Re: [PATCH] Support non-fPIC shared objects
Good news, can we support NON-fPIC elf executable binary ?
在 2018年10月25日星期四 UTC+8上午6:10:09,Waldek Kozaczuk写道:
>
> This patch enhances ELF dynamic loader to support position
> dependent shared libraries. It does it by detecting presence
> of DT_TEXTREL marker and temporarilily making PT_LOAD sections
> writable so that corresponding references in code get updated
> to point to correct addresses in memory. Eventually it fixes
> permissions of PT_LOAD sections to make it non-writable.
>
> This patch most notably allows to run GraalVM generated
> Java apps.
>
> Fixes #1004
>
> Signed-off-by: Waldemar Kozaczuk >
> ---
> core/elf.cc| 47 +++---
> include/osv/elf.hh | 5 -
> modules/tests/Makefile | 9 +++-
> tests/misc-non-fpic.cc | 13
> tests/tst-run.cc | 3 +++
> 5 files changed, 68 insertions(+), 9 deletions(-)
> create mode 100644 tests/misc-non-fpic.cc
>
> diff --git a/core/elf.cc b/core/elf.cc
> index b0e3c1aa..c0dfbbb9 100644
> --- a/core/elf.cc
> +++ b/core/elf.cc
> @@ -325,13 +325,7 @@ void file::load_segment(const Elf64_Phdr& phdr)
> ulong filesz = align_up(filesz_unaligned, mmu::page_size);
> ulong memsz = align_up(phdr.p_vaddr + phdr.p_memsz, mmu::page_size) -
> vstart;
>
> -unsigned perm = 0;
> -if (phdr.p_flags & PF_X)
> -perm |= mmu::perm_exec;
> -if (phdr.p_flags & PF_W)
> -perm |= mmu::perm_write;
> -if (phdr.p_flags & PF_R)
> -perm |= mmu::perm_read;
> +unsigned perm = get_segment_mmap_permissions(phdr);
>
> auto flag = mmu::mmap_fixed | (mlocked() ? mmu::mmap_populate : 0);
> mmu::map_file(_base + vstart, filesz, flag, perm, _f,
> align_down(phdr.p_offset, mmu::page_size));
> @@ -354,6 +348,11 @@ bool object::mlocked()
> return false;
> }
>
> +bool object::has_non_writable_text_relocations()
> +{
> +return dynamic_exists(DT_TEXTREL);
> +}
> +
> Elf64_Note::Elf64_Note(void *_base, char *str)
> {
> Elf64_Word *base = reinterpret_cast(_base);
> @@ -468,8 +467,24 @@ void object::unload_segments()
> }
> }
>
> +unsigned object::get_segment_mmap_permissions(const Elf64_Phdr& phdr)
> +{
> +unsigned perm = 0;
> +if (phdr.p_flags & PF_X)
> +perm |= mmu::perm_exec;
> +if (phdr.p_flags & PF_W)
> +perm |= mmu::perm_write;
> +if (phdr.p_flags & PF_R)
> +perm |= mmu::perm_read;
> +return perm;
> +}
> +
> void object::fix_permissions()
> {
> +if(has_non_writable_text_relocations()) {
> +make_text_writable(false);
> +}
> +
> for (auto&& phdr : _phdrs) {
> if (phdr.p_type != PT_GNU_RELRO)
> continue;
> @@ -482,6 +497,20 @@ void object::fix_permissions()
> }
> }
>
> +void object::make_text_writable(bool flag)
> +{
> +for (auto&& phdr : _phdrs) {
> +if (phdr.p_type != PT_LOAD)
> +continue;
> +
> +ulong vstart = align_down(phdr.p_vaddr, mmu::page_size);
> +ulong memsz = align_up(phdr.p_vaddr + phdr.p_memsz,
> mmu::page_size) - vstart;
> +
> +unsigned perm = get_segment_mmap_permissions(phdr);
> +mmu::mprotect(_base + vstart, memsz, flag ? perm |
> mmu::perm_write : perm);
> +}
> +}
> +
> template
> T* object::dynamic_ptr(unsigned tag)
> {
> @@ -600,6 +629,10 @@ symbol_module object::symbol_other(unsigned idx)
>
> void object::relocate_rela()
> {
> +if(has_non_writable_text_relocations()) {
> +make_text_writable(true);
> +}
> +
> auto rela = dynamic_ptr(DT_RELA);
> assert(dynamic_val(DT_RELAENT) == sizeof(Elf64_Rela));
> unsigned nb = dynamic_val(DT_RELASZ) / sizeof(Elf64_Rela);
> diff --git a/include/osv/elf.hh b/include/osv/elf.hh
> index 5449f98f..19b24eec 100644
> --- a/include/osv/elf.hh
> +++ b/include/osv/elf.hh
> @@ -177,7 +177,7 @@ enum {
> DT_PLTREL = 20, // d_val Type of relocation entry used for the
> procedure linkage
>// table. The d_val member contains either DT_REL or DT_RELA.
> DT_DEBUG = 21, // d_ptr Reserved for debugger use.
> -DT_TEXTREL = 22, // ignored The presence of this dynamic table entry
> signals that the
> +DT_TEXTREL = 22, // The presence of this dynamic table entry signals
> that the
>// relocation table contains relocations for a non-writable
>// segment.
> DT_JMPREL = 23, // d_ptr Address of the relocations associated with
> the procedure
> @@ -367,6 +367,8 @@ protected:
> virtual void unload_segment(const Elf64_Phdr& segment) = 0;
> virtual void read(Elf64_Off offset, void* data, size_t len) = 0;
> bool mlocked();
> +bool has_non_writable_text_relocations();
> +unsigned get_segment_mmap_permissions(const Elf64_Phdr& phdr);
> private:
> Elf64_Sym* lookup_symbol_old(const char* name);
> Elf64_Sym*
Re: Did anybody use OSv in the production ?
在 2018年10月3日星期三 UTC+8上午5:48:49,Waldek Kozaczuk写道: > > Hi, > > Honestly I do not know for certain who uses OSv in production. Based on > what I saw on this emailing list there are some people running Erlang apps > on OSv. I also think that Spirent might be using it as part of their > CloudStress platform. > > In any case if you are planning to deploy apps on OSv I would suggest to > use MikelAngelo capstan - https://github.com/mikelangelo-project/capstan, > https://www.mikelangelo-project.eu/2017/08/the-art-of-preparing-osv-packages/ > - which allows creating OSv images ala Docker-compose-style. > > Additionally you can run OSv on Kubernetes cluster (which I have not tried > myself) - > https://www.mikelangelo-project.eu/2017/08/the-art-of-preparing-osv-packages/ > - using virtlet (https://github.com/Mirantis/virtlet) or kubevirt ( > https://github.com/kubevirt/kubevirt). I believe the mikelangelo demo > uses virtlet but OSv should run on kubevirt in theory as well. > > Thanks for reply. Anyway I am trying to find a way to let OSv to compatibility with current OCI docker image, not let user to rebuild a OSv image. Because OCI image can use docker/overlay mechanism, which make the common layer can be shared without multiple containers. But using OSv image(like qcow2), common part cannot be shared, memory and disk cannot be saved. And I am be afraid of using capstan will cause to incompatibility with OCI docker image. Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月21日星期五 UTC+8下午1:11:40,Roman Shaposhnik写道: > > On Thu, Sep 20, 2018 at 10:00 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月21日星期五 UTC+8上午1:59:50,Roman Shaposhnik写道: > >> > >> On Thu, Sep 20, 2018 at 5:10 AM, Qixuan Wu wrote: > >> > > >> > > >> > 在 2018年9月19日星期三 UTC+8下午12:44:54,Roman Shaposhnik写道: > >> >> > >> >> On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu > wrote: > >> >> > > >> >> > > >> >> > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > >> >> >> > >> >> >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu > >> >> >> wrote: > >> >> >> > > >> >> >> > > >> >> >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> >> >> >> > >> >> >> >> > >> >> >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > > >> >> >> >> wrote: > >> >> >> >>> > >> >> >> >>> Hi all, > >> >> >> >>> > >> >> >> >>>We have some requirement to support standard docker OCI > >> >> >> >>> image. > >> >> >> >>> > >> >> >> >>>Currently OSv did not support 9pfs. Anyone are thinking of > >> >> >> >>> this > >> >> >> >>> or > >> >> >> >>> not > >> >> >> >>> ? > >> >> >> >> > >> >> >> >> > >> >> >> >> Supporting 9p and virtfs has been on our wishlist for quite > some > >> >> >> >> time > >> >> >> >> (see > >> >> >> >> https://github.com/cloudius-systems/osv/issues/210) but > nobody is > >> >> >> >> actively > >> >> >> >> working on it. > >> >> >> > > >> >> >> > > >> >> >> > This is a very important feature. If we can do it, it will be > easy > >> >> >> > can > >> >> >> > support the compatibility with the OCI docker image. Some > docker > >> >> >> > container > >> >> >> > can securely run inside OSv. That we can call it is another > secure > >> >> >> > container > >> >> >> > solution, like kata container, gVisor. > >> >> >> > >> >> >> FWIW: I was looking to prototype 9pfs support for a hackathon > back > >> >> >> in > >> >> >> 2014. > >> >> >> It looked pretty manageable, frankly. Not sure I can help with > >> >> >> coding > >> >> >> it up again, > >> >> >> but I can definitely help with whatever else may be needed. > >> >> > > >> >> > > >> >> > I am searching the virtfs/9p source code from linux or some bsd > code. > >> >> > But seems freebsd/netbsd still not support it. I only want the > >> >> > client, > >> >> > because qemu > >> >> > has the server already. > >> >> > > >> >> > Do you have any some suggestion for the code from where to port ? > >> >> > >> >> If what I think you're trying to do is, indeed, what you are > actually > >> >> trying > >> >> to do, I'd look here: https://lwn.net/Articles/716582/ > >> >> > >> >> Thanks, > >> >> Roman. > >> >> > >> >> P.S. Stefano is a good friend of mine -- so if that content seems > >> >> useful > >> >> to you I can do a direct intro. > >> > > >> > > >> > I think I will make the NFS (and + vsock later) as the rootfs now. > >> > Because > >> > 9p protocal and the code is too old, and maybe nobody want to > maintain > >> > it. > >> > NFS is very popular now. > >> > >> I tend to disagree. This is how we ended up implementing Docker support > >> for Xen (which I think is very close to your usecase for OSv -- at > >> least conceptually): > >> > >> > https://github.com/rkt/stage1-xen/blob/master/build/fedora/RUNNING_STAGE1_XEN.md > > > > > > > I saw it's already implement the 9pfs in the link > > Why you tend to disagree to implement docker support of OSv? > > I don't. I disagreed with your assumption that "Because 9p protocal and > the > code is too old, and maybe nobody want to maintain it." > Sorry, maybe the description is not correct. What I saw is many people is developing other solution like nfs/vsock or FUSE_over_virtio on kata container, they are abandoning 9pfs. So maybe it's not worth porting 9pfs with so much efforts. Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Did anybody use OSv in the production ?
Hi All, We are trying to look for the scenario in which OSv can be used. Is anybody using or preparing to use OSv ? We can discuss and share some experiences. Anything is welcome. Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
How to test the schedule latency?
Hi All, I saw the paper, it said schedule latency is less than linux thread, about 328ns. Guest OS Colocated Apart Linux 905 ns 13148 ns OSv 328 ns 1402 ns Anyone can tell where is the test case code ? Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月29日星期六 UTC+8上午3:37:00,Roman Shaposhnik写道: > > On Thu, Sep 27, 2018 at 5:42 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月21日星期五 UTC+8下午1:11:40,Roman Shaposhnik写道: > >> > >> On Thu, Sep 20, 2018 at 10:00 PM, Qixuan Wu wrote: > >> > > >> > > >> > 在 2018年9月21日星期五 UTC+8上午1:59:50,Roman Shaposhnik写道: > >> >> > >> >> On Thu, Sep 20, 2018 at 5:10 AM, Qixuan Wu > wrote: > >> >> > > >> >> > > >> >> > 在 2018年9月19日星期三 UTC+8下午12:44:54,Roman Shaposhnik写道: > >> >> >> > >> >> >> On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu > >> >> >> wrote: > >> >> >> > > >> >> >> > > >> >> >> > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > >> >> >> >> > >> >> >> >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu > > >> >> >> >> wrote: > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > >> >> >> >> >> > >> >> >> >> >> wrote: > >> >> >> >> >>> > >> >> >> >> >>> Hi all, > >> >> >> >> >>> > >> >> >> >> >>>We have some requirement to support standard docker OCI > >> >> >> >> >>> image. > >> >> >> >> >>> > >> >> >> >> >>>Currently OSv did not support 9pfs. Anyone are thinking > of > >> >> >> >> >>> this > >> >> >> >> >>> or > >> >> >> >> >>> not > >> >> >> >> >>> ? > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> Supporting 9p and virtfs has been on our wishlist for quite > >> >> >> >> >> some > >> >> >> >> >> time > >> >> >> >> >> (see > >> >> >> >> >> https://github.com/cloudius-systems/osv/issues/210) but > nobody > >> >> >> >> >> is > >> >> >> >> >> actively > >> >> >> >> >> working on it. > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > This is a very important feature. If we can do it, it will > be > >> >> >> >> > easy > >> >> >> >> > can > >> >> >> >> > support the compatibility with the OCI docker image. Some > >> >> >> >> > docker > >> >> >> >> > container > >> >> >> >> > can securely run inside OSv. That we can call it is another > >> >> >> >> > secure > >> >> >> >> > container > >> >> >> >> > solution, like kata container, gVisor. > >> >> >> >> > >> >> >> >> FWIW: I was looking to prototype 9pfs support for a hackathon > >> >> >> >> back > >> >> >> >> in > >> >> >> >> 2014. > >> >> >> >> It looked pretty manageable, frankly. Not sure I can help with > >> >> >> >> coding > >> >> >> >> it up again, > >> >> >> >> but I can definitely help with whatever else may be needed. > >> >> >> > > >> >> >> > > >> >> >> > I am searching the virtfs/9p source code from linux or some bsd > >> >> >> > code. > >> >> >> > But seems freebsd/netbsd still not support it. I only want the > >> >> >> > client, > >> >> >> > because qemu > >> >> >> > has the server already. > &
Re: About OSv support for docker image using 9pfs
在 2018年9月20日星期四 UTC+8下午9:02:11,Nadav Har'El写道: > > > On Thu, Sep 20, 2018 at 3:10 PM Qixuan Wu > > wrote: > >> >> >> I think I will make the NFS (and + vsock later) as the rootfs now. >> > > Note that OSv already has an NFS client (you need to build it with > nfs=true). > > Yes, trying. :) Thanks Qixuan. > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月21日星期五 UTC+8上午1:59:50,Roman Shaposhnik写道: > > On Thu, Sep 20, 2018 at 5:10 AM, Qixuan Wu > wrote: > > > > > > 在 2018年9月19日星期三 UTC+8下午12:44:54,Roman Shaposhnik写道: > >> > >> On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu wrote: > >> > > >> > > >> > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > >> >> > >> >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu > wrote: > >> >> > > >> >> > > >> >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> >> >> > >> >> >> > >> >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > >> >> >> wrote: > >> >> >>> > >> >> >>> Hi all, > >> >> >>> > >> >> >>>We have some requirement to support standard docker OCI > image. > >> >> >>> > >> >> >>>Currently OSv did not support 9pfs. Anyone are thinking of > this > >> >> >>> or > >> >> >>> not > >> >> >>> ? > >> >> >> > >> >> >> > >> >> >> Supporting 9p and virtfs has been on our wishlist for quite some > >> >> >> time > >> >> >> (see > >> >> >> https://github.com/cloudius-systems/osv/issues/210) but nobody > is > >> >> >> actively > >> >> >> working on it. > >> >> > > >> >> > > >> >> > This is a very important feature. If we can do it, it will be easy > >> >> > can > >> >> > support the compatibility with the OCI docker image. Some docker > >> >> > container > >> >> > can securely run inside OSv. That we can call it is another secure > >> >> > container > >> >> > solution, like kata container, gVisor. > >> >> > >> >> FWIW: I was looking to prototype 9pfs support for a hackathon back > in > >> >> 2014. > >> >> It looked pretty manageable, frankly. Not sure I can help with > coding > >> >> it up again, > >> >> but I can definitely help with whatever else may be needed. > >> > > >> > > >> > I am searching the virtfs/9p source code from linux or some bsd code. > >> > But seems freebsd/netbsd still not support it. I only want the > client, > >> > because qemu > >> > has the server already. > >> > > >> > Do you have any some suggestion for the code from where to port ? > >> > >> If what I think you're trying to do is, indeed, what you are actually > >> trying > >> to do, I'd look here: https://lwn.net/Articles/716582/ > >> > >> Thanks, > >> Roman. > >> > >> P.S. Stefano is a good friend of mine -- so if that content seems > useful > >> to you I can do a direct intro. > > > > > > I think I will make the NFS (and + vsock later) as the rootfs now. > Because > > 9p protocal and the code is too old, and maybe nobody want to maintain > it. > > NFS is very popular now. > > I tend to disagree. This is how we ended up implementing Docker support > for Xen (which I think is very close to your usecase for OSv -- at > least conceptually): > > https://github.com/rkt/stage1-xen/blob/master/build/fedora/RUNNING_STAGE1_XEN.md > > I saw it's already implement the 9pfs in the link Why you tend to disagree to implement docker support of OSv? Thanks Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: gvisor - google user-space kernel in go
在 2018年9月19日星期三 UTC+8下午9:25:15,Pekka Enberg写道: > > > > On Wed, Sep 19, 2018 at 4:18 AM, Qixuan Wu > wrote: > >> >>- claim to run unmodified Linux executable like OSv does >> >> gVisor can run the C application without recompiling, but application >> only can run on OSv with recompiling. >> > > OSv is quite capable of running unmodified Linux executables, as long as > they use the subset of Linux ABI OSv actually supports (IOW, no fork(), for > example). > > But application need to be recompiled on OSv, it's better to support to be without recompiling. Thanks & Regards Qixuan -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8下午12:44:54,Roman Shaposhnik写道: > > On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > >> > >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu wrote: > >> > > >> > > >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> >> > >> >> > >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > wrote: > >> >>> > >> >>> Hi all, > >> >>> > >> >>>We have some requirement to support standard docker OCI image. > >> >>> > >> >>>Currently OSv did not support 9pfs. Anyone are thinking of this > or > >> >>> not > >> >>> ? > >> >> > >> >> > >> >> Supporting 9p and virtfs has been on our wishlist for quite some > time > >> >> (see > >> >> https://github.com/cloudius-systems/osv/issues/210) but nobody is > >> >> actively > >> >> working on it. > >> > > >> > > >> > This is a very important feature. If we can do it, it will be easy > can > >> > support the compatibility with the OCI docker image. Some docker > >> > container > >> > can securely run inside OSv. That we can call it is another secure > >> > container > >> > solution, like kata container, gVisor. > >> > >> FWIW: I was looking to prototype 9pfs support for a hackathon back in > >> 2014. > >> It looked pretty manageable, frankly. Not sure I can help with coding > >> it up again, > >> but I can definitely help with whatever else may be needed. > > > > > > I am searching the virtfs/9p source code from linux or some bsd code. > > But seems freebsd/netbsd still not support it. I only want the client, > > because qemu > > has the server already. > > > > Do you have any some suggestion for the code from where to port ? > > If what I think you're trying to do is, indeed, what you are actually > trying > to do, I'd look here: https://lwn.net/Articles/716582/ > > Thanks, > Roman. > > P.S. Stefano is a good friend of mine -- so if that content seems useful > to you I can do a direct intro. > I think I will make the NFS (and + vsock later) as the rootfs now. Because 9p protocal and the code is too old, and maybe nobody want to maintain it. NFS is very popular now. Thanks Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: gvisor - google user-space kernel in go
在 2018年9月20日星期四 UTC+8下午4:03:45,Nadav Har'El写道: > > > On Thu, Sep 20, 2018 at 10:06 AM, Pekka Enberg > wrote: > >> >> >> On Thu, Sep 20, 2018 at 9:29 AM, Qixuan Wu > > wrote: >> >>> >>> >>> 在 2018年9月19日星期三 UTC+8下午9:25:15,Pekka Enberg写道: >>>> >>>> >>>> >>>> On Wed, Sep 19, 2018 at 4:18 AM, Qixuan Wu wrote: >>>> >>>>> >>>>>- claim to run unmodified Linux executable like OSv does >>>>> >>>>> gVisor can run the C application without recompiling, but application >>>>> only can run on OSv with recompiling. >>>>> >>>> >>>> OSv is quite capable of running unmodified Linux executables, as long >>>> as they use the subset of Linux ABI OSv actually supports (IOW, no fork(), >>>> for example). >>>> >>>> But application need to be recompiled on OSv, it's better to support to >>> be without recompiling. >>> >> >> No, OSv does _not_ require applications to be recompiled. What makes you >> think it does? >> >> OSv implements a subset of the Linux system call ABI and has a built-in >> ELF loader and linker. This allows OSv to run *unmodified* Linux binaries. >> > > I think Qixuan may be referring to the fact that OSv today can only run > position-independent executables (shared objects and PIE), and nor > "regular" position-dependent executables, > which causes us in many applications in apps/ to modify the Makefile to > add "-shared", "-pie", or something like that, requiring recompilation. > > However, Qixuan, the interesting thing to note that an application that > already has been compiled as shared object or PIE, can often run on OSv > completely unmodified. > > Shared objects are particularly common in case of runtime environments, > such as Java or Python, where even on Linux, the majority of the code is a > shared object, which we can copy as-is into OSv without any recompilation, > and there is just a 20-line front-end executable which, perhaps, needs to > be recompiled (this is exactly our situation with Java and Python). > Shared objects are also common, of course, as shared libraries. So even if > you do need to recompile part of your code, you most certainly don't need > to recompile the dozen shared libraries your code needs and you can just > copy as-is into the OSv image, which saves a huge amount of porting work. > > PIE instead of classic position-dependent executables are becoming popular > on some Linux distributions because of their security benefits, so if you > find one, you can try running it on OSv unmodified. Note, however, that > there are some open bugs which may prevent them from working correctly: > https://github.com/cloudius-systems/osv/issues/689, > https://github.com/cloudius-systems/osv/issues/352 > > Finally, there is no real reason why OSv shouldn't be able to run *one* > position-dependent Linux executable. It will just need some more coding. > There's an open issue about it: > https://github.com/cloudius-systems/osv/issues/190 > Yes, correct, what I mean is that classic position-dependent executables need to be recompiled as https://github.com/cloudius-systems/osv/issues/190 said. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About benchmark for scheduler and memory
在 2018年9月20日星期四 UTC+8上午6:12:57,Waldek Kozaczuk写道: > > Adding Justin from XLabs as he may have ran more performance tests against > OSv. > > Sent from my iPhone > > Thank you very much! Qixuan. > > On Sep 19, 2018, at 18:11, Waldek Kozaczuk > wrote: > > > > Not sure about lmbench but we have a memory testing app stream part of > apps repo - > https://github.com/cloudius-systems/osv-apps/tree/master/stream. > > > > Waldek > > > > -- > > You received this message because you are subscribed to a topic in the > Google Groups "OSv Development" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/osv-dev/CJqCTUaLtw0/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > osv-dev+u...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
About OSv support for docker image using 9pfs
Hi all, We have some requirement to support standard docker OCI image. Currently OSv did not support 9pfs. Anyone are thinking of this or not ? Thanks Qixuan Wu -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
HI, 在 2018年9月18日星期二 UTC+8下午8:24:48,Waldek Kozaczuk写道: > > Hi, > > Could you please be more specific? Do you want to run OSv in Docker or > Docker in OSv? > > Waldek > > On Tuesday, September 18, 2018 at 4:59:42 AM UTC-4, Qixuan Wu wrote: >> >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> >> Thanks >> Qixuan Wu >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
About benchmark for scheduler and memory
Hi all, Is anyone run some benchmark like lmbench inside OSv ? Then we can compare it with Linux and see the improvement detailed items. Thanks & Regards. Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > > > On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > wrote: > >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> > > Supporting 9p and virtfs has been on our wishlist for quite some time (see > https://github.com/cloudius-systems/osv/issues/210) but nobody is > actively working on it. > This is a very important feature. If we can do it, it will be easy can support the compatibility with the OCI docker image. Some docker container can securely run inside OSv. That we can call it is another secure container solution, like kata container, gVisor. Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
Hi Waldek: We have some different docker images or containers. Some images and containers are sharing some common layers. Currently, those are single process container with Java. And those java are loading other many jar tarballs. We cannot make all the tar files to be a qcow2 files. Then common layers cannot be shared within different type of containers. We hope each OSv can running each container like kata container. Each container can still merge all the layers using overlays. And pass the mount point to OSv by Virtfs/9p as the rootfs. Then common layers can be shared within different type of containers. And temporary file can also be saved in overlays. Thanks & Regards Qixuan. 在 2018年9月18日星期二 UTC+8下午8:24:48,Waldek Kozaczuk写道: > > Hi, > > Could you please be more specific? Do you want to run OSv in Docker or > Docker in OSv? > > Waldek > > On Tuesday, September 18, 2018 at 4:59:42 AM UTC-4, Qixuan Wu wrote: >> >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> >> Thanks >> Qixuan Wu >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: gvisor - google user-space kernel in go
- claim to run unmodified Linux executable like OSv does gVisor can run the C application without recompiling, but application only can run on OSv with recompiling. 在 2018年7月2日星期一 UTC+8上午2:38:48,Waldek Kozaczuk写道: > > Couple of days ago I attended a presentation by one of the Google > engineers at QCon Ny. It did not give that much more insights then official > docs but here are couple of bullet points worth pointing: > >- 150 ms startup time (not sure from from point) and 15MB of memory >usage >- implements 211 Linux syscalls >- listed number of apps working on which suggests not all apps are >going to work on gVisor >- claim to run unmodified Linux executable like OSv does >- gVisor is not simple passthrough but rather implements and emulates >the syscalls its own way >- written in Golang which has garbage collection (which may have some >performance implications -> my takeaway) >- made of 2 components: *sentry* that emulates syscalls and implements >network access and *gofer* for file access >- gVisor is not for "syscall heavy applications" (mentions syscall >handling has some overhead) > > > On Tuesday, June 19, 2018 at 9:17:56 AM UTC-4, Geraldo Netto wrote: >> >> Dear Friends, >> >> A while ago, Google has released gVisor [1]: >> "gVisor is a user-space kernel, written in Go, that implements a >> substantial portion of the Linux system surface. It includes an Open >> Container Initiative (OCI) runtime called runsc that provides an >> isolation boundary between the application and the host kernel. The >> runsc runtime integrates with Docker and Kubernetes, making it simple >> to run sandboxed containers. >> >> gVisor takes a distinct approach to container sandboxing and makes a >> different set of technical trade-offs compared to existing sandbox >> technologies, thus providing new tools and ideas for the container >> security landscape. >> >> gVisor intercepts all system calls made by the application, and does >> the necessary work to service them. Importantly, gVisor does not >> simply redirect application system calls through to the host kernel. >> Instead, gVisor implements most kernel primitives (signals, file >> systems, futexes, pipes, mm, etc.) and has complete system call >> handlers built on top of these primitives. >> >> Since gVisor is itself a user-space application, it will make some >> host system calls to support its operation, but much like a VMM, it >> will not allow the application to directly control the system calls it >> makes." >> >> Maybe, it might be interesting to write down a comparison of OSv and >> gVisor >> and possibly, bring some ideas from them >> eg: check which syscalls are implemented (I suppose they have done >> some study to define which syscalls are more important) [2] >> >> [1] https://github.com/google/gvisor >> [2] https://github.com/google/gvisor/tree/master/pkg/abi/linux >> >> >> Kind Regards, >> >> Geraldo Netto >> Sapere Aude => Non dvcor, dvco >> http://exdev.sf.net/ >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > > On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> > >> > >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu wrote: > >>> > >>> Hi all, > >>> > >>>We have some requirement to support standard docker OCI image. > >>> > >>>Currently OSv did not support 9pfs. Anyone are thinking of this or > not > >>> ? > >> > >> > >> Supporting 9p and virtfs has been on our wishlist for quite some time > (see > >> https://github.com/cloudius-systems/osv/issues/210) but nobody is > actively > >> working on it. > > > > > > This is a very important feature. If we can do it, it will be easy can > > support the compatibility with the OCI docker image. Some docker > container > > can securely run inside OSv. That we can call it is another secure > container > > solution, like kata container, gVisor. > > FWIW: I was looking to prototype 9pfs support for a hackathon back in > 2014. > It looked pretty manageable, frankly. Not sure I can help with coding > it up again, > but I can definitely help with whatever else may be needed. > I am searching the virtfs/9p source code from linux or some bsd code. But seems freebsd/netbsd still not support it. I only want the client, because qemu has the server already. Do you have any some suggestion for the code from where to port ? Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8下午12:44:54,Roman Shaposhnik写道: > > On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > >> > >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu wrote: > >> > > >> > > >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> >> > >> >> > >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > wrote: > >> >>> > >> >>> Hi all, > >> >>> > >> >>>We have some requirement to support standard docker OCI image. > >> >>> > >> >>>Currently OSv did not support 9pfs. Anyone are thinking of this > or > >> >>> not > >> >>> ? > >> >> > >> >> > >> >> Supporting 9p and virtfs has been on our wishlist for quite some > time > >> >> (see > >> >> https://github.com/cloudius-systems/osv/issues/210) but nobody is > >> >> actively > >> >> working on it. > >> > > >> > > >> > This is a very important feature. If we can do it, it will be easy > can > >> > support the compatibility with the OCI docker image. Some docker > >> > container > >> > can securely run inside OSv. That we can call it is another secure > >> > container > >> > solution, like kata container, gVisor. > >> > >> FWIW: I was looking to prototype 9pfs support for a hackathon back in > >> 2014. > >> It looked pretty manageable, frankly. Not sure I can help with coding > >> it up again, > >> but I can definitely help with whatever else may be needed. > > > > > > I am searching the virtfs/9p source code from linux or some bsd code. > > But seems freebsd/netbsd still not support it. I only want the client, > > because qemu > > has the server already. > > > > Do you have any some suggestion for the code from where to port ? > > If what I think you're trying to do is, indeed, what you are actually > trying > to do, I'd look here: https://lwn.net/Articles/716582/ > > Thanks, > Roman. > > P.S. Stefano is a good friend of mine -- so if that content seems useful > to you I can do a direct intro. > Thank you very much. I source the code what you give, the most code is in the commit: http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=b53b4037cef6d15c3d29396648d893872fd9d910. But seems the code is very less and is not complete. Now I am thinking taking linux kernel 9pfs code. Are you doing the 9pfs for OSv now also ? Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
