Open Source Summit + AI_dev Japan 2024

Linux is incredibly versatile, being a major player in server, mobile and embedded systems, yet your average person can comfortably live their entire life never even seeing a desktop or laptop running Linux. It's hard enough for individual users to overcome this intertia, but it's even harder for organisations. Implementing desktop Linux reaps rewards like digital sovereignty, security, cost reductions and more, but it takes you out of the cozy Windows ecosystem. This talk is an high level overview of what a corporate journey to desktop Linux can look like, the problems that have to be solved along the way, from provisioning to configuration management and most importantly why these migrations fail. It will draw on the speaker's experiences of managing a Linux Desktop estate, and from the wider community.

trace-cmd is a front end tool to the tracefs infrastructure as well as ftrace (the mechanism that supplies function tracing). But like all tools, it's limited in what it can provide by the interface it has. Luckily, the guts of trace-cmd is being extracted into libraries. The libtracefs library is an interface to facilitate any application to access the tracefs kernel interface. This makes it easy for applications enable tracing of various events with various filters. Then there's the libtracecmd library that can be used for creating and reading the trace.dat file (the file that trace-cmd creates). By using this library, you can enable tracing on a system and then do offline analysis. Finally, there's a new library called libtraceeval that is used to help keep track of the interactions of various trace events. This talk will show some simple tools that utilize these libraries (for example, a tool that shows how much tasks are sleeping, blocked, running, and preempted). And also show i bit of the interface of the libraries to demonstrate how simple they really are.

This year, we have seen several events related to Open Source security. Marta will inventory the main events and show us what we have learned. - The xz backdoor scandal shed light on sole maintainers and the risks to their projects yet again. - The Linux kernel and several other projects have become CVE Numbering Authorities (CNAs). At the same time, the National Vulnerability Database (NVD) database is facing difficulties. - The SBOM generation is rising, and people are discussing how to actually use that generated data. And SPDX3 has been released. - The European mandatory cyber security regulation Cyber Resilience Act is reaching completion, with similar laws showing up around the world - Without forgetting a list of vulnerabilities, exploited or not

This LinuxCon presentation explores recent advancements in the Linux VFIO, IOMMU, and PCI subsystems, crucial for device passthrough and virtualization. It delves into the evolution of VFIO, covering improvements in device assignment, mediated devices, and user-space drivers. IOMMU's role in device isolation and security is examined, highlighting new features and best practices. The PCI subsystem's hotplug capabilities, resource optimizations, and emerging standards like SR-IOV are discussed. Real-world use cases and demonstrations showcase these technologies in cloud gaming, HPC, and embedded systems. Attendees will gain deeper understanding and learn about cutting-edge developments, fostering collaboration and driving the advancement of device passthrough in the Linux ecosystem.

There is a lot of work around how to achieve good real-time on Linux, but not as much on how to simulate faults such as jitter in the system, deadline misses or other faults. Without this it is difficult to test how your application or entire system copes with these problems. As part of work with a number of clients, especially in the safety sphere, questions have come up on how to test processes which rely on real-time scheduling. If we have a way of injecting faults we can reliably test error handling and other mitigations. Mitigations such as throttling, restarting or some measured shutdown of services. We will go through some methods we evaluated for fault injection via both user and kernel space. How existing kernel features can be used and what needs to be done in the way of either configuring or extending kernel features. There will be discussion about how each method works and the comparative merits where overlaps exist. We hope that this can help to promote thinking and improvements on how the scheduler and particularly real-time scheduling is tested under Linux.