The document discusses the Linux kernel memory model (LKMM). It provides an overview of LKMM, including that it defines ordering rules for the Linux kernel due to weaknesses in the C language standard and need to support multiple hardware architectures. It describes ordering primitives like atomic operations and memory barriers provided by LKMM and how the LKMM was formalized into an executable model that can prove properties of parallel code against the LKMM.
Understanding a kernel oops and a kernel panicJoseph Lu
This document discusses Linux kernel oops and kernel panics. It explains that a kernel oops occurs when there is an illegal instruction or illegal memory access in kernel space, and will kill the offending process to keep the system running. A kernel panic means the system must stop immediately. Kernel oops can be caused by illegal instructions, unrecognized system calls, undefined CPU instructions, unknown data aborts, or prefetch aborts. These result in a call to the arm_notify_die() function and generate an oops. Illegal instructions that handle interrupt vectors can cause a panic directly. A kernel panic performs further actions like console output and stopping other CPUs before restarting or halting the system. Methods to capture crash
This document discusses PostgreSQL replication. It provides an overview of replication, including its history and features. Replication allows data to be copied from a primary database to one or more standby databases. This allows for high availability, load balancing, and read scaling. The document describes asynchronous and synchronous replication modes.
Lessons Learned From Running Spark On DockerSpark Summit
Running Spark on Docker containers provides flexibility for data scientists and control for IT. Some key lessons learned include optimizing CPU and memory resources to avoid noisy neighbor problems, managing Docker images efficiently, using network plugins for multi-host connectivity, and addressing storage and security considerations. Performance testing showed Spark on Docker containers can achieve comparable performance to bare metal deployments for large-scale data processing workloads.
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
Bryan McCoid discusses using eBPF, XDP, and io_uring for high performance networking. XDP allows programs to process packets in the kernel without loading modules. AF_XDP sockets use eBPF to route packets between kernel and userspace via ring buffers. McCoid is building a Rust runtime called Glommio to interface with these techniques. The runtime integrates with io_uring and allows multiple design patterns for receiving packets from AF_XDP sockets.
This document provides an introduction to Linux drivers. It discusses the ecosystem of Linux drivers, types of Linux drivers, driver layering, related commands and configurations. It also guides the reader in creating their first Linux driver, covering basics like the module constructor, destructor, printk function and building the driver module.
This document provides an overview of Linux internals and networking concepts covered in 3 sentences or less:
It introduces Linux internals topics like processes, memory management, and virtual file systems. It also discusses networking concepts and provides a brief history of operating systems development. The document contains various sections on Linux components, kernel subsystems, virtual file systems, and transitioning to systems programming.
The document discusses memory hierarchy and caching techniques used in computer systems. It covers concepts like multilevel caches, virtual memory, translation lookaside buffers (TLBs), page tables, and cache design tradeoffs. It also discusses how these techniques are applied in virtual machine environments to improve isolation between guest and host systems.
Understanding a kernel oops and a kernel panicJoseph Lu
This document discusses Linux kernel oops and kernel panics. It explains that a kernel oops occurs when there is an illegal instruction or illegal memory access in kernel space, and will kill the offending process to keep the system running. A kernel panic means the system must stop immediately. Kernel oops can be caused by illegal instructions, unrecognized system calls, undefined CPU instructions, unknown data aborts, or prefetch aborts. These result in a call to the arm_notify_die() function and generate an oops. Illegal instructions that handle interrupt vectors can cause a panic directly. A kernel panic performs further actions like console output and stopping other CPUs before restarting or halting the system. Methods to capture crash
This document discusses PostgreSQL replication. It provides an overview of replication, including its history and features. Replication allows data to be copied from a primary database to one or more standby databases. This allows for high availability, load balancing, and read scaling. The document describes asynchronous and synchronous replication modes.
Lessons Learned From Running Spark On DockerSpark Summit
Running Spark on Docker containers provides flexibility for data scientists and control for IT. Some key lessons learned include optimizing CPU and memory resources to avoid noisy neighbor problems, managing Docker images efficiently, using network plugins for multi-host connectivity, and addressing storage and security considerations. Performance testing showed Spark on Docker containers can achieve comparable performance to bare metal deployments for large-scale data processing workloads.
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
Bryan McCoid discusses using eBPF, XDP, and io_uring for high performance networking. XDP allows programs to process packets in the kernel without loading modules. AF_XDP sockets use eBPF to route packets between kernel and userspace via ring buffers. McCoid is building a Rust runtime called Glommio to interface with these techniques. The runtime integrates with io_uring and allows multiple design patterns for receiving packets from AF_XDP sockets.
This document provides an introduction to Linux drivers. It discusses the ecosystem of Linux drivers, types of Linux drivers, driver layering, related commands and configurations. It also guides the reader in creating their first Linux driver, covering basics like the module constructor, destructor, printk function and building the driver module.
This document provides an overview of Linux internals and networking concepts covered in 3 sentences or less:
It introduces Linux internals topics like processes, memory management, and virtual file systems. It also discusses networking concepts and provides a brief history of operating systems development. The document contains various sections on Linux components, kernel subsystems, virtual file systems, and transitioning to systems programming.
The document discusses memory hierarchy and caching techniques used in computer systems. It covers concepts like multilevel caches, virtual memory, translation lookaside buffers (TLBs), page tables, and cache design tradeoffs. It also discusses how these techniques are applied in virtual machine environments to improve isolation between guest and host systems.
The document discusses various data structures and functions related to network packet processing in the Linux kernel socket layer. It describes the sk_buff structure that is used to pass packets between layers. It also explains the net_device structure that represents a network interface in the kernel. When a packet is received, the interrupt handler will raise a soft IRQ for processing. The packet will then traverse various protocol layers like IP and TCP to be eventually delivered to a socket and read by a userspace application.
Linux has become integral part of Embedded systems. This three part presentation gives deeper perspective of Linux from system programming perspective. Stating with basics of Linux it goes on till advanced aspects like thread and IPC programming.
Understanding of linux kernel memory modelSeongJae Park
SeongJae Park introduces himself and his work contributing to the Linux kernel memory model documentation. He developed a guaranteed contiguous memory allocator and maintains the Korean translation of the kernel's memory barrier documentation. The document discusses how the increasing prevalence of multi-core processors requires careful programming to ensure correct parallel execution given relaxed memory ordering. It notes that compilers and CPUs optimize for instruction throughput over programmer goals, and memory accesses can be reordered in ways that affect correctness on multi-processors. Understanding the memory model is important for writing high-performance parallel code.
OSA Con 2022 - Arrow in Flight_ New Developments in Data Connectivity - David...Altinity Ltd
The document discusses the history and development of Apache Arrow, an open-source cross-language development platform for in-memory data. Some key points:
- Arrow started in 2016 to optimize data transfer between systems using a standardized columnar memory format.
- It has since expanded to include libraries in many languages, file formats like Arrow and Parquet, and distributed computing capabilities like Arrow Flight for RPC.
- Over time, more projects have adopted Arrow as an internal data structure for improved performance, including Spark, DuckDB, and Streamlit.
- Today Arrow is an ecosystem of interoperable components, with continued work on higher-level tools around databases, machine learning, and geospatial data.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Capturing NIC and Kernel TX and RX Timestamps for Packets in GoScyllaDB
Go gives us net.Dial and net.Listen for sending and receiving data at Layer 4. Now you will see how to send and receive raw packets directly to and from the NIC at Layer 1 to get timestamp information from timestamping-enabled NICs and when packets enter and leave the Linux kernel. Capturing these timestamps allows us to get better granularity when measuring latency and jitter instead of relying on time.Now() in userspace where that is subject to additional time introduced by the OS and Go runtime schedulers.
The document provides an overview of the Peripheral Component Interconnect (PCI) system architecture. PCI is an Intel-backed initiative introduced in 1992 to improve capabilities for adding and removing peripheral devices. It defines a standard configuration space for automatic detection of devices and simplifies driver development. PCI uses bus, device and function numbers to address devices and supports bridges and switches to connect multiple devices. The Linux kernel extracts device information from PCI configuration spaces and represents it in linked data structures for drivers.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
OS Process Synchronization, semaphore and Monitorssgpraju
The document summarizes key concepts in process synchronization and concurrency control, including:
1) Process synchronization techniques like semaphores, monitors, and atomic transactions that ensure orderly access to shared resources. Semaphores use wait() and signal() operations while monitors provide mutual exclusion through condition variables.
2) Concurrency control algorithms like locking and two-phase locking that ensure serializability of concurrent transactions accessing a database. Locking associates locks with data items to control concurrent access.
3) Challenges in concurrency control like deadlocks, priority inversion, and starvation that synchronization mechanisms aim to prevent. Log-based recovery with write-ahead logging and checkpoints is used to ensure atomicity of transactions in
This presentation covers the understanding of system calls for various resource management and covers system calls for file management in details. The understanding of using system calls helps to start with working with device driver programming on Unix/Linux OS.
Kernel Recipes 2015: Linux Kernel IO subsystem - How it works and how can I s...Anne Nicolas
Understanding how Linux kernel IO subsystem works is a key to analysis of a wide variety of issues occurring when running a Linux system. This talk is aimed at helping Linux users understand what is going on and how to get more insight into what is happening.
First we present an overview of Linux kernel block layer including different IO schedulers. We also talk about a new block multiqueue implementation that gets used for more and more devices.
After surveying the basic architecture we will be prepared to talk about tools to peek into it. We start with lightweight monitoring like iostat and continue with more heavy blktrace and variety of tools that are based on it. We demonstrate use of the tools on analysis of real world issues.
Jan Kara, SUSE
This document summarizes key aspects of control unit operation from William Stallings' Computer Organization and Architecture textbook. It discusses micro-operations which are the basic steps that make up each instruction fetch/execute cycle. The constituent elements involved in program execution like registers are described. The sequences of steps in the fetch, indirect, and interrupt cycles are outlined. Examples of the execute cycle for different instructions like ADD and ISZ are provided. The functional requirements, basic elements, and types of micro-operations that a control unit must perform are identified. Models of the control unit and how it generates control signals to orchestrate data movement and activation of functions are described.
The document provides an overview of Das U-Boot, a universal boot loader used to load operating systems and applications into memory on embedded systems. It discusses U-Boot's features such as its command line interface, ability to load images from different sources, and support for various architectures and boards. It also covers compiling and configuring U-Boot, as well as its basic command set and image support capabilities.
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtAnne Nicolas
Ftrace is the official tracer of the Linux kernel. It has been apart of Linux since 2.6.31, and has grown tremendously ever since. Ftrace’s name comes from its most powerful feature: function tracing. But the ftrace infrastructure is much more than that. It also encompasses the trace events that are used by perf, as well as kprobes that can dynamically add trace events that the user defines.
This talk will focus on learning how the kernel works by using the ftrace infrastructure. It will show how to see what happens within the kernel during a system call; learn how interrupts work; see how ones processes are being scheduled, and more. A quick introduction to some tools like trace-cmd and KernelShark will also be demonstrated.
Steven Rostedt, VMware
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
Talk for USENIX LISA 2016 by Brendan Gregg.
"Linux 4.x Tracing Tools: Using BPF Superpowers
The Linux 4.x series heralds a new era of Linux performance analysis, with the long-awaited integration of a programmable tracer: Enhanced BPF (eBPF). Formally the Berkeley Packet Filter, BPF has been enhanced in Linux to provide system tracing capabilities, and integrates with dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). This has allowed dozens of new observability tools to be developed so far: for example, measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived.
In this talk I'll show you how to use BPF in the Linux 4.x series, and I'll summarize the different tools and front ends available, with a focus on iovisor bcc. bcc is an open source project to provide a Python front end for BPF, and comes with dozens of new observability tools (many of which I developed). These tools include new BPF versions of old classics, and many new tools, including: execsnoop, opensnoop, funccount, trace, biosnoop, bitesize, ext4slower, ext4dist, tcpconnect, tcpretrans, runqlat, offcputime, offwaketime, and many more. I'll also summarize use cases and some long-standing issues that can now be solved, and how we are using these capabilities at Netflix."
The document discusses interrupts in Linux systems. It defines interrupts as interventions that allow devices to get the CPU's attention when there is a mismatch between device and CPU speeds. It describes how interrupts work through interrupt lines, an interrupt controller, and registered interrupt handlers. It covers interrupt request numbers, programming interfaces for requesting and freeing interrupts, the responsibilities of interrupt handlers, and additional features like message signaled interrupts and soft interrupts, which are used to break up interrupt handling work.
Linux Kernel Booting Process (2) - For NLKBshimosawa
Describes the bootstrapping part in Linux, and related architectural mechanisms and technologies.
This is the part two of the slides, and the succeeding slides may contain the errata for this slide.
This document provides instructions for setting up and attending an eBPF workshop. It includes links for setting up the workshop platform, background slides, and code repository. It also lists an agenda with topics that will be covered, including setting up the eBPF lab, an introduction, eBPF 101, writing eBPF programs, BCC, and a tutorial. Attendees are asked to let the presenter know if they have any problems setting up.
The document discusses different CPU scheduling algorithms used in operating systems. It describes non-preemptive and preemptive scheduling and explains the key differences. It then covers four common scheduling algorithms - first come first served (FCFS), round robin, priority scheduling, and shortest job first (SJF) - and compares their advantages and disadvantages.
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
Linux kernel provides executable and formalized memory model. These slides describe the nature of parallel programming in the Linux kernel and what memory model is and why it is necessary and important for kernel programmers. The slides were used at KOSSCON 2018 (https://kosscon.kr/).
Historically, sharing a Linux server entailed all kinds of untenable compromises. In addition to the security concerns, there was simply no good way to keep one application from hogging resources and messing with the others. The classic “noisy neighbor” problem made shared systems the bargain-basement slums of the Internet, suitable only for small or throwaway projects.
Serious use-cases traditionally demanded dedicated systems. Over the past decade virtualization (in conjunction with Moore’s law) has democratized the availability of what amount to dedicated systems, and the result is hundreds of thousands of websites and applications deployed into VPS or cloud instances. It’s a step in the right direction, but still has glaring flaws.
Most of these websites are just piles of code sitting on a server somewhere. How did that code got there? How can it can be scaled? Secured? Maintained? It’s anybody’s guess. There simply isn’t enough SysAdmin talent in the world to meet the demands of managing all these apps with anything close to best practices without a better model.
Containers are a whole new ballgame. Unlike VMs, you skip the overhead of running an entire OS for every application environment. There’s also no need to provision a whole new machine to have a place to deploy, meaning you can spin up or scale your application with orders of magnitude more speed and accuracy.
The document discusses various data structures and functions related to network packet processing in the Linux kernel socket layer. It describes the sk_buff structure that is used to pass packets between layers. It also explains the net_device structure that represents a network interface in the kernel. When a packet is received, the interrupt handler will raise a soft IRQ for processing. The packet will then traverse various protocol layers like IP and TCP to be eventually delivered to a socket and read by a userspace application.
Linux has become integral part of Embedded systems. This three part presentation gives deeper perspective of Linux from system programming perspective. Stating with basics of Linux it goes on till advanced aspects like thread and IPC programming.
Understanding of linux kernel memory modelSeongJae Park
SeongJae Park introduces himself and his work contributing to the Linux kernel memory model documentation. He developed a guaranteed contiguous memory allocator and maintains the Korean translation of the kernel's memory barrier documentation. The document discusses how the increasing prevalence of multi-core processors requires careful programming to ensure correct parallel execution given relaxed memory ordering. It notes that compilers and CPUs optimize for instruction throughput over programmer goals, and memory accesses can be reordered in ways that affect correctness on multi-processors. Understanding the memory model is important for writing high-performance parallel code.
OSA Con 2022 - Arrow in Flight_ New Developments in Data Connectivity - David...Altinity Ltd
The document discusses the history and development of Apache Arrow, an open-source cross-language development platform for in-memory data. Some key points:
- Arrow started in 2016 to optimize data transfer between systems using a standardized columnar memory format.
- It has since expanded to include libraries in many languages, file formats like Arrow and Parquet, and distributed computing capabilities like Arrow Flight for RPC.
- Over time, more projects have adopted Arrow as an internal data structure for improved performance, including Spark, DuckDB, and Streamlit.
- Today Arrow is an ecosystem of interoperable components, with continued work on higher-level tools around databases, machine learning, and geospatial data.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Capturing NIC and Kernel TX and RX Timestamps for Packets in GoScyllaDB
Go gives us net.Dial and net.Listen for sending and receiving data at Layer 4. Now you will see how to send and receive raw packets directly to and from the NIC at Layer 1 to get timestamp information from timestamping-enabled NICs and when packets enter and leave the Linux kernel. Capturing these timestamps allows us to get better granularity when measuring latency and jitter instead of relying on time.Now() in userspace where that is subject to additional time introduced by the OS and Go runtime schedulers.
The document provides an overview of the Peripheral Component Interconnect (PCI) system architecture. PCI is an Intel-backed initiative introduced in 1992 to improve capabilities for adding and removing peripheral devices. It defines a standard configuration space for automatic detection of devices and simplifies driver development. PCI uses bus, device and function numbers to address devices and supports bridges and switches to connect multiple devices. The Linux kernel extracts device information from PCI configuration spaces and represents it in linked data structures for drivers.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
OS Process Synchronization, semaphore and Monitorssgpraju
The document summarizes key concepts in process synchronization and concurrency control, including:
1) Process synchronization techniques like semaphores, monitors, and atomic transactions that ensure orderly access to shared resources. Semaphores use wait() and signal() operations while monitors provide mutual exclusion through condition variables.
2) Concurrency control algorithms like locking and two-phase locking that ensure serializability of concurrent transactions accessing a database. Locking associates locks with data items to control concurrent access.
3) Challenges in concurrency control like deadlocks, priority inversion, and starvation that synchronization mechanisms aim to prevent. Log-based recovery with write-ahead logging and checkpoints is used to ensure atomicity of transactions in
This presentation covers the understanding of system calls for various resource management and covers system calls for file management in details. The understanding of using system calls helps to start with working with device driver programming on Unix/Linux OS.
Kernel Recipes 2015: Linux Kernel IO subsystem - How it works and how can I s...Anne Nicolas
Understanding how Linux kernel IO subsystem works is a key to analysis of a wide variety of issues occurring when running a Linux system. This talk is aimed at helping Linux users understand what is going on and how to get more insight into what is happening.
First we present an overview of Linux kernel block layer including different IO schedulers. We also talk about a new block multiqueue implementation that gets used for more and more devices.
After surveying the basic architecture we will be prepared to talk about tools to peek into it. We start with lightweight monitoring like iostat and continue with more heavy blktrace and variety of tools that are based on it. We demonstrate use of the tools on analysis of real world issues.
Jan Kara, SUSE
This document summarizes key aspects of control unit operation from William Stallings' Computer Organization and Architecture textbook. It discusses micro-operations which are the basic steps that make up each instruction fetch/execute cycle. The constituent elements involved in program execution like registers are described. The sequences of steps in the fetch, indirect, and interrupt cycles are outlined. Examples of the execute cycle for different instructions like ADD and ISZ are provided. The functional requirements, basic elements, and types of micro-operations that a control unit must perform are identified. Models of the control unit and how it generates control signals to orchestrate data movement and activation of functions are described.
The document provides an overview of Das U-Boot, a universal boot loader used to load operating systems and applications into memory on embedded systems. It discusses U-Boot's features such as its command line interface, ability to load images from different sources, and support for various architectures and boards. It also covers compiling and configuring U-Boot, as well as its basic command set and image support capabilities.
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtAnne Nicolas
Ftrace is the official tracer of the Linux kernel. It has been apart of Linux since 2.6.31, and has grown tremendously ever since. Ftrace’s name comes from its most powerful feature: function tracing. But the ftrace infrastructure is much more than that. It also encompasses the trace events that are used by perf, as well as kprobes that can dynamically add trace events that the user defines.
This talk will focus on learning how the kernel works by using the ftrace infrastructure. It will show how to see what happens within the kernel during a system call; learn how interrupts work; see how ones processes are being scheduled, and more. A quick introduction to some tools like trace-cmd and KernelShark will also be demonstrated.
Steven Rostedt, VMware
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
Talk for USENIX LISA 2016 by Brendan Gregg.
"Linux 4.x Tracing Tools: Using BPF Superpowers
The Linux 4.x series heralds a new era of Linux performance analysis, with the long-awaited integration of a programmable tracer: Enhanced BPF (eBPF). Formally the Berkeley Packet Filter, BPF has been enhanced in Linux to provide system tracing capabilities, and integrates with dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). This has allowed dozens of new observability tools to be developed so far: for example, measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived.
In this talk I'll show you how to use BPF in the Linux 4.x series, and I'll summarize the different tools and front ends available, with a focus on iovisor bcc. bcc is an open source project to provide a Python front end for BPF, and comes with dozens of new observability tools (many of which I developed). These tools include new BPF versions of old classics, and many new tools, including: execsnoop, opensnoop, funccount, trace, biosnoop, bitesize, ext4slower, ext4dist, tcpconnect, tcpretrans, runqlat, offcputime, offwaketime, and many more. I'll also summarize use cases and some long-standing issues that can now be solved, and how we are using these capabilities at Netflix."
The document discusses interrupts in Linux systems. It defines interrupts as interventions that allow devices to get the CPU's attention when there is a mismatch between device and CPU speeds. It describes how interrupts work through interrupt lines, an interrupt controller, and registered interrupt handlers. It covers interrupt request numbers, programming interfaces for requesting and freeing interrupts, the responsibilities of interrupt handlers, and additional features like message signaled interrupts and soft interrupts, which are used to break up interrupt handling work.
Linux Kernel Booting Process (2) - For NLKBshimosawa
Describes the bootstrapping part in Linux, and related architectural mechanisms and technologies.
This is the part two of the slides, and the succeeding slides may contain the errata for this slide.
This document provides instructions for setting up and attending an eBPF workshop. It includes links for setting up the workshop platform, background slides, and code repository. It also lists an agenda with topics that will be covered, including setting up the eBPF lab, an introduction, eBPF 101, writing eBPF programs, BCC, and a tutorial. Attendees are asked to let the presenter know if they have any problems setting up.
The document discusses different CPU scheduling algorithms used in operating systems. It describes non-preemptive and preemptive scheduling and explains the key differences. It then covers four common scheduling algorithms - first come first served (FCFS), round robin, priority scheduling, and shortest job first (SJF) - and compares their advantages and disadvantages.
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
Linux kernel provides executable and formalized memory model. These slides describe the nature of parallel programming in the Linux kernel and what memory model is and why it is necessary and important for kernel programmers. The slides were used at KOSSCON 2018 (https://kosscon.kr/).
Historically, sharing a Linux server entailed all kinds of untenable compromises. In addition to the security concerns, there was simply no good way to keep one application from hogging resources and messing with the others. The classic “noisy neighbor” problem made shared systems the bargain-basement slums of the Internet, suitable only for small or throwaway projects.
Serious use-cases traditionally demanded dedicated systems. Over the past decade virtualization (in conjunction with Moore’s law) has democratized the availability of what amount to dedicated systems, and the result is hundreds of thousands of websites and applications deployed into VPS or cloud instances. It’s a step in the right direction, but still has glaring flaws.
Most of these websites are just piles of code sitting on a server somewhere. How did that code got there? How can it can be scaled? Secured? Maintained? It’s anybody’s guess. There simply isn’t enough SysAdmin talent in the world to meet the demands of managing all these apps with anything close to best practices without a better model.
Containers are a whole new ballgame. Unlike VMs, you skip the overhead of running an entire OS for every application environment. There’s also no need to provision a whole new machine to have a place to deploy, meaning you can spin up or scale your application with orders of magnitude more speed and accuracy.
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
In this presentation I talk about our motivation to converting our microservices to run on Kubernetes. I discuss many of the technical challenges we encountered along the way, including networking issues, Java issues, monitoring and alerting, and managing all of our resources!
Open WG Talk #2 Everything you wanted to know about CRIU (but were afraid to ...Andrey Vagin
CRIU is a Linux checkpoint/restore utility that allows saving and restoring the state of Linux processes in userspace. It was created in 2011 as an alternative to kernel-based checkpoint/restore tools. CRIU uses techniques like process freezing via ptrace, memory dumping, and network namespace migration to checkpoint processes and later restore their state on the same or different machine. This allows use cases like failure recovery, live migration, and seamless kernel updates. CRIU works by dumping process state to image files and restoring the process tree from those images. It is widely used in container migration and has over 4,000 commits from a large developer community.
Андрей Вагин. Все что вы хотели знать о Criu, но стеснялись спросить...WG_ Events
Доклад: Все что вы хотели знать о CRIU, но стеснялись спросить...
Андрей Вагин пришёл в Parallels в 2006 году, занимается разработкой ядра Linux, контейнерной системы OpenVZ и сравнительно молодого проекта CRIU. В 2008 году закончил МФТИ.
Все что вы хотели знать о CRIU, но стеснялись спросить...
Проект CRIU (Checkpoint /Restore in Userspace) позвляет содавать контрольные точки и осуществлять миграцию сервисов или контейнеров в реальном времени. Некоторое время назад проект преодолел очередной рубеж и вышел из стадии эксперимента. Следующая зада — интегрировать CRIU в сторонние проекты, такие как OpenVZ, LXC, Docker, OpenMPI. Доклад раскроет всю магию процедуры сохранения и восстановления процессов. Вы узнаете, как в любой процесс можно незаметно подсадить паразита-разведчика и вытянуть все тайны, как системный вызов rt-sigreturn пригодился совсем не там, где родился. Будет показано внутреннее устройство CRIU (без цензуры), блистательные моменты реализации, и почему всё-таки пришлось добавить патчи в ядро. Во второй части доклада будут рассмотрены механизмы взаимодействия CRIU с другими проектами и наиболее частые вопросы интеграции.
http://www.eventbrite.com/e/open-wg-talk-2-linux-container-virtualization-tickets-12189971533
Open WG Talk #2 Everything you wanted to know about CRIU (but were afraid to ...OpenVZ
CRIU is a Linux checkpoint/restore utility that allows saving and restoring the state of Linux processes in userspace. It was created in 2011 as an alternative to kernel-based checkpoint/restore tools. CRIU uses techniques like process freezing via ptrace, memory dumping, and network namespace migration to checkpoint processes and later restore their state on the same or different machine. This allows use cases like failure recovery, live migration, and seamless kernel updates. CRIU works by dumping process state to image files and restoring the process tree from those images. It is widely used in container migration and has over 4,000 commits from a large developer community.
This document discusses methods for reducing Linux boot times, focusing on hardware architecture, the boot process, kernel optimizations, and the init system. It recommends using faster storage like SSDs, optimizing bootloaders like GRUB, improving kernel decompression with LZ4, disabling unnecessary processes, and switching to systemd for network configuration to reduce boot times to as little as 2 seconds.
Introduction to OS LEVEL Virtualization & ContainersVaibhav Sharma
This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT
This document discusses Docker concepts and implementation in Chinese. It covers Linux kernel namespaces, seccomp, cgroups, LXC, and Docker. Namespaces isolate processes and resources between containers. Cgroups control resource limits and prioritization. LXC provides containerization tools while Docker builds on these concepts and provides an easy-to-use interface for containers. The document also provides examples of using namespaces, cgroups, LXC, and building Docker images.
Securing Applications and Pipelines on a Container PlatformAll Things Open
Presented at: Open Source 101 at Home
Presented by: Veer Muchandi, Red Hat Inc
Abstract: While everyone wants to do Containers and Kubernetes, they don’t know what they are getting into from Security perspective. This session intends to take you from “I don’t know what I don’t know” to “I know what I don’t know”. This helps you to make informed choices on Application Security.
Kubernetes as a Container Platform is becoming a de facto for every enterprise. In my interactions with enterprises adopting container platform, I come across common questions:
- How does application security work on this platform? What all do I need to secure?
- How do I implement security in pipelines?
- What about vulnerabilities discovered at a later point in time?
- What are newer technologies like Istio Service Mesh bring to table?
In this session, I will be addressing these commonly asked questions that every enterprise trying to adopt an Enterprise Kubernetes Platform needs to know so that they can make informed decisions.
This document discusses optimizing Linux servers. It covers monitoring server performance using tools like top, vmstat and iostat to identify bottlenecks. It also discusses optimizing hardware, software, databases, disk I/O, memory, and network performance. The document provides tips for tuning Linux kernels, Apache, MySQL, OpenLDAP and other software. It emphasizes starting with monitoring to identify issues, making one change at a time, and using benchmark tools to test performance.
The document discusses dynamically hacking the Linux kernel with containers. It begins by introducing the speaker and their research interests. It then discusses three ways to modify the kernel space: kernel modules, live patching, and kernel detouring. Kernel detouring allows hijacking system calls within containers for cross-OS compatibility. Challenges include insufficient isolation and limited development. The talk demonstrates a proof-of-concept of running FreeBSD binaries on Linux using kernel detouring and containers. It remapped Linux system calls to FreeBSD equivalents and provided a FreeBSD environment within a Linux container.
Chorus - Distributed Operating System [ case study ]Akhil Nadh PC
ChorusOS is a microkernel real-time operating system designed as a message-based computational model. ChorusOS started as the Chorus distributed real-time operating system research project at Institut National de Recherche en Informatique et Automatique (INRIA) in France in 1979. During the 1980s, Chorus was one of two earliest microkernels (the other being Mach) and was developed commercially by Chorus Systèmes. Over time, development effort shifted away from distribution aspects to real-time for embedded systems.
This document discusses real-time Linux programming. It defines real-time as systems that must guarantee response times within strict deadlines, from milliseconds to microseconds. Real-time hardware uses a hardware clock to guarantee timing. Real-time software can be written in any language but C and C++ are preferred. Linux supports real-time capabilities through patches that improve scheduling and reduce latency. The document discusses avoiding page faults, limiting interrupts, and measuring latency in real-time systems.
This document discusses cache coherence in single and multiprocessor systems. It provides techniques to avoid inconsistencies between cache and main memory including write-through, write-back, and instruction caching. For multiprocessors, it discusses issues with sharing writable data, process migration, and I/O activity. Software solutions involve compiler and OS management while hardware uses coherence protocols like snoopy and directory protocols.
This document discusses improvements made to LXC container support in Ganeti through a Google Summer of Code project. Key areas worked on included fixing existing LXC integration, adding unit tests, setting up quality assurance, and adding features like migration. The project was mentored by Hrvoje Ribicic. Future work may include two-level isolation of containers within VMs and live migration of LXC instances.
This presentation by Stanislav Donets (Lead Software Engineer, Consultant, GlobalLogic, Kharkiv) was delivered at GlobalLogic Kharkiv C++ Workshop #1 on September 14, 2019.
In this talk were covered:
- Graphics Processing Units: Architecture and Programming (theory).
- Scratch Example: Barnes Hut n-Body Algorithm (practice).
Conference materials: https://www.globallogic.com/ua/events/kharkiv-cpp-workshop/
Securing Applications and Pipelines on a Container PlatformAll Things Open
The document discusses securing applications on a container platform. It covers considerations for security at the host operating system level, during container builds, and at runtime. Specific techniques discussed include Linux namespaces and cgroups for isolation, SELinux and MCS labels for access control between containers, capability dropping to restrict privileges, and read-only mounts. Container scanning and signing images are also covered.
Biscuit: an operating system written in goSeongJae Park
Biscuit is a monolithic operating system kernel that is written in Go. This talk introduces the kernel and demonstrate how to build, install, and analyze the code.
GCMA: Guaranteed Contiguous Memory AllocatorSeongJae Park
This document summarizes a presentation about GCMA, a Guaranteed Contiguous Memory Allocator for Linux kernels. GCMA aims to provide fast and guaranteed contiguous memory allocation while maintaining good memory utilization. It designates "discardable" pages used by frontswap and clean cache as secondary clients that can be quickly vacated from the reserved area. Evaluations show GCMA provides significantly faster allocation latency and system performance compared to CMA, especially under memory pressure or fragmentation. The presenter is working to upstream GCMA code and provide further evaluation results.
Design choices of golang for high scalabilitySeongJae Park
This document summarizes some key design choices of the Go programming language that enable it to achieve high scalability. It discusses how Go uses lightweight goroutines instead of operating system threads to minimize context switching overhead. Goroutines only switch contexts in well-defined situations and have very small and dynamically sized stacks for efficient memory usage. The document also covers how Go uses cooperative scheduling and runs goroutines in user space for high performance without kernel transitions.
Kselftest is a developer-friendly test framework and set of tests for the Linux kernel. It aims to help developers test the kernel more easily and frequently. Tests are contained in the kernel source code and can be built, run, installed, and packaged quickly and easily. Writing new tests and using the test code as documentation makes kselftest a good starting point for new kernel developers.
Let the contribution begin (EST futures)SeongJae Park
The document discusses contributing to open source software as a newcomer. It recommends getting the source code, making small, targeted changes like fixing coding style issues, and submitting patches for review. The Linux kernel is presented as a popular project to start contributing to. Topic branches in version control are introduced as a way to develop changes separately before submitting them for merging.
gcma: guaranteed contiguous memory allocatorSeongJae Park
This document presents GCMA, a Guaranteed Contiguous Memory Allocator that improves upon the current Contiguous Memory Allocator (CMA) solution in Linux. CMA can have unpredictable latency and even fail when allocating contiguous memory, especially under memory pressure or with background workloads. GCMA guarantees fast latency for contiguous memory allocation, success of allocation, and reasonable memory utilization by using discardable memory as its secondary client instead of movable pages. Experimental results on a Raspberry Pi 2 show that GCMA has significantly faster allocation latency than CMA, keeps camera latency fast even with background workloads, and can improve overall system performance compared to CMA.
This document provides an introduction to the Go programming language by SeongJae Park. It discusses why Go was developed, including to address pains with dependency management, build speeds, type safety, garbage collection and multi-core support in other languages. It then demonstrates Go concepts like packages, functions, variables, structs and interfaces through a live coding example of a web server. Finally, it references a presentation that further explains Go's advantages for multicore programming.
The document discusses using Golang for mobile application development. It provides an example of building a pure Golang Android app without Java by compiling Golang code to a shared object library and using the NativeActivity. It also provides an example of using Golang as a library in a Java Android app by generating bindings between Golang and Java code. Additionally, it proposes an approach for running a standalone Golang process on Android by cross-compiling Golang code to ARM/Linux and executing it from an Android app.
This document summarizes different approaches for using the Go programming language to build Android applications. It discusses building a pure Go app using the NativeActivity class, integrating Go as a library using bindings, and spawning separate Go processes from an Android app using inter-process communication. Code examples are provided for each approach. While Go support for Android is still unstable, these techniques allow Go to be used for simple Android projects as an alternative to Java.
The document discusses the author's experience installing software both with and without Docker. Installing without Docker was a "miserable experience" with issues like the software not working, needing to install additional dependencies, modifying sources and rebuilding, incorrect path configurations, installing other versions, and eventually reinstalling the OS just to get it to work, though the reason it finally worked was unknown. Installing with Docker was much simpler - just install Docker, get the Docker image or Dockerfile for the app, and run it. With Docker, containers are isolated so new installations never conflict with existing ones. The author concludes that Docker makes installation a better experience.
This document summarizes key concepts of Git including snapshots, histories as sequences of snapshots, parallel universes/histories, and basic Git commands like init, add, commit, branch, checkout, merge, rebase, remote repositories, and free hosting services. The document uses diagrams and examples to explain how Git conceptually implements versions as snapshots and allows managing parallel software histories through branches.
(Live) build and run golang web server on android.aviSeongJae Park
Presented from gdg devfair 2014 and gdg korea golang seoul meetup 2015.
Added explanation about go 1.4 official android support a little from gdg korea golang seoul meetup presentation.
Deep dark-side of git: How git works internallySeongJae Park
Describe how git works internally using small and perfect plumbing commands.
The slide have been used at GDG DevFest 2014 and SOSCON 2014.
The slide can be updated later. And, the latest version would always be provided from this page always.
This document discusses Git and provides an introduction to its basic concepts and functionality. It begins by introducing Git as a distributed version control system created by Linus Torvalds to manage Linux code. It then notes that many projects use Git because it is powerful. Finally, it summarizes that at its core, Git is a content-addressable file system based around blobs, trees, commits and references.
Short introduction about vcs & git usage.
Aimed to introduce concept of version control system and git to people who didn't used git or vcs yet. Doesn't introduce deep part of git or operating policy for git. Just focus on simple introduction about main functionality and abstracted internal design.
Experimental android hacking using reflectionSeongJae Park
This document discusses using reflection in Android to access hidden and restricted features. It describes how Android separates interfaces for third-party and built-in apps. It then explains how reflection can be used to change the interface and allow third-party apps to access features usually only available to built-in apps, with examples of how to end a call via reflection. However, it notes reflection has limitations like performance overhead and may not work on all devices.
This document introduces "ash", a shell that allows controlling multiple devices with a single interface. Ash uses a text-based command language to send commands over a network to remotely control devices installed with the ash application. The architecture includes an evaluator that parses commands, a user interface, and device controllers. Commands can register functions and callbacks. The code is structured as lists, and ash supports interfaces from Android, Ubuntu, OSX, and Windows.
This document provides information about hacking with Arduino and the Android Open Accessory Development Kit (ADK). It includes instructions on installing the ADK, debugging Arduino code, and an example code walkthrough. Suggested hack projects include building a keyboard that takes input from an Android device's screen and controls LEDs and tones on an Arduino board.
Describe how to contribute to open source projects.
Provide example process using two hot open source project, linux and AOSP(Android Open Source Project)
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
2. These slides were presented during
4th Korea Linux Kernel Community Meetup
(https://kernel-dev-ko.github.io/4th/)
3. This work by SeongJae Park is licensed under the
Creative Commons Attribution-ShareAlike 3.0 Unported
License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/.
4. I, SeongJae Park
● SeongJae Park <sj38.park@gmail.com>
● PhD candidate researcher at DCSLAB, SNU
● Part time linux kernel programmer at KOSSLAB
● Interested in memory management and parallel programming for OS kernels
5. It’s Multi-processor Era, Now
● Processor vendors changed their mind to increase number of cores instead of
clock speed more than a decade ago
○ Now, multi-core systems are prevalent
○ Even octa-core system in your pocket, maybe?
● As a result, the free lunch is over;
parallel programming is essential for high performance and scalability
http://www.gotw.ca/images/CPU.png
GIVE UP :’(
6. Writing Correct Parallel Program is Hard
● Nature of parallelism is counter-intuitive to human
○ Time is relative, order is ambiguous, and only observations exist
● Compilers and processors do reorderings for performance
● C language developed with Uni-Processor assumption
○ Standard for the kernel (C99) is oblivious of multi-processor systems
CPU 0 CPU 1
X = 1;
Y = 1;
X = 2;
Y = 2;
if (Y == 2 && X == 1)
OOPS();
CPU 1 can call OOPS() in Linux Kernel
8. Instruction Reordering Helps Performance
● By reordering dependent instructions far away, total time consumptions can
be reduced
● If the reordering is guaranteed to not change the result of the instruction
sequence, it would be helpful for better performance
● Such reordering is legal and recommended
fetch decode execute
fetch decode execute
fetch decode execute
Instruction 1
Instruction 3
Instruction 2
instruction 2 depends on result of instruction 1
(e.g., first instruction modifies opcode of next instruction)
By reordering instruction 2 and 3, total execution time can be shorten
6 cycles for 3 instructions: 2 cycles per instruction
9. Time and Order is Relative
● Each CPU concurrently generates their events and
observes effects of events from others
● It is impossible to define absolute order of two concurrent events;
Only relative observation order is possible
CPU 1 CPU 2 CPU 3 CPU 4
Generated
event 1
Generated
event 2
Observed
event 1
followed by
event 2
I observed
event 2
followed by
event 1
Event Bus
10. Cache Coherency is Per-CacheLine
● It is well known that cache coherency protocol helps system memory
consistency
● In actual, it guarantees only per-cacheline sequential consistency
● Every CPU will eventually agree about global order of each cacheline,
but some CPU can aware the change faster than others,
order of changes between different variables is not guaranteed
CPU 1 CPU 2 CPU 3 CPU 4
A = 1; (1)
B = 1; (2)
A = 2; (3)
B = 2; (4)
The order is:
(1), (2), (3), (4)
Coherent cache protocol
The order is:
(1), (3), (2), (4)
The order is:
(2), (1), (4), (3)
Every CPU is honest;
The system is legally
cache-coherent
11. An Example with A Mythological Architecture
● Many systems equip hierarchical memory for better performance and space
● Propagation speed of an event to a given core can be influenced by specific
sub-layer of memory
If CPU 0 Message Queue is busy, CPU 2 can observe an event from
CPU 0 (event A) after an event of CPU 1 (event B)
though CPU 1 observed event A before generating event B
CPU 0 CPU 1
Cache
CPU 0
Message
Queue
CPU 1
Message
Queue
Memory
CPU 2 CPU 3
Cache
CPU 2
Message
Queue
CPU 3
Message
Queue
Bus
12. An Example with A Mythological Architecture
● Many systems equip hierarchical memory for better performance and space
● Propagation speed of an event to a given core can be influenced by specific
sub-layer of memory
If CPU 0 Message Queue is busy, CPU 2 can observe an event from
CPU 0 (event A) after an event of CPU 1 (event B)
though CPU 1 observed event A before generating event B
CPU 0 CPU 1
Cache
CPU 0
Message
Queue
CPU 1
Message
Queue
Memory
CPU 2 CPU 3
Cache
CPU 2
Message
Queue
CPU 3
Message
Queue
Bus
Generate
Event A;
Event A
13. An Example with A Mythological Architecture
● Many systems equip hierarchical memory for better performance and space
● Propagation speed of an event to a given core can be influenced by specific
sub-layer of memory
If CPU 0 Message Queue is busy, CPU 2 can observe an event from
CPU 0 (event A) after an event of CPU 1 (event B)
though CPU 1 observed event A before generating event B
CPU 0 CPU 1
Cache
CPU 0
Message
Queue
CPU 1
Message
Queue
Memory
CPU 2 CPU 3
Cache
CPU 2
Message
Queue
CPU 3
Message
Queue
Bus
Generate
Event A;
Seen Event A;
Generate
Event B;
Event BEvent A
14. An Example with A Mythological Architecture
● Many systems equip hierarchical memory for better performance and space
● Propagation speed of an event to a given core can be influenced by specific
sub-layer of memory
If CPU 0 Message Queue is busy, CPU 2 can observe an event from
CPU 0 (event A) after an event of CPU 1 (event B)
though CPU 1 observed event A before generating event B
CPU 0 CPU 1
Cache
CPU 0
Message
Queue
CPU 1
Message
Queue
Memory
CPU 2 CPU 3
Cache
CPU 2
Message
Queue
CPU 3
Message
Queue
Bus
Generate
Event A;
Seen Event A;
Generate
Event B;
Seen Event B;
Event A
Event B
Busy… ;;;
15. An Example with A Mythological Architecture
● Many systems equip hierarchical memory for better performance and space
● Propagation speed of an event to a given core can be influenced by specific
sub-layer of memory
If CPU 0 Message Queue is busy, CPU 2 can observe an event from
CPU 0 (event A) after an event of CPU 1 (event B)
though CPU 1 observed event A before generating event B
CPU 0 CPU 1
Cache
CPU 0
Message
Queue
CPU 1
Message
Queue
Memory
CPU 2 CPU 3
Cache
CPU 2
Message
Queue
CPU 3
Message
Queue
Bus
Generate
Event A;
Seen Event A;
Generate
Event B;
Seen Event B;
Seen Event A;
Event B
Event A
16. Yet Another Mythological Architecture
● Store Buffer and Invalidation Queue can reorder observation of stores and
loads
CPU 0
Cache
Store
Buffer
Invalidation
Queue
Memory
CPU 1
Cache
Store
Buffer
Invalidation
Queue
Bus
18. C-language Doesn’t Know Multi-Processor
● By the time of initial C-language development, multi-processor was rare
● As a result, C-language has only few guarantees about memory operations
on multi-processor
● Undefined behavior is allowed for undefined case
https://upload.wikimedia.org/wikipedia/commons/thumb/9/95/The_C_Programming
_Language,_First_Edition_Cover_(2).svg/2000px-The_C_Programming_Languag
e,_First_Edition_Cover_(2).svg.png
19. Compiler Optimizes (Reorders) Code
● Clever compilers try hard (really hard) to optimize code for high IPC
(not for human perspective goals)
○ Converts small, private functions to inline code
○ Reorder memory access code to minimize dependency
○ Simplify unnecessarily complex loops, ...
● Optimization uses term `Undefined behavior` as they want
○ It’s legal, but sometimes do insane things in programmer’s perspective
● Compilers reorder memory accesses based on the C-standard, which is
oblivious of multi-processor systems; this can result in unintended programs
● C11 standard aware the multi-processor systems, though
21. Synchronization Primitives
● Because reordering and asynchronous effect propagation is legal,
synchronization primitives are necessary to write human intuitive program
● Most environments including the Linux kernel provide sufficiently enough
synchronization primitives for human intuitive programs
https://s-media-cache-ak0.pinimg.com/236x/42/bc/55/42bc55a6d7e5affe2d0dbe9c872a3df9.jpg
22. Atomic Operations
● Atomic operations are configured with multiple sub operations
○ E.g., compare1)
-and-exchange2)
, fetch1)
-and-add2)
, and test1)
-and-set2)
● Atomic operations have mutual exclusiveness
○ Middle state of atomic operation execution cannot be seen by others
○ It can be thought of as small critical section that protected by a global lock
● Linux also provides plenty of atomic operations
http://www.scienceclarified.com/photos/atomic-mass-3024.jpg
23. Memory Barriers
● In general, memory barriers guarantee
effects of memory operations issued before it
to be propagated to other components in the system (e.g., processor)
before memory operations issued after the barrier
● Linux provides various types of memory barriers including compiler memory
barriers, hardware memory barriers, load barriers, store barriers
CPU 1 CPU 2 CPU 3
READ A;
WRITE B;
<BARRIER>;
READ C;
READ A,
WRITE B,
then READ C
occurred
WRITE B,
READ A,
then READ C
occurred
READ A and WRITE B can be reordered but READ C is guaranteed to
be ordered after {READ A, WRITE B}
24. Partial Ordering Primitives
● Partial ordering primitives include read / write memory barriers, acquire /
release semantics and data / address / control dependencies
● Semantics of partial ordering primitives are somewhat confusing
● Cost of partial ordering can be much cheaper than fully ordering primitives
● Linux also provides partial ordering primitives
https://www.ternvets.co.uk/wp-content/uploads/2017/02/cat-with-cone.jpg
25. Cost of Synchronization Primitives
● Generally, synchronization primitives are expensive, unscalable
● Each primitive costs differently; the gap is significant
● Correct selection and efficient use of synchronization primitives are important
for the performance and scalability
Performance of various synchronization primitives
27. Each Environment Provides Own Memory Model
● Memory model, a.k.a Memory consistency model
● Defines what values can be obtained by load instructions of given code
● Programming environments including Instruction Set Architectures,
Programming languages, Operating systems, etc define their memory model
○ Modern language memory models (e.g., Golang, Rust, Java, C11, …) aware multi-processor,
while C99, which is for the Linux kernel, doesn’t
http://www.sciencemag.org/sites/default/files/styles/article_main_large/public/Memory.jpg?itok=4FmHo7M5
28. Each ISA Provides Specific Memory Model
● Some architectures have stricter ordering enforcement rule than others
● PA-RISC CPUs are strictest, Alpha is weakest
● Because Linux kernel supports multiple architectures, it defines its memory
model based on weakest one, the Alpha
https://kernel.org/pub/linux/kernel/people/paulmck/perfbook/perfbook.2015.01.31a.pdf
29. Linux Kernel Memory Model (LKMM)
● The memory model for Linux kernel programming environment
○ Defines what values can be obtained, given a piece of Linux kernel code, for specific load
instructions in the code
● Linux kernel original memory model is necessary because
○ It uses C99 but C99 memory model is oblivious of multi-processor environment;
C11 memory model aware of multi-processor, but Torvalds doesn’t want it
○ It supports multiple architectures with different ISA-level memory model
https://github.com/sjp38/perfbook
30. LKMM Providing Ordering Primitives
● Designed for weakest memory model architecture, Alpha
○ Almost every combination of reordering is possible, doesn’t provide address dependency
● Atomic instructions
○ atomix_xchg(), atomic_inc_return(), atomic_dec_return(), …
○ Most of those just use mapping instruction, but provide general guarantees at Kernel level
● Memory barriers
○ Compiler barriers: WRITE_ONCE(), READ_ONCE(), barrier(), ...
○ CPU barriers: mb(), wmb(), rmb(), smp_mb(), smp_wmb(), smp_rmb(), …
○ Semantic barriers: ACQUIRE operations, RELEASE operations, dependencies, …
○ For detail, refer to https://www.kernel.org/doc/Documentation/memory-barriers.txt
● Because different memory ordering primitive has different cost, only
necessary ordering primitives should be used in necessary case for high
performance and scalability
31. Informal LKMM
● Originally, LKMM was just an informal text, ‘memory-barriers.txt’
● It explains about the Linux Kernel Memory Model in English
(There is Korean translation, too: https://www.kernel.org/doc/Documentation/translations/ko_KR/memory-barriers.txt)
● To use the LKMM to prove your code, you should use Feynman Algorithm
○ Write down your code
○ Think real hard with the ‘memory-barriers.txt’
○ Write down your provement
○ Hard and unreliable, of course!
https://www.kernel.org/doc/Documentation/memory-barriers.txt
32. Formal and Executable LKMM: Help Arrives at Last
● Jade Alglave, Paul E. McKenney, and some guys made formal LKMM
● It is formal, executable memory model
○ It receives C-like simple code as input
○ The code containing parallel code snippets and a question: can this result happen?
● Provides model for each ordering primitive of LKMM based on concepts
including orders and cycles
● Can be executed with herd7 and klitmus7
○ LKMM extends herd7 and klitmus7 to support LKMM ordering primitives in code
○ herd7 based execution does proof in user mode
○ klitmus7 based execution generates test running kernel module and
wrapper scripts for execution of the module
33. Steps for LKMM Execution
● Installation
○ LKMM is merged in Linux source tree at tools/memory-model;
Just get the linux source code
○ Install herdtools7 (https://github.com/herd/herdtools7)
● Usage
○ Using herd7 based user mode proof
$ herd7 -conf linux-kernel.cfg <your-litmus-test file>
○ Using klitmus7 based real kernel mode execution
$ mkdir mymodules
$ klitmus7 -o mymodules <your-litmus-test file>
$ cd mymodules ; make
$ sudo sh run.sh
● That’s it! Now you can prove your parallel code for all Linux environments!
34. Summary
● Nature of parallel programming is counter-intuitive
○ Cannot define order of events without interaction
○ Ordering rule is different for different environment
○ Memory model defines their ordering rule
● For human-intuitive and correct program, interaction is necessary
○ Almost every environment provides memory ordering primitives including atomic instructions
and memory barriers, which is expensive in common
○ Memory model defines what result can occur and cannot with given code snippet
● Formal Linux kernel memory model is available
○ Linux kernel provides its memory model based on weakest memory ordering rule architecture
it supports, the Alpha, C99, and its original ordering primitives including RCU
○ Formal and executable LKMM is in the kernel tree; now you can prove your parallel code!