Linux Developer Conference Brazil 2019 speaker: Eduardo Habkost
Software Engineer working at the virtualization team at Red Hat since 2007. Works on QEMU and KVM since 2008. Maintainer of QEMU subsystems: x86, Machine Core, NUMA, Memory Backends, Python modules and scripts.
CPU vulnerabilities and KVM security (in English)
More than two years have passed since researches have discovered the Spectre and Meltdown CPU vulnerabilities, which were the first ones of a whole new family of CPU vulnerabilities. These vulnerabilities impact the design of all components of software that manages virtual machines, from the low level KVM code inside the kernel to user interfaces. In this new world, CPU security updates are commonplace, and software that virtualizes hardware need better methods to update virtual CPUs as well. This talk summarizes the challenges an design changes that are being made into KVM, QEMU, and virtualization management software to adapt to this new landscape.