Marian Marinov, profile picture
Uploaded byMarian Marinov
629 views

Manage custom kernel builds

The document discusses managing custom kernel builds. It defines kernel versioning numbers and describes reasons for custom kernels such as better performance or supporting custom drivers. It recommends thoroughly testing new kernels and provides tips for automating building kernels across releases by branching the source code and rebasing patches. The document advises monitoring security issues and performance fixes for backporting and cautions against patching sensitive areas like scheduling code.

Embed presentation

Download to read offline
Manage custom kernel builds Marian HackMan Marinov CEO of 1H Ltd. CTO of GetClouder Ltd. <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan
Some definitions 3.X.Y
Some definitions 3.X.Y ➢ Major release (changes to this are rear)
Some definitions 3.X.Y ➢ Major release ➢ Minor release (the new Major :))
Some definitions 3.X.Y ➢ Major release ➢ Minor release ➢ Patch level (the new minor)
Some definitions ➢Mainline kernel - http://kernel.org ➢stable ➢release candidate (-rc) ➢next ➢long term support (LTS) ➢Distribution kernel ➢Debian ➢RedHat ➢SuSE ➢Project kernel ➢OpenVZ
Why do we need custom kernels? ➢Better performance ➢Faster boot times ➢More secure kernels(smaller attack serfice) ➢Monolithic kernels (does not work on machines with SW RAID or LVM) ➢Support custom drivers ➢Support features that are not included in the mainline ➢New features that are not supported by the distribution kernels
Support custom drivers ➢network interface drivers ➢storage drivers ➢vendor supplied drivers ➢sometimes require specific kernel version ➢ they should be either back or forward ported ➢require changes in the kernel in order to build/load properly Note: this does not happen often
Support custom features ➢Kpatch (live kernel patching) ➢kGraft (live kernel patching) ➢AUFS (Docker) ➢BFQ (I/O scheduling) ➢GRsecurity
Problems with the custom features ➢Irregular releases ➢Required specific kernel versions ➢No release for the kernel you have chosen
How to choose a kernel to build upon ➢TEST
How to choose a kernel to build upon ➢TEST, TEST
How to choose a kernel to build upon ➢TEST, TEST, TEST
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :)
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels ➢Test the performance
Test the new Kernel performance ➢Look at your own load ➢Try to break the kernel ➢try to replay your normal load 100 or 1000 times ➢try to break the kernel with community benchmarks ➢Do not compare 32 and 64 bit kernels ➢Test the performance between two kernels in a row ➢If you compare the performance between different major releases, do not include the new features
Test the new Kernel performance ➢I usually check if the following stay relatively the same ➢/proc/loadavg ➢/proc/schedstat ➢is the memory allocation keeps similar values ➢I/O performance ➢Network performance (use tcpreplay) ➢hardware functionality ➢software compatibility
Feature automation Initially ➢Create a branch with a name that should include the name of the kernel version you are using example kernel: 3.17.2 example branch name: grsec-3.17.2
Feature automation Second time 1. Check if you have a branch with the name of your feature (grsec-3.17.2) 2. Check if you have a branch that includes the name of the future and the version of your current kernel 3. Check if there are newer versions of the kernel 4. If there are no new versions(tags)... don't do anything 5. If there are new versions(tags)
Feature automation 6. Checkout the current branch into a new one named with the new version example: grsec-3.17.3 7. Rebase the new branch over the last released kernel version 1. If there are errors, send me an e-mail 2. If no errors are detected, commit 3. Rename the branch to reflect the new kernel version 9. Do some cleanup from time to time :) - You may move your archive branches into a separate repository
Feature automation Master featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 featureX-3.17.4
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
Feature automation Master featureX-3.18 TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
The actual management ➢ this works ONLY for your own patches ➢ keep a list with all your patches ➢ clone the Linus repo
The actual management ➢ git pull ➢ if there are new tags, create a test branch with the tag's name: v3.17.2 -> test-kernel-3.17.2 ➢ for each patch branch that you keep ➢ checkout the current patch branch ➢ branch into a new name based on the new kernel version ➢ rebase ➢ checkout that branch ➢ copy my current kernel .config ➢ make olddefconfig (if it breaks, send me an e-mail)
Build ➢ Pull once a day or a little bit more often :) ➢ Build once a week or little bit more often :) ➢ If you are planning on upgrading this kernel, fix found conflicts at least every two weeks
What is next? ➢ Handling CVEs ➢ Kernel patch and build ➢ Kpatch or kGraft patch module generation ➢ Load the kpatch or kgraft ➢ Monitor the Linux Kernel Mailing List(LKML) for all subsystems of interest to you ➢ Do not try to monitor the LKML for everything... ➢ Backport the performance fixes made in new versions
What not to patch? ➢ Assembly code ➢ Crypto stuff ➢ Limit the architectures you write patches for ➢ Be extremely careful with: ➢ cpu schedule ➢ vm scheduler ➢ i/o schedule
What not to patch? Questions? <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan CEO of 1H Ltd. CTO of GetClouder Ltd.

More Related Content

PDF
Quickly Debug VM Failures in OpenStack
byLinuxCon ContainerCon CloudOpen China
 
PDF
Libvirt API Certification
byLinuxCon ContainerCon CloudOpen China
 
PDF
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
byNETWAYS
 
PDF
Kernel Recipes 2013 - Kernel for your device
byAnne Nicolas
 
PDF
Kernel Recipes 2015 - Hardened kernels for everyone
byAnne Nicolas
 
PDF
Introduction of unit test on android kernel
byJohnson Chou
 
PDF
Rear automated testing with Bareos
byGratien D'haese
 
DOCX
Using cgroups in docker container
byVinay Jindal
 
Quickly Debug VM Failures in OpenStack
byLinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
byLinuxCon ContainerCon CloudOpen China
 
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
byNETWAYS
 
Kernel Recipes 2013 - Kernel for your device
byAnne Nicolas
 
Kernel Recipes 2015 - Hardened kernels for everyone
byAnne Nicolas
 
Introduction of unit test on android kernel
byJohnson Chou
 
Rear automated testing with Bareos
byGratien D'haese
 
Using cgroups in docker container
byVinay Jindal
 

What's hot

PDF
Install a micro k8s single node cluster of kubernetes on windows 10
byLợi Dương
 
PDF
Kernel Recipes 2015: How to choose a kernel to ship with a product
byAnne Nicolas
 
PDF
Proxmox ve-datasheet
byMiguel Angel
 
PPTX
How to make a WoW server Warlords of Draenor
byMohit Maheshwari
 
PDF
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
byFelipe
 
PDF
Linux con europe_2014_f
bysprdd
 
PDF
Percona XtraDB Cluster before every release: Glimpse into CI testing
byRaghavendra Prabhu
 
PDF
Introduction to Selenium grid
byKnoldus Inc.
 
PDF
Open ZFS Keynote (public)
byDustin Kirkland
 
ODP
Proxmox Talk - Linux Fest Northwest 2018
byRichard Clark
 
PPTX
Proxmox for DevOps
byJorge Moratilla Porras
 
PDF
Reusing your existing software on Android
byTetsuyuki Kobayashi
 
PDF
From printk to QEMU: Xen/Linux Kernel debugging
byThe Linux Foundation
 
PDF
Introduction to systemd
byYusaku OGAWA
 
PDF
Esx.sc.quickref
byhellocn
 
PPT
Nexenta at VMworld Hands-on Lab
byNexenta Systems
 
PDF
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
byNETWAYS
 
PDF
Containers with systemd-nspawn
byGábor Nyers
 
PDF
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
byOpenNebula Project
 
PDF
Linux firmware for iRMC controller on Fujitsu Primergy servers
byVladimir Shakhov
 
Install a micro k8s single node cluster of kubernetes on windows 10
byLợi Dương
 
Kernel Recipes 2015: How to choose a kernel to ship with a product
byAnne Nicolas
 
Proxmox ve-datasheet
byMiguel Angel
 
How to make a WoW server Warlords of Draenor
byMohit Maheshwari
 
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
byFelipe
 
Linux con europe_2014_f
bysprdd
 
Percona XtraDB Cluster before every release: Glimpse into CI testing
byRaghavendra Prabhu
 
Introduction to Selenium grid
byKnoldus Inc.
 
Open ZFS Keynote (public)
byDustin Kirkland
 
Proxmox Talk - Linux Fest Northwest 2018
byRichard Clark
 
Proxmox for DevOps
byJorge Moratilla Porras
 
Reusing your existing software on Android
byTetsuyuki Kobayashi
 
From printk to QEMU: Xen/Linux Kernel debugging
byThe Linux Foundation
 
Introduction to systemd
byYusaku OGAWA
 
Esx.sc.quickref
byhellocn
 
Nexenta at VMworld Hands-on Lab
byNexenta Systems
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
byNETWAYS
 
Containers with systemd-nspawn
byGábor Nyers
 
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
byOpenNebula Project
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
byVladimir Shakhov
 

Similar to Manage custom kernel builds

PDF
Part 01 Linux Kernel Compilation (Ubuntu)
byTushar B Kute
 
PDF
Operating-Systems-Network-System-Lecture 2.pdf
bynathanaelcheramlak
 
PPTX
Building a linux kernel
byRaghu nath
 
PDF
Linux Kernel - Let's Contribute!
byLevente Kurusa
 
PDF
Introduction To Linux Kernel Modules
bydibyajyotig
 
ODP
Kernel compilation
bymcganesh
 
PDF
Appa
byrathodr
 
PDF
How to compile a kernel suse 3
byJOSE MANUEL SANCHEZ REQUENA
 
PPTX
First steps on CentOs7
byMarc Cortinas Val
 
PDF
Introduction to Linux Kernel Development
byLevente Kurusa
 
PDF
How to compile a kernel suse 2
byJOSE MANUEL SANCHEZ REQUENA
 
PPTX
CSA-lecture 6.pptx
byUsmanAshraf656960
 
PDF
Linux Common Command
byJeff Yang
 
PDF
Linux kernel
byMahmoud Shiri Varamini
 
PDF
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
byGlobalLogic Ukraine
 
PDF
Hacking+linux+kernel
byrobertsong
 
TXT
Ass OS
byMatalus Master
 
PDF
L lpic2201-pdf
byG&P
 
TXT
Ass hđh
byMatalus Master
 
PDF
Linux Foundation Mentorship Sessions - Kernel Livepatch: An Introduction
byMarcos de Souza
 
Part 01 Linux Kernel Compilation (Ubuntu)
byTushar B Kute
 
Operating-Systems-Network-System-Lecture 2.pdf
bynathanaelcheramlak
 
Building a linux kernel
byRaghu nath
 
Linux Kernel - Let's Contribute!
byLevente Kurusa
 
Introduction To Linux Kernel Modules
bydibyajyotig
 
Kernel compilation
bymcganesh
 
Appa
byrathodr
 
How to compile a kernel suse 3
byJOSE MANUEL SANCHEZ REQUENA
 
First steps on CentOs7
byMarc Cortinas Val
 
Introduction to Linux Kernel Development
byLevente Kurusa
 
How to compile a kernel suse 2
byJOSE MANUEL SANCHEZ REQUENA
 
CSA-lecture 6.pptx
byUsmanAshraf656960
 
Linux Common Command
byJeff Yang
 
Linux kernel
byMahmoud Shiri Varamini
 
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
byGlobalLogic Ukraine
 
Hacking+linux+kernel
byrobertsong
 
Ass OS
byMatalus Master
 
L lpic2201-pdf
byG&P
 
Ass hđh
byMatalus Master
 
Linux Foundation Mentorship Sessions - Kernel Livepatch: An Introduction
byMarcos de Souza
 

More from Marian Marinov

PDF
How to start and then move forward in IT
byMarian Marinov
 
PDF
Thinking about highly-available systems and their setup
byMarian Marinov
 
PDF
Understanding your memory usage under Linux
byMarian Marinov
 
PDF
How to implement PassKeys in your application
byMarian Marinov
 
PDF
Dev.bg DevOps March 2024 Monitoring & Logging
byMarian Marinov
 
PDF
Basic presentation of cryptography mechanisms
byMarian Marinov
 
PDF
Microservices: Benefits, drawbacks and are they for me?
byMarian Marinov
 
PDF
Introduction and replication to DragonflyDB
byMarian Marinov
 
PDF
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
byMarian Marinov
 
PDF
How to successfully migrate to DevOps .pdf
byMarian Marinov
 
PDF
How to survive in the work from home era
byMarian Marinov
 
PDF
Managing sysadmins
byMarian Marinov
 
PDF
Improve your storage with bcachefs
byMarian Marinov
 
PDF
Control your service resources with systemd
byMarian Marinov
 
PDF
Comparison of-foss-distributed-storage
byMarian Marinov
 
PDF
Защо и как да обогатяваме знанията си?
byMarian Marinov
 
PDF
Securing your MySQL server
byMarian Marinov
 
PDF
Sysadmin vs. dev ops
byMarian Marinov
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
PDF
Challenges with high density networks
byMarian Marinov
 
How to start and then move forward in IT
byMarian Marinov
 
Thinking about highly-available systems and their setup
byMarian Marinov
 
Understanding your memory usage under Linux
byMarian Marinov
 
How to implement PassKeys in your application
byMarian Marinov
 
Dev.bg DevOps March 2024 Monitoring & Logging
byMarian Marinov
 
Basic presentation of cryptography mechanisms
byMarian Marinov
 
Microservices: Benefits, drawbacks and are they for me?
byMarian Marinov
 
Introduction and replication to DragonflyDB
byMarian Marinov
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
byMarian Marinov
 
How to successfully migrate to DevOps .pdf
byMarian Marinov
 
How to survive in the work from home era
byMarian Marinov
 
Managing sysadmins
byMarian Marinov
 
Improve your storage with bcachefs
byMarian Marinov
 
Control your service resources with systemd
byMarian Marinov
 
Comparison of-foss-distributed-storage
byMarian Marinov
 
Защо и как да обогатяваме знанията си?
byMarian Marinov
 
Securing your MySQL server
byMarian Marinov
 
Sysadmin vs. dev ops
byMarian Marinov
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
Challenges with high density networks
byMarian Marinov
 

Recently uploaded

PDF
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
PDF
AI and ICT for Teaching and Learning, Induction-cum-Training Programme, 5th 8...
byProf. Vinod Kumar Kanvaria
 
PPTX
Physical education notes class ncert 12th
byjatinrg2009
 
PPTX
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
PDF
LH_Lecture Note on Spices , AI And Importance in Human Life.pdf
bybisensharad
 
PDF
Digital Electronics – Registers and Their Applications
byGS Virdi
 
PDF
The invasion of Alexander of Macedonia in India
byPrachiSontakke5
 
PDF
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
PDF
Digital Journalism Ethics 2025 materi for Regulation & Ethic Media
byAdePutraTunggali
 
PPTX
Elderly in India: The Changing Scenario.pptx
byMonika
 
PPTX
General Wellness & Restorative Tonic: Draksharishta
byDr. Paindla Jyothirmai
 
PPTX
Masterclass on Cybercrime, Scams & Safety Hacks.pptx
bykalkidirwhytap
 
PDF
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
PPTX
Anatomy of the eyeball An overviews.pptx
byMushahidRaza8
 
PDF
ASRB NET 2025 Paper GENETICS AND PLANT BREEDING ARS, SMS & STODiscussion | Co...
bySatyam Sharma
 
PPTX
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
PDF
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
PDF
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
PPTX
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
PPTX
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
AI and ICT for Teaching and Learning, Induction-cum-Training Programme, 5th 8...
byProf. Vinod Kumar Kanvaria
 
Physical education notes class ncert 12th
byjatinrg2009
 
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
LH_Lecture Note on Spices , AI And Importance in Human Life.pdf
bybisensharad
 
Digital Electronics – Registers and Their Applications
byGS Virdi
 
The invasion of Alexander of Macedonia in India
byPrachiSontakke5
 
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
Digital Journalism Ethics 2025 materi for Regulation & Ethic Media
byAdePutraTunggali
 
Elderly in India: The Changing Scenario.pptx
byMonika
 
General Wellness & Restorative Tonic: Draksharishta
byDr. Paindla Jyothirmai
 
Masterclass on Cybercrime, Scams & Safety Hacks.pptx
bykalkidirwhytap
 
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
Anatomy of the eyeball An overviews.pptx
byMushahidRaza8
 
ASRB NET 2025 Paper GENETICS AND PLANT BREEDING ARS, SMS & STODiscussion | Co...
bySatyam Sharma
 
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 

Manage custom kernel builds

  • 1.
    Manage custom kernelbuilds Marian HackMan Marinov CEO of 1H Ltd. CTO of GetClouder Ltd. <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan
  • 2.
  • 3.
    Some definitions 3.X.Y ➢ Major release (changes to this are rear)
  • 4.
    Some definitions 3.X.Y ➢ Major release ➢ Minor release (the new Major :))
  • 5.
    Some definitions 3.X.Y ➢ Major release ➢ Minor release ➢ Patch level (the new minor)
  • 6.
    Some definitions ➢Mainlinekernel - http://kernel.org ➢stable ➢release candidate (-rc) ➢next ➢long term support (LTS) ➢Distribution kernel ➢Debian ➢RedHat ➢SuSE ➢Project kernel ➢OpenVZ
  • 7.
    Why do weneed custom kernels? ➢Better performance ➢Faster boot times ➢More secure kernels(smaller attack serfice) ➢Monolithic kernels (does not work on machines with SW RAID or LVM) ➢Support custom drivers ➢Support features that are not included in the mainline ➢New features that are not supported by the distribution kernels
  • 8.
    Support custom drivers ➢network interface drivers ➢storage drivers ➢vendor supplied drivers ➢sometimes require specific kernel version ➢ they should be either back or forward ported ➢require changes in the kernel in order to build/load properly Note: this does not happen often
  • 9.
    Support custom features ➢Kpatch (live kernel patching) ➢kGraft (live kernel patching) ➢AUFS (Docker) ➢BFQ (I/O scheduling) ➢GRsecurity
  • 10.
    Problems with thecustom features ➢Irregular releases ➢Required specific kernel versions ➢No release for the kernel you have chosen
  • 11.
    How to choosea kernel to build upon ➢TEST
  • 12.
    How to choosea kernel to build upon ➢TEST, TEST
  • 13.
    How to choosea kernel to build upon ➢TEST, TEST, TEST
  • 14.
    How to choosea kernel to build upon ➢TEST, TEST, TEST ➢Build every major release
  • 15.
    How to choosea kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :)
  • 16.
    How to choosea kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule
  • 17.
    How to choosea kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels
  • 18.
    How to choosea kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels ➢Test the performance
  • 19.
    Test the newKernel performance ➢Look at your own load ➢Try to break the kernel ➢try to replay your normal load 100 or 1000 times ➢try to break the kernel with community benchmarks ➢Do not compare 32 and 64 bit kernels ➢Test the performance between two kernels in a row ➢If you compare the performance between different major releases, do not include the new features
  • 20.
    Test the newKernel performance ➢I usually check if the following stay relatively the same ➢/proc/loadavg ➢/proc/schedstat ➢is the memory allocation keeps similar values ➢I/O performance ➢Network performance (use tcpreplay) ➢hardware functionality ➢software compatibility
  • 21.
    Feature automation Initially ➢Create a branch with a name that should include the name of the kernel version you are using example kernel: 3.17.2 example branch name: grsec-3.17.2
  • 22.
    Feature automation Secondtime 1. Check if you have a branch with the name of your feature (grsec-3.17.2) 2. Check if you have a branch that includes the name of the future and the version of your current kernel 3. Check if there are newer versions of the kernel 4. If there are no new versions(tags)... don't do anything 5. If there are new versions(tags)
  • 23.
    Feature automation 6.Checkout the current branch into a new one named with the new version example: grsec-3.17.3 7. Rebase the new branch over the last released kernel version 1. If there are errors, send me an e-mail 2. If no errors are detected, commit 3. Rename the branch to reflect the new kernel version 9. Do some cleanup from time to time :) - You may move your archive branches into a separate repository
  • 24.
    Feature automation Master featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
  • 25.
    Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
  • 26.
    Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 featureX-3.17.4
  • 27.
    Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
  • 28.
    Feature automation Master featureX-3.18 TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
  • 29.
    The actual management ➢ this works ONLY for your own patches ➢ keep a list with all your patches ➢ clone the Linus repo
  • 30.
    The actual management ➢ git pull ➢ if there are new tags, create a test branch with the tag's name: v3.17.2 -> test-kernel-3.17.2 ➢ for each patch branch that you keep ➢ checkout the current patch branch ➢ branch into a new name based on the new kernel version ➢ rebase ➢ checkout that branch ➢ copy my current kernel .config ➢ make olddefconfig (if it breaks, send me an e-mail)
  • 31.
    Build ➢ Pullonce a day or a little bit more often :) ➢ Build once a week or little bit more often :) ➢ If you are planning on upgrading this kernel, fix found conflicts at least every two weeks
  • 32.
    What is next? ➢ Handling CVEs ➢ Kernel patch and build ➢ Kpatch or kGraft patch module generation ➢ Load the kpatch or kgraft ➢ Monitor the Linux Kernel Mailing List(LKML) for all subsystems of interest to you ➢ Do not try to monitor the LKML for everything... ➢ Backport the performance fixes made in new versions
  • 33.
    What not topatch? ➢ Assembly code ➢ Crypto stuff ➢ Limit the architectures you write patches for ➢ Be extremely careful with: ➢ cpu schedule ➢ vm scheduler ➢ i/o schedule
  • 34.
    What not topatch? Questions? <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan CEO of 1H Ltd. CTO of GetClouder Ltd.