KVM Forum 2018 BOF: Difference between revisions

From KVM
(Add L1TF topic)
(Add cross-architecture discussion)
 
(3 intermediate revisions by 2 users not shown)
Line 16: Line 16:


= BoF Ideas =
= BoF Ideas =
=== Better Speculative-Execution/L1TF Mitigations ===
'''Summary:''' Doing a better job of mitigating speculative-execution-based attacks
'''Summary:''' Doing a better job of mitigating speculative-execution-based attacks


Line 29: Line 31:
'''People:'''
'''People:'''
* Jonathan Adams <jwadams@google.com> (organizer)
* Jonathan Adams <jwadams@google.com> (organizer)
=== multi-process QEMU ===
'''Summary:''' Examining separation of emulated IO devices into separate processes
Marc-Andre Lureau & Konrad Rzeszutek Wilk presented the concept of a multi-process
QEMU at KVM Forum 2017. The idea is to dis-aggregate QEMU into multiple processes
for benefits discussed below. [https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02689.html Patches] which provide an idea of this concept have been
sent to qemu-devel@nongnu.org.
Very much looking forward to picking your brain regarding this topic.
Benefits of dis-aggregating QEMU into multiple processes:
* Reducing the impact of malicious software; tailored SELinux policies
* Modularity
'''Links:'''
* [http://events17.linuxfoundation.org/sites/events/files/slides/KVM%20FORUM%20multi-process.pdf KVM Forum 2018 - Multi-process QEMU]
* [https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02689.html Oct 2018 - Patches]
'''People:'''
* John G Johnson <john.g.johnson@oracle.com>
* Elena Ufimtseva <elena.ufimtseva@oracle.com>
* Jag Raman <jag.raman@oracle.com> (organizer)
=== Cross-architecture education ===
'''Summary:''' Explaining architecture specific things to other architecture maintainers
There are many interfaces and features that are architecture specific.
We need to spread the word about what and why we are doing things to improve KVM across all architectures.
'''Links:'''
* n/a
'''People:'''
* Christian Bornträger <borntraeger@de.ibm.com>
* tbd


== BoF idea template ==
== BoF idea template ==

Latest revision as of 05:08, 22 October 2018

Introduction

We will reserve some time for people to get together and discuss strategic decisions as well as other topics that are best solved within smaller groups. This time can also be used for hands-on hacking sessions.

If you are interested in organizing such a group time event, please add it to the list before KVM Forum, so people have time to organize which one they will attend.

Adding links to this wiki is restricted. If you have problems adding your BoF, please send it to the program committee at kvm-forum-2018-pc@redhat.com.


BoF Ideas

Better Speculative-Execution/L1TF Mitigations

Summary: Doing a better job of mitigating speculative-execution-based attacks

Diving into how we can better mitigate speculative-execution attacks in the context of KVM. Issues include (feel free to add your own):

  • Reducing the reachable Direct Map
  • Hyperthreading Issues
  • ...

Links:

People:

  • Jonathan Adams <jwadams@google.com> (organizer)

multi-process QEMU

Summary: Examining separation of emulated IO devices into separate processes

Marc-Andre Lureau & Konrad Rzeszutek Wilk presented the concept of a multi-process QEMU at KVM Forum 2017. The idea is to dis-aggregate QEMU into multiple processes for benefits discussed below. Patches which provide an idea of this concept have been sent to qemu-devel@nongnu.org.

Very much looking forward to picking your brain regarding this topic.

Benefits of dis-aggregating QEMU into multiple processes:

  • Reducing the impact of malicious software; tailored SELinux policies
  • Modularity


Links:


People:

  • John G Johnson <john.g.johnson@oracle.com>
  • Elena Ufimtseva <elena.ufimtseva@oracle.com>
  • Jag Raman <jag.raman@oracle.com> (organizer)


Cross-architecture education

Summary: Explaining architecture specific things to other architecture maintainers

There are many interfaces and features that are architecture specific. We need to spread the word about what and why we are doing things to improve KVM across all architectures.

Links:

  • n/a

People:

  • Christian Bornträger <borntraeger@de.ibm.com>
  • tbd


BoF idea template

=== TITLE ===

'''Summary:''' Short description of the idea

Detailed description of the idea.

'''Links:'''
* Wiki links to relevant material
* External links to mailing lists or web sites

'''People:'''
* Your Name (organizer)
* People that want to attend this session