This conference program is still a tentative version and
will be updated when more detailed information is available.
Please note that Day 1 is for tutorials and meetings only. Separate registration is required.
No exhibition and no paper session for unregistered attendees.
Please note that Day 2 is for tutorials and meetings only. Separate registration is required.
No exhibition and no paper session for unregistered attendees.
| Room A | Room B |
09:50 - 10:00 |
Openning |
10:00 - 10:45 |
P01A: ZFS Fast Dedup Allan Jude
- Abstract
The deduplication feature was added to ZFS version 21 and later
incorporated into FreeBSD in early 2011 and first released as part of
FreeBSD 8.3. In the more than decade since then, users have been
advised to avoid the feature due to very poor performance. We present
a series of enhancements to ZFS deduplication to improve performance
and make the feature useful for general purpose storage and for high
density VM hosting.
- Speaker
- Allan Jude, Co-Founder & CTO, Klara Inc.
|
P01B: Evolving from Standalone Smart Plug to AI-Powered House Sven Ruediger
- Abstract
The modern home is increasingly becoming a hub of automated efficiency, necessitating the integration of diverse technologies. This paper introduces a FreeBSD-based system that seamlessly integrates Home Assistant, Apache Kafka, and OpenSearch for managing essential home functions such as lighting, shutters, and energy consumption. The system adeptly utilizes a range of data sources, including proprietary protocols like KNX and versatile ReST-APIs, to facilitate real- time analytics and event-triggered responses. This results in a self-learning home automation environment, uniquely prioritizing energy optimization while simultaneously enhancing comfort in contemporary homes.
- Speaker
- Sven Ruediger, AKAD University
|
11:00 - 11:45 |
P02A: Dirty deals: the story of a data corruption bug in OpenZFS Rob Norris
- Abstract
In November 2023 a silent data corruption bug was discovered in the recently released OpenZFS 2.2.0. The bug was reported, and quickly correlated by the community with a new feature, “block cloning”, which even before its release had gained a reputation for instability and data loss, to the point of being disabled by default in FreeBSD 14. A 2.2.1 release was quickly put together, disabling the feature.
One of OpenZFS’ key selling points is its ability to detect and correct all kinds of data corruption, so news of its apparent failure quickly spread through tech news and social media, aided by its somewhat prickly relationship with some other parts of the open-source software world. This naturally led to a lot of confusion and concern from home and business OpenZFS users alike, worried about the integrity of their data.
With many outside eyes on the bug report, a reproduction test case was developed and it was quickly shown that the bug was present on the previous 2.1 series, and it was theorised that it might have been present right back to the original open-source ZFS release. This naturally caused even more confusion and concern, as now people were concerned about the integrity of their decades-old archive storage.
Over the Thanksgiving long weekend a few OpenZFS developers and many users rallied around the problem. A workaround was identified and documented. The bug was studied and gradually understood, and a fix was developed. People shared ideas and how might identify if their data was corrupt. Others theorised about different workloads that could make the problem easier or harder to hit. Still others took it upon themselves to find ways to run older versions, to find out just how far back the problem went.
This is a story about a 15-year old bug, where it came from, how it works, how it eluded users and developers alike through that time, and how a community pulled together to understand and fix it.
- Speaker
- Rob Norris, Klara Systems
|
P02B: The FreeBSD and Windows Environments Michael Dexter
- Abstract
The FreeBSD open source operating system[1] provides a powerful set
of features to facilitate the deployment, virtualization, and serving
of Microsoft Windows environments ranging from small research labs to
enterprise deployments. Its exemplary integration with the OpenZFS
file system and volume manager, its bhyve hypervisor, and its overall
unity play key roles in FreeBSD’s ability to perform these three
roles and combined with ported third party software, it can facilitate
deployment, virtualization, and serving. This paper will describe
each of these facilities with examples of their usage.
- Speaker
- Michael Dexter
|
12:00 - 13:30 |
Lunch |
13:30 - 14:30 |
K01: Remembrance of Early BSD days Taiwan Koan-Sin Tan
- Abstract
- Before 2000, BSD variants, esp. FreeBSD, were quite popular platforms for learning and hacking in Taiwan. I was fortunate to be there at that time. In this talk, I'll share what I know about activities of BSD variants in the 1990s.
- Speaker
- Koan-Sin Tan learned to use BSD and other open source software on a VAX-11/780 before the term "open source" was coined. He was involved in setting up the first NetBSD, FreeBSD, and OpenBSD mirrors in Taiwan. He was also involved in the very first open source conference in Taiwan in 1999.
|
14:45 - 15:30 |
P03A: Why fsync() on OpenZFS can’t fail, and what happens when it does Rob Norris
- Abstract
On OpenZFS, `fsync()` cannot fail - it will wait until the application’s changes are on disk before it returns. If there is a problem, such as a hardware failure, that causes the pool to suspend, then it may wait forever. This feels strange, but is acceptable according to the API contract: `fsync()` never returned success, so the application has no reason to believe its data on disk.
However, OpenZFS pools can recover if the fault is repaired, and so `fsync()` can still return. As it turns out though, its possible in rare situations for the pool to return to service but not have actually put the data on disk. `fsync()` returns success, because it cannot fail, and the application has been lied to.
In this paper I describe the path taken from the `fsync()` call, through the ZFS Intent Log, the transaction machinery, the pool failure system and the IO scheduler to understand what happens to IO when disks fail and return and why OpenZFS believed that writes had succeeded when they had not. I then describe the changes I made to make OpenZFS understand that something had gone wrong, and how I threaded that response was threaded back up the stack such that `fsync()` could finally return failure - and what it means when it does.
- Speaker
- Rob Norris, Klara Systems
|
P03B: Towards a Robust FreeBSD-Based Cloud: Porting OpenStack Components Chih-Hsin Chang and Li-Wen Hsu
- Abstract
This paper presents a pioneering initiative to in- tegrate OpenStack, an open-source cloud computing platform, with FreeBSD, a robust Unix-like operating system. Traditionally, OpenStack has been closely associated with Linux-based environ- ments, leveraging specific Linux features and technologies. This integration aims to expand OpenStack’s applicability by har- nessing FreeBSD’s advanced networking, security, and efficient resource management capabilities.
The project scope involves adapting OpenStack’s key compo- nents to function seamlessly within FreeBSD’s system architec- ture, focusing on virtualization with bhyve and FreeBSD’s unique networking stack. A Proof of Concept (PoC) has been successfully developed, demonstrating the viability of this integration and laying a foundation for further development.
We address several critical challenges in this integration process, including adapting libvirt for bhyve, managing VLANs, modifying Open vSwitch for FreeBSD, ensuring efficient DHCP services, and aligning FreeBSD’s network namespace and firewall functionalities with OpenStack’s requirements. The project also tackles the adaptation of OpenStack’s oslo.privsep library to FreeBSD’s privilege model and addresses the complexities of nested virtualization and VM console access within FreeBSD.
Future work involves expanding the integration to more Open- Stack components, enhancing system performance, and fostering collaboration within the FreeBSD and OpenStack communities. This integration represents a significant advancement in cloud computing, offering a versatile platform that combines the strengths of both OpenStack and FreeBSD. The project invites collaboration and contribution from the community to overcome the challenges and fully realize the potential of this innovative integration.
- Speaker
- Chih-Hsin Chang, SUSE, Taiwan
|
15:45 - 16:30 |
P04A: Block cloning in the OpenZFS file system Pawel Dawidek
- Abstract
OpenZFS, a well-known and modern file system, evolved from the original ZFS developed for OpenSolaris and is now predominantly developed for FreeBSD and Linux. Its copy-on-write model enables powerful features such as an always-consistent on-disk state, along with rapid file system snapshots and clones. A frequently requested feature by users has been the ability to clone individual files, a need highlighted by the introduction of the copy_file_range(2) system call, which could leverage such functionality.
This presentation will delve into the implementation of block cloning in OpenZFS, outlining the challenges encountered and the solutions devised to overcome them, thus enhancing the system's capabilities and efficiency.
- Speaker
- Pawel Dawidek, Fudo Security
|
P04B: Penetration Testing for Linux Jail as an Exploit-resistant Linux Container Shintaro Suzuki, Yuki Nakata and Katsuya Matsubara
- Abstract
Container virtualization technologies such as Docker [1] are now widely used as lightweight application execution environments in cloud services. They are based on OS pro- cesses, which are lightweight compared with traditional VMs, resulting in faster startup and a lower memory footprint. Many cloud services [2], [3] take advantage of the characteristics of containers for rapid scale-out, scale-in, and more efficient resource usage.
We aim to achieve a container sandbox with Container Transplantation in which Linux containers run compatibly in another OS and apply another OS-specific security mechanism to resolve the trade-off between robust container isolation and container characteristics and application performance. Since many cloud services utilize Linux as the environment for hosting containers, vulnerabilities in the Linux kernel and its functions are directly linked to container vulnerabilities. Unfortunately, attacks that exploit those vulnerabilities often
have fatal adverse effects that make it impossible for cloud services to run correctly, such as unauthorized access to hosts and other containers through privilege escalation and the theft of sensitive information. We have proposed that executing Linux containers in another OS can avoid these various attacks that exploit vulnerabilities related to the Linux kernel and its functionality. Moreover, it is possible to apply unique security models and functions implemented in various OSes to Linux containers to achieve more finely-grained access control and isolation between containers resilient to attacks targeting specific OSes.
This paper investigates the possibility of resisting attacks using Linux kernel vulnerabilities through the Linux jails. Among the vulnerabilities in Linux Kernel 4.4, emulated by Linux jails on FreeBSD13.2, we have chosen those that the Linuxulator can emulate. Then, we categorized the Linux kernel vulnerabilities that the secure container must be able to avoid, tried the attacks on both Linux and the Linuxulator, and summarized the success or failure of the attacks. Linux- ulator, and summarized the success or failure of the attacks. Our experimental results illustrate that the Linuxulator can efficiently repel exploits against Linux kernel vulnerabilities.
- Speaker
- Shintaro Suzuki, Future University Hakodate
|
18:00 - 20:00 |
Banquet (group dinner) |
| Room A | Room B |
10:00 - 10:45 |
P05A: Physical memory anti-fragmentation mechanisms in the FreeBSD kernel Bojan Novkovic
- Abstract
The use of virtual memory practically eliminated the need for the contiguity of physical mem- ory allocation as physically discontiguous memory can be contiguous in the virtual address space. Unfortu- nately, avoiding performance degradation for memory- intensive workloads on modern CPUs requires a steady supply of contiguous physical memory, making external physical memory fragmentation in modern operating systems a serious issue once again.
This paper presents the design and implementation of several several anti-fragmentation mechanisms for the FreeBSD kernel. Parts of this work were sponsored by the Google Summer of Code ’23 program.
- Speaker
- Bojan Novkovic, Croatia University of Zagreb
|
P05B: Leveraging the Power of ChatGPT and Vector Databases in the FreeBSD Expert System Yan-Hao Wang
- Abstract
This presentation delves into the innovative integration of vector databases with ChatGPT, enriching the capabilities of the FreeBSD Expert System. The synergy of these technologies opens new avenues for intelligent, adaptive system administration tools.
- Speaker
- Yan-Hao Wang, National Chung Cheng University
|
11:00 - 11:45 |
P06A: And the truth will make you spin (remote session) Cherry G. Mathew
- Abstract
Design Driven Development using the Spin Verifier.
The Problem: Currently, the NetBSD sources are inherited from historic research, and maintained by a small, but committed group of volunteers. Often, the role of the NetBSD developer is to implement or port the design and implementation of a research project, and this involves buildup of design understanding and interpretation within the memory of a few “experts” within the community. This poses a few problems, especially for newcomers to the project:
- Documentation and reading code alone, is insufficient to capture design nuances.
- The “experts” can become a point of gated access or failure.
- Design discussions with new developers often occur informally in the form of socratic questioning, or Q&A with an “expert” oracle.
- Design and implementation may drift, simply due to the lack of a canon for design, and more importantly a way to mechanically check it for consistency.
In this talk, I demonstrate DDD, compare it with industry’s “Model Based System Development” approaches, and show how the tech- nique may be used to help architects and developers (who may often be the same person), to separate concerns.
For architects, it takes off the burden of having to rely on their memory, random tests and bespoke models to keep state. For developers, it provides a clear ”source of truth” and a process based mechanism to verify their implementation based on this source. And for project managers, there’s much better visibility over the entire Q&A, analogous to but much more powerful than a simple TDD style development process.
- Speaker
- Cherry G. Mathew, cherry@NetBSD.org
|
- |
12:00 - 13:30 |
Lunch |
13:30 - 14:30 |
K02: TBA Andrew Wafaa
|
14:45 - 15:30 |
P07A: rtprio(2) and POSIX(.1b) priorities, and their FreeBSD implementation: A deep dive (and sweep) Olivier Certner
- Abstract
Although UNIX’s descendants or derivatives are not hard real-time operating systems, some have support for soft real-time through allowing to assign to userland processes higher priorities normally reserved to the system, sometimes coupled with preemption of kernel tasks, making them suitable as a fundation of soft real-time system. POSIX standardized its first real-time extensions in 1993 in a document usually referred to as POSIX.1b. At that time, however, some operating systems already had support for soft real-time in the form of ad-hoc APIs, such as System V Release 4 (SVR4) with its priocntl(2) system call and HP/UX with its rtprio(2) one. FreeBSD first adopted its own rtprio(2) system call in 1994, largely based on HP/UX’s with extensions such as idle processes. POSIX.1b extensions concerning processes were implemented later, in 1998, and some preliminary thread support added the next year. Since then, these APIs have been present in the system for applications to use.
In this paper, we provide a thorough description of both FreeBSD’s rtprio(2) and POSIX.1b’s scheduling interfaces and embark on a journey around FreeBSD’s implementation of scheduling priorities. It started with a desire to fix a few apparently simple bugs of rtprio(2) and to add some reasonable features and, one thing leading to another, became an almost complete rewrite of this system call and the POSIX.1b’s interfaces’ implementations. We will expose the many problems that the current implementation has, in terms of POSIX compliance, security and consistency and how we are fixing them. As of this writing, this project is still a work in progress, and we will report about its status during the conference presentation.
- Speaker
- Olivier Certner, Kumacom SARL
|
P07B: Benchmarking Performance Overhead of DTrace on FreeBSD and eBPF on Linux Mateusz Piotrowski
- Abstract
DTrace and eBPF are today’s most potent observ- ability tools available on general-purpose operating systems. They empower users to ask random questions and receive complex answers about any part of the system. Their performance is unmatched by any traditional observability tools.
Unfortunately, their performance characteristics are not well- researched, partially because designing a benchmark to measure the measurement tool is challenging.
In this paper, we learn about the basics of art benchmarking and the importance and difficulties of operating system instru- mentation. We review three generations of observability tools to understand their design and implementation limitations. Finally, we design, implement, and conduct a microbenchmark and an application benchmark to peak into the enigmatic domain of DTrace and eBPF performance overhead.
- Speaker
- Mateusz Piotrowski, Technische Universita ̈t Berlin
|
15:45 - 16:30 |
P08A: Arbitrary Instruction Tracing with DTrace Christos Margiolis
- Abstract
This paper presents the high-level ideas behind kinst, a new DTrace provider available in FreeBSD, which enables tracing of arbitrary instructions and inline functions in the kernel.
- Speaker
- Christos Margiolis
|
P08B: LLDB FreeBSD Kernel Module Improvement Sheng-Yi Hong
- Abstract
This paper introduces the low level debugger (LLDB) kernel module debug facility for the FreeBSD kernel. The current functional status of LLDB within the FreeBSD kernel is attributed to contributions from [1] and the collaborative efforts of the community. Key functionalities include core dump parsing and memory context building for the coredump, specifically integrated into the process plugin within LLDB for the FreeBSD kernel. This enhancement equips LLDB for effective post-mortem debugging on the FreeBSD kernel. While the implementation of the process plugin has been successfully completed, the paper emphasizes the imperative need to implement the Dynami- cLoader plugin for the kernel loader. This plugin plays a critical role in loading the symbol file of the kernel module, ensuring comprehensive parsing of symbols for loadable kernel modules. Additionally, given the potential existence of the kernel module as either a relocatable file (for x86) or a shared object (for ARM), the implementation should confirms the usability of both types of ELF format kernel modules.
- Speaker
- Sheng-Yi Hong, National Taiwan Normal University
|
16:40 - 17:20 |
Work-in-Progress Session
|
17:20 |
Closing |