SlideShare ist ein Scribd-Unternehmen logo

Livepatch Support on ARM64 Architectures

L
LinuxCon ContainerCon CloudOpen China

This document discusses obstacles and solutions for supporting live kernel patching (livepatching) on ARM64 architecture. Livepatching allows patching a running kernel without reboots. It is currently only supported on x86, s390 and powerpc. For ARM64, the main obstacle is that the ARM64 calling convention stores return addresses in a link register rather than the stack. The document proposes a solution that extends the profile instrumentation to save and restore the link register, allowing ftrace to be adapted for ARM64 livepatching. It provides an overview of upstream work on gcc and kernel support to enable livepatching for ARM64.

Technologie
1 von 18
Downloaden Sie, um offline zu lesen
HUAWEI TECHNOLOGIES CO., LTD. Obstacles & Solutions for Livepatch Support on ARM64 Architecture Li Bin (李彬) / huawei.libin@huawei.com 2017/06/20
HUAWEI TECHNOLOGIES CO., LTD. Page 2 Agenda  Livepatch overview  Livepatch on x86  Obstacle for livepatch on ARM64  Solution to support livepatch on ARM64  Upstream status for ARM64 support  Questions?
HUAWEI TECHNOLOGIES CO., LTD. Page 3 Livepatch overview  Linux kernel dynamic live patching framework  Patch a running kernel  No reboots, no disruption to applications  Used for security and stability fixes  Oracle’s Ksplice / Suse’s Kgraft / Redhat’s Kpatch  Nov. 2014, Seth Jennings (Red Hat) submitted the first version to the mailing list  Feb. 2015, been merged in upstream (Linux 4.0)  By now, only supports x86/s390/powerpc architecture
HUAWEI TECHNOLOGIES CO., LTD. Page 4 Livepatch overview nop Old Function call return call mcount Old Function nop New Function call return Before Patching: After Patching: call ftrace livepatch return
HUAWEI TECHNOLOGIES CO., LTD. Page 5 Livepatch overview  Livepatch based on ftrace (FTRACE_WITH_REGS)  FTRACE_WITH_REGS based on gcc profile-before-prologue feature(mfentry)  But gcc for some arch (including ARM64), NOT support this feature  So how to remove the obstacles for these arch such as ARM64 ……
HUAWEI TECHNOLOGIES CO., LTD. Page 6 Livepatch overview  Livepatch based on ftrace  Ftrace based on gcc profile feature  What’s the gcc profile feature  use gcc –pg option to generate profile instruction
HUAWEI TECHNOLOGIES CO., LTD. Page 7 Livepatch overview call foo …… [prologue] call mcount [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return [prologue] call mcount [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook  Based on general gcc profile:
HUAWEI TECHNOLOGIES CO., LTD. Page 8 Livepatch overview  Limitations:  Old func & new func must have the same prologue  Otherwise, the control flow will be wrong!
HUAWEI TECHNOLOGIES CO., LTD. Page 9 Livepatch on X86  The solution to the limitation:  Gcc’s profile-before-prologue feature (mfentry)  Put the profile instruction at the entry of the function  Ftrace on x86 based on profile-before-prologue feature now  Only some architectures support this feature, but ARM64 not included!
HUAWEI TECHNOLOGIES CO., LTD. Page 10 Livepatch on X86  Based on gcc profile-before-prologue (-mfentry) on X86: call foo …… call mcount [prologue] [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return call mcount [prologue] [func body] return foo() foo_fix() mcount() livepatch The call inst automatically pushes pc to the stack (by hardware) Livepatch ftrace hook
HUAWEI TECHNOLOGIES CO., LTD. Page 11 Obstacle for livepatch on ARM64  Why not support profile-before-prologue feature on ARM64?  Procedure Call Standard brings the obstacle  On X86, the call instruction put the return address into the stack by hardware  On ARM64, the call instruction (BL or BLR) transfer the return address into the link register (LR)  So the LR should be saved by subroutine (in prologue), that the first routine instruction is never a call instruction on ARM64
HUAWEI TECHNOLOGIES CO., LTD. Page 12 Solution to support livepatch on ARM64  How to solve the obstacle and implement the profile-before-prologue?  Extend profile instruction into multiple instructions Save the LR in Stack stp x29, x30, [sp, #-16]! mov x29, sp bl <mcount> ldp x29, x30, [sp], #16 <function prologue> >> … Save the LR in Corruptible Register mov x9, x30 bl <mcount> mov x30, x9 <function prologue> ... Advantages: Smaller impact on performance More convenient adaption for ftrace code mov x9, x30 mov x9, x30 nop <--------------> bl <__fentry__> mov x30, x9 mov x30, x9 <function prologue> <function prologue>  Discussion: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/401352.html
HUAWEI TECHNOLOGIES CO., LTD. Page 13 Solution to support livepatch on ARM64  Solution to solve the obstacle on ARM64 bl foo …… mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return save regs bl stub restore regs ret to regs- >ip change regs->ip …… return mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook Extended profile instructions
HUAWEI TECHNOLOGIES CO., LTD. Page 14 Upstream status for ARM64 support  May 2015, I submitted the livepatch support patches for ARM64  Add support on ARM64 in kernel (including ftrace adaptation) https://lwn.net/Articles/646317/  Gcc support on ARM64  Support –mfentry feature on ARM64 in gcc https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00756.html
HUAWEI TECHNOLOGIES CO., LTD. Page 15 Upstream status for ARM64 support  Gcc support on ARM64  Add a new option -fpatchable-function-entry=N,M  generate a pad of N nops at beginning of each function suggested by Maxim Kuvyrkov from Linaro firstly http://thread.gmane.org/gmane.comp.gcc.devel/139984  Now, Torsten Duwe from Suse with best effort to push this feature https://gcc.gnu.org/ml/gcc-patches/2017-05/msg00213.html
HUAWEI TECHNOLOGIES CO., LTD. Page 16 Upstream status for ARM64 support  Further step after the gcc feature support for ARM64  ARM64 Ftrace & Livepatch adaptation  Patch module tools adaptation that convert diff patch to a patch module conveniently (such as kpatch-build from Redhat) https://github.com/dynup/kpatch/tree/master/kpatch-build
HUAWEI TECHNOLOGIES CO., LTD. Page 17 Questions?
Thank you www.huawei.com Copyright©2009 Huawei Technologies Co., Ltd. All Rights Reserved.

Empfohlen

64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVMLinuxCon ContainerCon CloudOpen China
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackLinuxCon ContainerCon CloudOpen China
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internalsLinuxCon ContainerCon CloudOpen China
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootLinuxCon ContainerCon CloudOpen China
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64LinuxCon ContainerCon CloudOpen China
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMNelson Elhage
 

Empfohlen

64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVMLinuxCon ContainerCon CloudOpen China
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackLinuxCon ContainerCon CloudOpen China
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internalsLinuxCon ContainerCon CloudOpen China
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootLinuxCon ContainerCon CloudOpen China
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64LinuxCon ContainerCon CloudOpen China
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMNelson Elhage
 
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelThe Linux Foundation
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based RoutingHungWei Chiu
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixThe Linux Foundation
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsThe Linux Foundation
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiThe Linux Foundation
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. LinuxCon ContainerCon CloudOpen China
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...The Linux Foundation
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on LabMichelle Holley
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEThe Linux Foundation
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvmUdayendu Kar
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntuSim Janghoon
 
Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersLinuxCon ContainerCon CloudOpen China
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API CertificationLinuxCon ContainerCon CloudOpen China
 

Weitere ähnliche Inhalte

Was ist angesagt?

XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelThe Linux Foundation
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based RoutingHungWei Chiu
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixThe Linux Foundation
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsThe Linux Foundation
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiThe Linux Foundation
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...The Linux Foundation
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on LabMichelle Holley
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEThe Linux Foundation
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntuSim Janghoon
 

Was ist angesagt? (20)

XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, IntelXPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
XPDS14 - Xen as High-Performance NFV Platform - Jun Nakajima, Intel
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
 
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius SystemsXPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
XPDS14 - OSv - A Modern Semi-POSIX LibraryOS - Glauber Costa, Cloudius Systems
 
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, HuaweiXPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
XPDS16: Xen Scalability Analysis - Weidong Han, Zhichao Huang & Wei Yang, Huawei
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
 
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
XPDS14 - Intel(r) Virtualization Technology for Directed I/O (VT-d) Posted In...
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
 

Andere mochten auch

Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersLinuxCon ContainerCon CloudOpen China
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling LinuxCon ContainerCon CloudOpen China
 

Andere mochten auch (20)

Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and Containers
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
 
GPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor GraphicsGPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor Graphics
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
Policy-based Resource Placement
Policy-based Resource PlacementPolicy-based Resource Placement
Policy-based Resource Placement
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Introduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving ContainerIntroduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving Container
 
Make Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineMake Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container Engine
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
From Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering PrimerFrom Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering Primer
 
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
 
Open Source Software Business Models Redux
Open Source Software Business Models ReduxOpen Source Software Business Models Redux
Open Source Software Business Models Redux
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
 
Fully automated kubernetes deployment and management
Fully automated kubernetes deployment and managementFully automated kubernetes deployment and management
Fully automated kubernetes deployment and management
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do Standardization
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
 

Ähnlich wie Livepatch Support on ARM64 Architectures

Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...inside-BigData.com
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!OPNFV
 
Cray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best PracticesCray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best PracticesJeff Larkin
 
LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201Linaro
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-optJeff Larkin
 
Introduction to .NET Micro Framework Development
Introduction to .NET Micro Framework DevelopmentIntroduction to .NET Micro Framework Development
Introduction to .NET Micro Framework Developmentchristopherfairbairn
 
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek VasutEmbedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek VasutAnne Nicolas
 
From Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHPFrom Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHPAlbert Chen
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...InfluxData
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...ryancox
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeAnderson Bassani
 
2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors SeriesShawn Wells
 
2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council MeetingShawn Wells
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Akihiro Hayashi
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share.Gastón. .Bx.
 
HBase at Xiaomi
HBase at XiaomiHBase at Xiaomi
HBase at XiaomiHBaseCon
 
Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?Wim Godden
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
Programar En Fortran
Programar En FortranProgramar En Fortran
Programar En FortranSaul Bernal
 

Ähnlich wie Livepatch Support on ARM64 Architectures (20)

Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
 
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!
 
Cray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best PracticesCray XT Porting, Scaling, and Optimization Best Practices
Cray XT Porting, Scaling, and Optimization Best Practices
 
LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201LCU14 114- Upstreaming 201
LCU14 114- Upstreaming 201
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
 
Introduction to .NET Micro Framework Development
Introduction to .NET Micro Framework DevelopmentIntroduction to .NET Micro Framework Development
Introduction to .NET Micro Framework Development
 
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek VasutEmbedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
Embedded Recipes 2018 - SoC+FPGA update in 2018 - Marek Vasut
 
From Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHPFrom Generator to Fiber the Road to Coroutine in PHP
From Generator to Fiber the Road to Coroutine in PHP
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
 
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
Developing Applications for Beagle Bone Black, Raspberry Pi and SoC Single Bo...
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
 
2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series2008-06-25 Marist System z Summer Professors Series
2008-06-25 Marist System z Summer Professors Series
 
2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting2009-03-13 Atlanda System z Council Meeting
2009-03-13 Atlanda System z Council Meeting
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share
 
HBase at Xiaomi
HBase at XiaomiHBase at Xiaomi
HBase at Xiaomi
 
Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?Is your code ready for PHP 7 ?
Is your code ready for PHP 7 ?
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
 
Programar En Fortran
Programar En FortranProgramar En Fortran
Programar En Fortran
 
2010 JNUG BoF
2010 JNUG BoF2010 JNUG BoF
2010 JNUG BoF
 

Mehr von LinuxCon ContainerCon CloudOpen China

High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 

Mehr von LinuxCon ContainerCon CloudOpen China (10)

Building a Better Thermostat
Building a Better ThermostatBuilding a Better Thermostat
Building a Better Thermostat
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
OCI Support in Mesos
OCI Support in MesosOCI Support in Mesos
OCI Support in Mesos
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Container Security
Container SecurityContainer Security
Container Security
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 

Kürzlich hochgeladen

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Kürzlich hochgeladen (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Livepatch Support on ARM64 Architectures

  • 1. HUAWEI TECHNOLOGIES CO., LTD. Obstacles & Solutions for Livepatch Support on ARM64 Architecture Li Bin (李彬) / huawei.libin@huawei.com 2017/06/20
  • 2. HUAWEI TECHNOLOGIES CO., LTD. Page 2 Agenda  Livepatch overview  Livepatch on x86  Obstacle for livepatch on ARM64  Solution to support livepatch on ARM64  Upstream status for ARM64 support  Questions?
  • 3. HUAWEI TECHNOLOGIES CO., LTD. Page 3 Livepatch overview  Linux kernel dynamic live patching framework  Patch a running kernel  No reboots, no disruption to applications  Used for security and stability fixes  Oracle’s Ksplice / Suse’s Kgraft / Redhat’s Kpatch  Nov. 2014, Seth Jennings (Red Hat) submitted the first version to the mailing list  Feb. 2015, been merged in upstream (Linux 4.0)  By now, only supports x86/s390/powerpc architecture
  • 4. HUAWEI TECHNOLOGIES CO., LTD. Page 4 Livepatch overview nop Old Function call return call mcount Old Function nop New Function call return Before Patching: After Patching: call ftrace livepatch return
  • 5. HUAWEI TECHNOLOGIES CO., LTD. Page 5 Livepatch overview  Livepatch based on ftrace (FTRACE_WITH_REGS)  FTRACE_WITH_REGS based on gcc profile-before-prologue feature(mfentry)  But gcc for some arch (including ARM64), NOT support this feature  So how to remove the obstacles for these arch such as ARM64 ……
  • 6. HUAWEI TECHNOLOGIES CO., LTD. Page 6 Livepatch overview  Livepatch based on ftrace  Ftrace based on gcc profile feature  What’s the gcc profile feature  use gcc –pg option to generate profile instruction
  • 7. HUAWEI TECHNOLOGIES CO., LTD. Page 7 Livepatch overview call foo …… [prologue] call mcount [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return [prologue] call mcount [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook  Based on general gcc profile:
  • 8. HUAWEI TECHNOLOGIES CO., LTD. Page 8 Livepatch overview  Limitations:  Old func & new func must have the same prologue  Otherwise, the control flow will be wrong!
  • 9. HUAWEI TECHNOLOGIES CO., LTD. Page 9 Livepatch on X86  The solution to the limitation:  Gcc’s profile-before-prologue feature (mfentry)  Put the profile instruction at the entry of the function  Ftrace on x86 based on profile-before-prologue feature now  Only some architectures support this feature, but ARM64 not included!
  • 10. HUAWEI TECHNOLOGIES CO., LTD. Page 10 Livepatch on X86  Based on gcc profile-before-prologue (-mfentry) on X86: call foo …… call mcount [prologue] [func body] return save regs call stub restore regs ret to regs->ip change regs->ip …… return call mcount [prologue] [func body] return foo() foo_fix() mcount() livepatch The call inst automatically pushes pc to the stack (by hardware) Livepatch ftrace hook
  • 11. HUAWEI TECHNOLOGIES CO., LTD. Page 11 Obstacle for livepatch on ARM64  Why not support profile-before-prologue feature on ARM64?  Procedure Call Standard brings the obstacle  On X86, the call instruction put the return address into the stack by hardware  On ARM64, the call instruction (BL or BLR) transfer the return address into the link register (LR)  So the LR should be saved by subroutine (in prologue), that the first routine instruction is never a call instruction on ARM64
  • 12. HUAWEI TECHNOLOGIES CO., LTD. Page 12 Solution to support livepatch on ARM64  How to solve the obstacle and implement the profile-before-prologue?  Extend profile instruction into multiple instructions Save the LR in Stack stp x29, x30, [sp, #-16]! mov x29, sp bl <mcount> ldp x29, x30, [sp], #16 <function prologue> >> … Save the LR in Corruptible Register mov x9, x30 bl <mcount> mov x30, x9 <function prologue> ... Advantages: Smaller impact on performance More convenient adaption for ftrace code mov x9, x30 mov x9, x30 nop <--------------> bl <__fentry__> mov x30, x9 mov x30, x9 <function prologue> <function prologue>  Discussion: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/401352.html
  • 13. HUAWEI TECHNOLOGIES CO., LTD. Page 13 Solution to support livepatch on ARM64  Solution to solve the obstacle on ARM64 bl foo …… mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return save regs bl stub restore regs ret to regs- >ip change regs->ip …… return mov x9, x30 bl mcount mov x30, x9 [prologue] [func body] return foo() foo_fix() mcount() livepatch Livepatch ftrace hook Extended profile instructions
  • 14. HUAWEI TECHNOLOGIES CO., LTD. Page 14 Upstream status for ARM64 support  May 2015, I submitted the livepatch support patches for ARM64  Add support on ARM64 in kernel (including ftrace adaptation) https://lwn.net/Articles/646317/  Gcc support on ARM64  Support –mfentry feature on ARM64 in gcc https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00756.html
  • 15. HUAWEI TECHNOLOGIES CO., LTD. Page 15 Upstream status for ARM64 support  Gcc support on ARM64  Add a new option -fpatchable-function-entry=N,M  generate a pad of N nops at beginning of each function suggested by Maxim Kuvyrkov from Linaro firstly http://thread.gmane.org/gmane.comp.gcc.devel/139984  Now, Torsten Duwe from Suse with best effort to push this feature https://gcc.gnu.org/ml/gcc-patches/2017-05/msg00213.html
  • 16. HUAWEI TECHNOLOGIES CO., LTD. Page 16 Upstream status for ARM64 support  Further step after the gcc feature support for ARM64  ARM64 Ftrace & Livepatch adaptation  Patch module tools adaptation that convert diff patch to a patch module conveniently (such as kpatch-build from Redhat) https://github.com/dynup/kpatch/tree/master/kpatch-build
  • 17. HUAWEI TECHNOLOGIES CO., LTD. Page 17 Questions?
  • 18. Thank you www.huawei.com Copyright©2009 Huawei Technologies Co., Ltd. All Rights Reserved.