At a rate of almost 9 changes per hour (24/7), the Linux kernel is definitely a scary beast. Bugs are introduced on a daily basis and, through the use of multiple code analyzers, *some* of them are detected and fixed before they hit mainline. Over the course of the last few years, Gustavo has been fixing such bugs and many different issues in every corner of the Linux kernel. Recently, he was in charge of leading the efforts to globally enable -Wimplicit-fallthrough; which appears by default in Linux v5.3. This presentation is a report on all the stuff Gustavo has found and fixed in the kernel with the support of the Core Infrastructure Initiative.
Gustavo A.R. Silva
Kernel Recipes 2019 - RCU in 2019 - Joel FernandesAnne Nicolas
RCU has seen lots of changes in the last 2 years. Of note is the RCU flavor consolidation and tree RCU’s lock contention improvements. There have been also improvements with static checking, fixes to scheduler deadlocks and improvements to RCU-based linked lists. This talk starts with an introduction of RCU along with presenting the recent Improvements and changes in RCU’s behavior.
Kernel Recipes 2019 - CVEs are dead, long live the CVE!Anne Nicolas
For the Linux kernel, CVEs do not work at all given the rate of fixes being applied and rapidly backported and pushed to users through a huge variety of different ways. The average “request to fix” date for Linux CVEs is -100 days, showing that either no one cares about CVEs for Linux, or engineers are using them to game their internal release processes, or no one happens to notice when the kernel developers resolve an issue, or all of the above. This talk will go into the problems with CVEs when it comes to a fast moving project like Linux, and show the decentralized solution that we have been using for the past 14 years instead. All other open source projects are encouraged to use these same methods to help resolve the problems that CVEs have.
This talk will provide several examples of how Facebook engineers use BPF to scale the networking, prevent denial of service, secure containers, analyze performance. It’s suitable for BPF newbies and experts.
Alexei Starovoitov, Facebook
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
Brendan Gregg discusses the current state and future potential of BPF and BCC tools for observability in Linux. He outlines 18 areas where BPF support has progressed and 16 areas still needing work. Gregg also discusses challenges like dynamic tracing stability, overhead, ease of coding, and developing visualizations. He proposes finishing ports of his old DTrace tools and links to resources on BPF, BCC, and flame graphs.
This document summarizes a presentation about tuning parallel code on Solaris. It discusses:
1) Using tools like DTrace, prstat, and vmstat to analyze performance issues like thread scheduling and I/O problems in parallel applications on Solaris.
2) Two examples of using DTrace to analyze thread scheduling and troubleshoot I/O performance problems in a virtualized Windows server.
3) How the examples demonstrated using DTrace to identify unbalanced thread scheduling and discover that a domain controller was disabling disk write caching, slowing performance.
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUAnne Nicolas
Kernel development is often associated with rebooting crashed machines, debugging over serial consoles, and an unwiedly development cycle. Developers know that short development cycles are incredibly important for programmer productivity.
The QEMU machine emulator and virtualizer offers a way to test kernels inside virtual machines without risk of hanging the physical machine. It also makes kernel debugging easier than between physical machines. The kernel development with QEMU allows kernel code changes to be tested within seconds.
This talk covers methods of compiling, testing, and debugging kernels using QEMU. Common approaches include building a custom initramfs or sharing the host file system with a virtual machine. Advanced use cases like cross-architecture development and device driver bringup are also possible using QEMU.
This presentation is aimed at anyone wishing to shorten their kernel development cycle and overcome some of the hurdles of developing low-level software.
Stefan Hajnoczi, Red Hat
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Anne Nicolas
Having just an RTOS is not enough for a real-time system. The hardware must be deterministic as well as the applications that run on the system. When you are missing deadlines, the first thing that must be done is to find what is the source of the latency that caused the issue. It could be the hardware, the operating system or the application, or even a combination of the above. This talk will discuss how to determine where the latency is using tools that come with the Linux Kernel, and will explain a few cases that caused issues.
Kernel Recipes 2019 - RCU in 2019 - Joel FernandesAnne Nicolas
RCU has seen lots of changes in the last 2 years. Of note is the RCU flavor consolidation and tree RCU’s lock contention improvements. There have been also improvements with static checking, fixes to scheduler deadlocks and improvements to RCU-based linked lists. This talk starts with an introduction of RCU along with presenting the recent Improvements and changes in RCU’s behavior.
Kernel Recipes 2019 - CVEs are dead, long live the CVE!Anne Nicolas
For the Linux kernel, CVEs do not work at all given the rate of fixes being applied and rapidly backported and pushed to users through a huge variety of different ways. The average “request to fix” date for Linux CVEs is -100 days, showing that either no one cares about CVEs for Linux, or engineers are using them to game their internal release processes, or no one happens to notice when the kernel developers resolve an issue, or all of the above. This talk will go into the problems with CVEs when it comes to a fast moving project like Linux, and show the decentralized solution that we have been using for the past 14 years instead. All other open source projects are encouraged to use these same methods to help resolve the problems that CVEs have.
This talk will provide several examples of how Facebook engineers use BPF to scale the networking, prevent denial of service, secure containers, analyze performance. It’s suitable for BPF newbies and experts.
Alexei Starovoitov, Facebook
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
Brendan Gregg discusses the current state and future potential of BPF and BCC tools for observability in Linux. He outlines 18 areas where BPF support has progressed and 16 areas still needing work. Gregg also discusses challenges like dynamic tracing stability, overhead, ease of coding, and developing visualizations. He proposes finishing ports of his old DTrace tools and links to resources on BPF, BCC, and flame graphs.
This document summarizes a presentation about tuning parallel code on Solaris. It discusses:
1) Using tools like DTrace, prstat, and vmstat to analyze performance issues like thread scheduling and I/O problems in parallel applications on Solaris.
2) Two examples of using DTrace to analyze thread scheduling and troubleshoot I/O performance problems in a virtualized Windows server.
3) How the examples demonstrated using DTrace to identify unbalanced thread scheduling and discover that a domain controller was disabling disk write caching, slowing performance.
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUAnne Nicolas
Kernel development is often associated with rebooting crashed machines, debugging over serial consoles, and an unwiedly development cycle. Developers know that short development cycles are incredibly important for programmer productivity.
The QEMU machine emulator and virtualizer offers a way to test kernels inside virtual machines without risk of hanging the physical machine. It also makes kernel debugging easier than between physical machines. The kernel development with QEMU allows kernel code changes to be tested within seconds.
This talk covers methods of compiling, testing, and debugging kernels using QEMU. Common approaches include building a custom initramfs or sharing the host file system with a virtual machine. Advanced use cases like cross-architecture development and device driver bringup are also possible using QEMU.
This presentation is aimed at anyone wishing to shorten their kernel development cycle and overcome some of the hurdles of developing low-level software.
Stefan Hajnoczi, Red Hat
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Anne Nicolas
Having just an RTOS is not enough for a real-time system. The hardware must be deterministic as well as the applications that run on the system. When you are missing deadlines, the first thing that must be done is to find what is the source of the latency that caused the issue. It could be the hardware, the operating system or the application, or even a combination of the above. This talk will discuss how to determine where the latency is using tools that come with the Linux Kernel, and will explain a few cases that caused issues.
This document contains the slides from a presentation given by WonoKaerun at the Indonesian Security Conference 2011 in Palembang. The presentation introduces rootkits and techniques for hiding malware at the kernel level on Linux systems. It covers topics like loadable kernel modules, interrupt descriptor table hooking, virtual file system hacking, page fault handler hijacking, debugging register abuse, and kernel instrumentation patching. The goal is to evade detection by security solutions by gaining control of the kernel before anti-rootkit defenses can activate. Throughout, the document emphasizes the cat-and-mouse nature of offensive and defensive security research.
When your whole system is unresponsive, how to investigate on this failure ?
We'll see how to get a memory dump for offline analysis with kdump system.
Then how to analyze it with crash utility.
And finally, how to use crash on a running system to modify the kernel memory (at your own risks !)
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
UAVs are becoming more and more present in our everyday life and there are lots of different projects that are being currently developed in order to control their flight, handle their stability, make it possible to edit automatic missions that the drones will execute and anything that the developers can think of.
On October 2014, the Linux Foundation announced the creation of the DroneCode Project which is to become “a common, shared open source platform for Unmanned Aerial Vehicles (UAVs)”. Parrot started to sell Linux based drones in 2010 and obviously needed to take part in that adventure.
This Lightning Talk will try to give a quick overview of the projects that are developed by the Dronecode community and explain why and how I started a few months ago to port an open source autopilot name Ardupilot to Parrot’s drones. This Lightning Talk will also present the current status of this project, and the many possibilities that can come from it.
Julien BERAUD
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
This document discusses the current state and future plans for Linux kernel documentation. It notes that documentation has transitioned from DocBook to Sphinx/RST, improving formatting and integration. There are now over 3,000 documentation files and many kerneldoc comments. Future plans include converting remaining text files, updating ancient documents, improving organization by topic, integrating documentation better, and enhancing the documentation toolchain. The goal is to improve documentation to better help kernel developers, users and the community.
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
Sniffing through the ages
Capturing packets running on the wire to send them to a software doing analysis seems at first sight a simple tasks. But one has not to forget that with current network this can means capturing 30M packets per second. The objective of this talk is to show what methods and techniques have been implemented in Linux and how they have evolved over time.
The talk will cover AF_PACKET capture as well as PF_RING, dpdk and netmap. It will try to show how the various evolution of hardware and software have had an impact on the design of these technologies. Regarding software a special focus will be made on Suricata IDS which is implementing most of these capture methods.
Eric Leblond, Stamus Networks
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
The document describes the ftrace function tracing tool in Linux kernels. It allows attaching to functions in the kernel to trace function calls. It works by having the GCC compiler insert indirect function entry calls. These calls are recorded during linking and replaced with nops at boot time for efficiency. This allows function tracing with low overhead by tracing the indirect function entry calls.
Linux kernel tracing superpowers in the cloudAndrea Righi
The Linux 4.x series introduced a new powerful engine of programmable tracing (BPF) that allows to actually look inside the kernel at runtime. This talk will show you how to exploit this engine in order to debug problems or identify performance bottlenecks in a complex environment like a cloud. This talk will cover the latest Linux superpowers that allow to see what is happening “under the hood” of the Linux kernel at runtime. I will explain how to exploit these “superpowers” to measure and trace complex events at runtime in a cloud environment. For example, we will see how we can measure latency distribution of filesystem I/O, details of storage device operations, like individual block I/O request timeouts, or TCP buffer allocations, investigating stack traces of certain events, identify memory leaks, performance bottlenecks and a whole lot more.
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
This document provides an overview of QEMU, including its use of dynamic translation and Tiny Code Generator (TCG) to emulate target CPUs on the host system. It discusses how QEMU translates target instructions into a RISC-like intermediate representation (TCG ops), optimizes and converts them to host instructions. The document also mentions Linaro's work with QEMU and a QEMU monitor tool for debugging ARM systems emulated by QEMU.
USENIX LISA2021 talk by Brendan Gregg (https://www.youtube.com/watch?v=_5Z2AU7QTH4). This talk is a deep dive that describes how BPF (eBPF) works internally on Linux, and dissects some modern performance observability tools. Details covered include the kernel BPF implementation: the verifier, JIT compilation, and the BPF execution environment; the BPF instruction set; different event sources; and how BPF is used by user space, using bpftrace programs as an example. This includes showing how bpftrace is compiled to LLVM IR and then BPF bytecode, and how per-event data and aggregated map data are fetched from the kernel.
Mechanisms and tools of development and monitoring in Linux Kernel
A brief presentation about the tools and mechanisms about development for the Linux Kernel to help understanding of what is required.
Tools that create an execution profile or provide instrumentation through static or dynamic methods, the Linux Kernel code, will be presented.
Also discussed will be the GDB debugger and how through a remote virtual serial connection to a virtual machine it can be used to debug a live Kernel and Linux Kernel modules. Also demonstrated will be how a deeper understanding of the code can be attained by attaching the memory locations used by the Kernel module to the GDB session.
Lastly, some of the Kernel execution contexts, such as, interrupts, deferrable work, context, etc. are presented.
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
This document provides an overview of Brendan Gregg's presentation on BPF performance analysis at Netflix. It discusses:
- Why BPF is changing the Linux OS model to become more event-based and microkernel-like.
- The internals of BPF including its origins, instruction set, execution model, and how it is integrated into the Linux kernel.
- How BPF enables a new class of custom, efficient, and safe performance analysis tools for analyzing various Linux subsystems like CPUs, memory, disks, networking, applications, and the kernel.
- Examples of specific BPF-based performance analysis tools developed by Netflix, AWS, and others for analyzing tasks, scheduling, page faults
Here is a bpftrace program to measure scheduler latency for ICMP echo requests:
#!/usr/local/bin/bpftrace
kprobe:icmp_send {
@start[tid] = nsecs;
}
kprobe:__netif_receive_skb_core {
@diff[tid] = hist(nsecs - @start[tid]);
delete(@start[tid]);
}
END {
print(@diff);
clear(@diff);
}
This traces the time between the icmp_send kernel function (when the packet is queued for transmit) and the __netif_receive_skb_core function (when the response packet is received). The
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
BPF (Berkeley Packet Filter) has evolved from a limited virtual machine for efficient packet filtering to a new type of software called extended BPF. Extended BPF allows for custom, efficient, and production-safe performance analysis tools and observability programs to be run in the Linux kernel through BPF. It enables new event-based applications running as BPF programs attached to various kernel events like kprobes, uprobes, tracepoints, sockets, and more. Major companies like Facebook, Google, and Netflix are using BPF programs for tasks like intrusion detection, container security, firewalling, and observability with over 150,000 AWS instances running BPF programs. BPF provides a new program model and security features compared
Spying on the Linux kernel for fun and profitAndrea Righi
Do you ever wonder what the kernel is doing while your code is running? This talk will explore some methodologies and techniques (eBPF, ftrace, etc.) to look under the hood of the Linux kernel and understand what it’s actually doing behind the scenes.
This document discusses Linux kernel crash capture and analysis. It begins with an overview of what constitutes a kernel crash and reasons crashes may occur, both from hardware and software issues. It then covers using kdump to capture virtual memory cores (vmcores) when a crash happens, and configuring kdump for optimal core collection. Finally, it discusses analyzing vmcores after collection using the crash utility, including commands to inspect system information, backtraces, logs, and more.
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
Bpftrace is a relatively new eBPF-based open source tracer for modern Linux versions (kernels 5.x.y) that is useful for analyzing production performance problems and troubleshooting software. Basic usage of the tool, as well as bpftrace one liners and advanced scripts useful for MariaDB DBAs are presented. Problems of MariaDB Server dynamic tracing with bpftrace and some possible solutions and alternative tracing tools are discussed.
Brian Bouterse discusses using the GNU Debugger (GDB) to debug hung Python processes. GDB can be used to attach to running Python processes and debug issues that occur in production or with remote/rarely occurring problems. The debugger provides tools like stack traces and examining local variables. Python extensions for GDB provide additional functionality for listing source code, switching threads, and more. Debugging with GDB requires installing debug symbols and dealing with optimized-out code. Alternative tools like strace and rpdb can also provide debugging assistance.
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
At a rate of almost 9 changes per hour (24/7), the Linux kernel is definitely a scary beast. Bugs are introduced on a daily basis and, through the use of multiple code analyzers, *some* of them are detected and fixed before they hit mainline. Over the course of the last few years, Gustavo has been fixing such bugs and many different issues in every corner of the Linux kernel. Recently, he was in charge of leading the efforts to globally enable -Wimplicit-fallthrough; which appears by default in Linux v5.3. This presentation is a report on all the stuff Gustavo has found and fixed in the kernel with the support of the Core Infrastructure Initiative.
Gustavo A. R. SILVA
Kernel Recipes 2018 - A year of fixing Coverity issues all over the Linux ker...Anne Nicolas
Gustavo A. R. Silva fixed over 750 bugs in the Linux kernel by reviewing static analysis reports from Coverity and running other tools like Smatch. He contributed patches for issues like null pointer dereferences, API misuse, and integer overflows across many Linux subsystems. The large number of fixes improved stability and security across 14 stable Linux kernel versions.
This document contains the slides from a presentation given by WonoKaerun at the Indonesian Security Conference 2011 in Palembang. The presentation introduces rootkits and techniques for hiding malware at the kernel level on Linux systems. It covers topics like loadable kernel modules, interrupt descriptor table hooking, virtual file system hacking, page fault handler hijacking, debugging register abuse, and kernel instrumentation patching. The goal is to evade detection by security solutions by gaining control of the kernel before anti-rootkit defenses can activate. Throughout, the document emphasizes the cat-and-mouse nature of offensive and defensive security research.
When your whole system is unresponsive, how to investigate on this failure ?
We'll see how to get a memory dump for offline analysis with kdump system.
Then how to analyze it with crash utility.
And finally, how to use crash on a running system to modify the kernel memory (at your own risks !)
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
UAVs are becoming more and more present in our everyday life and there are lots of different projects that are being currently developed in order to control their flight, handle their stability, make it possible to edit automatic missions that the drones will execute and anything that the developers can think of.
On October 2014, the Linux Foundation announced the creation of the DroneCode Project which is to become “a common, shared open source platform for Unmanned Aerial Vehicles (UAVs)”. Parrot started to sell Linux based drones in 2010 and obviously needed to take part in that adventure.
This Lightning Talk will try to give a quick overview of the projects that are developed by the Dronecode community and explain why and how I started a few months ago to port an open source autopilot name Ardupilot to Parrot’s drones. This Lightning Talk will also present the current status of this project, and the many possibilities that can come from it.
Julien BERAUD
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
This document discusses the current state and future plans for Linux kernel documentation. It notes that documentation has transitioned from DocBook to Sphinx/RST, improving formatting and integration. There are now over 3,000 documentation files and many kerneldoc comments. Future plans include converting remaining text files, updating ancient documents, improving organization by topic, integrating documentation better, and enhancing the documentation toolchain. The goal is to improve documentation to better help kernel developers, users and the community.
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
Sniffing through the ages
Capturing packets running on the wire to send them to a software doing analysis seems at first sight a simple tasks. But one has not to forget that with current network this can means capturing 30M packets per second. The objective of this talk is to show what methods and techniques have been implemented in Linux and how they have evolved over time.
The talk will cover AF_PACKET capture as well as PF_RING, dpdk and netmap. It will try to show how the various evolution of hardware and software have had an impact on the design of these technologies. Regarding software a special focus will be made on Suricata IDS which is implementing most of these capture methods.
Eric Leblond, Stamus Networks
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
The document describes the ftrace function tracing tool in Linux kernels. It allows attaching to functions in the kernel to trace function calls. It works by having the GCC compiler insert indirect function entry calls. These calls are recorded during linking and replaced with nops at boot time for efficiency. This allows function tracing with low overhead by tracing the indirect function entry calls.
Linux kernel tracing superpowers in the cloudAndrea Righi
The Linux 4.x series introduced a new powerful engine of programmable tracing (BPF) that allows to actually look inside the kernel at runtime. This talk will show you how to exploit this engine in order to debug problems or identify performance bottlenecks in a complex environment like a cloud. This talk will cover the latest Linux superpowers that allow to see what is happening “under the hood” of the Linux kernel at runtime. I will explain how to exploit these “superpowers” to measure and trace complex events at runtime in a cloud environment. For example, we will see how we can measure latency distribution of filesystem I/O, details of storage device operations, like individual block I/O request timeouts, or TCP buffer allocations, investigating stack traces of certain events, identify memory leaks, performance bottlenecks and a whole lot more.
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
This document provides an overview of QEMU, including its use of dynamic translation and Tiny Code Generator (TCG) to emulate target CPUs on the host system. It discusses how QEMU translates target instructions into a RISC-like intermediate representation (TCG ops), optimizes and converts them to host instructions. The document also mentions Linaro's work with QEMU and a QEMU monitor tool for debugging ARM systems emulated by QEMU.
USENIX LISA2021 talk by Brendan Gregg (https://www.youtube.com/watch?v=_5Z2AU7QTH4). This talk is a deep dive that describes how BPF (eBPF) works internally on Linux, and dissects some modern performance observability tools. Details covered include the kernel BPF implementation: the verifier, JIT compilation, and the BPF execution environment; the BPF instruction set; different event sources; and how BPF is used by user space, using bpftrace programs as an example. This includes showing how bpftrace is compiled to LLVM IR and then BPF bytecode, and how per-event data and aggregated map data are fetched from the kernel.
Mechanisms and tools of development and monitoring in Linux Kernel
A brief presentation about the tools and mechanisms about development for the Linux Kernel to help understanding of what is required.
Tools that create an execution profile or provide instrumentation through static or dynamic methods, the Linux Kernel code, will be presented.
Also discussed will be the GDB debugger and how through a remote virtual serial connection to a virtual machine it can be used to debug a live Kernel and Linux Kernel modules. Also demonstrated will be how a deeper understanding of the code can be attained by attaching the memory locations used by the Kernel module to the GDB session.
Lastly, some of the Kernel execution contexts, such as, interrupts, deferrable work, context, etc. are presented.
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
This document provides an overview of Brendan Gregg's presentation on BPF performance analysis at Netflix. It discusses:
- Why BPF is changing the Linux OS model to become more event-based and microkernel-like.
- The internals of BPF including its origins, instruction set, execution model, and how it is integrated into the Linux kernel.
- How BPF enables a new class of custom, efficient, and safe performance analysis tools for analyzing various Linux subsystems like CPUs, memory, disks, networking, applications, and the kernel.
- Examples of specific BPF-based performance analysis tools developed by Netflix, AWS, and others for analyzing tasks, scheduling, page faults
Here is a bpftrace program to measure scheduler latency for ICMP echo requests:
#!/usr/local/bin/bpftrace
kprobe:icmp_send {
@start[tid] = nsecs;
}
kprobe:__netif_receive_skb_core {
@diff[tid] = hist(nsecs - @start[tid]);
delete(@start[tid]);
}
END {
print(@diff);
clear(@diff);
}
This traces the time between the icmp_send kernel function (when the packet is queued for transmit) and the __netif_receive_skb_core function (when the response packet is received). The
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
BPF (Berkeley Packet Filter) has evolved from a limited virtual machine for efficient packet filtering to a new type of software called extended BPF. Extended BPF allows for custom, efficient, and production-safe performance analysis tools and observability programs to be run in the Linux kernel through BPF. It enables new event-based applications running as BPF programs attached to various kernel events like kprobes, uprobes, tracepoints, sockets, and more. Major companies like Facebook, Google, and Netflix are using BPF programs for tasks like intrusion detection, container security, firewalling, and observability with over 150,000 AWS instances running BPF programs. BPF provides a new program model and security features compared
Spying on the Linux kernel for fun and profitAndrea Righi
Do you ever wonder what the kernel is doing while your code is running? This talk will explore some methodologies and techniques (eBPF, ftrace, etc.) to look under the hood of the Linux kernel and understand what it’s actually doing behind the scenes.
This document discusses Linux kernel crash capture and analysis. It begins with an overview of what constitutes a kernel crash and reasons crashes may occur, both from hardware and software issues. It then covers using kdump to capture virtual memory cores (vmcores) when a crash happens, and configuring kdump for optimal core collection. Finally, it discusses analyzing vmcores after collection using the crash utility, including commands to inspect system information, backtraces, logs, and more.
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
Bpftrace is a relatively new eBPF-based open source tracer for modern Linux versions (kernels 5.x.y) that is useful for analyzing production performance problems and troubleshooting software. Basic usage of the tool, as well as bpftrace one liners and advanced scripts useful for MariaDB DBAs are presented. Problems of MariaDB Server dynamic tracing with bpftrace and some possible solutions and alternative tracing tools are discussed.
Brian Bouterse discusses using the GNU Debugger (GDB) to debug hung Python processes. GDB can be used to attach to running Python processes and debug issues that occur in production or with remote/rarely occurring problems. The debugger provides tools like stack traces and examining local variables. Python extensions for GDB provide additional functionality for listing source code, switching threads, and more. Debugging with GDB requires installing debug symbols and dealing with optimized-out code. Alternative tools like strace and rpdb can also provide debugging assistance.
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
At a rate of almost 9 changes per hour (24/7), the Linux kernel is definitely a scary beast. Bugs are introduced on a daily basis and, through the use of multiple code analyzers, *some* of them are detected and fixed before they hit mainline. Over the course of the last few years, Gustavo has been fixing such bugs and many different issues in every corner of the Linux kernel. Recently, he was in charge of leading the efforts to globally enable -Wimplicit-fallthrough; which appears by default in Linux v5.3. This presentation is a report on all the stuff Gustavo has found and fixed in the kernel with the support of the Core Infrastructure Initiative.
Gustavo A. R. SILVA
Kernel Recipes 2018 - A year of fixing Coverity issues all over the Linux ker...Anne Nicolas
Gustavo A. R. Silva fixed over 750 bugs in the Linux kernel by reviewing static analysis reports from Coverity and running other tools like Smatch. He contributed patches for issues like null pointer dereferences, API misuse, and integer overflows across many Linux subsystems. The large number of fixes improved stability and security across 14 stable Linux kernel versions.
Mingbo Zhang, Rutgers University
Saman Zonouz, Rutgers University
Time-of-check-to-time-of-use (TOCTOU) also known as “race condition” or “double fetch” is a long standing problem. Since memory read/write is so common an operation, it barely triggers no security mechanisms. We leverage a CPU feature called SMAP(Supervisor Mode Access Prevention) to efficiently monitor the events of kernel accessing user-mode memory. When user pages being accessed by kernel, our mitigation kicks in and protect them against further modifications from other user-mode threads. We also leverage the same CPU feature to find double fetch errors in kernel modules. A simple hypervisor is used to confine a system wide CPU feature such as SMAP to particular process.
With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.
Web 2.0 Performance and Reliability: How to Run Large Web Appsadunne
The document discusses operations engineering and monitoring systems. Some key points:
- Operations is often overlooked compared to product development and engineering, but it is a form of engineering and critical for ensuring systems run reliably.
- Effective monitoring involves collecting data, alerting on issues, and trend analysis to aid capacity planning. Tools mentioned include Nagios, Ganglia, Cricket, and custom Ganglia metrics.
- When debugging issues, follow best practices like understanding the system, methodically testing changes, keeping an audit trail, and ensuring the root cause is actually fixed.
- Automation is important for managing systems at scale. Tools like Puppet, Cobbler, Koan, and EC2 automation are recommended to
Troubleshooting MySQL from a MySQL Developer PerspectiveMarcelo Altmann
Working as a MySQL Developer as part of the Bugs committee exposes you to a variety of bugs, such as server crashes, memory leaks, wrong query results, internal thread deadlocks, and others. In this talk, I will cover some of the technics we utilize to troubleshoot MySQL when things are not working as expected.
Some of the topics covered include:
Reproducible test cases
Git Bisect
Stack Traces
GDB
Record and Replay
By the end of this session, attendees will grasp how to tackle analyses of when software is not working as expected.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
This document summarizes information about fuzzing and discusses bugs found through fuzzing browsers like Chromium and Firefox in 2012. It describes AddressSanitizer output that reveals crashes, mentions 50 duplicate bugs found by two fuzzing groups, and outlines tips for smarter fuzzing like generating inputs based on specifications and minimizing reproducible test cases.
The document discusses kernel debugging techniques. It covers analyzing kernel error logs, debugging memory errors, detecting kernel deadlocks, and troubleshooting login issues. The key debugging steps involve prerequisites like having the kernel source code, reading the error logs and call traces to understand the bug, and tracing from assembly to C code to transactions. Memory debugging tools like AddressSanitizer are also covered.
The document discusses kernel debugging techniques. It covers analyzing kernel error logs, debugging memory errors, detecting kernel deadlocks, and troubleshooting login issues. The key debugging techniques mentioned are using kernel log functions to output error information, understanding the structure of kernel bug logs, tracing from assembly to C code, and using tools like AddressSanitizer to detect memory errors.
The document discusses AdaCore's tools for dynamic software verification using GNAT, including GNATemulator for target emulation, GNATcoverage for coverage analysis, GNATtest for unit test generation, and GNATdashboard for monitoring the verification process. It provides examples of analyzing coverage at the source code and object code levels, generating unit tests, and integrating results with partners' tools. AdaCore aims to help customers address verification challenges through collaborative, open, and dependable approaches.
Headless Android allows running the full Android system stack without any graphical user interface elements. This is done by disabling SurfaceFlinger, WindowManager and other UI services. The result is a smaller memory footprint but full access to Android services, APIs, and development tools. Key changes include tweaking internal calls to disable expectations of a graphical environment and starting components with 'am' instead of activities. This produces a streamlined Android configuration for embedded and automation use cases.
In recent years Graphic Processing Units (GPUs) have seen widespread adoption in many scientific fields, from Machine Learning (ML) to Genomics. Their use makes it possible to achieve significant speedups and improvements in power efficiency over computationally intensive algorithms compared to General Purpose Central Processing Units (CPUs).
However, algorithms require specific knowledge of the GPU architecture and expertise to achieve significant results.
In this work, we describe a methodology for automatic GPU kernel optimization.
Our methodology exploits the Berkeley Roofline Model to perform a performance analysis of the algorithm considered and aims to increase the accessibility of GPU programming automatizing the optimization process of the kernel.
We provide an in-depth analysis of this methodology, an overview on the state of the art, and a description of a tool we developed that automatically applies our methodology to obtain a highly optimized GPU version of two of the most popular algorithms used in computational biology, the X-drop and Smith-Waterman algorithms.
The Smith-Waterman algorithm is one of the most used algorithms in genomics pipelines.
The algorithm finds the optimal local alignment between two genomic sequences, at the cost of being particularly compute-intensive.
The popular X-drop algorithm reduces the time required by the alignment by searching only for high-quality alignments.
The algorithms accelerated using our methodology achieve more than 6x and 3x speed-up, for the X-drop and Smith-Waterman algorithms respectively, with respect to the state of the art implementation of these algorithms.
The document reports on progress connecting a router to a terminal through a USB-serial connection. It was successful in transferring text data but commands needed to be executable. The solution was to use a shell to pipe input and output between the terminal and router. An autorun script was also created to automatically load the USB-serial modules and start the shell on router boot for a manual-to-automatic process.
DCSF 19 Deploying Rootless buildkit on KubernetesDocker, Inc.
DockerCon Open Source Summit: BuildKit
Akihiro Suda, NTT Corporation
Building images on Kubernetes is attractive for distributing workload across multiple nodes, typically in CI/CD pipeline. However, it had been considered dangerous due to the dependency on `securityContext.privileged`.
In this talk, Akihiro will show how to use Rootless BuildKit in Kubernetes, which can be executed as a non-root user without extra `securityContext` configuration.
Secrets of building a debuggable runtime: Learn how language implementors sol...Dev_Events
Bjørn Vårdal, J9VM Software Developer, IBM, @bvaardal
New language runtimes appear all the time, but most of them die young. Failure can be attributed to
different reasons, but an important factor is that lack of support can limit the community’s and
industry’s willingness to adopt the new language.
Quicker development and improved serviceability allows emerging languages to overcome this obstacle.
By building on the proven technology available in Eclipse OMR, language developers can get more than
performance and stability; you also get tools that help you quickly debug your language runtime,
allowing you to provide competitive serviceability.
From this presentation, you will learn how to enable Eclipse OMR’s mature debugging features in your
language runtime, and also how Eclipse OMR can assist with development and debugging
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
Joe FitzPatrick gave a presentation on exploiting PCIe (Peripheral Component Interconnect Express) buses for hardware attacks. He discussed using DMA (direct memory access) over PCIe to read and write system memory, modify firmware, and potentially bypass mitigations like IOMMU (input-output memory management unit). FitzPatrick demonstrated proof-of-concept attacks on Macs and Windows PCs using custom PCIe devices and software. However, he noted that fully bypassing protections like VT-d on Macbooks had not yet been achieved and more work is needed to build attacks without imitating a genuine device.
Winnyp is an anonymous P2P filesharing software based on Winny. It uses its own encryption key generation algorithm that is more complex than Winny's algorithm, making it more difficult to analyze. The report details Winnyp's internal workings, including how it initializes and patches itself, generates encryption keys through multiple algorithms, and specifies the version of connected nodes by using different encryption keys. It also describes how Winnyp sends packets with dummy data and receives packets to communicate with both Winny and other Winnyp nodes.
Similar to Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel (20)
Kernel Recipes 2019 - Driving the industry toward upstream firstAnne Nicolas
This document discusses the benefits of contributing device drivers and other code to the Linux kernel upstream first instead of maintaining private branches. It outlines Chrome OS's strategy of picking long-term stable kernels and contributing hardware support to upstream. While challenging, working upstream provides many benefits like free code reviews, bugfixes, and easier updates. The document shows that Chrome OS contributions have helped increase upstream support for vendors' devices and that there is still work remaining to upstream GPU and other drivers. It demos mainlining the Samsung Chromebook Plus by using the open source Panfrost GPU driver instead of a vendor driver.
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
As the name would suggest, a Non-Maskable Interrupt (NMI) is an interrupt-like feature that is unaffected by the disabling of classic interrupts. In Linux, NMIs are involved in some features such as performance event monitoring, hard-lockup detector, on demand state dumping, etc… Their potential to fire when least expected can fill the most seasoned kernel hackers with dread.
AArch64 (aka arm64 in the Linux tree) does not provide architected NMIs, a consequence being that features benefiting from NMIs see their use limited on AArch64. However, the Arm Generic Interrupt Controller (GIC) supports interrupt prioritization and masking, which, among other things, provides a way to control whether or not a set of interrupts can be signaled to a CPU.
This talk will cover how, using the GIC interrupt priorities, we provide a way to configure some interrupts to behave in an NMI-like manner on AArch64. We’ll discuss the implementation, some of the complications that ensued and also some of the benefits obtained from it.
Julien Thierry
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
In I.T. we all use all kinds of metrics. Operations teams rely heavily on these, especially when things go south. These metrics are sometimes overrated. Let’s dive into a few real life stories together.
Aurélien Rougemont
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
Modern SoC designs incorporate technologies from numerous vendors, each with their own inconsistent, confusing, undocumented and even contradictory terminology. The result is a mess of acronyms and product names which have a surprising impact on the ability to develop reusable, modular code thanks to the nature of the underlying IP being obscured.
This presentation will dive into some of the misnomers plaguing the Arm ecosystem, with the aim of explaining why things are like they are, how they fit together under the architectural umbrella and how you, as a developer, can decipher the baffling ingredients list of your next SoC design!
Will Deacon
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
GNU poke is a new interactive editor for binary data. Not limited to editing basic ntities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or “pickles” in poke parlance) for many binary formats.
GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files.
This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing “pickles”. The presentation ends with a status of the project, a call for hackers, and a hint at future works.
Jose E. Marchesi
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
Operating system distributors often face challenges that are somewhat different from that of upstream kernel developers. For instance, some kernel updates often need to stay at least binary compatible with modules that might be “out of tree” for some time.
In that context, being able to automatically detect and analyze changes to the binary interface exposed by the kernel to its module does have some noticeable value.
The Libabigail framework is capable of analyzing ELF binaries along with their accompanying debug info in the DWARF format, detect and report changes in types, functions, variables and ELF symbols. It has historically supported that for user space shared libraries and application so we worked to make it understand the Linux kernel
binaries.
In this presentation, we are going to present the current support of ABI analysis for Linux Kernel binaries, the challenges we face, how we address them and the plans we have for the future.
Dodji Seketeli, Jessica Yu, Matthias Männich
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxAnne Nicolas
Different upgrade and update strategies exist when it comes to embedded Linux system. If at development time none of these strategies have been chosen, adding them afterwards can be tedious task.
Even harder it gets when the system is already deployed in the field and only accessible via a 3G connection.
This talk is a developer experience of putting in place exactly that. Giving a return of experience on one way of doing it on a system running Barebox and a Yocto-based distribution.
Patrick Boettcher
Embedded Recipes 2019 - Making embedded graphics less specialAnne Nicolas
Open-source graphics drivers are helping to make embedded systems less specialized by standardizing interfaces like KMS, DRI, and Mesa. Mesa provides implementations of graphics APIs like OpenGL and Vulkan via drivers for different GPUs. Combined with Wayland, this allows applications to run on embedded systems like a modern Linux desktop without platform-specific code. Current open-source drivers like Freedreno, Etnaviv, and Panfrost support GPUs from vendors like Qualcomm and ARM and are under active development by their respective communities.
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconAnne Nicolas
This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. In closing also looking at the future, Libre Silicon like RISC-V designs, and where this might take Linux.
Drew Fustini
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas
The I2C subsystem is not the shiniest part of the Linux Kernel. For embedded devices, though, it is one of the many puzzle pieces which just have to work. Wolfram Sang has the experience of maintaining this subsystem for nearly 7 years now. This talk gives a short overview of how maintaining works in general and specifically in this subsystem. But mainly, it will highlight noteworthy points in the timeline and lessons learnt from that. It will present trends, not so much regarding I2C but more the Linux Kernel and the embedded ecosystem in general. And of course, there will be plenty of anecdotes and bits from behind the scenes for your entertainment.
Wolfram Sang
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
ITRenew is selling recertified OCP servers under the Sesame brand, those servers come either with their original UEFI BIOS or with LinuxBoot. The LinuxBoot project is pushing the Linux kernel inside bios flash and using userland programs as bootloader.
To achieve quality on our software stack, as any project, we need to test it. Traditional BIOS are tested by hand, this is 2019 we need to do it automatically! We already presented the hardware setup behind the LinuxBoot CI, this talk will focus on the software.
We use u-root for our userland bootloader; this software is written in Go so we naturally choose to use Go for our testing too. We will present how we are using and extending the Go native test framework `go test` for testing embedded systems (serial console) and improving the report format for integration to a CI.
Julien Viard de Galbert
Embedded Recipes 2019 - Herd your socs become a matchmakerAnne Nicolas
This document discusses device tree matching for embedded systems. It covers:
- The history of device matching in Linux, from architecture-specific to discoverable buses to the modern device framework.
- How device trees improved the situation by providing a standardized hardware description and stable ABI, separating this from OS configuration.
- Best practices for designing compatible value schemes and supporting a variety of similar devices across SoC families in device trees and drivers.
- Different techniques for matching devices and drivers like compatible values, soc_device_match(), and quirk handling classes.
- Examples of implementing matching for Renesas SoCs and addressing differences across revisions.
Embedded Recipes 2019 - LLVM / Clang integrationAnne Nicolas
This document discusses the integration of LLVM and Clang into Buildroot. It provides an overview of LLVM and Clang, the objectives of integrating them into Buildroot, and the initial integration work done. It then covers cross-compiling Linux with Clang and some conclusions. Some key points include:
- LLVM is an open source compiler infrastructure that includes the Clang C/C++ compiler. It uses an intermediate representation and focuses on compile time and code generation performance.
- The initial integration into Buildroot included LLVM, Clang, and Mesa 3D driver support. It aimed to enable OpenCL and add new packages.
- Cross-compiling Linux and userspace applications with Clang
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaAnne Nicolas
PipeWire is an open source project that aims to greatly improve audio and video handling under Linux. Utilising a fresh design, it bridges use cases that have been previously addressed by different tools – or not addressed at all -, providing ground for building complex, yet secure and efficient, multimedia systems.
In this talk, Julien is going to present the PipeWire project and the concepts that make up its design. In addition, he is going to give an update of the current and future work going on around PipeWire, both upstream and in Automotive Grade Linux, an early adopter that Julien is actively working on.
Julian Bouzas
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
Suricata is a network threat detection engine using network packets capture to reconstruct the traffic till the application layer and find threats on the network using rules that define behavior to detect. This task is really CPU intensive and discarding non interesting traffic is a solution to enable a scaling of Suricata to 40gbps and other.
This talk will present the latest evolution of Suricata that knows uses eBPF and XDP to bypass traffic. Suricata 5.0 is supporting the hardware XDP to provide ypass with network card such as Netronome. It also takes advantage of pinned maps to get persistance of the bypassed flows. This talk will cover the different usage of XDP and eBPF in Suricata and shows how it impact performance and usability. If development time permit, the talk will also cover AF_XDP and the impact on this new capture method on Suricata.
Eric Leblond
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
System memory configuration is a transparent operation nowadays, something that we all came to expect to just work out of the box. Still, it does happen behind the scenes every single time we boot our computers. This requires the cooperation of hardware components on the mainboard and on memory modules themselves, as well as firmware code to drive these. While it is possible to just let it happen, having a deeper understanding of how it works makes it possible to access valuable information from the operating system at run-time.
I will take you through the history of system memory configuration from the mid 70s to now. We will explore the different types of memory modules, how their configuration data is stored and how the firmware can access them. We will see which problems had to be solved along the way and how they were solved. Lastly we will see how Linux supports reading the memory configuration information and what you can do with that information.
Jean Delvare
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
Kernel Recipes 2019 - XDP closer integration with network stackAnne Nicolas
XDP (eXpress Data Path) is the new programmable in-kernel fast-path, which is placed as a layer before the existing Linux kernel network stack (netstack).
We claim XDP is not kernel-bypass, as it is a layer before and it can easily fall-through to netstack. Reality is that it can easily be (ab)used to create a kernel-bypass situation, where non of the kernel facilities are used (in form of BPF-helpers and in-kernel tables). The main disadvantage with kernel-bypass, is the need to re-implement everything, even basic building blocks, like routing tables and ARP protocol handling.
It is part of the concept and speed gain, that XDP allows users to avoid calling part of the kernel code. Users have the freedom to do kernel-bypass and re-implement everything, but the kernel should provide access to more in-kernel tables, via BPF-helpers, such that users can leverage other parts of the Open Source ecosystem, like router daemons etc.
This talk is about how XDP can work in-concert with netstack, and proposal on how we can take this even-further. Crazy ideas like using XDP frames to move SKB allocation out of driver code, will also be proposed.
Kernel Recipes 2019 - Kernel hacking behind closed doorsAnne Nicolas
The recent hardware security vulnerabilites exposed the kernel community to unprecedented restrictions and bureaucrazy. Pure software bugs which only affect the Linux kernel are a completely different category and the kernel community has established and well working ways to handle them.
Hardware issues like Meltdown, Spectre, L1TF etc. must be treated differently because they usually affect all Operating Systems and therefore need coordination across different OS vendors, distributions, hardware vendors and other parties. For some of the issues, software mitigations can depend on microcode or firmware updates, which need further coordination.
Meltdown/Spectre hit all affected parties completely unprepared, which was nicely reflected in the resulting chaos all over the place. With that experience the kernel community started to push for workable scenarios to handle these kind of issues as it was entirely clear to everyone that this was just the start and the tip of the iceberg.
This talk will take a look at the difference between hardware and software vulnerabilities, gives insight into the events surrounding Meltdown/Spectre and explains how the later issues, e.g. L1TF, have been dealt with. It also looks at the approach the kernel community has taken to further reduce the annoyance for future issues of that kind
Kernel Recipes 2019 - Faster IO through io_uringAnne Nicolas
io_uring provides a new asynchronous I/O interface in Linux that aims to address limitations with existing interfaces like aio and libaio. It uses a ring-based model for submission and completion queues to efficiently support asynchronous I/O operations with low latency and high throughput. Though initially skeptical, Linus Torvalds ultimately merged io_uring into the Linux kernel due to improvements in missing features, ease of use, and efficiency over alternatives.
A neural network is a machine learning program, or model, that makes decisions in a manner similar to the human brain, by using processes that mimic the way biological neurons work together to identify phenomena, weigh options and arrive at conclusions.
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...Luigi Fugaro
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
Boost Your Savings with These Money Management AppsJhone kinadey
A money management app can transform your financial life by tracking expenses, creating budgets, and setting financial goals. These apps offer features like real-time expense tracking, bill reminders, and personalized insights to help you save and manage money effectively. With a user-friendly interface, they simplify financial planning, making it easier to stay on top of your finances and achieve long-term financial stability.
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Paul Brebner
Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...kalichargn70th171
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Photoshop Tutorial for Beginners (2024 Edition)alowpalsadig
Photoshop Tutorial for Beginners (2024 Edition)
Explore the evolution of programming and software development and design in 2024. Discover emerging trends shaping the future of coding in our insightful analysis."
Here's an overview:Introduction: The Evolution of Programming and Software DevelopmentThe Rise of Artificial Intelligence and Machine Learning in CodingAdopting Low-Code and No-Code PlatformsQuantum Computing: Entering the Software Development MainstreamIntegration of DevOps with Machine Learning: MLOpsAdvancements in Cybersecurity PracticesThe Growth of Edge ComputingEmerging Programming Languages and FrameworksSoftware Development Ethics and AI RegulationSustainability in Software EngineeringThe Future Workforce: Remote and Distributed TeamsConclusion: Adapting to the Changing Software Development LandscapeIntroduction: The Evolution of Programming and Software Development
Photoshop Tutorial for Beginners (2024 Edition)Explore the evolution of programming and software development and design in 2024. Discover emerging trends shaping the future of coding in our insightful analysis."Here's an overview:Introduction: The Evolution of Programming and Software DevelopmentThe Rise of Artificial Intelligence and Machine Learning in CodingAdopting Low-Code and No-Code PlatformsQuantum Computing: Entering the Software Development MainstreamIntegration of DevOps with Machine Learning: MLOpsAdvancements in Cybersecurity PracticesThe Growth of Edge ComputingEmerging Programming Languages and FrameworksSoftware Development Ethics and AI RegulationSustainability in Software EngineeringThe Future Workforce: Remote and Distributed TeamsConclusion: Adapting to the Changing Software Development LandscapeIntroduction: The Evolution of Programming and Software Development
The importance of developing and designing programming in 2024
Programming design and development represents a vital step in keeping pace with technological advancements and meeting ever-changing market needs. This course is intended for anyone who wants to understand the fundamental importance of software development and design, whether you are a beginner or a professional seeking to update your knowledge.
Course objectives:
1. **Learn about the basics of software development:
- Understanding software development processes and tools.
- Identify the role of programmers and designers in software projects.
2. Understanding the software design process:
- Learn about the principles of good software design.
- Discussing common design patterns such as Object-Oriented Design.
3. The importance of user experience (UX) in modern software:
- Explore how user experience can improve software acceptance and usability.
- Tools and techniques to analyze and improve user experience.
4. Increase efficiency and productivity through modern development tools:
- Access to the latest programming tools and languages used in the industry.
- Study live examples of applications
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
Superpower Your Apache Kafka Applications Development with Complementary Open...Paul Brebner
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
DevOps Consulting Company | Hire DevOps Servicesseospiralmantra
Spiral Mantra excels in providing comprehensive DevOps services, including Azure and AWS DevOps solutions. As a top DevOps consulting company, we offer controlled services, cloud DevOps, and expert consulting nationwide, including Houston and New York. Our skilled DevOps engineers ensure seamless integration and optimized operations for your business. Choose Spiral Mantra for superior DevOps services.
https://www.spiralmantra.com/devops/
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
1. Hunting and fixing bugs all over
the Linux kernel
Gustavo A. R. Silva
gustavo@embeddedor.com
@embeddedgus
The Linux Foundation's Core Infrastructure
Initiative
Kernel Recipes
September 26, 2019
Paris, France
2. Who am I?
Background in Embedded Systems.●
RTOS●
Embedded Linux.●
Volunteer at @kidsoncomputers●
Board of directors at @kidsoncomputers●
3. Who am I?
Background in Embedded Systems.●
RTOS●
Embedded Linux.●
Volunteer at @kidsoncomputers●
Board of directors at @kidsoncomputers●
●
Don’t speak Portuguese. :)
8. Coverity medium impact issues
● NULL pointer dereferences (before/after null
check, explicit null dereference).
●
Integer handling issues (bad bit shift operation).
●
API usage errors (arguments in wrong order).
● Control flow issues.
9. Coverity work
Look at every issue●
Access to Coverity scans on mainline.
Look at every issue.
Weekly scans every -rc.
Now access to daily Coverity scans.
●
●
●
Fix bugs in linux-next before they hit mainline.●
25. Incorrect bitwise operator
●
#define MVPP22_CLS_C2_ATTR2_RSS_EN BIT(30)
●
commit e146471f588e4b8dcd7994036c1b47cc52325f00
●
Introduced on Jul 14, 2019.
●
Fixed on Jul 18, 2019.
●
Never hit mainline.
●
The use of the bitwise OR operator '|' always leads to true.
30. Incorrect bitwise operator
●
commit 489338a717a0dfbbd5a3fabccf172b78f0ac9015
●
7-year-old bug (Tue Sep 18 11:56:28 2012).
●
The use of the bitwise OR operator '|' always leads to true.
31. (!x & y) strikes again
●
commit 07c69f1148da7de3978686d3af9263325d9d60bd
32. (!x & y) strikes again
●
commit 07c69f1148da7de3978686d3af9263325d9d60bd
●
8-year-old bug (Mon Jun 6 19:42:44 2011).
38. Kernel Self Protection Project
● Variable Length Arrays (VLA) removal.
● Defense-in-depth with struct_size() helper.
● Switch case fall-through
39. Variable Length Arrays
Exhaust the stack: write to things following it.●
Jump over guard pages.●
Easy to find with compiler flag: -Wvla●
40. Variable Length Arrays
Exhaust the stack: write to things following it.●
Jump over guard pages.●
Easy to find with compiler flag: -Wvla●
Eradicated from the kernel in Linux v4.20. :)●
57. Defense-in-depth & struct_size()
●
Commit 76497732932f15e7323dc805e8ea8dc11bb587cf
●
8-year-old bug (Tue Sep 6 13:59:13 2011).
●
Bugfix backported all the way down to LTS Linux v3.16.74
59. Switch case fall-through
●
Common Weakness Enumeration.
CWE-484:Omitted Break Statement in Switch:
“The program omits a break statement within a switch or similar construct,
causing code associated with multiple conditions to execute. This can cause
problems when the programmer only intended to execute code associated
with one condition.”
60. Switch case fall-through
●
Common Weakness Enumeration.
CWE-484:Omitted Break Statement in Switch:
“The program omits a break statement within a switch or similar construct,
causing code associated with multiple conditions to execute. This can cause
problems when the programmer only intended to execute code associated
with one condition.”
●
Prone to error.
61. Switch case fall-through
●
Common Weakness Enumeration.
CWE-484:Omitted Break Statement in Switch:
“The program omits a break statement within a switch or similar construct,
causing code associated with multiple conditions to execute. This can cause
problems when the programmer only intended to execute code associated
with one condition.”
●
Prone to error.
●
“To enable -Wimplicit-fallthrough in Firefox,
I had to annotate 287 intentional fallthroughs.”
- Chris Peterson. TPM on Mozilla’s Firefox team.
69. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy:
x86 headers. Tons of warnings.
70. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
x86 headers. Tons of warnings.
71. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
x86 gate keeper:
x86 headers. Tons of warnings.
72. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
x86 gate keeper: tglx.
x86 headers. Tons of warnings.
73. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
x86 gate keeper: tglx.
x86 headers. Tons of warnings.
74. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
x86 gate keeper: tglx.
●
First patch (2017) :)
x86 headers. Tons of warnings.
75. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
x86 gate keeper: tglx.
●
First patch (2017) :) - Flamed :/
x86 headers. Tons of warnings.
76. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
x86 gate keeper: tglx.
●
Abort.
●
First patch (2017) :) - Flamed :/
x86 headers. Tons of warnings.
77. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
x86 gate keeper: tglx.
●
Abort. Rethink strategy.
●
First patch (2017) :) - Flamed :/
x86 headers. Tons of warnings.
78. -Wimplicit-fallthrough
●
Tons of warnings (2300+). Just on x86.
●
Where do I even begin?
●
Count warnings in each file.
●
x86 headers. Tons of warnings.
●
Strategy: address x86, first.
●
What could possibly go wrong?
●
First patch (2017) :) - Flamed :/
●
x86 gate keeper: tglx.
●
Abort. Rethink strategy.
●
Warnings finally addressed in 2019.