Key Features
openEuler 22.03 LTS SP1 is built based on Linux Kernel 5.10 and absorbs beneficial features and innovative features of later versions from the community
- Memory RAS – reliable memory: More extensive support for reliable memory, which is used by the kernel, key processes, memory file system, and file cache to prevent kernel resets caused by multi-bit errors (MBEs).
- Enhanced UCE tolerance: During system running, kernel-mode hardware memory errors trigger kernel panics regardless of the scenario. In some cases, memory errors only affect user-mode processes, according to our analysis. Therefore, we can kill the user-mode processes and isolate the error pages without triggering kernel panics. We provide solutions to prevent system reset in scenarios including uaccess (copy_{from, to}_user, {get, put}_user), copy-on-write, and core dump, improving system reliability.
- Programmable kernel: The kernel scheduler can dynamically extend scheduling policies to diverse requirements.
- Resource isolation: cgroup v1 supports iocost. Users can configure weights to allocate I/O resources.
- CXL support: Addition of the Root Complex Event Collectors (RCEC), which is part of the Advanced Error Reporting (AER) PCI Express feature.
- Commissioning: The perf c2c tool now runs on AArch64 Statistical Profiling Extension (SPE) to detect cache pseudo-sharing and locate bottlenecks.
- AF_UNIX socket optimization: The connection delay and CPU usage are greatly reduced in concurrent tasks.
SysCare for Live Patching
- One-click creation: SysCare is a unified environment for both kernel- and user-mode live patches that ignores differences between patches, ensuring they can be created with just one click.
- Patch lifecycle operations: SysCare provides a unified patch management interface for users to install, activate, uninstall, and query patches.
- Commercial use of kernel live patches: SysCare of openEuler 22.03 LTS SP1 supports upper-layer applications Redis and Nginx.
- Limited support for user-mode live patches: SysCare supports hot fixes in Executable and Linkable Format (ELF), but not in interpreted languages. It supports DWARF debug information, but not debug information at the G3 level. It does not support cross compilation.
HybridSched for Hybrid Virtualization Scheduling
To improve resource utilization, services are classified into high- and low-priority services based on latency sensitivity, and deployed accordingly.
- Enhanced cluster scheduling: Enhaces OpenStack Nova to support priority-based semantic scheduling.
- Power consumption control: Limits the CPU bandwidth of low-priority VMs to reduce the overall system power consumption and ensure QoS of high-priority VMs.
- Cache and memory bandwidth control: Limits the LLC and memory bandwidth of low-priority VMs. Currently, only static allocation is supported.
- CPU interference control: Supports CPU time slice preemption in microseconds, SMT interference isolation, and anti-priority-inversion.
Container OS NestOS
NestOS is a cloud OS incubated in the openEuler community. It runs rpm-ostree and Ignition technologies over a dual rootfs and atomic update design, and uses nestos-assembler for quick integration and build. NestOS aims to meet the demands of containerized cloud applications, to solve problems such as inconsistent and repeated O&M operations of stacks and platforms. These problems are typically caused by decoupling of containers and underlying environments when using container and container orchestration technologies for rollout and O&M, but NestOS resolves this to ensure consistency between services and the base OS.
Full-Stack Support for SM Cryptographic Algorithms
The openEuler OS now supports ShangMi (SM) cryptographic algorithms (SM2, SM3, and SM4) in key security features, and provides cryptographic services such as the SM cryptographic algorithm library, certificates, and secure transmission protocols for upper-layer applications.
GCC for openEuler
GCC is developed on open source GCC 10.3 to provide software and hardware collaboration, memory optimization, SVE vectorization, and math library and other functions.
Plug-IN Framework
The Plug-IN (PIN) framework provides MLIR-oriented plug-in interfaces to help develop one plug-in for multiple compilers and optimize features using plug-ins, improving the development efficiency. The framework supports and maintains common capabilities such as tool compatibility and integrity check.
BiSheng JDK
- Dynamic CDS (BiSheng JDK 8): This technology extends application class-data sharing (AppCDS) for dynamic archiving of classes. It dumps classes loaded by Custom ClassLoader directly into a JSA file without creating a class list for every application, which creates a wider scope of shared classes and accelerates application startup.
- ARM-based ZGC TBI optimization (BiSheng JDK 17): The Top Byte Ignored (TBI) feature is introduced in ARMv8-A, to ensure hardware ignores the top byte (the most significant 8 bits) of a pointer when accessing memory. BiSheng JDK 17 now uses the TBI feature to implement Colored Pointer of ZGC on the AArch64 platform (replacing the original multi-mapping solution), effectively improving the Java ZGC performance and reducing dTLB load misses.
A-Ops for Intelligent O&M
openEuler A-Ops provides a base framework for intelligent O&M to support CVE management, configuration source tracing, and exception detection, facilitating fault locating and reducing O&M costs.
- Online CVE scans: Online updates of the vulnerability database ensure systems are equipped to quickly scan for and fix live vulnerabilities with one click, ensuring the security of clusters with improved vulnerability remediation.
- Exception detection: Technological breakthroughs such as online scans and high-performance probes are used to detect network I/O delays, packet loss, interruption, and high disk I/O loads in MySQL and openGauss service scenarios.
- O&M toolkit: Based on the cases summary and analysis, A-Ops provides functions such as fault locating, system inspection/monitoring, ftrace enhancement, one-click log collection. It is an OS kernel fault locating tool that integrates analysis, process tracing, logging, and historical experience curing.
secGear Confidential Computing Framework
secGear is a unified development framework that delivers confidential computing for the openEuler system. Compatible with popular trusted execution environments (TEEs) in the industry, secGear masks the differences between the TEE and SDK and simplifies development APIs by sharing the same set of source code over different architectures, reducing development and maintenance costs of confidential computing workloads. secGear streamlines the TEE ecosystem while contributing to the confidential computing ecosystem.
- Zero-switch functions: ECALLs that improve call efficiency; fast shared memory and zero-copy data exchange between the REE and TEE; asynchronous zero-switch ECALLs; configurable thread scheduling policies in the TEE, enabling flexible configuration of the resource mode for software and hardware resources.
Collaboration Across the Edge and Cloud
openEuler has supported KubeEdge for edge computing deployments since openEuler 22.03 LTS. KubeEdge is a leading cloud-native edge computing service, providing full-stack collaboration capabilities for resource management, data collaboration, and AI enablement. It is compatible with the Kubernetes ecosystem, and works with other components in the ecosystem to build full-stack edge computing solutions.
ROS
openEuler supports two ROS versions, ROS 1 and ROS 2. ROS supports robotics software development such as communication interaction and message processing. You can customize communication functions (synchronous or asynchronous) for topics and services to build a basic robotics framework.
openEuler WSL
Windows Subsystem for Linux (WSL) is an adaptation layer that allows you to run Linux user-mode software on Windows. You can download openEuler from Microsoft Store, to enjoy a native experience on Windows. With openEuler WSL, you can: deploy and use an openEuler LTS version on Windows; use Visual Studio Code and openEuler WSL to create a smooth cross-platform development experience; build a Kubernetes cluster in openEuler WSL; use openEuler command-line programs or scripts to process files and programs in Windows or WSL.
WasmEngine
openEuler provides a WasmEngine sandbox solution based on the WebAssembly (WASM) technology to isolate functions in the WASM sandbox, solving the problem of slow cold start and high memory overhead of containers in high-concurrency, heavy traffic scenarios. WasmEngine allows stateless FaaS function tasks that run for a short period of time to be started on demand. For example, in the CDN edge computing scenario, custom request preprocessing functions allow for on-demand pulls and quick response.
eBPF-based Programmable Scheduling Framework
The eBPF-based programmable scheduling framework enables the kernel scheduler to extend scheduling policies and better meet varying loads. On the programmable kernel framework, developers and system administrators can create policies and dynamically load those policies to the kernel for execution.
EulerMaker Build System
EulerMaker is a package build system that converts source code into binary packages. It enables developers to assemble and tailor scenario-specific OSs thanks to incremental/full build, gated build, layer tailoring, and image tailoring capabilities.
- Incremental/Full build: Analyzes the impact of the changes to software and dependencies, obtains the list of packages to be built, and delivers parallel build tasks based on the dependency sequence.
- Gated build: Listens to pull requests (PRs), uses dependency analysis to obtain the list of packages affected by changes, builds software packages, and verifies the installation of those packages.
- Layer tailoring: Customizes build projects by layer models to create patches, build and installation dependencies, and compilation options for software packages.
- Image tailoring: Developers can configure the repository source to generate ISO, embedded, and container OS images, and tailor the list of software packages and user login passwords for the images.