GDB BoF, for GDB developers to meet and discuss any topic about the GDB development process.
Some proposed discussion topics are:
- The moving of gdbsupport and gdbserver, is anything left? Is there anything more to moved from the
gdb
togdbsupport
? - Replacing of macros with a more C++-like API (like what has been started from the type system). Other C++-ification.
- Feedback...
Opening session
We will present traceloop, a tool for tracing system calls in cgroups or in containers using in-kernel Berkeley Packet Filter (BPF) programs.
Many people use the “strace” tool to synchronously trace system calls using ptrace. Traceloop similarly traces system calls but with low overhead (no context switches) and asynchronously in the background, using BPF and tracing per cgroup. We will...
Injecting large quantities of preempt-disabled code pretty much anywhere in a realtime Linux kernel at runtime. What is not to like?
This discussion will open with a review of recent changes to BPF, including the new ability for at least some BPF programs to be preemptible. It will continue with an overview of BPF use cases, which is hoped to set the stage for a discussion on how realtime...
Summary of how GKI efforts for Android R went and what are the next steps.
openat2
landed in Linux 5.6, but unfortunately (though it does make it easier to implement safer container runtimes) there are still quite a few remaining tricks that attackers can use to attack container runtimes. This talk will give a quick overview of the remaining issues, some proposals for how we might fix them, and how libpathrs
will make use of them. In addition, a brief update on...
Short panel discussion covering different vendors experience with GKI and planned next steps.
OpenVZ and Virtuozzo containers use CRIU as the core technology for
container migration in production. And Virtuozzo containers are slightly
different thing to what most people would imagine containers today. They are
"system containers" which is the one with full systemd inside, the one you
would enter via ssh, the one which is an analogy to a virtual machine where the
user gets root...
Can we switch to DWARF5 by default for GCC11? Which benefits does that bring? Which features work, which don't (LTO/early-debug, Split-Dwarf, debug-types, debug_[pub]names, etc.). Which DWARF consumers support DWARF5 (which don't) and which features can be enabled by default?
Additionally some larger applications are hitting the limits of 32bit offsets on some arches. Should we introduce a...
After a renewed interest in futex from several groups who are trying to extend the interface (i.e. futex wait multiple, futex swap, variable-sized futexes), alongside failed attempts to solve longstanding issues that cannot be solved under the current interface, Thomas Gleixner is convinced a new implementation of futex is necessary. This topic will collect feedback on the work being done to...
Covering ABI monitoring, what has happened with libabigail in the past year and what remains to be done
CRIU is not easy to use for the average user. What to do with the file system? How and where to store images?
We developed an easy-to-use checkpoint/restore tool that uses the CRIU engine. It provides the following features: * It does not require root access to operate. Only an empty container (e.g. kubernetes) is required * Provides time virtualization, critical when migrating (java)...
The 32-bit "mark" associated with the skb has served as a metadata exchange format for Linux networking subsystems since the beginning of the century. Over that time, the interpretation and reuse of the field has grown to encapsulate a wide range of networking use cases, expanding to touch everything from iptables, tc, xfrm, openvswitch, sockets, routing, to eBPF. In recent years, more than a...
Overview and discussion on upstreaming efforts connected with GKI work.
Inside our large database application setup, we have a few critical processes. Some of the functions include, heartbeat (for the cluster), monitoring what was happening (to debug in case a cluster does go down) amongst others.
Elaborating on a single example, if the heartbeat process doesn't run when it should, the cluster could remove the node, and then the node would have to shutdown,...
For security there are various projects which provide guidelines on how to configure a secure kernel - e.g., Linux Self Protection Project. In addition there are security enhancements which have been added to the Linux kernel by various groups - e.g., grsecurity or PAX security patch.
We are looking to define appropriate guidelines for safety enhancements to the Linux kernel. The session...
We will recap the elfutils debuginfod server from last year. It has been integrated into a number of consumers, learned to handle a bunch of distro packaging formats, and some public servers are already online.
fw_devlink is a new feature that got into upstream in the past year. It adds device links between devices by parsing the firmware. This talk will provide a quick refresher of what it does (talked a bit about it in LPC 2019) and what changes got in since then.
Also, provide a refresher on how sync_state() works and what it is and can be used for.
Containers are by far the biggest use case for overlayfs.
Yet, there seems to be very little cross talk between overlayfs and containers mailing lists.
This talk is going to present some opt-in overlayfs features that were added in recent years (redirect_dir, index, nfs_export, xino, metacopy).
Most of those features have not been enabled by most container runtimes, because of various...
Or is it DWARVish? Whatever, GraalVM Native implements compilation of a
complete suite of Java application classes to a single, complete, native
ELF image. It's much like how a C/C++ program gets compiled. Well,
except that the image contains nothing to explain how the bits were
derived from source types and methods or where those elements were
defined. Oh and the generated code is...
Covers issues and TODOs for the transition from ION to the upstream DMA-BUF Heaps infrastructure.
Also will discuss thoughts on DMA-BUF cache handling, following up from LWN articles here:
https://lwn.net/Articles/822052/
https://lwn.net/Articles/822521/
Recently CRuby got a JIT based on GCC or Clang. Experience with use of the CRuby JIT confirmed the known fact that GCC does not fit well for all JIT usage scenarios. Ruby needs a light-weight JIT compiler used as a tier 1 compiler or as a single JIT compiler. This talk will cover experience of GCC usage for CRuby JIT and drawbacks of GCC as a tier 1 JIT compiler. This talk also will cover the...
CRIU is the most advanced Checkpoint-Restore project on Linux.
But even with CRIU at the moment it is not feasible to checkpoint - restore
all possible topologies of processes and namespaces. Even relatively simple
case of a process tree with two UTS/IPC namespaces is not supported by CRIU,
not mentioning more complex cases like a process tree with more than one PID
namespaces.
In...
Covering patches used in the Android Common tree to provide partial cache flushes for DMA-BUFs, and what issues and blockers need to be resolved for this functionality to move upstream.
Soon, the Real-Time Linux project will have its PREEMPT_RT patches in mainline Linux. One part of the Real-Time Linux collaboration project is its continuous integration system CI-RT (https://github.com/ci-rt) with one known lab running (https://ci-rt.linutronix.de).
In this talk, a possible way how to run the existing CI-RT tests on mainline Linux will be presented. Additionally, possible...
The core idea behind core scheduling is to have SMT (Simultaneous Multi Threading) on and make sure that only trusted applications run concurrently on the hardware threads of a core. If there is no group of trusting applications runnable on the core, we need to make sure that remaining hardware threads are idle while applications run in isolation on the core. While doing so, we should also...
We would like to present results of an estimation of tail calls costs between eBPF programs. This was carried out for two kernel versions, 5.4 and 5.5. The latter introduces an optimization to remove the retpoline mitigating spectre flaws, in certain conditions. The numbers come from 2 benchmarks, executed over our eBPF software stack. The first one uses the in-kernel testing...
Come join us to work through issues specific to building the Linux kernel with LLVM. In addition to our Micro Conference, let's carve out time to follow up on unresolved topics from our meetup in February:
- Improving our home page
- Status of each architecture
- Call to action / how to get started / Evangelism
- Improving Documentation/
- Maintainer model
- Minimum supported versions...
The Ranger project was introduced at the GNU tools Cauldron last year. This project provides GCC with enhanced ranges and an on-demand range query API. By the time the conference is on, we expect to have the majority of the code in trunk and available for other passes to utilize.
In this update, we will:
- Cover what has changed since last fall.
- Describe current functionality,...
Major new features since last year's LPC include
- RAW capture
- GStreamer element
- V4L2 compatibility layer (allowing V4L2 application to use libcamera transparently through LD_PRELOAD)
- Support for new platforms
- Raspberry Pi (with a fully open-source implementation of the image processing algorithms)
- i.MX7
We have continued working on the Android HAL implementation...
New cloud offerings such as Google preemtible VMs are up to 5x cheaper than regular machines. These VMs come with tight eviction deadlines (~30secs). This introduces a new goal: How can we evacuate an application from a machine as fast as possible?
Note that this problem is different from live migration, which aims at minimizing application downtime.
To do fast checkpointing, we...
Will cover outstanding and recently upstreamed patches from Android Common Kernel that are needed for Android to function.
Including a brief overview of Android Common tree, device specific changes, the vma-naming patch and inline encryption functionality.
This session shall shed some light on what needs to be done to use PREEMPT_RT in safety-critical systems.
For a structured discussion, this session first introduces:
- different types of assumed example systems, and the criticality of the real-time property in those systems,
- derived real-time requirements towards the kernel and hardware, and
- different general strategies described...
Overview of the new Incremental Filesystem in the Android Common Kernel and discussion on issues or blockers to getting the functionality upstream.
We would like to discuss a proposal for more advanced in-kernel idmap isolation.
It's been almost a year since the nascent GNU poke [1] got first introduced to the public at the GNU Tools Cauldron 2019 in Montreal. We have been hacking a lot during these turbulence months and poke is maturing fast and approaching a first official release, scheduled for late summer.
In this talk we will first do a quick introduction to the program for the benefit of the folk still...
Covering outstanding up-streaming efforts for patches in the Android Common tree:
Specifically:
- dm-user
In the proposed talk I would like to discuss the opportunity to create a core for XDP program offloading from a guest to a host. The main goal here is to increase packet processing speed.
There was an attempt to merge offloading for virtio-net but the work is in progress.
After addition XDP processing to the xen-netfront driver the similar Xen task has to be solved as well.
vmxnet3...
In this talk, we will discuss data-race detection in the Linux kernel. The talk starts by briefly providing background on data races, how they relate to the Linux-kernel Memory Consistency Model (LKMM), and why concurrency bugs can be so subtle and hard to diagnose (with a few examples). Following that, we will discuss past attempts at data-race detectors for the Linux kernel and why they...
This is a first brainstorm around building a sensible, better capability model on top of pidfds.
This topic focuses on identifying sources of operating system “noise”, primarily for polling mode latency-sensitive applications on Linux. What do we mean by operating system noise? We mean things external to an application that can affect execution of the application in a negative way, usually meaning a delay in execution causing missed deadlines. The intent here is to identify the most...
Despite having capabilities to specify access control at a high level of granularity, SEPolicy is typically added in the development process as an afterthought; to accord the same permissions to a given set of processes that were developed with no regard to access restrictions. On Android - where SEPolicy operates in mandatory access control (MAC) mode - OEMs typically rely on tools such as...
This summarizes my (not-so-good) experience wrt using the kernel API exposed as /proc/*/mount{s,info} in various container projects (docker, runc, aufs, cri-o, cilium etc.), and outlines various problems with this API and its (ab)use.
Mountinfo API is quite adequate for 10s of mounts (systems with
no containers). With containers, each one adds a few mounts, and there might be thousands of...
This talk outlines a proposal to re-factor and extend the arm64/KVM implementation in order to enable the execution of guest VMs in memory carveouts protected from the host kernel, as well as potential use-cases in the Android world. Using this architecture, we intend to remove the host kernel from the Trusted Computing Base, hence protecting guest secrets, such as private user data, against...
In this talk, Thomas Gleixner will present the status of the PREEMPT_RT, along
with a section of questions and answers regarding the upstream work and the
future of the project.
Virtualization is coming to automotive and helping advance the industry. Google is working on a reference VM platform for Android Automotive OS based on virtio and open standards.
Our work in this space builds on the cuttlefish virtual platform and adds support for new devices, including audio, sensors and vehicle bus access.
The session will focus on our design goals and choices, how we...
Discussion on the difficulties with adding and maintaining open source projects in the Android build system. Why is it so complex? Could the Android build system be more open source friendly?
Quick overview of the negative costs of each SoC vendor having to update their bootloader to track Android boot flow requirements that change almost yearly, and what might be done to avoid this duplicative effort, that doesn't bring much value to vendors.
A BoF meeting for folks interested in the GNU Binutils.
Possible topics for discussion:
* Should GOLD be dropped ?
* Automatic changelog generation.
* Configuring without support for old binary formats (eg ihex, srec, tekhex, verilog)
There are active open source projects such as LiteX which have developed IP (e.g. chip-level hardware design) needed for building an open source SoC. The common workflow is that this SoC would be synthesized into a bitstream and loaded into a FPGA. (Aside: there is also the possibility of using these IP modules in an ASIC, but the scenario of supporting fixed-in-silicon hardware peripherals...
As a follow up to the OSPM discussion, we would like to discuss the upstreaming plans.
As per the OSPM, the work left to be done were:
1. Documentation.
2. Cross cpu, vruntime comparison logic for CFS tasks.
3. Kernel protection from sibling during Syscall and interrupts.
4. Load balancing fixes.
5. API and usage.
6. Hotplug fixes.
7. Other fixes and code cleanup.
Now, v6 is...
We will shortly describe the overall topic of Kernel Dependability & Assurance MC and where we see how the topics in the MC agenda fit to this larger table. If there is a bit of time, we can align among speakers and the audience this common understanding on the large scope of the two terms, dependability and assurance.
The majority of the code in the kernel deals with hardware that was made a long time ago, and we are regularly discussing which of those bits are still needed. In some cases (e.g. 20+ year old RISC workstation support), there are hobbyists that take care of maintainership despite there being no commercial interest. In other cases (e.g. x.25 networking) it turned out that there are very...
The d_path is eBPF tracing helper, that returns string with
full path for given 'struct path' object and was requested
long time ago by many people.
Along the way of implementing it, other features had to be
added to the verifier:
-
compile time BTF IDs resolving
This allows using of kernel objects BTF IDs without resolving
them in runtime and saves few cycles on...
With [Linux Kernel Memory Model][1] introduced into kernel, litmus tests have been proven to be a powerful tool to analyze and [design][2] parallel code. More and more C litmus tests are written, some of which are merged into Linux mainline.
Actually the [herd tool][3] behind LKMM have models for most of mainstream architectures: litmus tests in asm code are supported. So in theory, we can...
Understanding the Linux kernel source code requires understanding the role played by different entities. An interesting example is the case of structures of type list_head. Some are actually heads of lists. Others are inlined inside of list elements. Documentation about which are which, and which heads are connected to which elements, is not systematic. We have developed a tool, Liliput,...
Since "Kprobes jump optimization" was introduced by Masami Hiramatsu in 2009, Only x86, arm32, powerpc64 have supported it. It seems that architecture met obstacles to implement the feature.
In this talk, let's compare x86, arm32, powerpc64 OPTKPROBES' feature, and find out the limitation of them. Then let's talk about how to implement kprobes jump Optimized for new archs (riscv &...
The GNU C Library is used as the C library in the GNU systems
and most systems with the Linux kernel. The library is
primarily designed to be a portable and high performance C
library. It follows all relevant standards including ISO C11
and POSIX.1-2008. It is also internationalized and has one of
the most complete internationalization interfaces known.
This BoF aims to bring together...
Thread Control Block (TCB) is a data structure in the Linux kernel which contains thread-specific information needed to manage it.
The Thread Control Block acts as a library of information about the threads in the system.
TCB is being manipulated by the kernel constantly, while the thread is being executed and while it is switched out.
Assuring the integrity of the TCB is critical to...
This introduces a working proof-of-concept alternative to RDMA, implementing a zero-copy DMA transfer between the NIC and GPU, while still performing the protocol processing on the host CPU. A normal NIC/host memory implementation is also presented.
By offloading most of the data transfer from the CPU, while not needing to reimplement the protocol stack, this should provide a balance...
The implementation of C++ modules in GCC and other compilers may pose some constraints on the kind of preprocessor and language constructs glibc headers can use (and the kernel headers they require). With this BoF, we hope to coordinate this a bit between GCC and glibc, so that we do not have to put hacks into the compiler or rely on the fixincludes mechanism (which is incompatible with glibc...
It's not an evening social but pets are good. Stop by and show off your pets on video camera!
Open discussion about the ways to improve collaboration between developers working on on different architectures.
Graphical user sessions have been plagued with various performance related issues. Sometimes these are simply bugs, but often enough issues arise because workstations are loaded with other tasks. In this case a high memory, IO or CPU use may cause severe latency issues for graphical sessions. In the past, people have tried various ways to improve the situation, from running without swap to...
A process running a safety critical function needs to be free from any interference. One source of this interference comes from are interruptions to the program flow from either synchronous events like system calls, or asynchronous events such as interrupts.
This talk details the sources of such events; the hazards that are associated with them, and some of the ways in which these may be...
scheduler fails to provide the same runtime to tasks when the system can't be balanced like 9 running tasks on 8 CPUs. This talk will come back on the different proposal made during OSPM and discuss the way to move forward
vDSO (virtual dynamic shared object) is a mechanism that the Linux kernel
provides as an alternative to system calls to reduce, where meaningful, the
costs in terms of cycles.
This is possible because certain syscalls like gettimeofday() do not write any
data and return one or more values that are provided by the kernel, which makes
calling them directly as a library function relatively...
Key question: Can system calls be regarded as independent and consequently tested individually rather than in some form of use-case specific call sequence?
The kernel has a set of asynchronously operated state machines, e.g., RCU, buddy-system, ratelimits of all sorts, that cause a repeated identical system call to take different paths in consecutive invocations. The model thus is that the...
A while back, I found myself triaging an iconv bug report that found hangs
in the program when run with certain inputs. Not knowing a lot about iconv
internals, I wrote a rudimentary fuzzer to investigate the problem, which
caught over 160 different input combinations that led to hangs and a clear
pattern hinting at the cause.
In...
Recent experiments [1] on more "creative" hardware have shown that the NUMA topology code has some unwritten assumptions which can be broken relatively easily. While the pictured topology may be considered questionable, somewhat saner topologies can trigger the same class of issues, which can be tested via e.g. QEMU.
The idea would be to point out said limitations, discuss if / how much we...
A brief status update on John's progress regarding his GOSC project to parallelizing LTO during the build phase using Make.
Gather stakeholders from security, block, and VFS to discuss potential merging of the IPE LSM vs. integration with IMA.
Background:
- IPE: https://microsoft.github.io/ipe/
- Mailing list thread: https://lore.kernel.org/linux-security-module/20200802143143.GB20261@amd/T/#mc30b4a8fa5525ef27eb6bda61a7f7a690ddc4c20
The system call entry and exit code is needlessly duplicated and different
in all architectures. The work carried after the real low level ASM bits
should not be different accross architectures as well as the code that
handles the pending work before returning from a system call to user space.
Likewise, the interrupt and exception handling has to establish the state
for various kernel...
Since dynamic libraries have become universal, the runtime linker loader has been a critical but often times overlooked component of the OS. The general design and many implementation details were solidified back in the 1990’s and addressed issues that were facing OS designers and software developers back then. The computing environment is quite different in the second decade of the 21st...
Various static analysis tools have been used for many years in the kernel development; even more, some static analysis tools have dedicatedly been developed in the realm of the kernel community.
While with the introduction of the first static analysis tools, some relevant kernel bugs were found and fixed, the repeated execution of those static analysis tools on recent kernels suffer from a...
The [Morello project][1] is an experimental branch of the Arm architecture for evaluating the deployment and impact of capability-based security. This experimental ISA extension builds on concepts from the [CHERI project][2] from Cambridge University.
As experimentations with Morello on Linux are underway, this talk will focus on the [pure-capability execution environment][3], where all...
As UDP does not have flood attack protections such as SYN cookies, we developed a novel fair-share ratelimiter in unprivileged BPF, designed for a UDP reverse proxy, that is capable of applying rate limits to specific traffic streams while minimizing the impact on others. To achieve this, we base our work on [Hierarchical Heavy Hitters][1], which proposes a method to group packets on source...
The original latency nice proposal, a per-task parameter that reduced wakeup latency by short circuiting idle core/cpu searches in the wakeup path, was made over a year ago. Upstream discussion ultimately identified multiple seemingly related proposals, "Per-task vruntime wakeup bonus", "Small background task packing" and "Skip energy aware task placement". The scheduler maintainers asked the...
Linux kernel security is a very complex topic. To learn it, I created a [Linux Kernel Defence Map][1] showing the relationships between:
- Vulnerability classes
- Exploitation techniques
- Bug detection mechanisms
- Defence technologies
These kernel defence technologies have the corresponding Kconfig options.
A lot of them are not enabled by the major Linux distributions.
So...
On 32-bit Linux machines, the 4GB of virtual memory are usually split between 3GB address space for user processes and a little under 1GB directly mapped physical memory.
While kernels can address more physical memory than what is directly mapped, this requires the "highmem" feature that is likely going away in the long run, while there are still systems using 32-bit ARM Linux with 2GB or...
Last year we introduced support for the Compact C Type Format (CTF) to the GNU toolchain and presented at the last Cauldron.
Back then, the binutils side was only doing slow, non-deduplicating linking and format dumping, but things have moved on. The libctf library and ld in binutils has gained the ability to properly deduplicate CTF: output CTF in linked ELF objects is now often smaller...
The BPF LSM or Kernel Runtime Security Instrumentation (KRSI) aims to provide an extensible LSM by allowing privileged users to attach eBPF programs to security hooks to dynamically implement MAC and Audit Policies.
KRSI was introduced in LSS-US 2019 and has since then had multiple interesting updates and triggered some meaningful discussions. The talk provides an update on:
- Progress...
I'll be talking about the -fanalyzer
static analysis option I added in
GCC 10; give an overview of the internal implementation, its current
strengths and limitations, on how I'm reworking it for GCC 11, and
ideas for future directions.
Let's discuss proactive and reactive approaches to Linux Kernel dependability. We all care about keeping our data safe and systems secure. We counter security attacks using fuzzers and other test tools to identify vulnerabilities and hardening the code base.
How can we ensure we aren't introducing new problems?
Regression testing and continuous fuzzing helps in finding regressions and...
Two significant parts of interaction between architectures and the generic MM are memory model (flat, discontigmem, sparsemem) and memory detection and initialization.
SPARSEMEM was designed as replacement for DISCONTIGMEM, but although sparse memory model was stable and robust for long time, there are still several architectures that require DISCONTIGMEM and the conversion is not as...
Not a long time ago memcg accounting used the same approach for all types of pages.Each charged page had a pointer at the memory cgroup in the struct page. And it held a single reference to the memory cgroup, so that the memory cgroup structure was pinned in the memory by all charged pages.
This approach was simple and nice, but it didn't work well for some kernel objects,which are often...
I mentioned at last OSPM ([1]) how proxy execution could improve scheduling on big.LITTLE systems, but that obviously cannot happen until the bases of proxy execution work properly.
I've been given the green light to spend some time on proxy execution, so this would be an opportunity for me to present the current state of things (some grey areas here as I'm still investigating bugs right...
At the end of the day, "security flaws" are just a special case of "regular" bugs, so anything that helps avoid bugs will also help with reducing the incidence of security flaws. This explores the approaches taken to avoiding bugs generally and security flaws in particular.
Find and fix bugs before they are released. This is fundamentally a matter of testing. Whether that's done via unit...
Last year I presented an approach to flatten the hierarchical runqueues used with the CPU controller in CFS, and Paul Turner came up with what we thought at the time were some insurmountable problems.
However, it looks like one relatively small change in how and when vruntime is accounted, and what is done with tasks that cannot have all of their delta exec runtime converted into vruntime...
The goal of this discussion is to bring some of the discussions from LKML to a room where some of us can get together, figure out what interface makes sense for initial merging into upstream, what future goals are. Are cgroups the way forward, or should coreschedfs be a thing?
We want to follow this up with
Core Scheduling: Cross CPU priority comparison
Core Scheduling load balancing...
VFIO mdev provides a framework for subdevice assignment and reuses existing VFIO uAPI to handle common passthrough-related requirements. However, subdevice (e.g. ADI defined in Intel Scalable IOV) might not be a PCI endpoint (e.g. just a work queue), thus requires some degree of emulation/mediation in kernel to fit into VFIO device API. Then there is a concern on putting emulation in kernel...
First investigations about Kernel Address Space Isolation (ASI) were presented at LPC last year as a way to mitigate some cpu hyper-threading data leaks possible with speculative execution attacks (like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS)). In particular, Kernel Address Space Isolation aims to provide a separate kernel address space for KVM when running virtual...
At last year's LPC I presented a proposal for how to attach multiple XDP programs to a single interface and have them run in sequence. In this presentation I will follow up on that, and present the current status and next steps on this feature.
Briefly, the solution we ended up with was a bit different from what I envisioned at the last LPC: We now rely on the new 'freplace' functionality...
Question and Answer session and general discussion with members of the GCC Steering Committee, GLIBC Stewards, GDB Stewards, Binutils Stewards, and GNU Toolchain Fund Trustees.
Welcome, Overview and platform audio/debug
When RISC-V grows up, it wants to be a wildly successful
computing platform. Being an ISA is fun but being the world's
fastest supercomputer would be really cool.
So how do we get there? By being dead boring. If I have an operating
system to install on a platform built around the RISC-V ISA, the install
MUST work out of the box -- no mucking about with strange boot loaders,
or...
[syzkaller][1] is an open-source coverage-guided OS kernel fuzzer used to continuously test the Linux kernel. To date syzkaller has found [3000+ bugs][2] in the upstream kernel. The kernel sanitizers are a family of dynamic bug finding tools ([KASAN][3], [KMSAN][4], [KCSAN][5]) that detect various types of bugs in the kernel.
In this talk Dmitry will give an overview of new developments in...
IOMMU UAPIs was partially merged to support basic guest Shared Virtual Address (SVA) functionalities such as cache invalidation, bind guest page tables, and page request service. These initial patches defined UAPI data structures without the transport mechanics and specifics for future extensions.
To bridge these gaps, new patchsets are being developed by Yi L Liu and Jacob Pan to address the...
We had a panel led discussion at last year's GNU Tools Cauldron and more recently at the FOSDEM LLVM Developer's room on improving cooperation between GNU and LLVM projects. This year we are proposing an open format BoF, particularly because we believe that being part of LPC and a virtual confernce we may have more LLVM and GNU developers in the same (virtual) room.
At both previous...
There are ongoing efforts to add UEFI support for RISC-V Linux kernel. As a result, RISC-V can be fully EBBR compatible. We will discuss the current progress and what's the best approach to make that happen.
As it currently stands in the mainline kernel, IOASID is a generic kernel service that provides PCIe PASID or ARM SMMU sub-stream ID allocations. On VT-d and Intel's Scalable IO Virtualization(SIOV) platforms, IOASID core serves a particularly important role as its usage spans the following dimensions:
- bare metal and guest SVM
- A slew of in-kernel users consists of VFIO, IOMMU, mm, VDCM*,...
In this talk we introduce Per Thread Queues (PTQ). PTQ is a type of network packet steering that allows application threads to be assigned dedicated network queues for both transmit and receive. This facility provides highly granular traffic isolation between applications and can also help facilitate high performance when combined with other techniques such as busy polling. PTQ extends both...
This session will involve a discussion around a proposal for standards for device-side test artifacts. Currently there are no standards (that the author is aware of) for where tests should be placed in a device under test, or how test frameworks should discover, interact with, and collect results from test artifacts.
Tim will propose adding some new directories to the FileSystem...
Synchronization of kernel trace event timestamps between host and guest VM is a key requirement for analyzing the interaction between host and guest kernels. The task is not trivial, although both kernels run on the same physical hardware. There is a non-linear scaling of the guest clock, implemented intentionally by the hypervisor in order to simplify live guest migration to another host....
Basic Linear Algebra Subprograms (BLAS) are used everywhere in machine learning and deep learning applications today. OpenBLAS is an optimized BLAS open source library used widely in AI workloads that implement algebraic operations for specific processor types.
This talk covers recent optimization in the OpenBLAS library for the POWER10 processor. As part of this optimization, assembly code...
The world of system-on-chip computing has changed drastically over the past years with the current state being much more diverse as the industry keeps moving to 64-bit processors, to little-endian addressing, to larger memory capacities, and to a small number of instruction set architectures.
In this presentation, I discuss how and why these changes happen, and how we can find a balance...
Kselftest is a developer test suite which has evolved to run in test rings, and by distributions. This evolution hasn't been an easy one.
In this talk, Shuah shares what it takes to get Kselftest running in test rings such as Kernel CI. She will go over the changes necessary to run Kselftests to fully support relocatable builds and enable integration into test rings.
The primary goal is...
A quick overview of the project status, roadmap, and a few interesting features of the port.
Location v/s Trust
-
Currently firmware can mark ports as external-facing (and thus indicates any devices downstream that port are external). PCI & IOMMU subsystem treats external devices as untrusted (ATS is not allowed, sets up bounce buffers, and uses "strict" iommu).
-
We should separate "Location" from "Trust". (Not all internal devices may be trustworthy).
-
Location of a...
Both GCC and LLVM toolchains provide a wide range of security-related flags. Some are dedicated to finding bugs statically, some provide low-cost runtime protection and other rely on heavy instrumentations. Although many flags are shared between the two toolchains, some are unique, and there implementation may differ. This talk aims at providing a broad overview and status on these...
Last year I presented a talk titled ["KUnit - Unit Testing for the Linux Kernel"][1] in which we presented the proposed KUnit unit testing framework. We discussed how it worked; why it was needed; and what we were planning on doing with it.
One year later, KUnit is now upstream and we have learned a lot. In this talk I intend to discuss what we have accomplished since our talk last year,...
Hot-adding a PCI device requires gaps in the address space for new BARs, and extra bus numbers if this is a bridge. Usually these resources are reserved not by the kernel, but by BIOS, bootloader, firmware.
If a bridge have windows not big enough (or fragmented too much) for newly requested BARs, it is still may be possible to allocate a memory region for new BARs, if at least some working...
The hypervisor extension v0.5 is already available in the latest Qemu and v0.6.1 patches are already in the mailing list. The kvm patches has been on the mailing list and waiting to be merged. We will discuss the ongoing designs for nested hypervisor implementation.
Today we have a few dozens of Qdisc’s available in Linux kernel, offering various algorithms to schedule network packets. You can change the parameters of each Qdisc, but you can not change the core algorithm of a given Qdisc. A programmable Qdisc offers a way to customize your own scheduling algorithms without writing a Qdisc kernel module from scratch. With eBPF emerges across the Linux...
Speculative execution attacks, such as L1TF, MDS, LVI pose significant security risk to hypervisors and VMs. A complete mitigation for these attacks requires very frequent flushing of buffers (e.g., L1D cache) and halting of sibling cores. The performance cost of such mitigations is unacceptable in realistic scenarios. We are developing a high-performance security-enhancing mechanism to...
As outlined in https://lore.kernel.org/lkml/202005181120.971232B7B@keescook/ the topics include:
- fd passing
- deep argument inspection
- changing structure sizes
- syscall bitmasks
Specifically, seccomp needs to grow the ability to inspect Extensible Argument syscalls, which requires that it inspect userspace memory without Time-of-Check/Time-of-Use races and without...
Doing kernel development is fun, but setting up your throw away systems to do kernel development or testing is not so much fun, and it can be tedious and time consuming. For instance, setting up a full filesystems test lab can sometimes take weeks, at best.
kdevops was released with the motivation of reducing the amount of time and to avoid the complexity involved to set systems up from...
The Linux kernel has lacked support for RCEC AER handling until now. Several patches have been submitted to address this gap. The purpose of this discussion is to ensure various cases for use of RCEC in native and non-native modes (sometimes referred to as firmware-first) are addressed.
https://lore.kernel.org/linux-pci/20200812164659.1118946-1-sean.v.kelley@intel.com/
We will talk about the implementation of vector support in Linux kernel, how user space can get its layout or size and the future work for Linux kernel and glibc.
In 2019 Oracle contributed support for the eBPF (as of late renamed to just BPF) in-kernel virtual architecture to binutils and GCC. Since then we have continued working on the port, and recently sent a patch series upstream adding support for GDB and the GNU simulator.
This talk will describe this later work and other current developments, such as the gradual introduction of xbpf, a...
Current implementation allows IOMMU to automatically enable certain PCI features that require IOMMU co-ordination. For various reasons to ensure ordering etc. But new use cases such as Scalable IOV, and also a way to quirk behavior due to bugs could be managed on the device vs adding a certain quirk table and such. Provides more control to support new requirements from modern devices such as...
Linux has a new 'lockdown' security mode where changes to the running kernel
requires verification with a cryptographic signature and restrictions to
accesses to kernel memory that may leak to userspace.
Lockdown's 'integrity' mode requires just the signature, while in
'confidentiality' mode in addition to requiring a signature the system can't
leak confidential information to...
The KernelCI project has been increasingly in the spotlight since it
joined the Linux Foundation in October 2019. In addition to having a
strong set of founding members, it has also started growing a healthy
ecosystem. While still relatively small in size compared to the object
under test that is the Linux kernel, as a relatively young project it is
showing some very positive signs. ...
This is a gathering to discuss Linux-kernel RCU internals.
The exact topics depend on all of you, the attendees. In 2018, the focus was entirely on the interaction between RCU and the -rt tree. In 2019, the main gathering had me developing a trivial implementation of RCU on a whiteboard, coding-interview style, complete with immediate feedback on the inevitable bugs.
Come (virtually!)...
Background
In an ideal world, memory management provides the optimal placement of data objects under accurate predictions of future data access. Current practical implementations, however, rely on coarse information and heuristics to keep the instrumentation overhead minimal. A number of memory management optimization works were therefore proposed, based on the finer-grained...
Exploring Profile Guided Optimization of Linux Kernel
Author
ian Bearman is the former team lead supporting GCC and GNU developer tools for Linux at Microsoft. Nearly 20 years of experience in code generation, optimization, and developer tools.
Abstract
The Gnu/Linux Tools Team at Microsoft spent some time this year looking at using profile guided optimization in GCC to...
The Linux RISC-V Kernel has adopted a policy to accept patches only for frozen/ratified RISC-V specs. This was done to align with RISC-V spec development process of the RISC-V Foundation and avoid maintenance burden. Considering the time taken by RISC-V spec development process, is there a better policy which Linux RISC-V Kernel can adopt ??
Projects such as QEMU RISC-V and OpenSBI have...
A year ago, the Linux Foundation KernelCI project embarked on a new effort: unifying reporting from all upstream kernel testing systems.
Our aim is to develop a new generic interface that can be used by any test system to submit results into a common database. This allows sending a single report email for each kernel revision being tested, backed by a single web dashboard collating the...
We can remove a lot of duplicated code from the Intel IOMMU driver by using the generic dma-iommu path for IO virtual address handling.
We have two main issues preventing us from merging this work. The intel i915 gpu driver doesn't handle scatter gather lists correctly and we need to work on a generic copy of the Intel IOMMU driver's bounce buffer code for untrusted devices.
This micro...
The Intel Volume Management Device (VMD) behaves similar to a PCI-to-PCI bridge that changes the subdevice's requester ID to VMD's. VMD also remaps subdevice MSI/X into its own MSI/X mapping table. Because of the requester ID factor, the VMD device and subdevice domain fall under a single IOMMU group.
VMD is being integrated more and more into Intel chipsets and the desire to assign...
Over the years, more services are contributing to the testing of kernel patches and git trees. These services include Intel's 0-day, Google's Syzkaller, KernelCI and Red Hat's CKI. Combined with all the manual testing done by users, the linux kernel should be rock solid! But it isn't.
Every service and tester is committed to stabilizing the linux kernel, but there is duplication and...
This will include details about the 64- bit time_t problem and how RV32 is going to be the first 32-bit architecture with a 64-bit time_t. What still needs to be done for 32-bit support? How do we get this merged? We will also like to discuss the plan to test and maintain it once it is merged.
Existing Linux endpoint only supports pci-epf-test for communication between RootComplex and EndPoint systems (Both running Linux). While pci-epf-test is good enough for "testing" communication between RootComplex and Endpoint, additional development based on pci-epf-test was required for implementing any real use-cases.
This paper proposes to use existing Virtio infrastructure in Kernel...
This is a placeholder for the Android MC follow-up BoF that should be scheduled to run 48 to 72 hours after the Android MC.
See the Kernel CI's new Unified Reporting in action: from multi-CI submission, through common dashboards and notification subscription, to report emails.
Explore and discuss the report schema and protocol. Learn how to send testing results, using your own, or example data. Help us accommodate your reporting requirements in the schema, database, dashboards and emails.
Bootstrap automatic...
BoF to discuss topics related to concurrency and offloading work onto accelerators. On the [OpenMP][1] side, in particular the implementation of the missing OpenMP 5.0 (soon: 5.1) features.
Especially for offloading with [OpenACC][2]/OpenMP, optimizing the performance and in particular restricting the amount and frequency of data transfers is crucial and involves topics like...
Most Linux syscall design conventions have been established through trial and
error. One well-known example is the missing flag argument in a range of
syscalls that triggered the addition of a revised version of theses syscalls.
Nowadays, adding a flag argument to keep syscalls extensible is an accepted
convention recorded in our kernel docs.
In this session we'd like to propose and...
A brief overview of the presenters and topics.
With the incredible pace of containerisation in enterprises, the combination of Linux and Kubernetes as an orchestration base layer is often considered as the "cloud OS". In this talk we provide a deep dive on Kubernetes's service abstraction and related to it the path of getting external network traffic into one's cluster.
With this understanding in mind, we then discuss issues and...
For better or worse, the Linux kernel relies heavily on hardware ordering guarantees concerning dependencies between memory access instructions as a way to provide efficient, portable implementations of concurrent algorithms. In spite of the lack of C language support, preserving source-level dependencies through to the generated CPU instructions is achieved through a delicate balance of...
Much of the Secure and Trusted Boot ecosystem is built around UEFI. However, not all platforms implement UEFI, including IBM's Power machines.
In this talk, I present a proposal for secure boot of virtual machines on Power. This is an important use case, as many Power machines ship with a firmware hypervisor, and all user workloads run as virtual machines or "Logical Partitions" (LPARs).
...
Math library developers sometimes can trade slight loss of accuracy
for significant performance gains or slight loss of performance
for significant accuracy gains. This BoF is to review some recent
and coming libm/libgcc changes and share ideas on how to decide
where to draw the line for loss of performance vs improved accuracy
and vice-versa.
What would it take to have in-tree support for writing kernel code in Rust? What should Kbuild integration look like? What APIs should be the initial priorities to expose in Rust? Let's figure out if any other other questions remain (e.g., can we safely link against GCC-built kernels, and do we need to) about how to get in-tree support for Rust.
Rust is a systems programming language that...
Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images...
Android Networking - update for 2020:
- what are our pain points wrt. kernel & networking in general,
- progress on upstreaming Android Common Kernel networking code,
- and the unknown depths of non-common vendor changes,
- how we're using bpf,
- how it's working,
- what's not working,
- how it's better then writing kernel code,
- why it's so much worse,
- etc...
The long process of converting the kernel's documentation into RST is
finally coming to an end...what has that bought us? We have gone from a
chaotic pile of incomplete, crufty, and un-integrated docs to a slightly
better organized pile of incomplete, crufty, slightly better integrated
docs. Plus we have the infrastructure to make something better from here.
What are the next steps...
Support for the bit manipulation extension to RISC-V is currently out-of-tree and represents work by Jim Wilson at SiFive, Claire Wolf at Symbiotic EDA and Maxim Blinov at Embecosm. Since last year, I have been working on additional optimizations for the bit manipulation extension, which I shall present.
With the introduction of DMA-BUF Heaps,
the kernel has introduced a fairly generic API
for applications and drivers to request memory
that can be used for DMA operations.
Currently, two DMA-BUF Heaps backends (system and
CMA) are available and a bunch of others are being
explored and proposed for mainline inclusion.
However, the current design seems to imply applications
know...
Newer compiler optimization techniques stand to improve the runtime performance of Linux kernels. These techniques analyze more of a program (Link Time Optimization aka "LTO") or make use of profiling information to improve code layout (Profile Guided Optimization "PGO" and Automatic Feedback Directed Optimization "AutoFDO"). Now that Google is shipping all three in various kernel...
Speculative execution attacks, such as L1TF, MDS, LVI pose significant security risk to hypervisors and VMs. A complete mitigation for these attacks requires very frequent flushing of buffers (e.g., L1D cache) and halting of sibling cores. The performance cost of such mitigations is unacceptable in realistic scenarios. We are developing a high-performance security-enhancing mechanism to...
CORE-V is a family of 32- and 64-bit cores based on the RISC-V architecture, being developed by the Open Hardware Group, a consortium of 50+ companies, universities and other organizations. It is based on the the family of RISC-V cores originally developed under the PULP project at ETH Zürich and the University of Bologna.
PULP cores already have an out-of-tree GNU tool chain, but it is...
Emacs Lisp (Elisp) is the Lisp dialect used by the Emacs text editor
family. GNU Emacs can currently execute Elisp code either interpreted
or byte-interpreted after it has been compiled to byte-code. In this
presentation I'll discuss the libgccjit based Elisp compiler
implementation being integrated in Emacs. Though still a work in
progress, this implementation is able to bootstrap a...
A broad collection of companies are now using LinuxBoot for their firmware. They are still running into kexec issues involving drivers that don't correctly shut down, start up, or still need the BIOS to set magic, undocumented bits.
We have to be able to mark drivers and associated code as "LinuxBoot Ready." This might be done in Kconfig with an option that would only present those drivers...
In this talk we will discuss clang-built kernel compile times, current
work to improve compiler performance and recommendations to reduce
build times regardless of toolchain.
We will present our findings alongside several metrics of compiler
performance, including:
- Comparative timing breakdowns between toolchains
- Linux perf profiling on clang builds of the kernel
- Perfetto...
DTrace on Linux has existed for many years now, but it depended on rather invasive kernel modifications. With the emergence of tracing facilities in the Linux kernel, such as BPF, perf, tracepoints, ... a re-implementation of the well-known DTrace tool (and D language) is possible without extensive kernel modifications.
The re-implementation of DTrace has been ongoing and has made...
NVMe over Fabrics™ (NVMe-oF™) lacks a native capability for boot from Ethernet. We will Introduce a joint model to address boot from NVMe-oF/TCP, its impact to the kernel and the entire ecosystem, and collect feedback from the Linux community. This architectural model is being designed for standardization by the appropriate committees (e.g., NVM Express™ or UEFI™ Forum).
This proposal is recycled from the one I've suggested to LSF/MM/BPF [0].
Unfortunately, LSF/MM/BPF was cancelled, but I think it is still
relevant.
Restricted mappings in the kernel mode may improve mitigation of hardware
speculation vulnerabilities and minimize the damage exploitable kernel bugs
can cause.
There are several ongoing efforts to use restricted address spaces in
Linux...
Right-sizing BPF maps is hard. By allocating for a worse case scenario we build large maps consuming large chunks of memory for a corner case that may never occur. Alternatively, we may try to allocate for the normal case choosing to ignore or fail in the corner cases. But, for programs running across many different workloads and system parameters its difficult to even decide what a normal...
GCC has a robust set of diagnostics based on control- and data-flow analysis. They are able to detect many kinds of bugs primarily related to invalid accesses. In this talk I will give an overview of the latest state of some of these diagnostics and sketch out my ideas for future enhancements in this area.
Clang is a production C compiler (part of LLVM) that provides APIs for
C code parsing, formatting, custom compiler warnings, static analysis, etc. This framework has spawned widely used tools like clang-format and clang-tidy. These tools can be easily tailored for particular codebases like the Linux kernel.
This talk shows how to run clang-format, clang-tidy (including writing custom...
This session will give an update on what happened in the ieee802154 and 6lowpan subsystems since the last LPC IoT microconf. In addition it will present the newly added non-storing mode of our RPL Linux implementation, rpld.
"Asm goto with outputs" is a clang extension of the GNU "asm goto" feature. As the name implies, it allows asm goto to have outputs on the default branch (outputs on indirect branches aren't supported). In this talk, we discuss the benefits of this feature, its implementation and design limits, and how the clang and gcc communities can work together on future GNU C extensions.
This is a follow up report of Intel CET enabling in Linux OS. I will update the current status of Intel CET with binutils, glibc, GCC, LLVM and Linux kernel as well as Linux distributions.
A Ridiculously Short Intro into Device Attestation
Dimitar Tomov, Design First, ES
Ian Oliver, Nokia Bell Labs, FI
Very practical look at how to use a TPM and perform device attestation. A system can have trusted qualities instead of being 100% trusted. Cross-referencing different types of attestation data can provide evidence for trusted qualities. The decision of whether a device is...
In this talk we will present Magic Transit, Cloudflare's layer 3 DDoS protection service, as a case study in building a network product from the standard linux networking stack. Linux provided us with flexibility and isolation that allowed us to stand up this product and on-board more than fifty customers within a year of conceptualization. Cloudflare runs all of our services on every server...
The TrenchBoot Project has put forth an RFC for adding direct support to Linux for x86 DRTM. Many people are familiar with the early launch capability implemented by Intel's tboot, but there has also been academic work on live relaunch, e.g. Jon McCune's Flicker. SecureLaunch was designed to support a range of launch integrity capabilities. This discussion will review a subset of solutions...
The switch to an online event required a lot of scrambling by the Linux Plumbers Conference organizing committee. This is a session to talk about how we did it — what technologies were involved, where the challenges were, what is available to a group organizing a conference for nearly 1000 people using only free software. Come to talk about what we did, to learn about running an online event...
I gave a talk about file based encryption and the proposed inner workings
of inline encryption at last year's LPC. Since then, the patchset has gone
through almost 10 revisions, and the block layer patches have been merged
a little while ago into Linux v5.8 (and the remaining patches are being
targeted for the v5.9 release). There have been many changes in the design
and implementation...
The Linux kernel offers more than ten thousands configuration options that can be combined to build an almost infinite number of kernel variants. Developers and contributors spend significant effort and computational resources to continuously track and hopefully fix configurations that lead to build failures. In this talk, we report on our endeavor to develop an infrastructure, called TuxML,...
Reproducing build errors reported to a mailing list is a pain. How much time do
we collectively spending asking "What kernel config did you use?", "What
compiler?" and "What architecture?"?
What if we could version and distribute build environments similarly to how we
version Linux source code?
TuxMake is a tool that provides portable and repeatable Linux kernel builds
across a...
Each operating system relies on the information exposed to it by the firmware. It consists of various data like memory map, device structure (either ACPI or devicetree), firmware version, vendor, etc. But passing information from operating system bootloader has been neglected for many years. In this presentation, we will mainly focus on retrieving information from firmware and bootloader by...
Multiple CI efforts to provide coverage of the Linux kernel are now building and providing results of builds with Clang (KernelCI, 0day bot, Linaro toolchain team and tuxbuild team, Clang Built Linux). Let's all meet to discuss what's working, what can be improved, the current status of builds of various architectures, and what the future direction of testing the various LLVM utilities might...
Defining Linux as an RTOS might be risky when we are outside of the kernel community. We know how and why it works, but we have to admit that the black-box approach used by cyclictest to measure the PREEMPT_RT’s primary metric, the scheduling latency, might not be enough for trying to convince other communities about the properties of the kernel-rt.
In the real-time theory, a common...
Based on the kernel summit talk "Extensible Syscalls" we want to continue the discussions around checking for supported features in syscalls. The were various proposals in the room that would be interesting to discuss in detail and come to a conclusion what would work best!
In 2019 Oracle contributed support for the eBPF (as of late renamed to just BPF) in-kernel virtual architecture to binutils and GCC. Since then we have continued working on the port, and recently sent a patch series upstream adding support for GDB and the GNU simulator.
After a brief description of the recent work done in this field, a set of points will be brought for discussion with the...
This talk will present our ongoing efforts of using formal verification
to eliminate bugs in BPF JITs in the Linux kernel. Formal verification
rules out classes of bugs by mechanically proving that an implementation
adheres to an abstract specification of its desired behavior.
We have used our automated verification framework, Serval, to find 30+
new bugs in JITs for the x86-32, x86-64,...
The Energy Model (EM) framework aims to provide information about energy consumption of a given performance domain. The power values stored for each performance level are used during calculation in Energy Aware Scheduler (EAS) or in thermal framework for the CPUfreq cooling device. Recently the EM has been extended to support other devices than CPUs (like GPUs, DSP, etc). It opens new...
Flatpak is a sandboxing system targeting Linux Desktop
applications. This talk will explain how flatpak uses varius linux
kernel and userspace features to implement sandboxing, and compare and
contrast to how it works with server-side container systems like
Docker.
It will also talk about future plans and ideas in this area,
including things that we can do with existing frameworks as...
This session is all about Print-Scan-Fax in Linux where we stand as of date. This is to discuss on the problem areas and what we look ahead in the future.
Printer Applications replace CUPS printer drivers, solving numerous packaging, distribution, and support issues in the Linux printing environment. This session will provide some history, current developments, and future work that is needed to complete the transition from printer driver to printer application.
An ever-increasing number of embedded devices need fine grain control on their performance in order to limit the power consumption. There are three primary reasons for this: to increase the battery life, to protect the components and to control the temperature.
Due to the increasing complexity of SoCs, we’re now seeing lots of thermal sensors on the die to quickly detect hot spots and allow...
Mutter is a Wayland compositor and X11 compositing window manager based on the Clutter toolkit. GNOME Shell is GNOME's signature desktop, and is built on top of Mutter.
In this presentation, I'll start with a quick overview of various aspects of Mutter internals, such as:
- The different abstractions layers for rendering the scene graph (Clutter, Cogl, Graphene)
- GBM/EGL native...
This talk will discuss some recent works that extend the TCP stack with BPF: TCP header option, TCP Congestion Control (CC), and socket local storage.
Hopefully the talk can end with getting ideas/desires on which part of the stack can practically be realized in BPF.
Last year we introduced support for the Compact C Type Format (CTF) into the GNU toolchain. We have since improved the linking of CTF so that types are properly deduplicated: the work is done by libctf on ld's behalf so that other programs can do what ld does. With the aid of a few dozen lines of makefile changes and a 300-odd line program using libctf, we can now produce a fully deduplicated...
Intel Hardware provides guidance to the Operating System (OS) scheduler to perform optimal workload scheduling through a hardware feedback interface structure in memory. Via this interface Hardware can also provide recommendation to the OS to not schedule any software threads on a CPU, so essentially offline a CPU remotely. There are three methods to implement this, each has its own advantages...
3D printing continues to be to be a hot topic, with both vendors and standards organizations competing to see who will determine how it will be used. This session will talk a little about the history of 3D printing, provide an overview of current standards efforts, and finally talk about the software and infrastructure that is needed on Linux to make 3D printing more accessible.
Many reference counters in the kernel are still atomic_t. There are Coccinelle scripts to find these, there are older patches sent to the list that were ignored, and new instances have been added. Let's try to get this work finished up.
https://github.com/KSPP/linux/issues/104
KDE, previously known as the one of the Desktop Environment evolved into one of the largest Free and Open-source software community at one point. Currently one of the projects supported by community is Plasma Mobile: open-source user interface and ecosystem running on top of the Linux distribution.
This talk aims to talk about journey of the Plasma Mobile, how it evolved into what it is...
In the current thermal core, occasional spikes can cause thermal
shutdowns or any associated processing. There are several reports in
bug databases. Instead of each thermal driver coming up with its own
mechanism, the thermal core can optionally use running average for
threshold processing.
Compare the status of GCC and Clang security features, and provide a time to discuss the progress on current work (e.g. auto-variable-initialization, caller-saved register clearing). More work is needed on sanitizers (e.g. bounds checking, arithmetic overflow handling) and Control Flow Integrity.
The driverless scanning came to Linux, allowing thousands of compatible devices, produced by many vendors, to just work. Alexander Pevzner, the author of sane-airscan
SANE backend, will speak about present state and about perspectives.
The thermal framework is only designed
to detect and handle hotspot, not coldspot. Some systems need to
increase their performance state or leak power to warm some devices
which are getting too cold (outdoor devices when night comes). The logic
is the mirror of managing hot spots.
OVS has two major datapaths: 1) the Linux kernel datapath, which shipped with Linux distributions and 2) the userspace datapath, which usually coupled with DPDK library as packet I/O interface, and called OVS-DPDK. Recent OVS also supports two offload mechanisms: the TC-flower for the kernel datapath, and the DPDK rte_flow for the userspace datapath. The tc-flower API with kernel datapath...
There are use cases in which the processor shares power budget with some other data-processing devices, like a GPU. In those cases it may be possible to improve the performance of the system by limiting the maximum frequency of CPUs. We will discuss possible ways to utilize this observation in the Linux kernel.
See...
At the time of the Linux Plumbers 2020 taking place we have all the tools to create printer and scanner drivers in the new architecture: PAPPL, the Printer Application library gives us most of the always needed code for a standard-conforming IPP-printer-emulating Printer Application, cups-filters provides additional data format conversion code, and snapcraft creates the sandboxed Snap...
Most programmers prefer to call system calls via functions from their C library of choice, rather than using the generic syscall function or custom inline-assembler sequences wrapping a system callinstruction. This means that it is desirable to add C library support for new system calls, so that they become more widely usable.
This talk covers glibc-specific requirements for adding new...
Abstract:
There have been numerous initiatives to increase the diversity of contributors to the Linux kernel over the years, and there has been a steady increase in the relative % of contributors as well as absolute numbers. This BOF will review some of the historical data on gender diversity from the recently released kernel history report[1]. Challenge to brainstorm on is how to...
-
History of Internet Printing Protocol
-- IETF and PWG -
Recent IPP standards
-- IPP Everywhere
-- IPP System Service
-- IPP Transaction-based Printing Extensions
-- IPP 3D Printing Extensions -
Current IPP standards updates in progress
-- IPP Production Printing Extensions
-- IPP Enterprise Printing Extensions
-- IPP Driverless Printing Extensions
-- IPP Encrypted Jobs and...
Over time computers get more and more complicated and there are more and more dependencies between devices in them which affect power management.
We will discuss issues arising from that and possible ways to address them.
See https://lore.kernel.org/linux-pm/20200624103247.7115-1-daniel.baluta@oss.nxp.com/T/#mbe0060ea9b225073d63ae3ff8b1acd96985f29d7 for a patch series submission related...
Linux gained a new process creation system call clone3() in 2019 for the 5.3 release. It provides a superset and hopefully cleaner semantics than legacy clone().
I'd like to discuss a few things related to it:
- How to expose this safely to other libraries: various libraries in userspace want to make use of it to get access to new features such as CLONE_INTO_CGROUP (notably systemd for...
sleepgraph is an open source tool in the pm-graph project:
https://01.org/pm-graph
sleepgraph has helped us improve both Linux suspend/resume quality and performance over the last few years.
In this session we will review the capabilities of the tool, so that you will be able to run it and understand its results. We will also highlight some of the areas where...
To complete the driverless support for IPP network multi-function devices there is also IPP Fax Out, the standard for sending faxes, as print jobs, through the fax functionality of the device.
The fax support is provided by an additional printing channel with its own URI (ending with "/ipp/faxout" instead of "/ipp/print") and printing to this channel makes the document being faxed. It...
This is a place for a post-conference gathering to celebrate the end of a long week. Hang out with members of the program committee, speakers, and attendees, lift a glass of whatever is appropriate for your time zone, and enjoy one last BBB experience before we all disperse again. No presentations, no slides.
Git is a fundamental tool in the open source ecosystem - a widely used source control system, it’s relied on by many packages which Linux relies on, and by the Linux kernel itself. However, it has its share of obstacles for both users and contributors, in the form of steep learning curves, exclusive language, and more. To help address these obstacles, the Git project wants to hear from users!...