Language Selection

English French German Italian Portuguese Spanish

LWN on Kernel: LSSNA, Open Source Summit, and NFS

Submitted by Roy Schestowitz on Thursday 7th of July 2022 04:41:20 AM Filed under
Linux

  • System call interception for unprivileged containers [LWN.net]

    On the first day of the 2022 Linux Security Summit North America (LSSNA) in Austin, Texas, Stéphane Graber and Christian Brauner gave a presentation on using system-call interception for container security purposes. The idea is to allow unprivileged containers, those without elevated privileges on the host, to still accomplish their tasks, some of which require privileges. A fair amount of work has been done to make this viable, but there is still more to do.

    Graber started things off by saying that he works for Canonical on the LXD container manager project, while Brauner works for Microsoft in various areas of Linux security. Graber said that there are two types of containers these days, privileged and unprivileged, "one is bad, one is OK". He noted that privileged containers are "unfortunately what everyone uses" for Docker containers, Kubernetes, and so on.

  • Two memory-tiering patch sets [LWN.net]

    Once upon a time, computers just had one type memory, so memory within a given system was interchangeable. The arrival of non-uniform memory access (NUMA) systems complicated the situation significantly; now some memory was faster to access than the rest, and memory-management algorithms had to adapt or performance would suffer. But NUMA was just the start; today's tiered-memory systems, which may include several tiers of memory with different performance characteristics, are adding new challenges. A couple of relevant patch sets currently under review help to illustrate the types of problems that will have to be solved.

    The core challenge with NUMA systems is ensuring that memory is allocated on the nodes where it will be used. A process that is running mostly from memory on its local node will perform better than one that is working with a lot of remote memory. So finding the right place for a given page is a one-time task; once that page and its users have found their way to the same NUMA node, the problem is solved and the only remaining concern is to avoid separating them again.

    Tiered memory is built on the NUMA concept, but there are some differences. A bank of memory can be represented as a NUMA node that lacks a CPU, so that memory will not be seen as local to any process in the system. As a general rule, memory on these CPU-less nodes is slower than normal system DRAM — it might be a large bank of persistent memory, for example — but that is not necessarily the case, as we will see below.

    Since memory on a CPU-less node is not local to any process, there must be some other criterion that regulates the allocation of memory there. The approach that is being taken is to demote pages to such a node from faster DRAM using the kernel's normal reclaim mechanisms; in a situation where a page would otherwise have been evicted or pushed to swap, it can be moved to slower memory instead. That makes use of the slower memory while keeping that page available should it turn out to still be useful. Eventually, if that page sits unused in the slower tier, it can be pushed to an even slower tier or evicted entirely.

    Demoting pages to slower tiers cannot be a one-way operation, though, or performance will suffer; some of those pages will end up being accessed frequently and keeping them in slow memory will slow things down. So there needs to be a mechanism for promoting pages back to faster memory. Simply moving a page back to fast memory on the first access after demotion would be one possible approach, but that would also promote infrequently used memory and would likely create a lot of movement of pages between tiers, which would have significant costs of its own; a better solution is called for.

  • A "fireside" chat [LWN.net]

    In something of an Open Source Summit tradition, Linus Torvalds and Dirk Hohndel sit down for a discussion on various topics related to open source and, of course, the Linux kernel. Open Source Summit North America (OSSNA) 2022 in Austin, Texas was no exception, as they reprised their keynote on the first day of the conference. The headline-grabbing part of the chat was Torvalds's declaration that Rust for Linux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there.

    Hohndel introduced himself as the chief open source officer at the Cardano Foundation; he is working to help foster an open-source ecosystem around the foundation's blockchain technology. Torvalds said that these "fireside chats" are held because of his wishes; "I do software", not public speaking, he said, so the format makes it easier for him. He effectively has outsourced figuring out what people are interested in hearing about to Hohndel; with a grin, Torvalds said, "if he asks bad questions, it's not my fault".

  • NFS: the new millennium [LWN.net]

    The network filesystem (NFS) protocol has been with us for nearly 40 years. While defined initially as a stateless protocol, NFS implementations have always had to manage state, and that need has been increasingly built into the protocol over successive revisions. The early days of NFS were discussed, with a focus on state management, in the first part of this series. This article completes the job with a look at the evolution of NFS since, approximately, the beginning of this millennium.

    The early days of NFS were controlled by Sun Microsystems, the originator of the NFS protocol and author of both the specification and implementation. As the new millennium approached, interest in NFS increased and independent implementations appeared. Of particular relevance here are the implementations in the Linux kernel that drew my attention — particularly the server implementation — and the Filer appliance produced and sold by Network Appliance (NetApp). The community's interest in NFS extended as far as a desire to have more say in the further development of the protocol. I do not know what negotiations happened, but happen they did, and one clear outcome is documented for us in RFC 2339, wherein Sun Microsystems agreed to assign to The Internet Society certain rights concerning the development of version 4 (and beyond) of NFS, providing this development achieved "Proposed Standard" status within 24 months, meaning by early 2000. That particular deadline went wooshing past and was extended. We got a "Proposed Standard" in late 2000 with RFC 3010, which was revised for RFC 3530 in April 2003 and again for RFC 7530 in March 2015.

»

More in Tux Machines

today's howtos

  • How to Change Comment Color in Vim – Fix Unreadable Blue Color

    Are you annoyed about the comment color in vim? The dark blue color of the comment is often hard to read. In this tutorial, we learn how to change the comment color in Vim. There are few methods we can use to look vim comment very readable.

  • How to Add Repository to Debian

    APT checks the health of all the packages, and dependencies of the package before installing it. APT fetches packages from one or more repositories. A repository (package source) is basically a network server. The term "package" refers to an individual file with a .deb extension that contains either all or part of an application. The normal installation comes with default repositories configured, but these contain only a few packages out of an ocean of free software available. In this tutorial, we learn how to add the package repository to Debian.

  • Making a Video of a Single Window

    I recently wanted to send someone a video of a program doing some interesting things in a single X11 window. Recording the whole desktop is easy (some readers may remember my post on Aeschylus which does just that) but it will include irrelevant (and possibly unwanted) parts of the screen, leading to unnecessarily large files. I couldn't immediately find a tool which did what I wanted on OpenBSD [1] but through a combination of xwininfo, FFmpeg, and hk I was able to put together exactly what I needed in short order. Even better, I was able to easily post-process the video to shrink its file size, speed it up, and contort it to the dimension requirements of various platforms. Here's a video straight out of the little script I put together: [...]

  • Things You Can And Can’t Do

    And it got me thinking about what you can and can’t do — what you do and don’t have control over.

  • allow-new-zones in BIND 9.16 on CentOS 8 Stream under SELinux

    We run these training systems with SELinux enabled (I wouldn’t, but my colleague likes it :-), and that’s the reason I aborted the lab: I couldn’t tell students how to solve the cause other than by disabling SELinux entirely, but there wasn’t enough time for that.

  • Will the IndieWeb Ever Become Mainstream?

    This is an interesting question, thanks for asking it, Jeremy. I do have some history with the IndieWeb, and some opinions, so let’s dive in.

    The short answer to the question is a resounding no, and it all boils down to the fact that the IndieWeb is really complicated to implement, so it will only ever appeal to developers.

  • How to Install CUPS Print Server on Ubuntu 22.04

    If your business has multiple personal computers in the network which need to print, then we need a device called a print server. Print server act intermediate between PC and printers which accept print jobs from PC and send them to respective printers. CUPS is the primary mechanism in the Unix-like operating system for printing and print services. It can allow a computer to act as a Print server. In this tutorial, we learn how to set up CUPS print server on Ubuntu 22.04.

Open Hardware: XON/XOFF and Raspberry Pi Pico

  • From XON/XOFF to Forward Incremental Search

    In the olden days of computing, software flow control with control codes XON and XOFF was a necessary feature that dumb terminals needed to support. When a terminal received more data than it could display, there needed to be a way for the terminal to tell the remote host to pause sending more data. The control code 19 was chosen for this. The control code 17 was chosen to tell the remote host to resume transmission of data.

  • Raspberry Pi Pico Used in Plug and Play System Monitor | Tom's Hardware

    Dmytro Panin is at it again, creating a teeny system monitor for his MacBook from scratch with help from our favorite microcontroller, the Raspberry Pi Pico. This plug-and-play system monitor (opens in new tab) lets him keep a close eye on resource usage without having to close any windows or launch any third-party programs. The device is Pico-powered and plugs right into the MacBook to function. It has a display screen that showcases a custom GUI featuring four bar graphs that update in real-time to show the performance of different components, including the CPU, GPU, memory, and SSD usage. It makes it possible to see how hard your PC is running at a glance.

Security Leftovers

How to Apply Accent Colour in Ubuntu Desktop

A step-by-step tutorial on how to apply accent colour in Ubuntu desktop (GNOME) with tips for Kubuntu and others. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6