SlideShare a Scribd company logo

Manage custom kernel builds

Marian Marinov
Marian Marinov

The document discusses managing custom kernel builds. It defines kernel versioning numbers and describes reasons for custom kernels such as better performance or supporting custom drivers. It recommends thoroughly testing new kernels and provides tips for automating building kernels across releases by branching the source code and rebasing patches. The document advises monitoring security issues and performance fixes for backporting and cautions against patching sensitive areas like scheduling code.

Education
1 of 34
Download to read offline
Manage custom kernel builds Marian HackMan Marinov CEO of 1H Ltd. CTO of GetClouder Ltd. <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan
Some definitions 3.X.Y
Some definitions 3.X.Y ➢ Major release (changes to this are rear)
Some definitions 3.X.Y ➢ Major release ➢ Minor release (the new Major :))
Some definitions 3.X.Y ➢ Major release ➢ Minor release ➢ Patch level (the new minor)
Some definitions ➢Mainline kernel - http://kernel.org ➢stable ➢release candidate (-rc) ➢next ➢long term support (LTS) ➢Distribution kernel ➢Debian ➢RedHat ➢SuSE ➢Project kernel ➢OpenVZ
Why do we need custom kernels? ➢Better performance ➢Faster boot times ➢More secure kernels(smaller attack serfice) ➢Monolithic kernels (does not work on machines with SW RAID or LVM) ➢Support custom drivers ➢Support features that are not included in the mainline ➢New features that are not supported by the distribution kernels
Support custom drivers ➢network interface drivers ➢storage drivers ➢vendor supplied drivers ➢sometimes require specific kernel version ➢ they should be either back or forward ported ➢require changes in the kernel in order to build/load properly Note: this does not happen often
Support custom features ➢Kpatch (live kernel patching) ➢kGraft (live kernel patching) ➢AUFS (Docker) ➢BFQ (I/O scheduling) ➢GRsecurity
Problems with the custom features ➢Irregular releases ➢Required specific kernel versions ➢No release for the kernel you have chosen
How to choose a kernel to build upon ➢TEST
How to choose a kernel to build upon ➢TEST, TEST
How to choose a kernel to build upon ➢TEST, TEST, TEST
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :)
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels
How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels ➢Test the performance
Test the new Kernel performance ➢Look at your own load ➢Try to break the kernel ➢try to replay your normal load 100 or 1000 times ➢try to break the kernel with community benchmarks ➢Do not compare 32 and 64 bit kernels ➢Test the performance between two kernels in a row ➢If you compare the performance between different major releases, do not include the new features
Test the new Kernel performance ➢I usually check if the following stay relatively the same ➢/proc/loadavg ➢/proc/schedstat ➢is the memory allocation keeps similar values ➢I/O performance ➢Network performance (use tcpreplay) ➢hardware functionality ➢software compatibility
Feature automation Initially ➢Create a branch with a name that should include the name of the kernel version you are using example kernel: 3.17.2 example branch name: grsec-3.17.2
Feature automation Second time 1. Check if you have a branch with the name of your feature (grsec-3.17.2) 2. Check if you have a branch that includes the name of the future and the version of your current kernel 3. Check if there are newer versions of the kernel 4. If there are no new versions(tags)... don't do anything 5. If there are new versions(tags)
Feature automation 6. Checkout the current branch into a new one named with the new version example: grsec-3.17.3 7. Rebase the new branch over the last released kernel version 1. If there are errors, send me an e-mail 2. If no errors are detected, commit 3. Rename the branch to reflect the new kernel version 9. Do some cleanup from time to time :) - You may move your archive branches into a separate repository
Feature automation Master featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 featureX-3.17.4
Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
Feature automation Master featureX-3.18 TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
The actual management ➢ this works ONLY for your own patches ➢ keep a list with all your patches ➢ clone the Linus repo
The actual management ➢ git pull ➢ if there are new tags, create a test branch with the tag's name: v3.17.2 -> test-kernel-3.17.2 ➢ for each patch branch that you keep ➢ checkout the current patch branch ➢ branch into a new name based on the new kernel version ➢ rebase ➢ checkout that branch ➢ copy my current kernel .config ➢ make olddefconfig (if it breaks, send me an e-mail)
Build ➢ Pull once a day or a little bit more often :) ➢ Build once a week or little bit more often :) ➢ If you are planning on upgrading this kernel, fix found conflicts at least every two weeks
What is next? ➢ Handling CVEs ➢ Kernel patch and build ➢ Kpatch or kGraft patch module generation ➢ Load the kpatch or kgraft ➢ Monitor the Linux Kernel Mailing List(LKML) for all subsystems of interest to you ➢ Do not try to monitor the LKML for everything... ➢ Backport the performance fixes made in new versions
What not to patch? ➢ Assembly code ➢ Crypto stuff ➢ Limit the architectures you write patches for ➢ Be extremely careful with: ➢ cpu schedule ➢ vm scheduler ➢ i/o schedule
What not to patch? Questions? <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan CEO of 1H Ltd. CTO of GetClouder Ltd.

Recommended

Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
LinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
LinuxCon ContainerCon CloudOpen China
 
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
NETWAYS
 
Kernel Recipes 2013 - Kernel for your device
Kernel Recipes 2013 - Kernel for your deviceKernel Recipes 2013 - Kernel for your device
Kernel Recipes 2013 - Kernel for your device
Anne Nicolas
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
Anne Nicolas
 
Introduction of unit test on android kernel
Introduction of unit test on android kernelIntroduction of unit test on android kernel
Introduction of unit test on android kernel
Johnson Chou
 
Rear automated testing with Bareos
Rear automated testing with BareosRear automated testing with Bareos
Rear automated testing with Bareos
Gratien D'haese
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
Vinay Jindal
 

Recommended

Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
LinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
LinuxCon ContainerCon CloudOpen China
 
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
NETWAYS
 
Kernel Recipes 2013 - Kernel for your device
Kernel Recipes 2013 - Kernel for your deviceKernel Recipes 2013 - Kernel for your device
Kernel Recipes 2013 - Kernel for your device
Anne Nicolas
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
Anne Nicolas
 
Introduction of unit test on android kernel
Introduction of unit test on android kernelIntroduction of unit test on android kernel
Introduction of unit test on android kernel
Johnson Chou
 
Rear automated testing with Bareos
Rear automated testing with BareosRear automated testing with Bareos
Rear automated testing with Bareos
Gratien D'haese
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
Vinay Jindal
 
Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10
Lợi Dương
 
Kernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a productKernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a product
Anne Nicolas
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
Miguel Angel
 
How to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of DraenorHow to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of Draenor
Mohit Maheshwari
 
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrantDevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
Felipe
 
Linux con europe_2014_f
Linux con europe_2014_fLinux con europe_2014_f
Linux con europe_2014_f
sprdd
 
Percona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testingPercona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testingRaghavendra Prabhu
 
Introduction to Selenium grid
Introduction to Selenium gridIntroduction to Selenium grid
Introduction to Selenium grid
Knoldus Inc.
 
Open ZFS Keynote (public)
Open ZFS Keynote (public)Open ZFS Keynote (public)
Open ZFS Keynote (public)
Dustin Kirkland
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
Richard Clark
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
Reusing your existing software on Android
Reusing your existing software on AndroidReusing your existing software on Android
Reusing your existing software on Android
Tetsuyuki Kobayashi
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemd
Yusaku OGAWA
 
Esx.sc.quickref
Esx.sc.quickrefEsx.sc.quickref
Esx.sc.quickref
hellocn
 
Nexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on LabNexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on Lab
Nexenta Systems
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebula Project
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
Vladimir Shakhov
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
All Things Open
 
Hacking+linux+kernel
Hacking+linux+kernelHacking+linux+kernel
Hacking+linux+kernelrobertsong
 

More Related Content

What's hot

Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10
Lợi Dương
 
Kernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a productKernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a product
Anne Nicolas
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
Miguel Angel
 
How to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of DraenorHow to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of Draenor
Mohit Maheshwari
 
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrantDevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
Felipe
 
Linux con europe_2014_f
Linux con europe_2014_fLinux con europe_2014_f
Linux con europe_2014_f
sprdd
 
Percona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testingPercona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testingRaghavendra Prabhu
 
Introduction to Selenium grid
Introduction to Selenium gridIntroduction to Selenium grid
Introduction to Selenium grid
Knoldus Inc.
 
Open ZFS Keynote (public)
Open ZFS Keynote (public)Open ZFS Keynote (public)
Open ZFS Keynote (public)
Dustin Kirkland
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
Richard Clark
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
Reusing your existing software on Android
Reusing your existing software on AndroidReusing your existing software on Android
Reusing your existing software on Android
Tetsuyuki Kobayashi
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemd
Yusaku OGAWA
 
Esx.sc.quickref
Esx.sc.quickrefEsx.sc.quickref
Esx.sc.quickref
hellocn
 
Nexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on LabNexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on Lab
Nexenta Systems
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebula Project
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
Vladimir Shakhov
 

What's hot (20)

Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10
 
Kernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a productKernel Recipes 2015: How to choose a kernel to ship with a product
Kernel Recipes 2015: How to choose a kernel to ship with a product
 
Proxmox ve-datasheet
Proxmox ve-datasheetProxmox ve-datasheet
Proxmox ve-datasheet
 
How to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of DraenorHow to make a WoW server Warlords of Draenor
How to make a WoW server Warlords of Draenor
 
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrantDevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
DevOps Series: Defining and Sharing Testable Machine Configurations with vagrant
 
Linux con europe_2014_f
Linux con europe_2014_fLinux con europe_2014_f
Linux con europe_2014_f
 
Percona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testingPercona XtraDB Cluster before every release: Glimpse into CI testing
Percona XtraDB Cluster before every release: Glimpse into CI testing
 
Introduction to Selenium grid
Introduction to Selenium gridIntroduction to Selenium grid
Introduction to Selenium grid
 
Open ZFS Keynote (public)
Open ZFS Keynote (public)Open ZFS Keynote (public)
Open ZFS Keynote (public)
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
 
Reusing your existing software on Android
Reusing your existing software on AndroidReusing your existing software on Android
Reusing your existing software on Android
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemd
 
Esx.sc.quickref
Esx.sc.quickrefEsx.sc.quickref
Esx.sc.quickref
 
Nexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on LabNexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on Lab
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 

Similar to Manage custom kernel builds

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
All Things Open
 
Hacking+linux+kernel
Hacking+linux+kernelHacking+linux+kernel
Hacking+linux+kernelrobertsong
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
SeongJae Park
 
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
Eunice Lin
 
Backing up thousands of containers
Backing up thousands of containersBacking up thousands of containers
Backing up thousands of containers
Marian Marinov
 
Direction of building ns2 using cygwin under windows system
Direction of building ns2 using cygwin under windows systemDirection of building ns2 using cygwin under windows system
Direction of building ns2 using cygwin under windows systemyahyaoui hamdi
 
Exadata Patching Demystified
Exadata Patching DemystifiedExadata Patching Demystified
Exadata Patching DemystifiedEnkitec
 
Linux Kernel Selftest Framework - Quality Control for New Releases
Linux Kernel Selftest Framework - Quality Control for New ReleasesLinux Kernel Selftest Framework - Quality Control for New Releases
Linux Kernel Selftest Framework - Quality Control for New Releases
Samsung Open Source Group
 
Part 01 Linux Kernel Compilation (Ubuntu)
Part 01 Linux Kernel Compilation (Ubuntu)Part 01 Linux Kernel Compilation (Ubuntu)
Part 01 Linux Kernel Compilation (Ubuntu)
Tushar B Kute
 
Containerize your Blackbox tests
Containerize your Blackbox testsContainerize your Blackbox tests
Containerize your Blackbox tests
Kevin Beeman
 
It's always sunny with OpenJ9
It's always sunny with OpenJ9It's always sunny with OpenJ9
It's always sunny with OpenJ9
DanHeidinga
 
Mancoosi
MancoosiMancoosi
Mancoosi
fOSSa - Free Open Source Software Academia Conference
 
Linux Kernel - Let's Contribute!
Linux Kernel - Let's Contribute!Linux Kernel - Let's Contribute!
Linux Kernel - Let's Contribute!
Levente Kurusa
 
Apache Kafka Setup with Zookeeper - SkillAnything.pdf
Apache Kafka Setup with Zookeeper - SkillAnything.pdfApache Kafka Setup with Zookeeper - SkillAnything.pdf
Apache Kafka Setup with Zookeeper - SkillAnything.pdf
SkillAnything
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
David Pasek
 
LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganeti
kawamuray
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebula Project
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Carlos Eduardo
 

Similar to Manage custom kernel builds (20)

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
 
Hacking+linux+kernel
Hacking+linux+kernelHacking+linux+kernel
Hacking+linux+kernel
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
 
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
Ubuntu初體驗:脫離邪惡微軟帝國吧!_150606
 
Backing up thousands of containers
Backing up thousands of containersBacking up thousands of containers
Backing up thousands of containers
 
Direction of building ns2 using cygwin under windows system
Direction of building ns2 using cygwin under windows systemDirection of building ns2 using cygwin under windows system
Direction of building ns2 using cygwin under windows system
 
Exadata Patching Demystified
Exadata Patching DemystifiedExadata Patching Demystified
Exadata Patching Demystified
 
html
htmlhtml
html
 
Linux Kernel Selftest Framework - Quality Control for New Releases
Linux Kernel Selftest Framework - Quality Control for New ReleasesLinux Kernel Selftest Framework - Quality Control for New Releases
Linux Kernel Selftest Framework - Quality Control for New Releases
 
Part 01 Linux Kernel Compilation (Ubuntu)
Part 01 Linux Kernel Compilation (Ubuntu)Part 01 Linux Kernel Compilation (Ubuntu)
Part 01 Linux Kernel Compilation (Ubuntu)
 
Containerize your Blackbox tests
Containerize your Blackbox testsContainerize your Blackbox tests
Containerize your Blackbox tests
 
It's always sunny with OpenJ9
It's always sunny with OpenJ9It's always sunny with OpenJ9
It's always sunny with OpenJ9
 
Mancoosi
MancoosiMancoosi
Mancoosi
 
Linux Kernel - Let's Contribute!
Linux Kernel - Let's Contribute!Linux Kernel - Let's Contribute!
Linux Kernel - Let's Contribute!
 
Apache Kafka Setup with Zookeeper - SkillAnything.pdf
Apache Kafka Setup with Zookeeper - SkillAnything.pdfApache Kafka Setup with Zookeeper - SkillAnything.pdf
Apache Kafka Setup with Zookeeper - SkillAnything.pdf
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
SVN Best Practices
SVN Best PracticesSVN Best Practices
SVN Best Practices
 
LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganeti
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5
 

More from Marian Marinov

How to implement PassKeys in your application
How to implement PassKeys in your applicationHow to implement PassKeys in your application
How to implement PassKeys in your application
Marian Marinov
 
Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & Logging
Marian Marinov
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
Marian Marinov
 
Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?
Marian Marinov
 
Introduction and replication to DragonflyDB
Introduction and replication to DragonflyDBIntroduction and replication to DragonflyDB
Introduction and replication to DragonflyDB
Marian Marinov
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMessage Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Marian Marinov
 
How to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfHow to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdf
Marian Marinov
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home era
Marian Marinov
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadmins
Marian Marinov
 
Improve your storage with bcachefs
Improve your storage with bcachefsImprove your storage with bcachefs
Improve your storage with bcachefs
Marian Marinov
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd
Marian Marinov
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
Marian Marinov
 
Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?
Marian Marinov
 
Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL server
Marian Marinov
 
Sysadmin vs. dev ops
Sysadmin vs. dev opsSysadmin vs. dev ops
Sysadmin vs. dev ops
Marian Marinov
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
Challenges with high density networks
Challenges with high density networksChallenges with high density networks
Challenges with high density networks
Marian Marinov
 
SiteGround building automation
SiteGround building automationSiteGround building automation
SiteGround building automation
Marian Marinov
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel tracking
Marian Marinov
 
Managing a lot of servers
Managing a lot of serversManaging a lot of servers
Managing a lot of servers
Marian Marinov
 

More from Marian Marinov (20)

How to implement PassKeys in your application
How to implement PassKeys in your applicationHow to implement PassKeys in your application
How to implement PassKeys in your application
 
Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & Logging
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
 
Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?
 
Introduction and replication to DragonflyDB
Introduction and replication to DragonflyDBIntroduction and replication to DragonflyDB
Introduction and replication to DragonflyDB
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMessage Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
 
How to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfHow to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdf
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home era
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadmins
 
Improve your storage with bcachefs
Improve your storage with bcachefsImprove your storage with bcachefs
Improve your storage with bcachefs
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
 
Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?
 
Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL server
 
Sysadmin vs. dev ops
Sysadmin vs. dev opsSysadmin vs. dev ops
Sysadmin vs. dev ops
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Challenges with high density networks
Challenges with high density networksChallenges with high density networks
Challenges with high density networks
 
SiteGround building automation
SiteGround building automationSiteGround building automation
SiteGround building automation
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel tracking
 
Managing a lot of servers
Managing a lot of serversManaging a lot of servers
Managing a lot of servers
 

Recently uploaded

The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 

Recently uploaded (20)

The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 

Manage custom kernel builds

  • 1. Manage custom kernel builds Marian HackMan Marinov CEO of 1H Ltd. CTO of GetClouder Ltd. <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan
  • 3. Some definitions 3.X.Y ➢ Major release (changes to this are rear)
  • 4. Some definitions 3.X.Y ➢ Major release ➢ Minor release (the new Major :))
  • 5. Some definitions 3.X.Y ➢ Major release ➢ Minor release ➢ Patch level (the new minor)
  • 6. Some definitions ➢Mainline kernel - http://kernel.org ➢stable ➢release candidate (-rc) ➢next ➢long term support (LTS) ➢Distribution kernel ➢Debian ➢RedHat ➢SuSE ➢Project kernel ➢OpenVZ
  • 7. Why do we need custom kernels? ➢Better performance ➢Faster boot times ➢More secure kernels(smaller attack serfice) ➢Monolithic kernels (does not work on machines with SW RAID or LVM) ➢Support custom drivers ➢Support features that are not included in the mainline ➢New features that are not supported by the distribution kernels
  • 8. Support custom drivers ➢network interface drivers ➢storage drivers ➢vendor supplied drivers ➢sometimes require specific kernel version ➢ they should be either back or forward ported ➢require changes in the kernel in order to build/load properly Note: this does not happen often
  • 9. Support custom features ➢Kpatch (live kernel patching) ➢kGraft (live kernel patching) ➢AUFS (Docker) ➢BFQ (I/O scheduling) ➢GRsecurity
  • 10. Problems with the custom features ➢Irregular releases ➢Required specific kernel versions ➢No release for the kernel you have chosen
  • 11. How to choose a kernel to build upon ➢TEST
  • 12. How to choose a kernel to build upon ➢TEST, TEST
  • 13. How to choose a kernel to build upon ➢TEST, TEST, TEST
  • 14. How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release
  • 15. How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :)
  • 16. How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule
  • 17. How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels
  • 18. How to choose a kernel to build upon ➢TEST, TEST, TEST ➢Build every major release ➢Try to experiment with x.y.1 or x.y.2 but not x.y.0 :) ➢The above is not a hard rule ➢Try LTS versions, but don't limit your self to these kernels ➢Test the performance
  • 19. Test the new Kernel performance ➢Look at your own load ➢Try to break the kernel ➢try to replay your normal load 100 or 1000 times ➢try to break the kernel with community benchmarks ➢Do not compare 32 and 64 bit kernels ➢Test the performance between two kernels in a row ➢If you compare the performance between different major releases, do not include the new features
  • 20. Test the new Kernel performance ➢I usually check if the following stay relatively the same ➢/proc/loadavg ➢/proc/schedstat ➢is the memory allocation keeps similar values ➢I/O performance ➢Network performance (use tcpreplay) ➢hardware functionality ➢software compatibility
  • 21. Feature automation Initially ➢Create a branch with a name that should include the name of the kernel version you are using example kernel: 3.17.2 example branch name: grsec-3.17.2
  • 22. Feature automation Second time 1. Check if you have a branch with the name of your feature (grsec-3.17.2) 2. Check if you have a branch that includes the name of the future and the version of your current kernel 3. Check if there are newer versions of the kernel 4. If there are no new versions(tags)... don't do anything 5. If there are new versions(tags)
  • 23. Feature automation 6. Checkout the current branch into a new one named with the new version example: grsec-3.17.3 7. Rebase the new branch over the last released kernel version 1. If there are errors, send me an e-mail 2. If no errors are detected, commit 3. Rename the branch to reflect the new kernel version 9. Do some cleanup from time to time :) - You may move your archive branches into a separate repository
  • 24. Feature automation Master featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
  • 25. Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2
  • 26. Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 featureX-3.17.4
  • 27. Feature automation Master TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
  • 28. Feature automation Master featureX-3.18 TAG featureX-3.17.3 v3.18 v3.17.4 v3.17.3 v3.17.2 TAG featureX-3.17.4
  • 29. The actual management ➢ this works ONLY for your own patches ➢ keep a list with all your patches ➢ clone the Linus repo
  • 30. The actual management ➢ git pull ➢ if there are new tags, create a test branch with the tag's name: v3.17.2 -> test-kernel-3.17.2 ➢ for each patch branch that you keep ➢ checkout the current patch branch ➢ branch into a new name based on the new kernel version ➢ rebase ➢ checkout that branch ➢ copy my current kernel .config ➢ make olddefconfig (if it breaks, send me an e-mail)
  • 31. Build ➢ Pull once a day or a little bit more often :) ➢ Build once a week or little bit more often :) ➢ If you are planning on upgrading this kernel, fix found conflicts at least every two weeks
  • 32. What is next? ➢ Handling CVEs ➢ Kernel patch and build ➢ Kpatch or kGraft patch module generation ➢ Load the kpatch or kgraft ➢ Monitor the Linux Kernel Mailing List(LKML) for all subsystems of interest to you ➢ Do not try to monitor the LKML for everything... ➢ Backport the performance fixes made in new versions
  • 33. What not to patch? ➢ Assembly code ➢ Crypto stuff ➢ Limit the architectures you write patches for ➢ Be extremely careful with: ➢ cpu schedule ➢ vm scheduler ➢ i/o schedule
  • 34. What not to patch? Questions? <mm @ 1h .com > ICQ: 7556201 Jabber: hackman@jabber.org IRC: irc.freenode.net HackMan CEO of 1H Ltd. CTO of GetClouder Ltd.