fedora 14 kernel performance with ip forwarding workload
by Jesse Brandeburg
The other day I was running the stock fedora kernel on my ip
forwarding setup, to see what the performance was, and the performance
wasn't very good.
system is S5520HC dual socket 2.93GHz Xeon 5570 (Nehalem) with 3 quad
port 82580 adapters (12 ports). Traffic is bidirectional 64 byte
packets being forwarded and received on each port, basically port to
port routing. I am only using 12 flows currently.
The driver is igb, and I am using an affinity script that lines up
each pair of ports that are forwarding traffic into optimal
configurations for cache locality. I am also disabling
remote_node_defrag_ratio to stop cross node traffic.
With the fedora default kernel from F14 it appears that
CONFIG_NETFILTER=y means that I cannot unload all of netfilter even if
I stop iptables service.
perf showed netfilter being prominent, and removing it gives me much
higher throughput. Is there a reason CONFIG_NETFILTER=y ? Isn't it a
good thing to be able to disable netfilter if you want to?
Jesse
8 years, 10 months
[PATCHSET] utrace for 3.1 kernel
by Oleg Nesterov
Hello.
utrace patches for 3.1 kernel. Untested, will try to do some tests
tomorrow.
I do not want to spam you all and the lists, please look at
git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc.git utrace-3.1
Oleg Nesterov (29):
utrace: add utrace_init_task/utrace_free_task calls
tracehooks: add utrace hooks
tracehooks: reintroduce tracehook_consider_fatal_signal()
add utrace hooks into sig_ignored() and recalc_sigpending()
restore the EXEC/EXIT/CLONE utrace hooks
utrace: utrace_report_death() can use task_utrace_struct()
restore the DEATH/REAP utrace hooks
utrace: remove jobctl bits
ptrace: take ->siglock around s/TRACED/RUNNING/
introduce wake_up_quiescent()
introduce ptrace_signal_wake_up()
wait_task_inactive: treat task->state and match_state as bitmasks
introduce TASK_UTRACED state
utrace: use TASK_UTRACED instead of TASK_TRACED
reintroduce tracehook_finish_jctl() as utrace_end_stop()
teach wake_up_quiescent() to do "selective" wake_up
ptrace_stop: do not assume the task is running after wake_up_quiescent()
get_signal_to_deliver: restore/restructure utrace/ptrace signal reporting
utrace_get_signal: s/JOBCTL_STOP_PENDING/JOBCTL_PENDING_MASK/
introduce ptrace_set_syscall_trace()
introduce PT_SYSCALL_TRACE flag
utrace: don't clear TIF_SYSCALL_TRACE if it is needed by ptrace
introduce task_utrace_lock/task_utrace_unlock
teach ptrace_set_syscall_trace() to play well with utrace
introduce PT_SINGLE_STEP and PT_SINGLE_BLOCK
utrace: finish_resume_report: don't do user_xxx_step() if ptrace_wants_step()
ptrace: shift user_*_step() from ptrace_resume() to ptrace_stop()
ptrace_disable: no need to disable stepping
ptrace_report_syscall: check TIF_SYSCALL_EMU
Roland McGrath (1):
utrace core
Documentation/DocBook/Makefile | 2 +-
Documentation/DocBook/utrace.tmpl | 589 +++++++++
arch/s390/kernel/traps.c | 4 +-
arch/x86/kernel/ptrace.c | 1 -
fs/exec.c | 5 +-
fs/proc/array.c | 14 +-
include/linux/ptrace.h | 7 +
include/linux/sched.h | 25 +-
include/linux/signal.h | 2 +
include/linux/tracehook.h | 53 +-
include/linux/utrace.h | 773 ++++++++++++
init/Kconfig | 9 +
kernel/Makefile | 1 +
kernel/exit.c | 5 +
kernel/fork.c | 9 +
kernel/ptrace.c | 57 +-
kernel/sched.c | 2 +-
kernel/signal.c | 97 ++-
kernel/utrace.c | 2461 +++++++++++++++++++++++++++++++++++++
19 files changed, 4062 insertions(+), 54 deletions(-)
create mode 100644 Documentation/DocBook/utrace.tmpl
create mode 100644 include/linux/utrace.h
create mode 100644 kernel/utrace.c
12 years, 1 month
monthly irc meeting.
by Dave Jones
We've been having monthly team meetings for a few months, and have decided that
some of the material we end up discussing should really be shared with
a wider audience. Here are the minutes from this months meeting for example,
that Chuck captured: http://fpaste.org/3LYS/
So as noted at https://fedoraproject.org/wiki/Meeting_channel, we're going to try
a monthly one hour meeting at 1800UTC the 2nd Friday of every month in #fedora-meeting.
No fixed agenda to begin with, let's see where it goes.
Dave
12 years, 5 months
[PATCH f14 Backport 76435548] Ecryptfs: Add mount option to check uid of device being mounted = expect uid
by Josh Boyer
Here's a backport of upstream commit 76435548 for F14. Please review.
I've tested this in a KVM guest and ecryptfs seems to still work without
issue, but my testing is certainly not exhausting. The ecryptfs-utils
does have the proper commits to utilize this in F14 as well.
If I don't hear anything soon, I'll assume silence is acceptance ;).
josh
From: John Johansen <john.johansen(a)canonical.com>
Close a TOCTOU race for mounts done via ecryptfs-mount-private. The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.
Signed-off-by: John Johansen <john.johansen(a)canonical.com>
Cc: <stable(a)kernel.org>
Signed-off-by: Tyler Hicks <tyhicks(a)linux.vnet.ibm.com>
Backported to 2.6.35.14 by Josh Boyer <jwboyer(a)redhat.com>
---
fs/ecryptfs/main.c | 27 ++++++++++++++++++++++-----
1 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index cbd4e18..c249d14 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -208,7 +208,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
- ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
+ ecryptfs_opt_unlink_sigs, ecryptfs_opt_check_dev_ruid, ecryptfs_opt_err };
static const match_table_t tokens = {
{ecryptfs_opt_sig, "sig=%s"},
@@ -223,6 +223,7 @@ static const match_table_t tokens = {
{ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
+ {ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
{ecryptfs_opt_err, NULL}
};
@@ -266,6 +267,7 @@ static void ecryptfs_init_mount_crypt_stat(
* ecryptfs_parse_options
* @sb: The ecryptfs super block
* @options: The options pased to the kernel
+ * @check_ruid: set to 1 if device uid should be checked against the ruid
*
* Parse mount options:
* debug=N - ecryptfs_verbosity level for debug output
@@ -281,7 +283,7 @@ static void ecryptfs_init_mount_crypt_stat(
*
* Returns zero on success; non-zero on error
*/
-static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
+static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, uid_t *check_ruid)
{
char *p;
int rc = 0;
@@ -306,6 +308,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
char *cipher_key_bytes_src;
char *fn_cipher_key_bytes_src;
+ *check_ruid = 0;
+
if (!options) {
rc = -EINVAL;
goto out;
@@ -406,6 +410,9 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
case ecryptfs_opt_unlink_sigs:
mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
break;
+ case ecryptfs_opt_check_dev_ruid:
+ *check_ruid = 1;
+ break;
case ecryptfs_opt_err:
default:
printk(KERN_WARNING
@@ -494,7 +501,7 @@ static struct file_system_type ecryptfs_fs_type;
* ecryptfs_interpose to create our initial inode and super block
* struct.
*/
-static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
+static int ecryptfs_read_super(struct super_block *sb, const char *dev_name, uid_t check_ruid)
{
struct path path;
int rc;
@@ -511,6 +518,15 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
"known incompatibilities\n");
goto out_free;
}
+
+ if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
+ rc = -EPERM;
+ printk(KERN_ERR "Mount of device (uid: %d) not owned by "
+ "requested user (uid: %d)\n",
+ path.dentry->d_inode->i_uid, current_uid());
+ goto out_free;
+ }
+
ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
sb->s_blocksize = path.dentry->d_sb->s_blocksize;
@@ -549,6 +565,7 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
struct ecryptfs_dentry_info *root_info;
const char *err = "Getting sb failed";
int rc;
+ uid_t check_ruid;
sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
if (!sbi) {
@@ -556,7 +573,7 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
goto out;
}
- rc = ecryptfs_parse_options(sbi, raw_data);
+ rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
if (rc) {
err = "Error parsing options";
goto out;
@@ -601,7 +618,7 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
/* ->kill_sb() will take care of root_info */
ecryptfs_set_dentry_private(s->s_root, root_info);
s->s_flags |= MS_ACTIVE;
- rc = ecryptfs_read_super(s, dev_name);
+ rc = ecryptfs_read_super(s, dev_name, check_ruid);
if (rc) {
deactivate_locked_super(s);
err = "Reading sb failed";
--
1.7.6
12 years, 6 months
MacBookAir4,1 support patches
by Bastien Nocera
3 patches:
- one to enable multitouch on the trackpad
- one to allow using the Fn keys on the keyboard
- and one to make the Bluetooth adapter work
The first 2 have equivalents for the MacBookAir4,2 (13") already in
Linus' tree. The trackpad patch was added by Dmitry to his tree (though
bizarrely no word on the keyboard patch). Not sure what's happening with
the Bluetooth patch, no response as of yet.
Cheers
12 years, 6 months
Distro kernel update
by Josh Boyer
It's been a while since we gave an overview of the kernel plans for
Fedora, so I thought I'd send a brief update on what we're doing, where
we're headed, and why.
Rawhide:
Rawhide is basically trucking along as it normally does, tracking the
latest upstream Linus tree. This will continue for the forseeable
future, so there really are no surprises here. At the moment, it is at
3.1-rc4 and overall seems fairly stable. There is an ext4 lockdep trace
that quite a few people have hit, but a fix has been posted upstream and
should be included in the next build.
F16:
The F16 Alpha released with the first stable release of the 3.0 kernel,
but it has since transitioned to the 3.1 pre-release kernels. The plan
for the final release is to ship 3.1 final (or the latest stable release
of it), but there wasn't time to get that into the Alpha. Currently,
we're at 3.1-rc4, which means we're synced with rawhide. This will
continue until 3.1 final is released.
The F16 kernels also still have the debug options enabled. We've found
that testing of the rawhide kernel is somewhat limited, and we don't get
many reports aginst that. Most of the lockdep issues or other bugs
found in the 3.1 kernel so far have come from people running F16, so
this is paying off in terms of getting the kernel debugged and fixed
before the final release. It does have the side-effect of introducing a
performance penalty in some cases, but we'd rather get the bugs fixed
first. The debug options will be disabled and we'll move to a release
kernel once 3.1 final is released and built.
F15:
F15 has now moved to the 2.6.40 kernel. If you haven't been paying
attention lately, you'll probably be saying "wait... there is no 2.6.40
upstream" and you would be right. So Fedora's 2.6.40 is really the 3.0
upstream kernel, "rebranded" to follow the 2.6.x numbering scheme. This
was done to avoid userspace incompatibilities with the 3.x numbering
scheme for packages that were either tightly coupled to kernel version
and/or, uh, doing things a bit wrongly. Most of those packages have
been fixed in f16 at this point.
We're at the equivalent of the 3.0.4 stable release in updates-testing
and that should be moving to updates relatively soon.
F14:
Sigh. F14 is still on the 2.6.35.x longterm kernel, currently at
2.6.35.14. This is both good and bad. Good in that it's the oldest
supported release, and we've got somewhat of a known quantity with this
kernel at this point. Bad because the upstream stable branch is updated
fairly infrequently and seems to be somewhat in zombie state.
We've spent the last week or so trying to plow through the F14 bugzilla
backlog. This has sort of paid off by clearing out a bunch of stale
bugs, duplicates, and things that were fixed and never closed. At the
moment, we're under 300 bugs which isn't great but is much improved
overall.
Going forward, we're at sort of an impasse. The two most likely options
are staying on 2.6.35.x, or moving to 2.6.40 as F15 did. We know that
there are areas where 2.6.35.x is just broken or insufficient (USB 3
support, various suspend/resume issues) that might be improved in 2.6.40
but that comes with the risk of hitting userspace interaction bugs.
We're keeping an eye on this and trying to come up with the best all
around decision, but it is not an easy choice. In the meantime, if you
are having lots of issues with F14, we strongly you to upgrade to F15.
(Yes, we are aware of the fact that some people want to stick with F14
to avoid Gnome3. That's outside of the scope of the kernel and we
really don't want to discuss it here.)
So there's a brief overview of the kernel happenings going on in Fedora.
If you have questions, feel free to shoot an email to the fedora kernel
list!
josh
12 years, 6 months
[PATCH F-16] bz735118: utrace: s390: fix the compile problem with traps.c
by Oleg Nesterov
https://bugzilla.redhat.com/show_bug.cgi?id=735118
d99e60e5 "tracehooks: reintroduce tracehook_consider_fatal_signal()"
breaks the compilation of arch/s390/kernel/traps.c. Restore the
necessary include removed by upstream 73b7d40f commit.
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
---
arch/s390/kernel/traps.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c
index 1018ab6..50e975d 100644
--- a/arch/s390/kernel/traps.c
+++ b/arch/s390/kernel/traps.c
@@ -18,7 +18,7 @@
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/errno.h>
-#include <linux/ptrace.h>
+#include <linux/tracehook.h>
#include <linux/timer.h>
#include <linux/mm.h>
#include <linux/smp.h>
--
1.5.5.1
12 years, 7 months