Friday, 19 July 2019 10:27

CPU vulnerability mitigations keeping Linux devs busy: SUSE's Pavlík Featured

Vojtěch Pavlík: "The success of ARM in the server space is indeed impeded by the lack of affordable, fast, and ubiquitous developer platform – in other words a workstation that could be the low-entry barrier into development for ARM." Vojtěch Pavlík: "The success of ARM in the server space is indeed impeded by the lack of affordable, fast, and ubiquitous developer platform – in other words a workstation that could be the low-entry barrier into development for ARM." Courtesy SUSE

A veteran Linux kernel developer at Germany-based SUSE says the one thing that keeps him and his team busy these days is CPU vulnerability mitigations.

Vojtěch Pavlík, the director of SUSE Labs and a vice-president of the company, told iTWire during an interview that one of the vulnerabilities, Meltdown, needed a rework of the x86 and x86-64 address space layouts on x86.

"And after that, the speculative execution of modern CPUs is simply a gift that keeps giving: There are new vulnerabilities to work around every few months," he said.

"Unlike new development, these affect all stable branches and need to be backported across the board, so they've kept not just the SUSE teams, but the kernel community at large quite busy."

Pavlík, one of the top kernel developers worldwide, said other kernel developments like more support for new architectures, drivers, graphics, devices, improvements in i/o and networking efficiency, better scheduling, memory management, and features in filesystems was all quite gradual.

"There isn't a single big highlight I could point out without it feeling arbitrary," he said, when asked whether anything akin to live-patching - announced in 2014 - had been developed recently.

Asked about a statement made earlier this year by Linux creator Linus Torvalds, that the ARM platform would never succeed as a development platform in the way x86 had, Pavlík said he was in full agreement.

"I have to absolutely agree with Linus – the stories of the PC displacing large RISC servers and mainframes, of Windows winning over Unix, or the story of Linux taking over the server space today are all good examples of how the ease of access to developers shapes what's used for the 'real workloads'," he said.

pavlik big

Vojtěch Pavlík: "Chameleons eat bugs for breakfast." Courtesy SUSE

"I've seen the same with one SUSE product – SLE RT, our real-time offering. While admittedly a niche product, what makes it competitive is that developers can combine it with workstation extensions to be able to develop RT software right there on their desktop and then deploy the same on the final RT platform - either small or huge.

"The success of ARM in the server space is indeed impeded by the lack of affordable, fast, and ubiquitous developer platform – in other words, a workstation that could be the low-entry barrier into development for ARM. There is the Raspberry Pi, but it only meets the 'ubiquitous' criterion. Fortunately for ARM, Linux is cross-platform and hides most of the differences, so the disadvantage isn't as big as it was with PC vs. RISC. For many users it could indeed be that the instruction set doesn't matter after all."

Pavlík said the fact that IBM had swallowed up Red Hat meant that SUSE was now the biggest independent open source company. "It did shift the balance in the enterprise Linux world and made SUSE the largest independent open source vendor. And when it comes to operating systems, not being bound to a particular hardware vendor does matter. In a way, it helps reinforce the SUSE "Open open source company" message," he added.

"From the kernel development point of view, we rely on tight collaboration with all kernel contributors, including Red Hat and have to wish them the best success in the new environment."

Asked about what had made him retain his love of working on Linux, Pavlík mentioned his 2005 decision to accept the role of director or SUSE Labs that meant he had taken a step away from personally contributing to development and towards enabling others to work on Linux instead.

"It was a good choice – SUSE Labs has been my passion since, building a team and environment for Linux hackers, great Linux minds to work and create great things," he said.

"That team has grown over the years: from a handful, to roughly a hundred today. And with me becoming a VP at SUSE, I'm also responsible for most of SUSE Linux Enterprise and our third-level support team now."

Pavlík said one of the bigger projects he was trying to get off the ground was SUSE's Developer Program.

"While many consider an operating system like SLES or openSUSE boring and a commodity these days and focus on the higher layers of the stack, I do believe that there is still a lot to be done to make it easier and more comfortable to use for developers of those higher layers, all the way to the end application," he said.

"We're back at Linus' argument: It's developers that shape the future of computing."

The huge community momentum behind Linux would keep it ahead of other development platforms, Pavlík opined.

"It's not any of the technical features. I have to circle back to Linus' argument. It's a solid base, high performing, affordable, ubiquitous, and easy to modify for a specific use case. It has a huge community momentum behind it. And it's evolving to meet changing needs."

He said what he liked about SUSE was "the people, the atmosphere, where everyone in development, without asking, dives in to resolve every issue, to create the best possible Linux, Open Stack, Ceph, or Kubernetes container platform".

While SUSE was no longer in the forefront of contributing lines of code or making commits to the kernel, Pavlík said it was the number one bug fixer. "Chameleons eat bugs for breakfast," he said, in a jocular reference to the SUSE mascot.

As to the downside of working at SUSE, he said: "Over the years, we went through several acquisitions. And each one of them has made us more efficient, a well-oiled machine for producing and supporting a Linux distribution."

SUSE was bought by Novell in 2003, after which Novell was bought by Attachmate. The UK firm Micro Focus then acquired SUSE before it was bought by its present owner, the Swedish equity firm, EQT.

Said Pavlík: "And now it hurts a little to stretch those muscles in different ways, and become more flexible in addressing the needs that the market brings our way, deliver a broader range of products and start changing the perception of what even the base operating system could be."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments