Open Source Summit Europe 2025

Linux’s current writeback infrastructure, while robust, was designed before large folios, CXL-tiered memory, and AI workloads demanding low-latency, high-throughput I/O. Today, workloads like RAG pipelines using vector databases with buffered I/O, and memory tiering on CXL, are exposing scalability limits in how the kernel handles writeback.

This talk presents a forward-looking view on evolving Linux’s writeback model. We’ll explore how the single-threaded design stalls page migration and reduces memory compaction effectiveness—affecting hugepage allocations and folio movement across memory tiers, contributing to fragmentation. On the storage side, parallelizing writeback improves throughput and responsiveness under dirty-page pressure, especially for sustained-write workloads with large memory footprints on High capacity SSDs.

We’ll also touch on early experiments within the kernel community, including efforts to make writeback more filesystem-geometry aware and parallelize it based on overwrites/new allocations.

This session invites open source community to reimagine writeback as a scalable, performance-critical component in Linux.

In the area of Linux-based real-time applications, PREEMPT_RT has become a widely embraced solution. However, it's not the only path to achieving real-time characteristics. Xenomai, utilizing a dual-kernel approach, presents a compelling alternative that merits consideration.

In this session, Richard will delve into the Xenomai project, highlighting its unique architecture and the scenarios where it excels over PREEMPT_RT and where not. Participants will gain a comprehensive understanding of how to deploy Xenomai in real-world applications through step-by-step examples.

This talk is designed not only to introduce attendees to the fundamental concepts of Xenomai but also to equip them with practical skills for implementing their own real-time solutions using this framework. Whether you’re a developer seeking to expand your toolkit or a system architect exploring different real-time options, this presentation will provide valuable insights into a versatile and powerful alternative to the conventional PREEMPT_RT route.

eBPF enables efficient tracing and monitoring of modern Linux systems. However, tools in the BCC (BPF Compiler Collection) are primarily designed for standalone use, making it challenging to adopt them directly in real-time, streaming-based observability systems.

This talk introduces a practical approach to extending BCC tools for use as data sources in system monitoring pipelines. I demonstrate an architecture that transforms BCC output into time-series data by integrating with InfluxDB, and visualizes the data using Grafana. This enables real-time tracking of kernel and user-space events such as memory allocation over time.

I also explore enhancements to existing BCC tools, such as adding options to output data in time-series–friendly formats (e.g., InfluxDB’s line protocol), enabling easier ingestion by monitoring agents. These modifications help bridge the gap between raw eBPF observability and modern telemetry systems, without compromising BCC’s standalone usability. GitHub PR (https://github.com/iovisor/bcc/pull/5281) demonstrate these improvements.

Attendees will learn to leverage BCC tools for real-time insights and contribute enhancements for broader monitoring use cases.

This talk chronicles my journey of troubleshooting a Linux kernel issue on a budget Intel GeminiLake-based Chinese mini-laptop. What began as a simple hardware purchase escalated into a two-month deep dive into the i915 GPU driver when the display mysteriously went blank during initialization.

I'll walk through the systematic troubleshooting approach: isolating the issue to the i915 driver, identifying the kernel configuration options triggering the problem, and developing a practical patch that bypasses problematic GPIO pin activation sequences. Along the way, I'll share surprising discoveries about hardware compatibility, kernel development complexity, and the limitations of AI tools when facing real-world Linux challenges.

This presentation is designed for Linux enthusiasts and IT professionals curious about kernel troubleshooting. Attendees will leave with practical knowledge about GPU driver internals, confidence that such issues are solvable without specialized expertise, and inspiration to tackle their own hardware compatibility challenges.

The DevRel Foundation is a vendor-neutral initiative aimed at building shared understanding, resources, and best practices to elevate the professional practices of developer relations across industries. In response to recent challenges, including industry layoffs and the evolving landscape of DevRel roles, the foundation has established working groups to tackle pressing issues such as metrics and reporting, career support, and resource aggregation. This session offers attendees the opportunity to connect with thought leaders in the DevRel Foundation community, engage in discussions about current challenges, and explore ways to get involved in shaping the future of the developer relation foundation. Key questions to explore include: What strategies can showcase the return on investment of DevRel initiatives to stakeholders? What skills are becoming important in the evolving DevRel landscape, and how can professionals acquire them? How can engaging with the DevRel Foundation’s working groups enhance your career?

The final output will result in a report capturing the roundtable's insights and recommendations authored by the attendees, hosted under Developer Relations' Foundation GH organization under CC-BY 4.0.

Data races in the Linux kernel can lead to unpredictable behavior, silent data corruption, and severe security vulnerabilities. In this session, we’ll explore how concurrency works in the kernel, explain the root causes of kernel data races, and illustrate how they can silently destabilize entire systems.

We’ll then dive into the Kernel Concurrency Sanitizer (KCSAN), a specialized tool that helps developers detect data races in kernel code. You’ll learn how KCSAN differs from user-space tools like ThreadSanitizer (TSan), understand its dynamic instrumentation approach, and see how to read typical race reports. We’ll also discuss best practices for preventing kernel data races: consistent use of spinlocks, mutexes, atomics, and lock ordering conventions.

By the end of this talk, you’ll grasp the core challenges of concurrency in the Linux kernel, know how to spot and diagnose data races using KCSAN, and walk away with proven techniques for keeping kernel code race-free and reliable.

Currently, THP policies are used globally, for the entire system. This leads to memory fragmentation and memory waste. Main memory has increased a lot faster than TLB entries, and it will continue to do so. Given the limited TLB cache entries, this becomes a serious bottleneck for real world applications. Huge pages are supposed to resolve this issue, since the a single entry in the TLB can map a big chunk of memory. However, this eventually leads to memory fragmentation and eventually the system runs out of usable memory. Hence, most sysadmins and user space application suggest to disable huge pages

We introduce a hybrid page mechanism where hot applications can use huge pages transparently, while avoiding the entire system to use huge pages.

During the talk, we will show how we managed to decrease the huge page consumption as well as benchmarks on real applications.

Lockdep is a tool in the Linux kernel designed to detect potential deadlocks by tracking the order in which locks are acquired. However, deadlocks can occur not only due to incorrect lock acquisition order, but also from waits that cannot be resolved. For more effective deadlock detection, it is crucial to track the waits and events themselves, rather than focusing on lock acquisition order. This is where DEPT (DEPendency Tracker) comes in. DEPT accurately identifies conditions that can lead to deadlocks by tracking waits and events. Let me introduce DEPT and explain how it works.

[limitation of lockdep] https://lore.kernel.org/lkml/6383cde5-cf4b-facf-6e07-1378a485657d@I-love.SAKURA.ne.jp/

[dept playing role in practice] https://lore.kernel.org/lkml/1674268856-31807-1-git-send-email-byungchul.park@lge.com/

[dept series] https://lore.kernel.org/all/20240508094726.35754-1-byungchul@sk.com/

As technologies evolve, so must Linux. Flexible Data Placement (FDP) is a new storage capability that gives the host more influence over the physical data layout—crucial for improving performance, usable space, and overall energy efficiency.

While initial Linux support was possible through an io_uring-driven passthrough interface, many real-world deployments require block and file path support, as well as collaboration across the I/O stack.

This talk will present the current state in Linux, dive into key design decisions, and walk through how both block and file I/O paths are being adapted to better take advantage of data placement. Expect discussion around the use of per-file and extended per-I/O interfaces that involve io_uring, filesystems, the block layer, and the NVMe driver.

Whether you are developing filesystems, optimizing performance tools, or are simply curious about how Linux keeps up with evolving hardware, this presentation offers a glimpse into the next stage of I/O evolution with deeper software–hardware coordination.

Creating complete, machine-readable SBOMs in standardized formats can be a significant burden for many open source projects, especially for resource-constrained, large integration efforts, projects dealing with complex dependencies, etc. Detection of undeclared dependencies and unwanted snippets is one of their main challenges.

This talk introduces osskb.org, a free of charge service by the Software Transparency Foundation (STF) designed to make accurate open source scanning accessible to all. Integrated as a back-end already by popular open source tools like FOSSology, ORT, FOSSLight, scanoos.py, or Theia, OSSKB.org detects open source files and code snippets against one of the largest open source knowledge bases, providing license information and without compromising user privacy.

The session will address key questions about STF's mission, governance and shareholders, it will walk attendees through the open source technologies behind osskb.org, and will demo how OSSKB.org works integrated with popular compliance tools and with pipelines.

When implementing Zero Trust there is no one size fits all solution. The complexity of understanding the principles of Zero Trust and mapping them to a given technology stack have inhibited widespread adoption. Reasoning about system properties against any framework or criteria, and the corresponding adoption paths to achieve increasing maturity is always a challenge, especially for organisations relying on open source technologies.

By leveraging the Open Security Controls Assessment Language (OSCAL) controls and processes along with existing Red Hat compliance frameworks we aim to simplify Zero Trust compliance and maturity assessment while signposting the steps to improving Zero Trust maturity.

Attendees will walk away with an understanding of Zero Trust, how automated compliance can benefit their measurement and implementation of Zero Trust objectives, and open source efforts to streamline the assessment process.

Step into a world where your code and supply chain is not just defended but dynamically shielded against digital adversaries. "Proactive Protection: Unleashing AI for Digital Fortification" immerses you in a riveting exploration of cutting-edge security tactics. Through captivating narratives and interactive simulations, delve into AI's transformative role in anticipating and neutralizing vulnerabilities before they strike. Discover how predictive algorithms, automated response mechanisms, and real-time threat intelligence converge to create a proactive defense ecosystem that adapts and evolves with your digital assets.

By the session's end, arm yourself with actionable strategies to infuse AI-driven resilience into your codebase and supply chain, ensuring a fortified digital frontier against ever-evolving cyber threats.

As a consultancy working at the heart of the open-source ecosystem, Collabora operates in a landscape defined by constant change—technologically, economically, and organizationally. In this talk, we’ll explore how you can build operational resilience through intentional risk management, agile resource planning, and a deep understanding of the unique dynamics of working in this field.

We’ll look at how to balance the unpredictability of client pipelines, evolving upstream projects, and distributed collaboration with the need for sustainable business practices and delivery reliability. Drawing on principles of adaptive planning and lightweight risk frameworks, this session will offer practical approaches to identifying vulnerabilities, allocating resources effectively, and maintaining agility without losing focus.

Whether confronting fluctuating demand, evolving stakeholder landscapes, or macroeconomic uncertainty, open-source consultancies must rely on principles rather than predictions. This talk frames operational resilience as an emergent property of adaptive systems—rooted in flexibility, decentralization, and continuous feedback.

Heading to your annual checkup, you're anxious. Your abandoned gym routine and poor eating habits have left you with elevated sodium levels and unwanted weight gain. Last year's choices could have yielded better health outcomes, but now you face the consequences. Your organization faces similar health risks in its digital ecosystem. During your transformation, have you thoroughly examined your SDLC? Are your systems truly resistant to sophisticated attacks? Could unauthorized licenses be silently compromising your products from within? Effective protection mechanisms exist to safeguard your software supply chain throughout this critical transition.

Join Dan as he covers how to address software supply chain security to keep your organization healthy. Topics covered will include:

- Taking your software supply chain's vital signs with comprehensive security audits

- Diagnosing AI-related vulnerabilities before they become chronic conditions

- Cutting out harmful dependencies while strengthening your codebase's immune system

- Developing a healthy dependency management lifestyle for long-term organizational wellness

Don't let poor digital health decisions compromise your business.