A whirlwind tour of what has been happening in the kernel development community and what can be expected in the near future.
The Linux kernel is at the core of any Linux system; the performance and capabilities of the kernel will, in the end, place an upper bound on what the system as a whole can do. This talk will review recent events in the kernel development community, discuss the current state of the kernel and the challenges it faces, and look forward to how the kernel may address those challenges. Attendees of any technical ability should gain a better understanding of how the kernel got to its current state and what can be expected in the near future.
12. Let’s compare
Meltdown
Fix developed in public
In good shape at disclosure
Relative uniformity
Spectre
Fixes done in private
Not ready at disclosure
Did not survive into mainline
13. The fact that this patch made it through the
maintainers is probably a late effect of the
secrecy that covered all the Spectre/Meltdown
work one year ago.
— Paolo Bonzini, November 29
26. Current stable kernels
Release Original Changes
4.19.4 Oct 2018 636
4.18.19 Aug 2018 2,284
4.14.82 Nov 2017 8,051
4.9.139 Dec 2016 10,431
4.4.163 Jan 2016 9,924
3.18.125 Dec 2014 7,626
28. -stable initiatives
Longer-term support
4.4 until 2022, 4.9 to 2023
CIP looking at 10-20 years of support!
Catching more fixes
4.9→4.9.139: 10,431 changes
4.9→4.19: 149,000 changes
32. The illusion to support a product for 20 years with
software from 20 years ago has been destroyed
long ago, but still people cling to it for any price.
— Thomas Gleixner
33. The solution?
Move older systems to newer kernels
(current long-term stable)
All the latest fixes – and features too
The best kernel we know how to make
42. Where BPF shows up
Security policy decisions
seccomp
Landlock security module
43. Where BPF shows up
Security policy decisions
seccomp
Landlock security module
Protocol implementations
IR remote control
44. Where BPF shows up
Security policy decisions
seccomp
Landlock security module
Protocol implementations
IR remote control
Instrumentation
Kernel tracing
45. Where BPF shows up
Packet filtering
bpfilter
Network
processing
AF_XDP
46. Where BPF shows up
Packet filtering
bpfilter
Network
processing
AF_XDP
47. In short
BPF is used...
To supplement existing kernel functionality
48. In short
BPF is used...
To supplement existing kernel functionality
To replace existing kernel functionality
49. In short
BPF is used...
To supplement existing kernel functionality
To replace existing kernel functionality
...to allow us to push code into the kernel
50. Pushing code to user space
AF_XDP
Seccomp trap to user space
ELF modules
userfaultfd()
57. Why this hurts
Vendors get stuck on old kernels
No mainline kernels on Android devices
Hobbyists are locked out
Updates aren’t possible
Lots of wasted effort
68. The Good Olde Days
No source-code management
No change tracking
No release discipline
No rules on regressions
No automated testing
…
69. The Good Olde Days
No source-code management
No change tracking
No release discipline
No rules on regressions
No automated testing
…
No code of conduct
70. The Good Olde Days
✔ source-code management
✔ change tracking
✔ release discipline
✔ rules on regressions
✔ automated testing
…
No code of conduct
71. The Good Olde Days
✔ source-code management
✔ change tracking
✔ release discipline
✔ rules on regressions
✔ automated testing
…
✔ code of conduct