Open Source Summit Europe 2025

End 2020 I became the maintainer of the drivers/platform/x86 (pdx86) kernel subsytem. The subject of this talk is my experience in creating a friendly welcoming environment, growing the pdx86 community and how this helped me to avoid burnout by being able to delegate to community members.

Keywords:
- Making your mailinglist a friendly welcoming medium
- Patience is a virtue
- Leading by example
- Growing a community
- My personal experience with burnout
- External (non kernel-devel) stress factors
- Delegating
- Handing over the reins

The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While many of these were duplicates, about 650 are unique and require individual auditing and attention. These issues span different categories and vary in complexity, which adds to the challenge of globally enabling this compiler option in the upstream Linux kernel.

In this presentation, we'll share the progress we've made on this work as part of the Kernel Self-Protection Project (KSPP) over the past few months. We'll go over the challenges we've encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We'll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.

Whether you're a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the upstream Linux kernel for the benefit of everyone.

Open source project repositories often expose more than developers intend - and not just the occasional leaked password. In many cases, careful analysis of public Git histories can uncover traces of vulnerabilities being fixed days or even weeks before an official security advisory is published.

In this talk, Marta will present findings from research into the repositories of several high-impact open source projects, revealing how fix commits often hint at upcoming security disclosures.

She will then share practical advice on how to reduce this kind of information leakage - helping maintainers better protect their projects and users from premature exposure.

Attendees will be given an USB (ch341t) to qwiic converter + a qwiic sht40 temperature/humidity sensor.

A github repo with preparation instructions + a ready-to-build driver to instantiate an i2c-device/-client for the sensor will be provided.

The goal of the workshop is for attendees to write their own (very simple) kernel driver for the sensor offering sysfs attributes providing temperature and humidity readings. Example code snippets of a skeleton i2c-driver and example communication code will be provided to make it possible to write a simple driver in 2 hours.

Attendees will be expected to know the C-programming language at an intermediate (or better) level.

The Linux kernel project has been going for well over 30 years. From its beginnings on floppy diskettes and beige boxes through to its current home in pockets and unseen data centers, the kernel project has been a constant exercise in rapid development and adaptation. I have been present for almost all of the kernel project's history as an observer, contributor, maintainer, and more; all that experience will be boiled down into a fast-moving tour of how the kernel got to where it is, what makes it successful, and what may be coming next.

The device mapper has been part of the Linux kernel since kernel version 2.6. It allows the creation of virtual block devices by mapping their address space to other block devices or special functions. In this way, it can map physical block devices such as hard disks or SSDs to higher-level virtual block devices. It is the basis for the Logical Volume Manager (LVM), Linux software RAIDs and dm-crypt encryption, and provides additional features such as file system snapshots.

However, the use of Device Mapper targets is not limited to that. Many other targets offer often unknown features. Most of these are intended for production use. However, there are also some targets designed specifically for debugging.

In this talk, Werner gives a full overview of all Device Mapper targets.

For production use these are: dm-cachd, dm-clone, dm-crypt, dm-ebs, dm-era, dm-integrity, dm-linear, dm-mirror, dm-raid, dm-stripe, dm-switch, dm-thin, dm-unstripe, dm-verity, dm-vdo, dm-writecache and dm-zoned.

For debugging: dm-delay, dm-dust, dm-flakey and dm-zero.

He also briefly shows drbd, md (RAID) and bcache, which, like device mapper targets, can work as devices "on top" of normal block devices.

While containers provide isolation for CPU cycles and memory capacity, they offer limited protection against performance interference through shared CPU caches and memory bandwidth. Such contention was shown to increase application response times by 4-13x. The Linux resctrl infrastructure provides monitoring and control mechanisms, but has limitations for controlling real-world applications.

For example, child processes do not inherit their parent's resctrl groups, leaving any application that forks improperly monitored and controlled. Additionally, the current filesystem-based interface makes it difficult to build a controller that can monitor and adjust quickly enough to keep up with frequently changing application memory behavior.

This talk introduces the memory interference problem and presents new kernel mechanisms to address these limitations. A new collector enables effective control by capturing per-container measurements of cache and memory bandwidth usage at millisecond frequencies. We'll cover how the solution combines Intel RDT, AMD QoS, high-resolution timers, perf counters, and cgroups to achieve this. We'll discuss future work and opportunities for collaboration.

Modern NVME storage devices and networks present an opportunity to rethink how distributed file systems are built. NGNFS is designed to support high performance for the largest collections of data.

This talk decribes the key uses for this kind of file system, the high level design of NGNFS and gives an update on the progress of the project.

Since GNOME 48, users can now on a limited set of hardware configure battery health preservation by setting charge limits. This works by setting a start and stop charge limit to prevent trickle charging or always charging the last X% of the battery preventing unneeded wear when they are mostly used plugged in to external power.

In this talk the existing sysfs API is explained, its limitations and the implementation of a new API (charge_types) to support specific Dell laptops and move other laptops over from non-standard sysfs API's to a new API which applications like UPower will use to offer battery health preservation to more models.

In this 10-minute talk, I will dive into the often-overlooked world of Linux kernel performance, focusing on Hard IRQs and Soft IRQs. These two types of interrupt handling play a critical role in system efficiency and responsiveness, yet many developers are unaware of their inner workings. I will explore the fundamental differences between Hardirqs and Softirqs, their impact on CPU scheduling, and how they influence real-time performance. By the end of the session, attendees will have a clearer understanding of how these mechanisms work behind the scenes, and how to optimize applications for better performance.

This talk offers a gentle and practical introduction to eBPF as a powerful framework for Linux and network observability. We’ll walk through real scenarios—like tracing incoming packets, measuring syscall latency, and visualizing kernel behavior using tools like bpftrace and bcc.

While often seen as advanced, eBPF is surprisingly accessible. You don’t need deep kernel knowledge or C programming skills to start using it. Whether you're a developer, sysadmin, or just curious about how Linux works under the hood, this talk shows how eBPF can make observability approachable and even fun.

We'll focus on how eBPF helps answer complex performance and debugging questions in a modern, efficient, and safe way—turning opaque system behavior into actionable insights using just the command line and some well-crafted trace scripts.

A major concern of a network connected application on an embedded platform is reducing any impact from high network traffic that is unrelated to the running application. Typically, this is called network broadcast storms and network attacks. Rate limiting packet ingress is a key strategy in preventing high processor bandwidth consumption caused by a network storm. In general, rate limiting packet ingress implies intentionally dropping packets. In order to setup ingress rate limiting, several different options are possible. These options include evaluating the tc Linux utility (e.g. tc qdisc), eBPF, or simply adjusting the Ethernet PHY link speed. A demonstration of these three options in action and how they can be used to prevent high-rate ingress traffic from causing negative processor impact will be showcased. A comparison of the impact from using tc and eBPF will also be discussed. The overall goal is to use these options to drop ingress packets in order to minimize ARM microprocessor bandwidth.

The Civil Infrastructure Platform (CIP) project continues to advance Industrial Grade Linux for mission-critical systems requiring long-term reliability, security, and regulatory alignment. This talk will provide the latest updates across CIP’s core activities. We’ll begin with progress on the next Super Long-Term Support (SLTS) CIP kernel based on Linux 6.12, designed to offer a robust foundation for products with extended life cycles.

Then, we’ll cover CIP Security Working Group activities, including alignment with IEC 62443-4. Following successful 4-1 process conformance in 2024, efforts now focus on meeting the technical requirements of 4-2. These activities not only support industry best practices but also lay groundwork for compliance with the EU Cyber Resilience Act (CRA). We will also share updates from the Software Update Working Group, which is integrating The Update Framework (TUF) to ensure secure and reliable updates for embedded systems. Finally, we will highlight contribution trends and point to resources for developers and companies looking to engage with CIP and help shape secure, sustainable Linux-based critical infrastructure.