X

News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

  • September 17, 2020

Oracle Linux sessions at Open Source Summit Europe 2020

Open Source Summit connects the open source ecosystem under one roof. It covers cornerstone open source technologies; helps ecosystem leaders to navigate open source transformation; and delves into the newest technologies and latest trends touching open source. It is an extraordinary opportunity for cross-pollination between the developers, sysadmins, DevOps professionals, IT architects, and business & community leaders driving the future of technology.

Check out the Oracle Linux sessions at this event and register today:

Tuesday, October 27

13:00 GMT

 
BPF and the overall tracing infrastructure in the kernel has improved tremendously and provides a powerful framework for tracing tools. DTrace is a well known and versatile tracing tool that is being re-implemented to make use of BPF and kernel tracing facilities. The goal of this open source project (hosted on github) is to provide a full-featured implementation of DTrace, leveraging the power of BPF to provide well known functionality. The presentation will provide an update on the progress of the re-implementation project of DTrace. Kris will share some of the lessons learnt along the way, highlighting how BPF provides the building blocks to implement a complex tracing tool. He will provide examples of creative techniques that showcase the power of BPF as an execution engine. Like any project, the re-implementation of DTrace has not been without some pitfalls, and Kris will highlight some of the limitations and unsolved problems the development team has encountered.

Wednesday, October 28

13:00 GMT

The Compact C Type Format (CTF) is a reduced form of debug information describing the type of C entities such as structures, unions, etc. It has been ported to Linux (from Solaris) and used to reduce the size of the debugging information for the Linux kernel and DTrace. It was extended to remove limits and add support for additional parts of the C type system. Last year, we integrated it into GCC and GNU binutils and added support for dumping CTF data in ELF objects and some support for linking CTF data into a final executable (and presented at this conference). This linking support was preliminary: it was slow and the CTF was large. Since last year, the libctf library and ld in binutils have gained the ability to properly deduplicate CTF with little performance hit: output CTF in linked ELF objects is now often smaller than the CTF in any input .o file. The libctf API has also improved, with support for new features, better error reporting, and a much-improved CTF iterator. This talk will provide an overview of CTF, the novel type deduplication algorithm used to reduce CTF size and discuss the other contributions of CTF to the toolchain, such as compiler and debugger support.

18:30 GMT

First investigations about Kernel Address Space Isolation (ASI) were presented at Linux Plumber and KVM Forum last year. Kernel Address Space Isolation aims to mitigate some cpu hyper-threading data leaks possible with speculative execution attacks (like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS)). In particular, Kernel Address Space Isolation will provide a separate kernel address space for KVM when running virtual machines, in order to protect against a malicious guest VM attacking the host kernel using speculative execution attacks.
Several RFCs for implementing this solution have been submitted. This presentation will describe the current state of the Kernel Address Space Isolation proposal with focusing on its usage with KVM, in particular the page table mapping requirements and the performance impact.

Thursday, October 29

16:00 GMT

Paravirt ops are set in stone once a guest has booted. As an example we might expose `KVM_HINTS_REALTIME` to a guest and this hint is expected to stay true for the lifetime of the guest. However, events in a guest's life, like changed host conditions or migration might mean that it would be more optimal to revoke this hint. This talk discusses two aspects of this revocation: one, support for revocable `KVM_HINTS_REALTIME` and, second, work done in the paravirt ops subsystem to dynamically modify spinlock-ops.

 

Friday, October 30

14:00 GMT

The ability to update software with critical bug fixes and security mitigations while minimizing downtime is valued highly by customers and providers. In this talk, Steve presents a new method for updating a running instance of QEMU to a new version while minimizing the impact on the VM guest. The guest pauses briefly, for less than 200 msec in the prototype, without loss of internal state or external connections. The old QEMU process exec's the new QEMU binary, and preserves anonymous guest RAM at the same virtual address via a proposed Linux madvise variant. Descriptors for external connections are preserved, and VFIO pass through devices are supported by preserving the VFIO device descriptors and attaching them to a new KVM instance after exec. The update method requires code changes to QEMU, but no changes are required in system libraries or the KVM kernel module.

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.