diff -u: What's New in Kernel Development
One problem with Linux has been its implementation of system calls. As Andy Lutomirski pointed out recently, it's very messy. Even identifying which system calls were implemented for which architectures, he said, was very difficult, as was identifying the mapping between a call's name and its number, and mapping between call argument registers and system call arguments.
Some user programs like strace and glibc needed to know this sort of information, but their way of gathering it together—although well accomplished—was very messy too.
Andy proposed slogging through the kernel code and writing up a text file that would serve as a "master list" of system calls, giving the call name, the corresponding call number, the supported architectures and other information. Among other things, this would allow tools like glibc to eliminate their ugly implementations and use a simple library to get this information out of the kernel.
H. Peter Anvin liked the idea, but said it would take a lot of work to get it right. He mentioned that he'd been advocating something along the same lines for a long time, dating back to his work on klibc.
Various other folks liked Andy's idea as well—particularly anyone involved with user code that currently had to deduce system call organization piecemeal. David Howells remarked that it would be wonderful if strace could rely on Andy's master list as well. And, Michael Kerrisk said the manpages project also would be interested in tracking the progress of the master list.
There's always a special case that would benefit from tweaking the process scheduler just a little bit beyond The Good. Recently, Khalid Aziz from Oracle submitted some code to allow user processes to claim additional timeslices. Typically, the kernel itself controls that sort of resource allocation, because otherwise the system is dependent on the friendliness or well-codedness of user applications.
But, Khalid's database folks had noticed a problem with large numbers of threads vying for the same mutex. If one of those threads had the mutex and was almost ready to give it up, the scheduler might run through the whole queue of other processes, none of which could actually run because they were all waiting for that one mutex. And like a thumb in the eye, the process holding the mutex was all set to give it up, but couldn't, since it had been preempted. Much better, Khalid said, would be to allow the process holding the mutex to delay preemption, long enough to give up that mutex. Then all the other processes could take their turn and do actual work, rather than spend their precious timeslices spinning on an unavailable lock.
Khalid said his code showed a 3–5% speedup relative to the previous case. But, there was still a fair bit of reluctance to accept his code into the kernel.
In particular, H. Peter Anvin pointed out that Khalid's code allowed userspace to transform the kernel's natural preemptive multitasking into a cooperative multitasking model, in which processes all had to agree on who would get timeslices, and when—and some processes could aggressively claim timeslices at the expense of the others.
Davidlohr Bueso pointed out that a voluntary preemption model might work better with the kernel's existing implementation, allowing processes to give up their timeslice to another process voluntarily. There was no danger from hostile processes there.
There were various suggestions for alternatives to Khalid's design, but Khalid always pointed out that his way was fastest. But, Thomas Gleixner said that "It's a horrible idea. What you are creating is a crystal ball-based form of time-bound priority ceiling with the worst userspace interface I've ever seen."
That was the real problem, apparently. Giving user code the ability to preempt the normal scheduling process meant that neither the kernel nor other userspace processes could predict the behavior of the system, or even properly debug problems.
At one point Thomas said, "What you're trying to do is essentially creating an ABI which we have to support and maintain forever. And that definitely is worth a few serious questions." He added, "If we allow you to special-case your database workload, then we have no argument why we should not do the same thing for real-time workloads where the SCHED_FAIR housekeeping thread can hold a lock shortly to access some important data in the SCHED_FIFO real-time computation thread. Of course the RT people want to avoid the lock contention as much as you do, just for different reasons."
Eric W. Biederman also objected to Khalid's code, saying, "You allow any task to extend its timeslice. Which means I will get the question why does why does really_important_job only miss its latency guarantees when running on the same box as sched_preempt_using_job?" And he said, "Your change appears to have extremely difficult to debug non-local effects."
There seems to be a lot of interest in implementing a feature like what Khalid has proposed, but there also seems to be security concerns, debugability concerns and maintainability concerns that make the whole thing very iffy. But, it's still possible that Khalid could address those concerns and come up with a patch that does what the database people want, without the mess.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide