diff -u: What's New in Kernel Development

 in

One problem with Linux has been its implementation of system calls. As Andy Lutomirski pointed out recently, it's very messy. Even identifying which system calls were implemented for which architectures, he said, was very difficult, as was identifying the mapping between a call's name and its number, and mapping between call argument registers and system call arguments.

Some user programs like strace and glibc needed to know this sort of information, but their way of gathering it together—although well accomplished—was very messy too.

Andy proposed slogging through the kernel code and writing up a text file that would serve as a "master list" of system calls, giving the call name, the corresponding call number, the supported architectures and other information. Among other things, this would allow tools like glibc to eliminate their ugly implementations and use a simple library to get this information out of the kernel.

H. Peter Anvin liked the idea, but said it would take a lot of work to get it right. He mentioned that he'd been advocating something along the same lines for a long time, dating back to his work on klibc.

Various other folks liked Andy's idea as well—particularly anyone involved with user code that currently had to deduce system call organization piecemeal. David Howells remarked that it would be wonderful if strace could rely on Andy's master list as well. And, Michael Kerrisk said the manpages project also would be interested in tracking the progress of the master list.

There's always a special case that would benefit from tweaking the process scheduler just a little bit beyond The Good. Recently, Khalid Aziz from Oracle submitted some code to allow user processes to claim additional timeslices. Typically, the kernel itself controls that sort of resource allocation, because otherwise the system is dependent on the friendliness or well-codedness of user applications.

But, Khalid's database folks had noticed a problem with large numbers of threads vying for the same mutex. If one of those threads had the mutex and was almost ready to give it up, the scheduler might run through the whole queue of other processes, none of which could actually run because they were all waiting for that one mutex. And like a thumb in the eye, the process holding the mutex was all set to give it up, but couldn't, since it had been preempted. Much better, Khalid said, would be to allow the process holding the mutex to delay preemption, long enough to give up that mutex. Then all the other processes could take their turn and do actual work, rather than spend their precious timeslices spinning on an unavailable lock.

Khalid said his code showed a 3–5% speedup relative to the previous case. But, there was still a fair bit of reluctance to accept his code into the kernel.

In particular, H. Peter Anvin pointed out that Khalid's code allowed userspace to transform the kernel's natural preemptive multitasking into a cooperative multitasking model, in which processes all had to agree on who would get timeslices, and when—and some processes could aggressively claim timeslices at the expense of the others.

Davidlohr Bueso pointed out that a voluntary preemption model might work better with the kernel's existing implementation, allowing processes to give up their timeslice to another process voluntarily. There was no danger from hostile processes there.

There were various suggestions for alternatives to Khalid's design, but Khalid always pointed out that his way was fastest. But, Thomas Gleixner said that "It's a horrible idea. What you are creating is a crystal ball-based form of time-bound priority ceiling with the worst userspace interface I've ever seen."

That was the real problem, apparently. Giving user code the ability to preempt the normal scheduling process meant that neither the kernel nor other userspace processes could predict the behavior of the system, or even properly debug problems.

At one point Thomas said, "What you're trying to do is essentially creating an ABI which we have to support and maintain forever. And that definitely is worth a few serious questions." He added, "If we allow you to special-case your database workload, then we have no argument why we should not do the same thing for real-time workloads where the SCHED_FAIR housekeeping thread can hold a lock shortly to access some important data in the SCHED_FIFO real-time computation thread. Of course the RT people want to avoid the lock contention as much as you do, just for different reasons."

Eric W. Biederman also objected to Khalid's code, saying, "You allow any task to extend its timeslice. Which means I will get the question why does why does really_important_job only miss its latency guarantees when running on the same box as sched_preempt_using_job?" And he said, "Your change appears to have extremely difficult to debug non-local effects."

There seems to be a lot of interest in implementing a feature like what Khalid has proposed, but there also seems to be security concerns, debugability concerns and maintainability concerns that make the whole thing very iffy. But, it's still possible that Khalid could address those concerns and come up with a patch that does what the database people want, without the mess.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix