 Hello. Welcome to the KVM keynote as part of the KVM forum. My name is Christian Montrega and I work for IBM as Chief Product Owner for Linux and KVM and IBM Z, as well as the S319 maintainer for KVM. As usual, the keynote is more of a status report, with numbers, facts and recaps of the last year, as well as an outlook, where do we stand? As of today, Paolo Bancini is still the core maintainer for KVM as in the last years, but we also have a lot of architecture maintainers for X86, S390, Power and MIPS. In the last time we even got an increased number of reviews for different architectures. So this is actually quite good thing because that helps to put some burden away from the maintainers. And on the architectural side, there have been some interesting changes. For example, on ARM, the 32-bit host support was removed. And MIPS has seen a maintainer change after it was being unmaintained for a short period of time. Last year we already talked about RISC-5 and we expected it to have the RISC-5 architecture as part of KVM today, but we're still waiting for architecture finalization. As the RISC-5 current maintainers have pretty strict rules on when to merge code, they want to have the architecture settled and finalized. So much for the architectures. Let's have a look at what are the trends in KVM in general. And I see about five big areas of interest. First is certainly cloud and looking back at previous KVM forums and this forum as well. Apart from Microsoft Azure, everybody is using KVM. We have Amazon, Google, IBM, Alibaba, Huawei, Tencent Cloud, Bright Dance, Yandex, Oracle and many, many more. And we do see KVM in different variants from highly customized stacks like Amazon Nitro, Firecracker or Google Cloud. Or we do see KVM used in a pretty standard software stack based on QMU. And this is actually a strength of KVM. KVM can be used as a building block for a lot of features. We also see this in the container space. For example, with Kubernetes, we have actually an orchestrator that manages containers, but with KVM, we can use that to orchestrate KVM machines. Or with KVM containers, we can use KVM to isolate containers. But the biggest topic for KVM at the moment is certainly trusted computing. In the past, we already had enclaves like SGX. And this is now being complimented and kind of replaced here and there by secure virtual machines. And I will come to that topic later on multiple times. Another topic is certainly IO and hardware pass through is still a very hot topic, as well as virtual enhancement. But last but not least, we have changes in testing. This brings the question, is KVM stabilizing or moving even faster? And when you look at the KVM commits over the kernel releases over the last years, you can see that the KVM rate is growing. And in fact, this trend looks like it is accelerating. So the speed has kind of increased and not being reduced. It might be due to some bigger things like secure execution, AMD, SEV, but it could also be that KVM is really more and more actively used in several places and it's just lots of small things. So let's have a look at some more statistics. I counted here the numbers of commits in the last year, basically from kernel version 5.4 till 5.9. And I also put the numbers of last year. And roughly speaking, we have about 40% more commits and mergers than last year. When we then look at the reviewed by, the commits that have a reviewed by tech, we have a much better ratio. We have 80% decrease. And at the same time, we have less changes with the fixes or less growth in the number of commits, which have a fixes or CC stable tech. And hopefully this indicates a better quality. And that would be good for everyone. We should also pause to celebrate a bit to some people here that did an outstanding job in KVM. So the authors were the most number of commits we have just mentioned the first three are Sean Christofferson, Paolo Boncini, and Mark Sanjay. These people really drive a lot of changes into KVM. At the same time, it's also important to have people that do reviews, do the quality check. Here the top reviewers are Vitaly Kosnetsov, Cornelia Hook, and Jim Madsen. Last but not least, we also have people that that fixes bugs and fixes repressions. And these people are almost the same as the authors. So we have Sean Christofferson, Paolo Boncini, and Mark Sanjay. So we have seen people working on KVM. What are the companies that do the KVM work? Similar to last year we have more than 20 companies working on KVM. And also the companies are kind of similar with small shifts here and there. And if you look closely, you'll see that we have one name here. And that's because Mark did use to work for Amazon and now works for Google. So it was not that easy to separate the employer here. You can do your own mess if you like. But what do we see here is that we have, of course, cloud providers of people that use KVM actively participate in development. We have the distribution, so Red Hat, Sue the canonical. And of course the chip vendors like AMD, Intel, IBM, ARM, they all participate in KVM. So now let's have a look into what are these companies working on. And I want to talk about one thing that I find very important and that's testing. We have seen a lot of improvements over the past years here. We have two frameworks for KVM. The first framework is KVM unit test. This is a separate repository. And then we have the KVM self-test which is co-bundled with the Linux kernel. And we have seen an increase in number of self-tests. We have seen an increased number of KVM unit tests. And the KVM unit test is now actually also able to test non-KVM hyperriders. So this project has grown out of its initial idea and it was re-hosted also in GitLab. So we have now CI support and other nice things. So this is really something where we have invested a lot in the past. When we talk about highlights overall, I have to mention trusted computing. I did it before. I have to mention here as well. Also, this is not common code or not at all. So all the trusted computing implementations are actually the architecture and not yet common. When you look at the right-hand side, the top-right-hand side, this graph shows the number of commits over the kernel versions. It's basically the same number that you have seen before. And the red color indicates the number of commits that cannot be attributed to any architecture. So common code kind of. And this is about things like KVM start. If you remember my talk last year about performance data, I complained that we have a lot of data that can't be used by tooling. We do ship a tool in KVM called KVM start. And that tool now can do logging and come out of separated values. And if you remember my talk from two years ago, I complained about that we do not have enough code that runs cross architecture. And we now have a unified data structure across architecture and certainly lots of cleanups and fixes. The biggest architecture is certainly X86. Again, the red bar shows the number of X86 patches. We have too many things to mention for X86. So I can just mention some bigger blocks or some specific features. So for example, the asynchronous page fault handling was reworked. The dirty bitmap which is used for live migration was optimized. We have done a lot of refactoring and optimization in a lot of places. You can read them here. I'm not going to read it out loud. Several works in the specter like area. So the hardware side channel attacks nested KVM was improved a lot. We have seen improvements in the AMD SEV, the trusted computing variant from AMD. And of course, we have also seen performance work for, for example, we have a fast pass for IPI and TSC deadline timers. Another big architecture is ARM. And ARM, as I mentioned, removed the 32-bit host support. And that actually indicates that ARM is getting larger, bigger and more important in the service space as well. While the small embedded part is less and less important, I guess. It's still important, but here for KVM, it's really the server part. That of course also created a lot of cleanups, things that we could remove. But what else do we have in the ARM space? Of course, the usual interrupt controller work that we have seen for ARM in the last years also worked for the virtualization host extension. And the hypervisor there runs directly in EO2 mode. And it's actually a different way of doing things. So the code was split between the VHE and NVHE mode. We also got features like steel time, quanta, authentication for NVHE, data report and injection, as well as level-based TLD emulation. So lots of small things, lots of changes. On the MIPS side, we basically only have the long zone support, which is a new chip from China. While this is only a small change, it actually helped to get new maintainers on board for MIPS. So Hua Kai-Chen stepped up to be a maintainer as well, together with Alexander Matovic, which means that MIPS is now maintained again, which is good. On the power side, again, trusted computing. We have seen the PowerPC secure guest support. Of course, we also have seen the new Power10 support preliminary and several other small improvements like more than 4,000 guests for HVKVM, interrupt handling, single stepping and so on. On the S290 side, again, trusted computing. We have something called secure execution, which is the S290 variant of that. But we have invested also in testing, self-test, a lot of KVM unit tests, yield improvement, again nested KVM, and also some kind of small hygiene work that, for example, we implemented Diagnose 318, which is a firmware interface that we can now also use in KVM. So this is certainly something where every architecture that we have seen is, of course, doing their homework in terms of fixes and maintenance. When you look forward, all these features that I mentioned here are until kernel version 5.9, but looking beyond that, I mean, 5.9 was released two weeks ago. And for XZ6, we get a new MMU for two-dimensional paging pretty soon. You certainly will see enhancement in the trusted computing world. So AMD SEV has enhancement for secure state or secureness in paging. ARM is working on protected KVM. Intel has something called TDX, and you can bet that IBM will also give you additional features for Power and S290 in that way. And hopefully, we will also get RISC-5 support soon. Okay, with that, thank you for your attention. For questions and comments, feel free to write me or the KVM program committee for questions regarding the KVM forum itself. And with that, enjoy the rest of KVM forum.