SlideShare a Scribd company logo

Obstacles & Solutions for Livepatch Support on ARM64 Architecture

L
LinuxCon ContainerCon CloudOpen China

This document discusses obstacles and solutions for supporting live kernel patching (livepatching) on ARM64 architecture. Livepatching allows patching a running kernel without reboots. It is currently only supported on x86, s390 and powerpc. For ARM64, the main obstacle is that the ARM64 calling convention stores return addresses in a link register rather than the stack. The document proposes a solution that extends the profile instrumentation to save and restore the link register, allowing ftrace to be adapted for ARM64 livepatching. It provides an overview of upstream work on gcc and kernel support to enable livepatching for ARM64.

1 of 18
Download to read offline
HUAWEI TECHNOLOGIES CO., LTD. Obstacles & Solutions for Livepatch Support on ARM64 Architecture Li Bin (李彬) / huawei.libin@huawei.com 2017/06/20
HUAWEI TECHNOLOGIES CO., LTD. Page 2 Agenda  Livepatch overview  Livepatch on x86  Obstacle for livepatch on ARM64  Solution to support livepatch on ARM64  Upstream status for ARM64 support  Questions?
HUAWEI TECHNOLOGIES CO., LTD. Page 3 Livepatch overview  Linux kernel dynamic live patching framework  Patch a running kernel  No reboots, no disruption to applications  Used for security and stability fixes  Oracle’s Ksplice / Suse’s Kgraft / Redhat’s Kpatch  Nov. 2014, Seth Jennings (Red Hat) submitted the first version to the mailing list  Feb. 2015, been merged in upstream (Linux 4.0)  By now, only supports x86/s390/powerpc architecture
HUAWEI TECHNOLOGIES CO., LTD. Page 4 Livepatch overview nop Old Function call return call mcount Old Function nop New Function call return Before Patching: After Patching: call ftrace livepatch return
HUAWEI TECHNOLOGIES CO., LTD. Page 5 Livepatch overview  Livepatch based on ftrace (FTRACE_WITH_REGS)  FTRACE_WITH_REGS based on gcc profile-before-prologue feature(mfentry)  But gcc for some arch (including ARM64), NOT support this feature  So how to remove the obstacles for these arch such as ARM64 ……
HUAWEI TECHNOLOGIES CO., LTD. Page 6 Livepatch overview  Livepatch based on ftrace  Ftrace based on gcc profile feature  What’s the gcc profile feature  use gcc –pg option to generate profile instruction
HUAWEI TECHNOLOGIES CO., LTD. Page 7 Livepatch overview call foo …… [prologue] call mcount [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return [prologue] call mcount [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook  Based on general gcc profile:
HUAWEI TECHNOLOGIES CO., LTD. Page 8 Livepatch overview  Limitations:  Old func & new func must have the same prologue  Otherwise, the control flow will be wrong!
HUAWEI TECHNOLOGIES CO., LTD. Page 9 Livepatch on X86  The solution to the limitation:  Gcc’s profile-before-prologue feature (mfentry)  Put the profile instruction at the entry of the function  Ftrace on x86 based on profile-before-prologue feature now  Only some architectures support this feature, but ARM64 not included!
HUAWEI TECHNOLOGIES CO., LTD. Page 10 Livepatch on X86  Based on gcc profile-before-prologue (-mfentry) on X86: call foo …… call mcount [prologue] [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return call mcount [prologue] [func body] return foo() foo_fix() mcount() livepatch The call inst automatically pushes pc to the stack (by hardware) Livepatch ftrace hook
HUAWEI TECHNOLOGIES CO., LTD. Page 11 Obstacle for livepatch on ARM64  Why not support profile-before-prologue feature on ARM64?  Procedure Call Standard brings the obstacle  On X86, the call instruction put the return address into the stack by hardware  On ARM64, the call instruction (BL or BLR) transfer the return address into the link register (LR)  So the LR should be saved by subroutine (in prologue), that the first routine instruction is never a call instruction on ARM64
HUAWEI TECHNOLOGIES CO., LTD. Page 12 Solution to support livepatch on ARM64  How to solve the obstacle and implement the profile-before-prologue?  Extend profile instruction into multiple instructions Save the LR in Stack stp x29, x30, [sp, #-16]! mov x29, sp bl <mcount> ldp x29, x30, [sp], #16 <function prologue> >> … Save the LR in Corruptible Register mov x9, x30 bl <mcount> mov x30, x9 <function prologue> ... Advantages: Smaller impact on performance More convenient adaption for ftrace code mov x9, x30 mov x9, x30 nop <--------------> bl <__fentry__> mov x30, x9 mov x30, x9 <function prologue> <function prologue>  Discussion: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/401352.html
HUAWEI TECHNOLOGIES CO., LTD. Page 13 Solution to support livepatch on ARM64  Solution to solve the obstacle on ARM64 bl foo …… mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return save regs bl stub restore regs ret to regs- >ip change regs->ip …… return mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook Extended profile instructions
HUAWEI TECHNOLOGIES CO., LTD. Page 14 Upstream status for ARM64 support  May 2015, I submitted the livepatch support patches for ARM64  Add support on ARM64 in kernel (including ftrace adaptation) https://lwn.net/Articles/646317/  Gcc support on ARM64  Support –mfentry feature on ARM64 in gcc https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00756.html
HUAWEI TECHNOLOGIES CO., LTD. Page 15 Upstream status for ARM64 support  Gcc support on ARM64  Add a new option -fpatchable-function-entry=N,M  generate a pad of N nops at beginning of each function suggested by Maxim Kuvyrkov from Linaro firstly http://thread.gmane.org/gmane.comp.gcc.devel/139984  Now, Torsten Duwe from Suse with best effort to push this feature https://gcc.gnu.org/ml/gcc-patches/2017-05/msg00213.html
HUAWEI TECHNOLOGIES CO., LTD. Page 16 Upstream status for ARM64 support  Further step after the gcc feature support for ARM64  ARM64 Ftrace & Livepatch adaptation  Patch module tools adaptation that convert diff patch to a patch module conveniently (such as kpatch-build from Redhat) https://github.com/dynup/kpatch/tree/master/kpatch-build
HUAWEI TECHNOLOGIES CO., LTD. Page 17 Questions?
Thank you www.huawei.com Copyright©2009 Huawei Technologies Co., Ltd. All Rights Reserved.

Recommended

64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM
LinuxCon ContainerCon CloudOpen China
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
LinuxCon ContainerCon CloudOpen China
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
LinuxCon ContainerCon CloudOpen China
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS Boot
LinuxCon ContainerCon CloudOpen China
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
The Linux Foundation
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
LinuxCon ContainerCon CloudOpen China
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64
LinuxCon ContainerCon CloudOpen China
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVM
Nelson Elhage
 

Recommended

64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM
LinuxCon ContainerCon CloudOpen China
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
LinuxCon ContainerCon CloudOpen China
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
LinuxCon ContainerCon CloudOpen China
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS Boot
LinuxCon ContainerCon CloudOpen China
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
The Linux Foundation
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
LinuxCon ContainerCon CloudOpen China
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64
LinuxCon ContainerCon CloudOpen China
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVM
Nelson Elhage
 
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
The Linux Foundation
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
Pradeep Kumar
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
HungWei Chiu
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
The Linux Foundation
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
The Linux Foundation
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
The Linux Foundation
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
Anne Nicolas
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
The Linux Foundation
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
Michelle Holley
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
HungWei Chiu
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
The Linux Foundation
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
Udayendu Kar
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
Pradeep Kumar
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
The Linux Foundation
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
Vladimir Shakhov
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
Sim Janghoon
 
Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and Containers
LinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
LinuxCon ContainerCon CloudOpen China
 

More Related Content

What's hot

XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
The Linux Foundation
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
Pradeep Kumar
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
HungWei Chiu
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
The Linux Foundation
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
The Linux Foundation
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
The Linux Foundation
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
Anne Nicolas
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
The Linux Foundation
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
Michelle Holley
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
HungWei Chiu
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
The Linux Foundation
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
Udayendu Kar
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
Pradeep Kumar
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
The Linux Foundation
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
Vladimir Shakhov
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
Sim Janghoon
 

What's hot (20)

XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
 

Viewers also liked

Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and Containers
LinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
LinuxCon ContainerCon CloudOpen China
 
GPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor GraphicsGPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor Graphics
LinuxCon ContainerCon CloudOpen China
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
LinuxCon ContainerCon CloudOpen China
 
Policy-based Resource Placement
Policy-based Resource PlacementPolicy-based Resource Placement
Policy-based Resource Placement
LinuxCon ContainerCon CloudOpen China
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
LinuxCon ContainerCon CloudOpen China
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
LinuxCon ContainerCon CloudOpen China
 
Introduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving ContainerIntroduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving Container
LinuxCon ContainerCon CloudOpen China
 
Make Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineMake Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container Engine
LinuxCon ContainerCon CloudOpen China
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
LinuxCon ContainerCon CloudOpen China
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
LinuxCon ContainerCon CloudOpen China
 
From Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering PrimerFrom Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering Primer
LinuxCon ContainerCon CloudOpen China
 
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
LinuxCon ContainerCon CloudOpen China
 
Open Source Software Business Models Redux
Open Source Software Business Models ReduxOpen Source Software Business Models Redux
Open Source Software Business Models Redux
LinuxCon ContainerCon CloudOpen China
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
LinuxCon ContainerCon CloudOpen China
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
LinuxCon ContainerCon CloudOpen China
 
Fully automated kubernetes deployment and management
Fully automated kubernetes deployment and managementFully automated kubernetes deployment and management
Fully automated kubernetes deployment and management
LinuxCon ContainerCon CloudOpen China
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do Standardization
LinuxCon ContainerCon CloudOpen China
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling
LinuxCon ContainerCon CloudOpen China
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
LinuxCon ContainerCon CloudOpen China
 

Viewers also liked (20)

Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and Containers
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
 
GPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor GraphicsGPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor Graphics
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
Policy-based Resource Placement
Policy-based Resource PlacementPolicy-based Resource Placement
Policy-based Resource Placement
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Introduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving ContainerIntroduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving Container
 
Make Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineMake Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container Engine
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
From Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering PrimerFrom Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering Primer
 
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
 
Open Source Software Business Models Redux
Open Source Software Business Models ReduxOpen Source Software Business Models Redux
Open Source Software Business Models Redux
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
 
Fully automated kubernetes deployment and management
Fully automated kubernetes deployment and managementFully automated kubernetes deployment and management
Fully automated kubernetes deployment and management
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do Standardization
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
 

Similar to Obstacles & Solutions for Livepatch Support on ARM64 Architecture

Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
inside-BigData.com
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
OPNFV
 
Cray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best PracticesCray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best Practices
Jeff Larkin
 
LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201
Linaro
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
Jeff Larkin
 
Introduction to .NET Micro Framework Development
Introduction to .NET Micro Framework DevelopmentIntroduction to .NET Micro Framework Development
Introduction to .NET Micro Framework Development
christopherfairbairn
 
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek VasutEmbedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Anne Nicolas
 
From Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHPFrom Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHP
Albert Chen
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
InfluxData
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
ryancox
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Anderson Bassani
 
2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series
Shawn Wells
 
2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting
Shawn Wells
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Akihiro Hayashi
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share
.Gastón. .Bx.
 
HBase at Xiaomi
HBase at XiaomiHBase at Xiaomi
HBase at Xiaomi
HBaseCon
 
Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?
Wim Godden
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
Shawn Wells
 
Programar En Fortran
Programar En FortranProgramar En Fortran
Programar En Fortran
Saul Bernal
 
2010 JNUG BoF
2010 JNUG BoF2010 JNUG BoF
2010 JNUG BoF
NOZAKI Takehiko
 

Similar to Obstacles & Solutions for Livepatch Support on ARM64 Architecture (20)

Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
 
Cray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best PracticesCray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best Practices
 
LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
 
Introduction to .NET Micro Framework Development
Introduction to .NET Micro Framework DevelopmentIntroduction to .NET Micro Framework Development
Introduction to .NET Micro Framework Development
 
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek VasutEmbedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
 
From Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHPFrom Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHP
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
 
2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series
 
2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share
 
HBase at Xiaomi
HBase at XiaomiHBase at Xiaomi
HBase at Xiaomi
 
Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
 
Programar En Fortran
Programar En FortranProgramar En Fortran
Programar En Fortran
 
2010 JNUG BoF
2010 JNUG BoF2010 JNUG BoF
2010 JNUG BoF
 

More from LinuxCon ContainerCon CloudOpen China

Building a Better Thermostat
Building a Better ThermostatBuilding a Better Thermostat
Building a Better Thermostat
LinuxCon ContainerCon CloudOpen China
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
LinuxCon ContainerCon CloudOpen China
 
OCI Support in Mesos
OCI Support in MesosOCI Support in Mesos
OCI Support in Mesos
LinuxCon ContainerCon CloudOpen China
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
LinuxCon ContainerCon CloudOpen China
 
Container Security
Container SecurityContainer Security
Container Security
LinuxCon ContainerCon CloudOpen China
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
LinuxCon ContainerCon CloudOpen China
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
LinuxCon ContainerCon CloudOpen China
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
LinuxCon ContainerCon CloudOpen China
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
LinuxCon ContainerCon CloudOpen China
 

More from LinuxCon ContainerCon CloudOpen China (10)

Building a Better Thermostat
Building a Better ThermostatBuilding a Better Thermostat
Building a Better Thermostat
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
OCI Support in Mesos
OCI Support in MesosOCI Support in Mesos
OCI Support in Mesos
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Container Security
Container SecurityContainer Security
Container Security
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 

Recently uploaded

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 

Recently uploaded (20)

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 

Obstacles & Solutions for Livepatch Support on ARM64 Architecture

  • 1. HUAWEI TECHNOLOGIES CO., LTD. Obstacles & Solutions for Livepatch Support on ARM64 Architecture Li Bin (李彬) / huawei.libin@huawei.com 2017/06/20
  • 2. HUAWEI TECHNOLOGIES CO., LTD. Page 2 Agenda  Livepatch overview  Livepatch on x86  Obstacle for livepatch on ARM64  Solution to support livepatch on ARM64  Upstream status for ARM64 support  Questions?
  • 3. HUAWEI TECHNOLOGIES CO., LTD. Page 3 Livepatch overview  Linux kernel dynamic live patching framework  Patch a running kernel  No reboots, no disruption to applications  Used for security and stability fixes  Oracle’s Ksplice / Suse’s Kgraft / Redhat’s Kpatch  Nov. 2014, Seth Jennings (Red Hat) submitted the first version to the mailing list  Feb. 2015, been merged in upstream (Linux 4.0)  By now, only supports x86/s390/powerpc architecture
  • 4. HUAWEI TECHNOLOGIES CO., LTD. Page 4 Livepatch overview nop Old Function call return call mcount Old Function nop New Function call return Before Patching: After Patching: call ftrace livepatch return
  • 5. HUAWEI TECHNOLOGIES CO., LTD. Page 5 Livepatch overview  Livepatch based on ftrace (FTRACE_WITH_REGS)  FTRACE_WITH_REGS based on gcc profile-before-prologue feature(mfentry)  But gcc for some arch (including ARM64), NOT support this feature  So how to remove the obstacles for these arch such as ARM64 ……
  • 6. HUAWEI TECHNOLOGIES CO., LTD. Page 6 Livepatch overview  Livepatch based on ftrace  Ftrace based on gcc profile feature  What’s the gcc profile feature  use gcc –pg option to generate profile instruction
  • 7. HUAWEI TECHNOLOGIES CO., LTD. Page 7 Livepatch overview call foo …… [prologue] call mcount [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return [prologue] call mcount [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook  Based on general gcc profile:
  • 8. HUAWEI TECHNOLOGIES CO., LTD. Page 8 Livepatch overview  Limitations:  Old func & new func must have the same prologue  Otherwise, the control flow will be wrong!
  • 9. HUAWEI TECHNOLOGIES CO., LTD. Page 9 Livepatch on X86  The solution to the limitation:  Gcc’s profile-before-prologue feature (mfentry)  Put the profile instruction at the entry of the function  Ftrace on x86 based on profile-before-prologue feature now  Only some architectures support this feature, but ARM64 not included!
  • 10. HUAWEI TECHNOLOGIES CO., LTD. Page 10 Livepatch on X86  Based on gcc profile-before-prologue (-mfentry) on X86: call foo …… call mcount [prologue] [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return call mcount [prologue] [func body] return foo() foo_fix() mcount() livepatch The call inst automatically pushes pc to the stack (by hardware) Livepatch ftrace hook
  • 11. HUAWEI TECHNOLOGIES CO., LTD. Page 11 Obstacle for livepatch on ARM64  Why not support profile-before-prologue feature on ARM64?  Procedure Call Standard brings the obstacle  On X86, the call instruction put the return address into the stack by hardware  On ARM64, the call instruction (BL or BLR) transfer the return address into the link register (LR)  So the LR should be saved by subroutine (in prologue), that the first routine instruction is never a call instruction on ARM64
  • 12. HUAWEI TECHNOLOGIES CO., LTD. Page 12 Solution to support livepatch on ARM64  How to solve the obstacle and implement the profile-before-prologue?  Extend profile instruction into multiple instructions Save the LR in Stack stp x29, x30, [sp, #-16]! mov x29, sp bl <mcount> ldp x29, x30, [sp], #16 <function prologue> >> … Save the LR in Corruptible Register mov x9, x30 bl <mcount> mov x30, x9 <function prologue> ... Advantages: Smaller impact on performance More convenient adaption for ftrace code mov x9, x30 mov x9, x30 nop <--------------> bl <__fentry__> mov x30, x9 mov x30, x9 <function prologue> <function prologue>  Discussion: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/401352.html
  • 13. HUAWEI TECHNOLOGIES CO., LTD. Page 13 Solution to support livepatch on ARM64  Solution to solve the obstacle on ARM64 bl foo …… mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return save regs bl stub restore regs ret to regs- >ip change regs->ip …… return mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook Extended profile instructions
  • 14. HUAWEI TECHNOLOGIES CO., LTD. Page 14 Upstream status for ARM64 support  May 2015, I submitted the livepatch support patches for ARM64  Add support on ARM64 in kernel (including ftrace adaptation) https://lwn.net/Articles/646317/  Gcc support on ARM64  Support –mfentry feature on ARM64 in gcc https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00756.html
  • 15. HUAWEI TECHNOLOGIES CO., LTD. Page 15 Upstream status for ARM64 support  Gcc support on ARM64  Add a new option -fpatchable-function-entry=N,M  generate a pad of N nops at beginning of each function suggested by Maxim Kuvyrkov from Linaro firstly http://thread.gmane.org/gmane.comp.gcc.devel/139984  Now, Torsten Duwe from Suse with best effort to push this feature https://gcc.gnu.org/ml/gcc-patches/2017-05/msg00213.html
  • 16. HUAWEI TECHNOLOGIES CO., LTD. Page 16 Upstream status for ARM64 support  Further step after the gcc feature support for ARM64  ARM64 Ftrace & Livepatch adaptation  Patch module tools adaptation that convert diff patch to a patch module conveniently (such as kpatch-build from Redhat) https://github.com/dynup/kpatch/tree/master/kpatch-build
  • 17. HUAWEI TECHNOLOGIES CO., LTD. Page 17 Questions?
  • 18. Thank you www.huawei.com Copyright©2009 Huawei Technologies Co., Ltd. All Rights Reserved.