Overview
Explore the implementation options for KVM-based Type 1 (or 1.5) hypervisors in this 27-minute conference talk by Jun Nakajima from Intel. Delve into security risks associated with Linux/KVM guests and understand the motivation behind Type 1.5 hypervisors. Learn about the process of converting KVM to Type 1.5 and examine two extreme approaches. Discover the scheduling and power management issues in Domo, emphasizing the importance of hypervisor control over VM scheduling. Analyze the impacts of Linux/KVM hypervisors and explore optimizations for KVM guests. Investigate optimized nested virtualization, including current implementations, KVM L2, and LH L2 kernel build comparisons. Evaluate performance metrics and examine findings from proofs of concept. Conclude with insights and next steps for KVM-based hypervisor implementation.
Syllabus
Intro
Security Risks of Linux/KVM Guests
Motivation of Type 1.5 Hypervisor
Converting KVM to Type 1.5
Two Extremes
Domo: Scheduling and PM Issues Hypervisor needs to own VM scheduling
Impacts of Linux/KVM Hypervisor
Optimization for KVM Guests
Optimized Nested Virtualization Current Implementation
KVM L2 and LH L2 Kernel Build L2 VM Exit Breakdown
Comparing Performance 2/2
Findings from POCs
Our conclusion
Next Step
Taught by
Linux Foundation