communication between CPUs and various types of devices such as accelerators and memory. It supports three key protocols: CXL.io as the control protocol, CXL.cache as the host-device cache-coherent protocol, and CXL.mem as load store memory access protocol. CXL Type 2 devices leverage the three protocols to seamlessly integrate with host CPUs, providing a unified and efficient interface for high-speed data transfer and memory sharing. This integration is crucial for heterogeneous computing environments where accelerators, such as GPUs, and other specialized processors, handle intensive workloads.\r\n\r\nVFIO is the standard interface used by Linux kernel to pass a host device, such as a PCI device, to a virtual machine (VM). To pass a PCI device to a VM, VFIO provides several modules, including vfio-pci (the generic PCI stub driver), VFIO variant drivers (vendor-specific PCI stub drivers), and vfio-pci-core (the core functions needed by vfio-pci and other VFIO variant drivers). With the VFIO UABIs, user space device model like QEMU can map the device registers and memory regions into the VM, allowing the VM to directly access the device. With a VFIO variant driver from HW vendors, it can also support mediate passthrough, live migration for use cases like vGPU. Although CXL is built upon the PCI layers, passing a CXL type-2 device can be different than PCI device due to CXL specifications, e.g. emulating CXL DVSECs, handling CXL-defined register regions in the BAR, exposing CXL HDM regions. Thus, a new set of VFIO CXL modules needs to be introduced.\r\n\r\nIn this topic, we review the requirements of a CXL type-2 device, discuss the architecture design of VFIO CXL modules, their UABIs, and the required changes to the kernel CXL core and QEMU besides VFIO.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "P8QSSB", "name": "Zhi Wang", "avatar": null, "biography": "Zhi is an open-source developer working on vGPU, confidential computing, and virtualization. He is currently working on NVIDIA vGPU. For confidential computing, he is interested in Intel TDX/AMD SEV-SNP and worked on TDX connect enabling at Intel.", "public_name": "Zhi Wang", "guid": "4f3ec44c-9ca6-57e2-99c6-491cf9785edb", "url": "https://pretalx.com/kvm-forum-2024/speaker/P8QSSB/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/8W8ALY/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/8W8ALY/", "attachments": [{"title": "vfio-cxl-kvm-forum", "url": "/media/kvm-forum-2024/submissions/8W8ALY/resources/vfio-cxl-kvm-forum_NFQRu6f.pdf", "type": "related"}]}, {"guid": "04437c0b-80bf-5d97-8db1-45ac80e2bb73", "code": "QPYVKX", "id": 51518, "logo": null, "date": "2024-09-23T11:45:00+02:00", "start": "11:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51518-the-challenges-of-building-ai-infra-on-virtualization", "url": "https://pretalx.com/kvm-forum-2024/talk/QPYVKX/", "title": "The Challenges of building AI Infra on virtualization", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Cloud computing, with its flexible resource allocation and large-scale data storage, provides an integrated underlying platform for the widespread application of AI, including large-scale model training and inference. However, being different from traditional applications, AI focuses more on heterogeneous computing, and building it on virtualization brings some new issues and challenges, including:\r\n1. The PCIe P2P communication efficiency between GPUs or GPUs and RDMA NICs is crucial for large-scale model training and inference. However, in virtualization scenarios, there will be a serious performance degradation due to the enablement of IOMMU.\r\n2. Various higher-precision (millisecond-level) monitoring agents are usually deployed in VMs to monitor something like PCIe bandwidth, network bandwidth, etc. We found that traditional PMU virtualization cannot fully meet such monitoring needs. And those monitoring agents can also result in a high number of VMEXITs due to frequent PIO and RDPMC operations.\r\n\r\nTo address these challenges, this topic proposes a set of solutions, such as avoiding P2P TLPs being redirected to IOMMU and passthroughing core and uncore PMUs to the guest, to bridge the gap on AI infrastructure between virtualized and bare-metal environments.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "UXRL3F", "name": "Xin He", "avatar": null, "biography": "I am currently working at ByteDance, with a primary focus on GPU virtualization and GPU driver development", "public_name": "Xin He", "guid": "7759146a-cf9f-5268-8cf9-59d5999001de", "url": "https://pretalx.com/kvm-forum-2024/speaker/UXRL3F/"}, {"code": "TF73SM", "name": "Hao Hong", "avatar": "https://pretalx.com/media/avatars/TF73SM_2rgXB1A.webp", "biography": "Bytedance Virtualization Engineer.", "public_name": "Hao Hong", "guid": "c004176e-a632-5678-a664-c154d8b5a6f2", "url": "https://pretalx.com/kvm-forum-2024/speaker/TF73SM/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/QPYVKX/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/QPYVKX/", "attachments": [{"title": "kvm-forum-2024-bd", "url": "/media/kvm-forum-2024/submissions/QPYVKX/resources/kvm-forum-2024-resource_RdXUVEG.pdf", "type": "related"}]}, {"guid": "0ca2e2e6-3a1b-5e6d-bea3-3a81cfd34a33", "code": "PVLKRR", "id": 51745, "logo": null, "date": "2024-09-23T13:45:00+02:00", "start": "13:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51745-virtio-gpu-where-are-we-now", "url": "https://pretalx.com/kvm-forum-2024/talk/PVLKRR/", "title": "virtio-gpu - Where are we now?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This talk presents the current status and ongoing efforts to implement VirtIO GPU for infotainment systems in the automotive industry. We will highlight our decision to develop VirtIO GPU in Rust as a vhost-user device under the Rust-VMM project umbrella.\r\n\r\nImplementing VirtIO for hardware enables the deployment of Android on various VMMs that support VirtIO, such as Crosvm and QEMU. This approach offers benefits like reducing the attack surface of QEMU and providing more granularity in setting up permissions for the device process. Our VirtIO GPU implementation manages GPU device operations using the vhost-user protocol. Currently, we support virglrenderer, and we are exploring the integration of gfxstream to allow the use of either of the two rendering component for graphics rendering and processing.\r\n\r\nDuring this presentation, I will share our journey in building the VirtIO GPU device in Rust, including the challenges faced and the milestones achieved. I will shed more light on the past, present and future status.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "UTJLNS", "name": "Dorinda Bassey", "avatar": "https://pretalx.com/media/avatars/UTJLNS_5R2NxYS.webp", "biography": "Dorinda works in the Automotive team at RedHat as a Software Engineer. She has been working in the virtualization space to provide virtio devices support (virtio-sound, virtio-gpu)  and developments in virtualization. Dorinda collaborates closely with RedHat developers and other experienced open source developers to design, write and test software applications.", "public_name": "Dorinda Bassey", "guid": "713fe336-9b97-5364-b6c1-1db61bd67335", "url": "https://pretalx.com/kvm-forum-2024/speaker/UTJLNS/"}, {"code": "JLP9RR", "name": "Matej Hrica", "avatar": "https://pretalx.com/media/avatars/JLP9RR_mzrFwe7.webp", "biography": "Matej is an Software Engineer intern for Automotive team at RedHat. He has been working in areas surrounding virtualization, including libkrun hypervisor (virtio-net, virtio-console), and recently a vhost-user virtio-gpu implementation.", "public_name": "Matej Hrica", "guid": "e2b52c5e-3b19-5582-b3eb-c74fde9f0bdd", "url": "https://pretalx.com/kvm-forum-2024/speaker/JLP9RR/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/PVLKRR/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/PVLKRR/", "attachments": [{"title": "virtio-gpu slides", "url": "/media/kvm-forum-2024/submissions/PVLKRR/resources/Virtio-gpu_where_are_we_now_-1_1cOiDio.pdf", "type": "related"}]}, {"guid": "8295e64e-0cf3-5a9c-8fb5-1510d9dc16ef", "code": "SVZZL9", "id": 50491, "logo": null, "date": "2024-09-23T14:15:00+02:00", "start": "14:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-50491-the-many-faces-of-virtio-gpu", "url": "https://pretalx.com/kvm-forum-2024/talk/SVZZL9/", "title": "The many faces of virtio-gpu", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Among all the other virtio devices, virtio-gpu stands out due to its versatility. On the surface, it's a device that provides a paravirtualized GPU and display controller. But thanks to the powerful combination of its three main primitives (a virtqueue transport, shared memory and fences) it's today able to support multiple, specialized personalities to cover different use cases, enabling graphics acceleration at different levels (from native DRM to GL abstraction) and offloading compute tasks from the guest to the host's GPU.\r\n\r\nIn this talk I'll detail current and future virtio-gpu capabilities, their implementation and intended use cases, and how you can take advantage of them from different software stacks. If time permits, I'll also demonstrate one of its lesser known capabilities.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HQG8WB", "name": "Sergio Lopez Pascual", "avatar": "https://pretalx.com/media/avatars/HQG8WB_6io931F.webp", "biography": "Sergio is a Senior Principal Software Engineer at Red Hat. After a tenure in the Virtualization Team, he joined the Automotive Team to help building a car-friendly Virtualization stack for CentOS AutoSD. He's also the maintainer of the microvm machine type in QEMU, main author and maintainer of libkrun (an opinionated VMM written in Rust and based on rust-vmm components) and co-maintainer of various crates from the rust-vmm project.", "public_name": "Sergio Lopez Pascual", "guid": "9b912a56-5f5c-528d-8810-99405bf9027b", "url": "https://pretalx.com/kvm-forum-2024/speaker/HQG8WB/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/SVZZL9/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/SVZZL9/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/SVZZL9/resources/The_many_faces_of_virtio-gpu_F4XtKDi.pdf", "type": "related"}]}, {"guid": "2e002621-025d-5d7f-89e4-90141a85abb5", "code": "FVCBTL", "id": 51820, "logo": null, "date": "2024-09-23T14:45:00+02:00", "start": "14:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51820-unwrapping-virtio-video", "url": "https://pretalx.com/kvm-forum-2024/talk/FVCBTL/", "title": "Unwrapping virtio-video", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "I\u2019ll be presenting the draft of virtio-video device specification, talking about the challenges we\u2019re facing, and hoping to get your feedback on what\u2019s needed to move toward standardization.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "AHUBVC", "name": "Alexander Gordeev", "avatar": null, "biography": "I am a full-time low-level/embedded Linux developer with 16 years of experience. I am also an occasional open-source contributor. For the past 10 years, I have been building and maintaining various multimedia pipelines. Over the last 4 years, I have been developing a virtio-video device and the draft open-source driver, focusing on automotive and software-defined vehicles (SDV).", "public_name": "Alexander Gordeev", "guid": "03919d74-2060-5d25-959c-b322e9984064", "url": "https://pretalx.com/kvm-forum-2024/speaker/AHUBVC/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/FVCBTL/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/FVCBTL/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/FVCBTL/resources/virtio-video-spec-slides_wbv37Wh.pptx", "type": "related"}]}, {"guid": "0c04fba3-0b4f-5254-b4e7-94259fde365a", "code": "XQHNG3", "id": 50648, "logo": null, "date": "2024-09-23T15:45:00+02:00", "start": "15:45", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-50648-the-kvm-backend-for-virtualbox", "url": "https://pretalx.com/kvm-forum-2024/talk/XQHNG3/", "title": "The KVM Backend for VirtualBox", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In this presentation, we will share our experience of developing the KVM backend for VirtualBox. It allows VirtualBox to use KVM as a hypervisor and makes the VirtualBox third-party kernel modules unnecessary.\r\n\r\nVirtualBox is a vast C++ codebase that implements a full virtualization solution in a cathedral style. It consists of a tightly integrated kernel and userspace part with lots of flexibility to execute code in kernel or userspace depending on the situation. Both components are highly portable across operating systems. This unique architecture predates KVM and is very different from how Qemu interacts with KVM.\r\n\r\nBecause shipping a third-party hypervisor is more and more problematic on Windows and MacOS, VirtualBox has introduced a new internal abstraction, the Native Execution Manager (NEM). NEM allows using the native virtualization API of the operating system. There are unfinished and experimental NEM backends in the VirtualBox code base for Hyper-V, the Apple Hypervisor Framework and KVM.\r\n\r\nStarting from the incomplete KVM backend already present in the VirtualBox code base, we gradually turned it into a fully-featured and stable backend ready for day-to-day use. We will discuss the main challenges we faced in this journey. We will mostly focus on the following two topics:\r\n\r\n- Integrating VirtualBox with KVM\u2019s IRQCHIP abstraction to leverage advanced interrupt virtualization features (something that vanilla VirtualBox cannot do),\r\n- Enabling nested virtualization for VirtualBox and the challenges we faced around the KVM API.\r\n\r\nAs we previously worked extensively on custom hypervisors, we also want to share our constructive thoughts on the KVM API, highlighting its successes, complexities and maybe even starting a discussion on how to simplify it.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "MSHTJR", "name": "Julian Stecklina", "avatar": "https://pretalx.com/media/avatars/MSHTJR_WX6b2RA.webp", "biography": "Julian Stecklina is a seasoned system software developer with experience in operating systems, hypervisors and low-level system software in general. His career began around 2009, with a particular focus on microkernel-based operating systems and virtualization technologies. For the last 15 years, he has worked on all facets of virtualization-based system. Currently, he is Head of Virtualization Technology at Cyberus Technology GmbH. Besides system software, he enjoys honing his Nix skills. In his spare time, he likes to hike, run and read.", "public_name": "Julian Stecklina", "guid": "a1b18d92-862f-5989-8990-9f7aa8d551c8", "url": "https://pretalx.com/kvm-forum-2024/speaker/MSHTJR/"}, {"code": "DX38L8", "name": "Martin Messer", "avatar": "https://pretalx.com/media/avatars/DX38L8_4llu0Yw.webp", "biography": "Software Engineer at Cyberus Technology GmbH, Dresden, Saxony, Germany", "public_name": "Martin Messer", "guid": "ff3592d4-0933-5177-a4fd-45b82a2b25a1", "url": "https://pretalx.com/kvm-forum-2024/speaker/DX38L8/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/XQHNG3/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/XQHNG3/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/XQHNG3/resources/KVM_Forum_2024_VirtualBox_6WZ70Vm.pdf", "type": "related"}]}, {"guid": "847e93b5-972c-5175-841b-6871d7733d4e", "code": "SKSWJJ", "id": 51929, "logo": null, "date": "2024-09-23T16:15:00+02:00", "start": "16:15", "duration": "00:30", "room": "Hall A+B", "slug": "kvm-forum-2024-51929-qemu-support-for-windows-hypervisor-platform-on-arm", "url": "https://pretalx.com/kvm-forum-2024/talk/SKSWJJ/", "title": "Qemu support for Windows Hypervisor Platform on Arm", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Starting from Windows 11 version 24H2, the Windows Hypervisor Platform APIs are available in preview form on Arm devices to enable usage of third party VMMs.\r\n\r\nThis presentation will also cover the device extensibility support provided by Hyper-V for out of process PCIe devices with leveraging the Hyper-V VMM, and how this allows using Qemu's device emulation logic when still using the Hyper-V VMM included in Windows (vmwp).", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "AJP98F", "name": "Mohamed Mediouni", "avatar": "https://pretalx.com/media/avatars/AJP98F_GR5kjlC.webp", "biography": "Kernel/Hypervisor engineer at Amazon EC2", "public_name": "Mohamed Mediouni", "guid": "4fd68f63-22fc-5206-a14c-cbcd9206b655", "url": "https://pretalx.com/kvm-forum-2024/speaker/AJP98F/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/SKSWJJ/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/SKSWJJ/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/SKSWJJ/resources/Qemu_support_for_Windows_on_Arm_GgKlLjf.pdf", "type": "related"}]}, {"guid": "1f52921d-0623-53b2-bab2-b25026053dde", "code": "ETTLSN", "id": 52687, "logo": null, "date": "2024-09-23T16:45:00+02:00", "start": "16:45", "duration": "00:15", "room": "Hall A+B", "slug": "kvm-forum-2024-52687-closing-session", "url": "https://pretalx.com/kvm-forum-2024/talk/ETTLSN/", "title": "Closing session", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "The closing session for KVM Forum 2024.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/ETTLSN/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/ETTLSN/", "attachments": []}], "Hall C+D": [{"guid": "c276a9d9-9559-5571-a784-9dd48b514102", "code": "WNLHKP", "id": 51927, "logo": null, "date": "2024-09-23T09:15:00+02:00", "start": "09:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51927-solving-the-sphinx-s-riddle", "url": "https://pretalx.com/kvm-forum-2024/talk/WNLHKP/", "title": "Solving the Sphinx's Riddle", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "QEMU: Let's talk about QMP, QAPI, and our user-facing API documentation generated by Sphinx.\r\n\r\n* Have you ever wondered what the difference between QMP and QAPI is, and have a deep-seated fear that not knowing the precise, technical answer will come to haunt you in five years when your new feature ships in an enterprise distribution?\r\n\r\n* Have you ever laid awake in bed at night wondering what *exactly* that new enum value you added actually changed in the QMP protocol, if anything?\r\n\r\n* Have you ever logged in to develop a new QEMU feature on Monday morning while slightly hung over and cursed out the QMP reference manual and/or your god(s) in a fit of rage while exclaiming \"Someone ought to fix this!\"?\r\n\r\nIt's me! I'm \"Someone\"! Come and see what we are cooking up, this talk is for you.\r\n\r\nRecent developments in the QAPI generator and what this means for developers implementing new APIs and features are covered, as well as the new massive QMP user documentation overhaul project that will -- this time, we promise -- produce user-friendly, reliable, accurate, and aesthetically pleasing QMP documentation that will serve as our new gold standard that will help direct users of QMP and libvirt users alike.\r\n\r\nPleas of help for QEMU maintainers with relevant subject expertise to review/refresh QMP documentation will also feature prominently.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "WHUD9J", "name": "John Snow", "avatar": "https://pretalx.com/media/avatars/WHUD9J_GJeeVBF.webp", "biography": "jsnow is perhaps best known for signing off emails with \"--js\" despite not really knowing how to write javascript beyond the superficial details. They have been with Red Hat and working on QEMU for over ten years, somehow.", "public_name": "John Snow", "guid": "fddce7cf-b441-5654-b8b3-cb7de9088629", "url": "https://pretalx.com/kvm-forum-2024/speaker/WHUD9J/"}], "links": [{"title": "Historical QAPI parser utility", "url": "https://gitlab.com/jsnow/externalized-qapi/", "type": "related"}, {"title": "WIP - Gitlab source branch", "url": "https://gitlab.com/jsnow/qemu/-/commits/sphinx-domain", "type": "related"}, {"title": "WIP - Documentation render demo", "url": "https://jsnow.gitlab.io/qemu/qapi/index.html", "type": "related"}], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/WNLHKP/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/WNLHKP/", "attachments": [{"title": "v1.1 Slides, PDF (With FREE Bonus DLC)", "url": "/media/kvm-forum-2024/submissions/WNLHKP/resources/Solving_the_Sphinxs_Riddle-v1.1_52rGToJ.pdf", "type": "related"}]}, {"guid": "ff00de3f-ac6d-5286-8608-7ab1c828e839", "code": "NYWTMH", "id": 51892, "logo": null, "date": "2024-09-23T09:45:00+02:00", "start": "09:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51892-the-road-to-optimal-cpu-virtualization-on-hybrid-platform", "url": "https://pretalx.com/kvm-forum-2024/talk/NYWTMH/", "title": "The Road to Optimal CPU Virtualization on Hybrid Platform", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Intel client platforms from Alderlake have begun to leverage hybrid CPU architectures, and hybrid CPU architectures can achieve a good balance of performance and power on bare metal. However, VMs are still unable to take advantage of the hybrid CPU architecture, not only because QEMU/KVM is unable to expose the P-core/E-core difference for VMs, but also because the P-core/E-core feature difference further blocks hybrid support in Guest. As a result, VM performance on hybrid platforms is very gapped from bare metal, and CPU features are not fully supported in Guest (e.g. PMU, which is disabled by KVM on hybrid platforms). \r\n\r\nTo address this, our presentation will mainly have the following aspects:\r\n\r\n* Illustrate our proposal on how to design the QEMU API to allow users to create a hybrid CPU/cache topology for Guest, with flexible CPU type configurations. This allows Guest to realize the difference between the P-core/E-core type of the vCPU and different cache topologies. We achieve this by abstracting the topology device in QOM way to refactor current QEMU general topology implementation. We will also specifically describe our QOM-topology implementation and how it would help QEMU to improve the general topology subsystem.\r\n\r\n* Present of our exploratory experience on VM performance optimization method could be applied for the VM with hybrid vCPUs. On Intel client platforms, there's ITD/ITMT, etc., which could optimize workload in VM based on hybrid CPU/cache topology.\r\n\r\nIn summary, this presentation will cover all aspects of reaching optimal CPU virtualization on hybrid platform for both performance and features.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "98ZWKR", "name": "Zhao Liu", "avatar": null, "biography": "Zhao (Liu) is a virtualization engineer at Intel. He is working on leverage capabilities of Intel hybrid architecture to client Guests. His focus areas include QEMU, KVM and crosvm.", "public_name": "Zhao Liu", "guid": "89a7eabe-1c9a-5e4d-bc49-1b570c1f1614", "url": "https://pretalx.com/kvm-forum-2024/speaker/98ZWKR/"}, {"code": "CGE7J7", "name": "Zhenyu Wang", "avatar": null, "biography": null, "public_name": "Zhenyu Wang", "guid": "dd09627b-a537-57c6-8249-36191ca794ef", "url": "https://pretalx.com/kvm-forum-2024/speaker/CGE7J7/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/NYWTMH/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/NYWTMH/", "attachments": [{"title": "Optimal CPU Virtualization on Hybrid Platform", "url": "/media/kvm-forum-2024/submissions/NYWTMH/resources/The_Road_to_Optimal_CPU_Virtualization_on_Hy_nC2wAWI.pdf", "type": "related"}]}, {"guid": "854d5976-311b-5a82-b8c8-fe194daa66c9", "code": "GWQYTW", "id": 51814, "logo": null, "date": "2024-09-23T10:45:00+02:00", "start": "10:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51814-practical-and-efficient-out-of-process-storage-backends", "url": "https://pretalx.com/kvm-forum-2024/talk/GWQYTW/", "title": "Practical and efficient out-of-process storage backends", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As discussed in KVM Forum 2022, there are many good reasons why you might want to run your storage backends outside of the QEMU process that runs your VM, and the obvious answer to this is qemu-storage-daemon. But while naming a tool is an answer, it's not a full answer: QSD provides a variety of different export types \u2013 and more may be coming \u2013 that allow connecting it to the VM, and each has different performance characteristics and limitations.\r\n\r\nIn this talk, Kevin will compare the options we have, illustrated by the case of providing QSD-backed storage to Kubernetes and KubeVirt, and explore ideas for future directions and optimisations, such as adding QSD support for ublk and extending ublk on the kernel side to introduce a fast path for the common case.\r\n\r\nMost of the considerations will apply to potential other storage daemons as well.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "M8G8GS", "name": "Kevin Wolf", "avatar": "https://pretalx.com/media/avatars/M8G8GS_4mZREBM.webp", "biography": "Kevin Wolf works at Red Hat as a KVM developer, with a focus on block devices. He is the maintainer of QEMU\u2019s block subsystem and has contributed many patches to block device emulation and image format drivers. After graduating in Software Engineering at the University of Stuttgart, Germany in 2008 he worked on Xen\u2019s block layer for a year before he started working on KVM for Red Hat in 2009.", "public_name": "Kevin Wolf", "guid": "8bf81d8d-cfd5-567e-ab2a-b52cdef5d332", "url": "https://pretalx.com/kvm-forum-2024/speaker/M8G8GS/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/GWQYTW/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/GWQYTW/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/GWQYTW/resources/slides_out_of_process_storage_backends_hGZBfpS.pdf", "type": "related"}]}, {"guid": "df19b850-0b34-5753-8255-50257da2c2fc", "code": "WATK7U", "id": 50335, "logo": null, "date": "2024-09-23T11:15:00+02:00", "start": "11:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-50335-iothread-virtqueue-mapping-improving-virtio-blk-smp-scalability-in-qemu", "url": "https://pretalx.com/kvm-forum-2024/talk/WATK7U/", "title": "IOThread Virtqueue Mapping: Improving virtio-blk SMP scalability in QEMU", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Guests with multiple vCPUs are commonplace and can submit I/O requests from any vCPU. While virtio-blk supports exposing multiple queues to the guest, QEMU processed all queues in a single thread until recently.\r\n\r\nThis talk introduces the virtio-blk IOThread Virtqueue Mapping feature added in QEMU 9.0. This feature improves scalability by processing queues in a user-configurable number of threads. Removing the single threaded bottleneck narrows the performance gap between bare metal and virtualization.\r\n\r\nBenchmark results are presented to quantify the impact on performance. Configuration topics like choosing the number of threads are discussed. Finally, open issues and future support in virtio-scsi and other devices types are also covered.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "3VCCEK", "name": "Stefan Hajnoczi", "avatar": "https://pretalx.com/media/avatars/3VCCEK_3eP2ySB.webp", "biography": "Stefan works on QEMU and Linux VIRTIO drivers in Red Hat's Virtualization team. He focuses on storage and has worked on virtiofs, virtio-vsock, and tracing in the past. A QEMU contributor since 2010, he organizes open source internships for QEMU and is part of QEMU's Technical Leadership Committee.", "public_name": "Stefan Hajnoczi", "guid": "5aefbc10-816f-556b-abaa-969eda89e004", "url": "https://pretalx.com/kvm-forum-2024/speaker/3VCCEK/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/WATK7U/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/WATK7U/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/WATK7U/resources/IOThread_Virtqueue_Mapping_EGsYiZC.pdf", "type": "related"}]}, {"guid": "c0756100-fec4-5061-99e2-aa26527175ff", "code": "UGJ9DM", "id": 51816, "logo": null, "date": "2024-09-23T11:45:00+02:00", "start": "11:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51816-the-virtio-fs-kaleidoscope", "url": "https://pretalx.com/kvm-forum-2024/talk/UGJ9DM/", "title": "The virtio-fs Kaleidoscope", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "We give a multifaceted insight into what\u2019s going on with virtio-fs, from the current state and future prospects of live migration support, where we have made considerable progress, over experimental areas, to a look at performance.\r\nSome experimental areas are the support for non-vhost-user interfaces, such as /dev/fuse and vDPA/VDUSE, and to go beyond our simple passthrough driver, both via filesystem \u201ctransformation\u201d functionality (e.g. UID/GID mapping) and by including native drivers such as network filesystem drivers.\r\nAs for virtio-fs\u2019s performance, we\u2019re going to have a look at both the interface, specifically multiqueue support, and virtiofsd\u2019s internal architecture.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ADQN9Z", "name": "German Maglione", "avatar": "https://pretalx.com/media/avatars/ADQN9Z_mA8FD2R.webp", "biography": "Part of the virtualization & storage team at Red Hat and virtiofsd maintainer", "public_name": "German Maglione", "guid": "a5d346bc-614b-5188-b59b-be65afb4df36", "url": "https://pretalx.com/kvm-forum-2024/speaker/ADQN9Z/"}, {"code": "ZQVRGE", "name": "Hanna Czenczek", "avatar": "https://pretalx.com/media/avatars/ZQVRGE_SGIkaeL.webp", "biography": "Been with Red Hat since 2013, worked on the QEMU block layer, then a lot on virtio-fs.", "public_name": "Hanna Czenczek", "guid": "ac0e142b-39fd-5e88-8b80-44e91faf4b78", "url": "https://pretalx.com/kvm-forum-2024/speaker/ZQVRGE/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/UGJ9DM/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/UGJ9DM/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/UGJ9DM/resources/talk.pp_6RQSbCC.pdf", "type": "related"}]}, {"guid": "865ff0c0-5e50-56fa-838a-db712b3f7499", "code": "8FUARR", "id": 51790, "logo": null, "date": "2024-09-23T13:45:00+02:00", "start": "13:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51790-snp-live-migration-with-guest-memfd-and-mirror-vm", "url": "https://pretalx.com/kvm-forum-2024/talk/8FUARR/", "title": "SNP Live Migration with guest-memfd and mirror VM", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "For SEV SNP live migration support, a migration helper would run as a mirror VM. The mirror VM would use the existing KVM API's to copy the KVM context and populate the NPT page tables at page fault time. The mirror VM also does the dirty page tracking and finalizes the end of live migration. For designing the guest_memfd API's for the mirror VM, we want to consider the post copy use case as well so that the copying of paged-in memory in the mirror VM would have a separate memory view. In this talk we will cover the above use-cases for guest_memfd & mirror VM design for the SEV-SNP live migration.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "WGMM9H", "name": "Tom Lendacky", "avatar": null, "biography": "Tom Lendacky is a member of the Linux OS group at Advanced Micro Devices where he is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support in the Linux kernel to further enhance the features and capabilities of SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging). He has spoken at various Linux events, including KVM Forum a few times.", "public_name": "Tom Lendacky", "guid": "f0e7e449-3d5b-51e5-8002-72a5303cf63f", "url": "https://pretalx.com/kvm-forum-2024/speaker/WGMM9H/"}, {"code": "ERPCLP", "name": "Pankaj Gupta", "avatar": null, "biography": "Pankaj currently work with AMD in the Confidential Compute team. Previously, worked in the field of Linux kernel & Virtualization with Red Hat.", "public_name": "Pankaj Gupta", "guid": "5b0c05d5-affa-55e3-a537-374747a1ccc5", "url": "https://pretalx.com/kvm-forum-2024/speaker/ERPCLP/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/8FUARR/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/8FUARR/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/8FUARR/resources/SNP_Live_Migration_KVM_forum_2024_svDwxa3.pdf", "type": "related"}]}, {"guid": "83c75059-5347-5e9c-9380-5cec11a8e99c", "code": "PKBPTR", "id": 51918, "logo": null, "date": "2024-09-23T14:15:00+02:00", "start": "14:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51918-emulating-hyper-v-s-virtual-secure-mode-vsm-with-qemu-and-kvm", "url": "https://pretalx.com/kvm-forum-2024/talk/PKBPTR/", "title": "Emulating Hyper-V's Virtual Secure Mode (VSM) with QEMU and KVM", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "VSM is a virtualization-based security technology introduced by Microsoft that leverages the hypervisor's higher trust base to protect guest data against compromises. It introduces primitives that allow monitoring the guest's execution state from a higher privilege context, as well as enforcing memory access limitations beyond the guest's page tables.\r\n\r\nAt the KVM Forum 2023, we introduced VSM and the challenges we faced in emulating it in KVM. We have made significant progress since then, and more importantly, we settled on an innovative design based on the concept of sharing multiple KVM VMs within a single QEMU VM. We call these \u201cCompanion VMs.\u201d In this talk, we will revisit the core VSM concepts and delve into how we managed to model VSM's privileged execution contexts as distinct KVM VMs. Additionally, we will discuss how this approach could be utilized in the context of confidential computing (SEV SNP VMPLs) or to enhance device emulation security by moving it into the guest context. Ultimately, we will provide an update on our efforts to upstream our work in both KVM and QEMU.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HE883V", "name": "Nicolas Saenz Julienne", "avatar": null, "biography": "Sr. Kernel & Hypervisor engineer at AWS. Passionate about HW/SW interfaces, the Linux kernel and open-source collaboration.", "public_name": "Nicolas Saenz Julienne", "guid": "4bb3feb5-e9f1-54c5-8718-74881c65b477", "url": "https://pretalx.com/kvm-forum-2024/speaker/HE883V/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/PKBPTR/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/PKBPTR/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/PKBPTR/resources/KVM_Forum_2024_-_VBSVSM_WSXE3pb.pdf", "type": "related"}]}, {"guid": "244a6d52-969f-5e6e-942b-34a580077032", "code": "GWF9UC", "id": 51659, "logo": null, "date": "2024-09-23T14:45:00+02:00", "start": "14:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51659-securing-interrupt-delivery-for-sev-snp-guests", "url": "https://pretalx.com/kvm-forum-2024/talk/GWF9UC/", "title": "Securing Interrupt Delivery for SEV-SNP Guests", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "While almost all VM operating systems support interrupt and exception handling, some operating system may have certain built-in assumptions about interrupt behavior based on bare-metal hardware. A malicious hypervisor can break down these assumptions and put guest drivers or guest OS kernels into an unexpected state which could lead to a security issue. \r\nTo address this concern, SEV-SNP supports features to protect the guest against malicious injection attacks. The preferred method is Restricted Injection, but this was rejected by upstream. This talk introduces another approach, the Alternate Injection feature of SEV-SNP, which will use Secure VM Service Module (SVSM), and APIC emulation in the SVSM to secure interrupt delivery into an SEV-SNP guest.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZMEEEN", "name": "Melody (Huibo) Wang", "avatar": null, "biography": "Melody works for AMD in the Linux kernel team on secure virtualization. Currently she is working on implementing alternate injection for SEV-SNP virtual machines. In the past, Melody had worked on the security of trusted execution environment, including AMD SEV series and Intel SGX. She was specializing in computer system security and privacy, including cloud computing, blockchain, and data privacy.", "public_name": "Melody (Huibo) Wang", "guid": "aa921b8e-8388-55e2-8336-20abdf5f8609", "url": "https://pretalx.com/kvm-forum-2024/speaker/ZMEEEN/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/GWF9UC/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/GWF9UC/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/GWF9UC/resources/kvm-forum-2024-Melody_WyX4HuH.pdf", "type": "related"}]}, {"guid": "c99f04c8-85c5-52cf-8732-f7581191a2dc", "code": "YDSJCW", "id": 51858, "logo": null, "date": "2024-09-23T15:45:00+02:00", "start": "15:45", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51858-virtualizing-arm-trustzone-on-kvm", "url": "https://pretalx.com/kvm-forum-2024/talk/YDSJCW/", "title": "Virtualizing Arm TrustZone on KVM", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The mainline KVM currently does not support the virtualization of Arm\u2019s TrustZone. This means virtual machines (VMs) running on KVM cannot leverage TrustZone to run a trusted execution environment (TEE), such as OP-TEE. To address this limitation, we have extended KVM to expose a virtual TrustZone to VMs. To virtualize TrustZone's CPU features, we multiplex the virtual EL3 and secure EL1 on the normal world EL1 on the hardware. We adopt trap-and-emulate to handle sensitive instructions executed in the virtual TrustZone in KVM. Additionally, we build on the current TrustZone hardware abstraction in QEMU by creating a memory region representing virtual secure memory and mapping secure IO onto it. Our KVM prototype supports booting a paravirtualized OP-TEE. We plan to open-source our implementation to the community. As a next step, we will explore exposing TrustZone to confidential VMs based on pKVM and Arm CCA and extend QEMU to virtualize secure IO devices, such as TZPC.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "TARQFN", "name": "Chun Yen Lin", "avatar": null, "biography": "I'm Jim. I am currently pursuing my Master's degree in Computer Science at National Taiwan University. Looking forward to connecting with all of you.", "public_name": "Chun Yen Lin", "guid": "9e0f2494-b6fc-5579-a7ef-7041de2f5dbd", "url": "https://pretalx.com/kvm-forum-2024/speaker/TARQFN/"}, {"code": "ULXSYF", "name": "Shih-Wei Li", "avatar": null, "biography": null, "public_name": "Shih-Wei Li", "guid": "11d053c3-c6db-508f-8bfa-5f24cd5adfc4", "url": "https://pretalx.com/kvm-forum-2024/speaker/ULXSYF/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/YDSJCW/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/YDSJCW/", "attachments": [{"title": "slides", "url": "/media/kvm-forum-2024/submissions/YDSJCW/resources/vtz_kvm_kvm_forum_2024_2_Uu1FXH9.pdf", "type": "related"}]}, {"guid": "c9e9454c-6d67-5734-b105-31128a01b637", "code": "7JP9KW", "id": 51920, "logo": null, "date": "2024-09-23T16:15:00+02:00", "start": "16:15", "duration": "00:30", "room": "Hall C+D", "slug": "kvm-forum-2024-51920-is-ovmf-too-slow-for-serverless-confidential-computing", "url": "https://pretalx.com/kvm-forum-2024/talk/7JP9KW/", "title": "Is OVMF too Slow for Serverless Confidential Computing?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Two recent papers about serverless confidential computing have identified key overheads when booting SEV and SNP guests with OVMF. Are these claims well-founded? This talk will show how to benchmark OVMF while avoiding common pitfalls and identify overhead introduced when confidential computing is enabled. Furthermore the talk will unravel whether overhead is the result of hardware requirements, firmware design, or implementation error. Will alternate firmware layouts and boot schemes (e.g. IGVM and the SVSM) ameliorate these issues or make them worse?", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GPMAKW", "name": "Tobin Feldman-Fitzthum", "avatar": null, "biography": "Tobin Feldman-Fitzthum is a Software Engineer at the T.J. Watson IBM Research Center. His focus is secure virtualization and confidential computing. After working on live migration, encrypted disk images, and remote attestation for confidential VMs, Tobin helped found the Confidential Containers project and establish it as a CNCF sandbox project.", "public_name": "Tobin Feldman-Fitzthum", "guid": "acb9dec3-daff-5ef4-9877-a71c971cbe2d", "url": "https://pretalx.com/kvm-forum-2024/speaker/GPMAKW/"}], "links": [], "feedback_url": "https://pretalx.com/kvm-forum-2024/talk/7JP9KW/feedback/", "origin_url": "https://pretalx.com/kvm-forum-2024/talk/7JP9KW/", "attachments": [{"title": "Slides", "url": "/media/kvm-forum-2024/submissions/7JP9KW/resources/kvm-2024_0H2FFRg.pdf", "type": "related"}]}]}}]}}}