h1.Kernel Conference Australia 2009
July 15th to 17th, 2009
Brisbane, Queensland, Australia
h1.Wednesday 15th
||Time||Topic||
|0900-0915|Welcome - James McPherson|
|0915-1015|Keynote from *Jeff Bonwick* and *Bill Moore*|
|1015-1030|morning tea|
|1030-1115|speaker #1 - *Gavin Maltby*, "Hardware & Software Fault Management Architecture"
"Predictive Seal-Healing" technology in OpenSolaris today is mostly about hardware fault management -
we look at how the infrastructure and protocols already developed can be extended to provide a better
software fault management experience. Topics to be covered include:
- what is "fault management"?
- what is "predictive self-healing"?
- what is "Sun FMA"?
- where is it implemented today? what coverage do we have?
- a demo: inject errors onto the presentation laptop
- a quick look at the FMA event protocol
- analysis of what we do/don't have in the way of software fault handling
- ideas for leveraging the infrastructure and protocols developed to date to provide a software fault
management solution to include: a structured event log, blackbox recording of OS activity, software
diagnosis engines, event notification mechanisms.
- demonstration of a prototype (if working by conference time!)
|
|1115-1200|speaker #2 - *Henning Brauer*, "Performance Tuning in the OpenBSD network stack and PF"
Henning will deliver an in-depth examination of performance tuning in the OpenBSD network stack over
the last few years. He will comment on the lessons learnt along the way, with specific reference to the
well-known OpenBSD 'pf' firewall feature.
|
|1200-1245|lunch|
|1245-1330|speaker #3 - *Percy Pari-Salas*, "Automated Testing of OpenSolaris"
As operating system kernels are complex they are difficult to test. The difficulty in testing has
traditionally been addressed by developing test suites. However test suites do not always provide
information on the test purpose and design. They also lack flexibility when different scenarios
need to be tested. Model-based testing can be used to capture the design as well as provide
flexibility. However it can expensive to adopt. In this paper we show how a model-based approach
that reuses important parts of existing frameworks can be adopted. We use the scripts developed to
test the HBA storage driver for the OpenSolaris operating system in the context of models to
illustrate the benefits of model-based testing. We use SmartMBT to control and execute the actual tests.
|
|1330-1415|speaker #4 - *Pawel Dawidek*, "GEOM - the FreeBSD way of handling storage"
The GEOM framework provides an infrastructure in which "classes" can perform transformations on disk
I/O requests on their path from the upper kernel to the device drivers and back. Transformations in
a GEOM context range from the simple geometric displacement performed in typical disk partitioning modules
over RAID algorithms and device multipath resolution to full blown cryptographic protection of the stored
data.
Compared to traditional "volume management", GEOM differs from most and in some cases all previous
implementations in the following ways:
- GEOM is extensible. It is trivially simple to write a new class of transformation and it will not
be given stepchild treatment.
- GEOM is topologically agnostic. Most volume management implementations have very strict notions
of how classes can fit together, very often one fixed hierarchy is provided, for instance, subdisk,
plex ‐ volume.
Being extensible means that new transformations are treated no differently than existing transformations.
Fixed hierarchies are bad because they make it impossible to express the intent efficiently. In the
fixed hierarchy above, it is not possible to mirror two physical disks and then partition the mirror
into subdisks, instead one is forced to make subdisks on the physical volumes and to mirror these two
and two, resulting in a much more complex configuration. GEOM on the other hand does not care in
which order things are done, the only restriction is that cycles in the graph will not be allowed.
|
|1415-1430|afternoon tea|
|1430-1515|speaker #5 - *John Sonnenschein*, "Driver and Filesystem Development with the Solaris and OpenSolaris DDI/DKI"
John will talk about driver development in the Solaris Operating Environment. It is intended to be an
introductory topic primarily aimed at those who have not done any work on a production kernel, though
some level of familiarity with general OS development topics is assumed (undergraduate operating systems
course level work). The presentation will begin by giving attendees an overview of the Solaris DDI/DKI
and the features provided. The rest of the presentation will be done largely through an example of writing
a simple filesystem driver. Initially the example will begin with a minimal "dummy" driver, with features
being added and explained piecewise. This talk intends to primarily focus on Solaris, and as such
Solaris-specific caveats and kernel level data structures and algorithms will be referred to such as the
Solaris file system flush daemon. Relevant and compatibly licensed materials may be culled from the
Solaris driver development documentation as well as online sources such as BonaFide and distributed
to attendees as printed matter.
|
|1515-1615|_*Panel discussion - ZFS (J Bonwick, B Moore, P Dawidek)*_|
|1615-1730|_**Pramod Batni*, "Diagnosing interesting kernel problems"
This talk will present some of the interesing problems involving kernel synchonization primitives viz.
deadlocks and race conditions in the OpenSolaris kernel. We explain how certain deadlocks are detected
in OpenSolaris. The talk will mention techniques to trigger these problems and will also highlight the
diagnosibilty aspects of the OpenSolaris kernel.
Broadly the talk will have the folowing 3 sections:
* Deadlocks in OpenSolaris: In this section, we discuss what are deadlocks and some of the interesting
deadlocks which have been found in the OpenSolaris kernel. We present the mechanism used in OpenSolaris
kernel to detect some of the deadlocks involvling kernel synchronization primitives. We highlight some
of the techniques used to solve the deadlock problems.
* Triggering Deadlocks and Race Conditions: In this section, we discuss how after the problem has been
identified, the problem can be triggered using simple C/Shell programs. This is important so that any
fix for the problem can be well-tested. We also present a technique to expose the notoriously hard-to-
reproduce race condition problems . We discuss how DTrace can be used to perturb the execution timing
of the threads and thereby expose the race conditions.
* Diagnosibilty of OpenSolaris: We highlight some of the diagnosibility capablitites of OpenSolaris.
Specifically we mention the kernel memory auditing features to detect memory corruption problems and
the configurable option of OpenSolaris to crash on its own in case of certain system hangs. We also present
the some of the hard-to-find-by-staring-at-code problems which were encountered on the OpenSolaris systems.
We will discuss how some of these problems can be analysed using the excellent debugging tools available
with OpenSolaris.
|
h1.Thursday 16th
||Time||Topic||
|0900-0915|Welcome|
|0915-1015|Keynote from *Max Alt, Intel*|
|1015-1030|morning tea|
|1030-1115|speaker #6 - *Sherry Moore*, "X86 Fast Reboot"
Sherry presents the rationale, design and details behind the X86 Fast Reboot project, which enables a radical
decrease in reboot time and "time to login" - in some cases from as much as 2 minutes down to less than 5
seconds.
|
|1115-1200|speaker #7 - *Fernando Gont*, "Results of a Security Assessment of Common Implementation strategies of the TCP and IP protocols"
Fernando Gont will present the results of a security assessment of the TCP and IP protocols carried out
on behalf of the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure). He will
explain the security implications arising from the protocol specifications themselves, and from a number
of implementation strategies followed by the most popular TCP/IP stacks. He will provide a discussion of
the new insights that were gained as a result of this project that can help to mitigate the aforementioned
issues, and will describe the ongoing efforts at the IETF community to incorporate these insights into the
corresponding protocol specifications. Finally, he will discuss the status of the different open source
operating systems with respect to each of the identified issues, and will describe ongoing efforts to incorporate
the aforementioned mitigation techniques in them.
|
|1200-1245|lunch|
|1245-1330|speaker #8 - *James Morris*, "Linux Kernel Security Overview"
The Linux kernel has been extended significantly beyond the traditional Unix security model, incorporating
new access control models, cryptographic protection, network packet filtering, credentials management,
integrity measurement, privileges ("capabilities") and memory protection.
The diversity and flexibility of these security components has allowed Linux to meet a very wide range of
user security requirements, from the simplest embedded devices through to general user desktops, networked
servers, scientific research facilities, financial trading systems, and classified military and government
systems.
This talk will provide a technical overview of the main security features of the Linux kernel. We'll discuss
how these features have been developed and made available as standard components of general purpose Linux
distributions (often enabled by default), aiming for the broadest possible adoption and benefit to users.
We'll also look at current developments, such as the effort to add MAC security labeling support to NFSv4,
utilizing new hardware security features, and security interoperability with other operating systems.
The goals of this talk are to provide the audience with:
- a high-level overview of Linux kernel security features;
- an understanding of how and why these features were implemented and how they've been integrated into general
purpose distributions; and
- an update on current development efforts.
It is hoped this will be useful for people who wish to delve further into Linux kernel security, to compare
the security features of other OS kernels, or to simply improve their knowledge.
|
|1330-1415|speaker #9 - *Cristina Cifuentes*, "Finding bugs in Open Source Kernels using Parfait"
Parfait is a static bug checking tool for C/C++ source code, which is designed to be both scalable and
precise. Requirements for this tool were derived from interaction with the Solaris(TM) operating system
team, where it was required to check millions of lines of code in a time-efficient manner, with minimal
noise and a low cost of integration into the build process. This paper gives an overview of the Parfait
tool and present the results of running Parfait over the OpenSolaris(TM), Linux and OpenBSD operating system
kernels. It will also summarise the graphical reporting tool which helps developers quickly understand where
bugs are in source code.
|
|1415-1430|afternoon tea|
|1430-1515|speaker #10 - *Garrett D'Amore*, "Boomer: the new OpenSolaris audio system"
Garrett will talk about the design and internal implementation of the Boomer project -- challenges, innovations,
and new features. Included in this will be
* a comparison of OSS and Sun APIs -- the good, bad, and the ugly (definitely of interest to application developers),
* Writing audio device drivers -- covering the new audio DDI interfaces in OpenSolaris
* Porting audio device drivers from BSD, 4Front, or legacy Solaris
* Virtualized audio subsystem -- a preview of what is planned for Phase II of the project.
|
|1515-1615|_*Panel discussion - Secure Software Engineering / in-kernel Security (Cifuentes, Morris, Gont)*_|
|1615-1900|reception (in lieu of a conference dinner)|
h1.Friday 17th
||Time||Topic||
|0900-0915|Welcome|
|0915-1000|Keynote: conference Platinum sponsor Frontline Systems Australia|
|1000-1045|speaker #11 - *David Gwynne*, "MCLGETI: Effective Network Livelock Mitigation and More"
A common problem in general purpose operating systems is that there is a relatively high cost associated
with processing incoming network traffic, even before it can be determined if the received traffic is
relevant to the local system. It is therefore possible to cause a denial of service in these systems
by flooding them with unwanted packets. Processing these unwanted packets can consume all the machines
CPU resources before it determines that it can be discarded, effectively causing a denial of service of
the other software the system is supposed to be running. Such a situation can be described as livelock.
Several mechanisms have been developed to cope with this situation including network device polling and
selectively dropping packets within the network stack in a livelock situation, however they all have
unwanted side effects or do not completely mitigate against resource use by unwanted or excessive traffic.
This talk will present an alternative mechanism in the OpenBSD operating system based around a new
allocator for memory used by network device drivers for the chip's RX mechanisms called MCLGETI.
The major feature of this new allocator is that it will selectively fail to allocate memory for a network
card to receive into based on the amount of CPU time available to the rest of the system. A network
card without memory to receive into will simply drop those packets, thereby relieving the kernel of the
need to process them before discarding them. Additionally, MCLGET offers several other advantages within
the OpenBSD kernel which shall also be discussed.
|
|1045-1100|morning tea|
|1100-1145|speaker #12 - *Vivek Joshi*, "Porting OpenSolaris across architectures"
Porting OpenSolaris on architectures other than SPARC and i386 is a challenging task. OpenSolaris on
PowerPC (32 bit G4 class processor) is already a work in progress. Apart from that, there have been
lots of discussions and interests around porting OpenSolaris to ARM processors which has a significant
penetration in 32 bit embedded market (specially mobiles and PDAs).
This paper attempts to consolidate the available information around porting OpenSolaris to other
platforms and tries to come up with a generic framework. We try to touch upon all the relevant areas
which might need to be looked into for undertaking such a task. It is akin to rewriting an OS from
scratch to support another processor. We need to look at all the components involved. This paper discusses
all such levels including but not limited to identifying target processor, kernel components, porting
of basic drivers, developing debugging tools and changes in run time linker/loader.
The first and foremost thing is to identify the cross compiler supported on the target processor and
'gcc' is one such example. The other important part to consider in this effort is to have a minimized
Solaris with limited services which could be ported to target processor and later more services/code
could be ported.
Identifying processor could include identifying addressing (32 / 64 bits), endianness (little/big), single
or multiple processor support. Kernel component identification touches upon boot loader and relevant
hardware specific tools, changes in virtual memory, cache behavior, handling signals, traps and hardware
faults, identification of memory/controller chips, system calls, platform specific modules in short.
We will need to look at porting of keyboard, serial port and hard disk drivers. We also look at the
(low level) debugging tools.
|
|1145-1230|speaker #13 - *Stewart Smith*, "(Ab)use the Kernel: what a database server can do to your kernel"
A collection of tales about how Drizzle (and MySQL and MySQL Cluster) is just not your average app
and what kind of workloads we place on an operating system kernel, where we've hit performance problems
and bugs. The aim of this session is to partly inform and partly start a dialog between more OS developers
and database developers about how to make the overall system more efficient.
We'll cover:
* TCP connections: how many connections are common to a database server? 8? 16? 256? 10,000?
* threading models
** one thread per user connection to database?
** many threads multiplexed?
** why we look at different models
* disk IO
** direct io?
** impact of IO schedulers
** SSD
* memory
** locking pages in memory
** swapping behaviour
** memory allocation behaviour
** why do we have (several) malloc() wrappers?
|
|1230-1330|lunch|
|1330-1415|speaker #14 - *Jayakara Kini*, "Crossbow for OpenSolaris developers"
Crossbow is next step in the evolution of Solaris networking stack and brings bandwidth resource
control and virtualization as part of the architecture itself instead of the usual add-on layers
which have heavy overheads and complexity. Crossbow provides the building blocks for network
virtualization and resource control by virtualizing the stack and NIC around any service (HTTP, HTTPS,
FTP, NFS, etc.), protocol or Virtual machine. With crossbow single physical NIC can be carved up into
multiple VNICs, which can be assigned to different zones, Xen or VirtualBox instances running on the same system.
Previously developers would need to hunt for test machines, switches and routers. Now with Crossbow they
can simulate entire Network lab setup in a machine, which dramatically bring down the setup time and cost.
The presentation will cover how we can effectively use Crossbow technology for complex network simulation.
Developers can also set resource controls with Crossbow and see how the applications behave.
|
|1415-1500|speaker #15 - *Max Bruning*, "Porting USB HID Device Drivers between Linux and OpenSolaris"
Max will talk about the development of a Wacom tablet driver for OpenSolaris, starting with a driver that
was a replacement for the USB mouse driver, with no specific X input support, to a driver that works with
gimp and should work with other input device aware applications. Emphasis will be placed on the differences
between Linux and OpenSolaris, and where these differences created problems during the port, as well as
how the problems were solved. The presentation will not get into licensing issues. The presentation will
include a demo of the working tablet driver using gimp on OpenSolaris.
|
|1500-1515|afternoon tea|
|1515-1650|speaker #16 - *Brendan Gregg*, "DTrace"|
|1650-1700|closing remarks and thankyous|
July 15th to 17th, 2009
Brisbane, Queensland, Australia
h1.Wednesday 15th
||Time||Topic||
|0900-0915|Welcome - James McPherson|
|0915-1015|Keynote from *Jeff Bonwick* and *Bill Moore*|
|1015-1030|morning tea|
|1030-1115|speaker #1 - *Gavin Maltby*, "Hardware & Software Fault Management Architecture"
"Predictive Seal-Healing" technology in OpenSolaris today is mostly about hardware fault management -
we look at how the infrastructure and protocols already developed can be extended to provide a better
software fault management experience. Topics to be covered include:
- what is "fault management"?
- what is "predictive self-healing"?
- what is "Sun FMA"?
- where is it implemented today? what coverage do we have?
- a demo: inject errors onto the presentation laptop
- a quick look at the FMA event protocol
- analysis of what we do/don't have in the way of software fault handling
- ideas for leveraging the infrastructure and protocols developed to date to provide a software fault
management solution to include: a structured event log, blackbox recording of OS activity, software
diagnosis engines, event notification mechanisms.
- demonstration of a prototype (if working by conference time!)
|
|1115-1200|speaker #2 - *Henning Brauer*, "Performance Tuning in the OpenBSD network stack and PF"
Henning will deliver an in-depth examination of performance tuning in the OpenBSD network stack over
the last few years. He will comment on the lessons learnt along the way, with specific reference to the
well-known OpenBSD 'pf' firewall feature.
|
|1200-1245|lunch|
|1245-1330|speaker #3 - *Percy Pari-Salas*, "Automated Testing of OpenSolaris"
As operating system kernels are complex they are difficult to test. The difficulty in testing has
traditionally been addressed by developing test suites. However test suites do not always provide
information on the test purpose and design. They also lack flexibility when different scenarios
need to be tested. Model-based testing can be used to capture the design as well as provide
flexibility. However it can expensive to adopt. In this paper we show how a model-based approach
that reuses important parts of existing frameworks can be adopted. We use the scripts developed to
test the HBA storage driver for the OpenSolaris operating system in the context of models to
illustrate the benefits of model-based testing. We use SmartMBT to control and execute the actual tests.
|
|1330-1415|speaker #4 - *Pawel Dawidek*, "GEOM - the FreeBSD way of handling storage"
The GEOM framework provides an infrastructure in which "classes" can perform transformations on disk
I/O requests on their path from the upper kernel to the device drivers and back. Transformations in
a GEOM context range from the simple geometric displacement performed in typical disk partitioning modules
over RAID algorithms and device multipath resolution to full blown cryptographic protection of the stored
data.
Compared to traditional "volume management", GEOM differs from most and in some cases all previous
implementations in the following ways:
- GEOM is extensible. It is trivially simple to write a new class of transformation and it will not
be given stepchild treatment.
- GEOM is topologically agnostic. Most volume management implementations have very strict notions
of how classes can fit together, very often one fixed hierarchy is provided, for instance, subdisk,
plex ‐ volume.
Being extensible means that new transformations are treated no differently than existing transformations.
Fixed hierarchies are bad because they make it impossible to express the intent efficiently. In the
fixed hierarchy above, it is not possible to mirror two physical disks and then partition the mirror
into subdisks, instead one is forced to make subdisks on the physical volumes and to mirror these two
and two, resulting in a much more complex configuration. GEOM on the other hand does not care in
which order things are done, the only restriction is that cycles in the graph will not be allowed.
|
|1415-1430|afternoon tea|
|1430-1515|speaker #5 - *John Sonnenschein*, "Driver and Filesystem Development with the Solaris and OpenSolaris DDI/DKI"
John will talk about driver development in the Solaris Operating Environment. It is intended to be an
introductory topic primarily aimed at those who have not done any work on a production kernel, though
some level of familiarity with general OS development topics is assumed (undergraduate operating systems
course level work). The presentation will begin by giving attendees an overview of the Solaris DDI/DKI
and the features provided. The rest of the presentation will be done largely through an example of writing
a simple filesystem driver. Initially the example will begin with a minimal "dummy" driver, with features
being added and explained piecewise. This talk intends to primarily focus on Solaris, and as such
Solaris-specific caveats and kernel level data structures and algorithms will be referred to such as the
Solaris file system flush daemon. Relevant and compatibly licensed materials may be culled from the
Solaris driver development documentation as well as online sources such as BonaFide and distributed
to attendees as printed matter.
|
|1515-1615|_*Panel discussion - ZFS (J Bonwick, B Moore, P Dawidek)*_|
|1615-1730|_**Pramod Batni*, "Diagnosing interesting kernel problems"
This talk will present some of the interesing problems involving kernel synchonization primitives viz.
deadlocks and race conditions in the OpenSolaris kernel. We explain how certain deadlocks are detected
in OpenSolaris. The talk will mention techniques to trigger these problems and will also highlight the
diagnosibilty aspects of the OpenSolaris kernel.
Broadly the talk will have the folowing 3 sections:
* Deadlocks in OpenSolaris: In this section, we discuss what are deadlocks and some of the interesting
deadlocks which have been found in the OpenSolaris kernel. We present the mechanism used in OpenSolaris
kernel to detect some of the deadlocks involvling kernel synchronization primitives. We highlight some
of the techniques used to solve the deadlock problems.
* Triggering Deadlocks and Race Conditions: In this section, we discuss how after the problem has been
identified, the problem can be triggered using simple C/Shell programs. This is important so that any
fix for the problem can be well-tested. We also present a technique to expose the notoriously hard-to-
reproduce race condition problems . We discuss how DTrace can be used to perturb the execution timing
of the threads and thereby expose the race conditions.
* Diagnosibilty of OpenSolaris: We highlight some of the diagnosibility capablitites of OpenSolaris.
Specifically we mention the kernel memory auditing features to detect memory corruption problems and
the configurable option of OpenSolaris to crash on its own in case of certain system hangs. We also present
the some of the hard-to-find-by-staring-at-code problems which were encountered on the OpenSolaris systems.
We will discuss how some of these problems can be analysed using the excellent debugging tools available
with OpenSolaris.
|
h1.Thursday 16th
||Time||Topic||
|0900-0915|Welcome|
|0915-1015|Keynote from *Max Alt, Intel*|
|1015-1030|morning tea|
|1030-1115|speaker #6 - *Sherry Moore*, "X86 Fast Reboot"
Sherry presents the rationale, design and details behind the X86 Fast Reboot project, which enables a radical
decrease in reboot time and "time to login" - in some cases from as much as 2 minutes down to less than 5
seconds.
|
|1115-1200|speaker #7 - *Fernando Gont*, "Results of a Security Assessment of Common Implementation strategies of the TCP and IP protocols"
Fernando Gont will present the results of a security assessment of the TCP and IP protocols carried out
on behalf of the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure). He will
explain the security implications arising from the protocol specifications themselves, and from a number
of implementation strategies followed by the most popular TCP/IP stacks. He will provide a discussion of
the new insights that were gained as a result of this project that can help to mitigate the aforementioned
issues, and will describe the ongoing efforts at the IETF community to incorporate these insights into the
corresponding protocol specifications. Finally, he will discuss the status of the different open source
operating systems with respect to each of the identified issues, and will describe ongoing efforts to incorporate
the aforementioned mitigation techniques in them.
|
|1200-1245|lunch|
|1245-1330|speaker #8 - *James Morris*, "Linux Kernel Security Overview"
The Linux kernel has been extended significantly beyond the traditional Unix security model, incorporating
new access control models, cryptographic protection, network packet filtering, credentials management,
integrity measurement, privileges ("capabilities") and memory protection.
The diversity and flexibility of these security components has allowed Linux to meet a very wide range of
user security requirements, from the simplest embedded devices through to general user desktops, networked
servers, scientific research facilities, financial trading systems, and classified military and government
systems.
This talk will provide a technical overview of the main security features of the Linux kernel. We'll discuss
how these features have been developed and made available as standard components of general purpose Linux
distributions (often enabled by default), aiming for the broadest possible adoption and benefit to users.
We'll also look at current developments, such as the effort to add MAC security labeling support to NFSv4,
utilizing new hardware security features, and security interoperability with other operating systems.
The goals of this talk are to provide the audience with:
- a high-level overview of Linux kernel security features;
- an understanding of how and why these features were implemented and how they've been integrated into general
purpose distributions; and
- an update on current development efforts.
It is hoped this will be useful for people who wish to delve further into Linux kernel security, to compare
the security features of other OS kernels, or to simply improve their knowledge.
|
|1330-1415|speaker #9 - *Cristina Cifuentes*, "Finding bugs in Open Source Kernels using Parfait"
Parfait is a static bug checking tool for C/C++ source code, which is designed to be both scalable and
precise. Requirements for this tool were derived from interaction with the Solaris(TM) operating system
team, where it was required to check millions of lines of code in a time-efficient manner, with minimal
noise and a low cost of integration into the build process. This paper gives an overview of the Parfait
tool and present the results of running Parfait over the OpenSolaris(TM), Linux and OpenBSD operating system
kernels. It will also summarise the graphical reporting tool which helps developers quickly understand where
bugs are in source code.
|
|1415-1430|afternoon tea|
|1430-1515|speaker #10 - *Garrett D'Amore*, "Boomer: the new OpenSolaris audio system"
Garrett will talk about the design and internal implementation of the Boomer project -- challenges, innovations,
and new features. Included in this will be
* a comparison of OSS and Sun APIs -- the good, bad, and the ugly (definitely of interest to application developers),
* Writing audio device drivers -- covering the new audio DDI interfaces in OpenSolaris
* Porting audio device drivers from BSD, 4Front, or legacy Solaris
* Virtualized audio subsystem -- a preview of what is planned for Phase II of the project.
|
|1515-1615|_*Panel discussion - Secure Software Engineering / in-kernel Security (Cifuentes, Morris, Gont)*_|
|1615-1900|reception (in lieu of a conference dinner)|
h1.Friday 17th
||Time||Topic||
|0900-0915|Welcome|
|0915-1000|Keynote: conference Platinum sponsor Frontline Systems Australia|
|1000-1045|speaker #11 - *David Gwynne*, "MCLGETI: Effective Network Livelock Mitigation and More"
A common problem in general purpose operating systems is that there is a relatively high cost associated
with processing incoming network traffic, even before it can be determined if the received traffic is
relevant to the local system. It is therefore possible to cause a denial of service in these systems
by flooding them with unwanted packets. Processing these unwanted packets can consume all the machines
CPU resources before it determines that it can be discarded, effectively causing a denial of service of
the other software the system is supposed to be running. Such a situation can be described as livelock.
Several mechanisms have been developed to cope with this situation including network device polling and
selectively dropping packets within the network stack in a livelock situation, however they all have
unwanted side effects or do not completely mitigate against resource use by unwanted or excessive traffic.
This talk will present an alternative mechanism in the OpenBSD operating system based around a new
allocator for memory used by network device drivers for the chip's RX mechanisms called MCLGETI.
The major feature of this new allocator is that it will selectively fail to allocate memory for a network
card to receive into based on the amount of CPU time available to the rest of the system. A network
card without memory to receive into will simply drop those packets, thereby relieving the kernel of the
need to process them before discarding them. Additionally, MCLGET offers several other advantages within
the OpenBSD kernel which shall also be discussed.
|
|1045-1100|morning tea|
|1100-1145|speaker #12 - *Vivek Joshi*, "Porting OpenSolaris across architectures"
Porting OpenSolaris on architectures other than SPARC and i386 is a challenging task. OpenSolaris on
PowerPC (32 bit G4 class processor) is already a work in progress. Apart from that, there have been
lots of discussions and interests around porting OpenSolaris to ARM processors which has a significant
penetration in 32 bit embedded market (specially mobiles and PDAs).
This paper attempts to consolidate the available information around porting OpenSolaris to other
platforms and tries to come up with a generic framework. We try to touch upon all the relevant areas
which might need to be looked into for undertaking such a task. It is akin to rewriting an OS from
scratch to support another processor. We need to look at all the components involved. This paper discusses
all such levels including but not limited to identifying target processor, kernel components, porting
of basic drivers, developing debugging tools and changes in run time linker/loader.
The first and foremost thing is to identify the cross compiler supported on the target processor and
'gcc' is one such example. The other important part to consider in this effort is to have a minimized
Solaris with limited services which could be ported to target processor and later more services/code
could be ported.
Identifying processor could include identifying addressing (32 / 64 bits), endianness (little/big), single
or multiple processor support. Kernel component identification touches upon boot loader and relevant
hardware specific tools, changes in virtual memory, cache behavior, handling signals, traps and hardware
faults, identification of memory/controller chips, system calls, platform specific modules in short.
We will need to look at porting of keyboard, serial port and hard disk drivers. We also look at the
(low level) debugging tools.
|
|1145-1230|speaker #13 - *Stewart Smith*, "(Ab)use the Kernel: what a database server can do to your kernel"
A collection of tales about how Drizzle (and MySQL and MySQL Cluster) is just not your average app
and what kind of workloads we place on an operating system kernel, where we've hit performance problems
and bugs. The aim of this session is to partly inform and partly start a dialog between more OS developers
and database developers about how to make the overall system more efficient.
We'll cover:
* TCP connections: how many connections are common to a database server? 8? 16? 256? 10,000?
* threading models
** one thread per user connection to database?
** many threads multiplexed?
** why we look at different models
* disk IO
** direct io?
** impact of IO schedulers
** SSD
* memory
** locking pages in memory
** swapping behaviour
** memory allocation behaviour
** why do we have (several) malloc() wrappers?
|
|1230-1330|lunch|
|1330-1415|speaker #14 - *Jayakara Kini*, "Crossbow for OpenSolaris developers"
Crossbow is next step in the evolution of Solaris networking stack and brings bandwidth resource
control and virtualization as part of the architecture itself instead of the usual add-on layers
which have heavy overheads and complexity. Crossbow provides the building blocks for network
virtualization and resource control by virtualizing the stack and NIC around any service (HTTP, HTTPS,
FTP, NFS, etc.), protocol or Virtual machine. With crossbow single physical NIC can be carved up into
multiple VNICs, which can be assigned to different zones, Xen or VirtualBox instances running on the same system.
Previously developers would need to hunt for test machines, switches and routers. Now with Crossbow they
can simulate entire Network lab setup in a machine, which dramatically bring down the setup time and cost.
The presentation will cover how we can effectively use Crossbow technology for complex network simulation.
Developers can also set resource controls with Crossbow and see how the applications behave.
|
|1415-1500|speaker #15 - *Max Bruning*, "Porting USB HID Device Drivers between Linux and OpenSolaris"
Max will talk about the development of a Wacom tablet driver for OpenSolaris, starting with a driver that
was a replacement for the USB mouse driver, with no specific X input support, to a driver that works with
gimp and should work with other input device aware applications. Emphasis will be placed on the differences
between Linux and OpenSolaris, and where these differences created problems during the port, as well as
how the problems were solved. The presentation will not get into licensing issues. The presentation will
include a demo of the working tablet driver using gimp on OpenSolaris.
|
|1500-1515|afternoon tea|
|1515-1650|speaker #16 - *Brendan Gregg*, "DTrace"|
|1650-1700|closing remarks and thankyous|