≡ Menu

linux kernel

Is The Linux Community Afraid of Opensolaris?

It's about time someone wrote this article:

I know the headline is a little bit provoking. But when you think about some comments from Linux proponents you could think so.

This is an interesting development. In the years before, there wasn't such comments. Solaris was considered as a dead end. But then the game changed. We open-sourced Solaris. The full monty over the time. We open-sourced the cluster framework. And we won´t stop to open source further code until there is no more code to open-source. BTW: I find "Sun should contribute more" really interesting. In the moment you start up your text processor on your favourite Linux distribution you've gone through more code contributed by Sun than of anybody else. You´ve already traversed a large amount of code contributed by Sun when you just login into GNOME. This is a fact most people tend to ignore.

Is the Linux community afraid of Opensolaris? [c0t0d0s0.eu]

Critical Red Hat Enterprise Linux Kernel Update

Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.

Security fixes:

a) A missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important)

b) A flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

c) Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate)

d) a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)

e) A flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate)

Bug fix

a) A kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use.

b) On certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic.

c) With bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications.

How do I update my kernel?

Login as root and type:
# uname -mrs
# yum update
# reboot
# uname -mrs

Red Hat paid approximately $107 million in cash for Qumranet, a privately held company. Now, Red Hat positioned to deliver comprehensive, reliable and open virtualization to Linux and Windows servers and desktops.

Red Hat today announced the acquisition of Qumranet, Inc. The acquisition includes Qumranet's virtualization solutions, including its KVM (Kernel Virtual Machine) platform and SolidICE offering, a virtual desktop infrastructure (VDI), which together present a comprehensive virtualization platform for enterprise customers. In addition, in connection with the deal, Qumranet's talented team of professionals that develop, test and support Qumranet solutions, and its leaders of the open source community KVM project, will join Red Hat.

According wikipedia:

Kernel-based Virtual Machine (KVM) is a Linux kernel virtualization infrastructure. KVM currently supports native virtualization using Intel VT or AMD-V. A wide variety of guest operating systems work with KVM, including many flavours of Linux, BSD, Solaris, Windows, Haiku, ReactOS and AROS Research Operating System.

Red Hat Advances Virtualization Leadership with Qumranet, Inc. Acquisition

Updated kernel packages that fix several bugs, while adding an enhancement are now available for Red Hat Enterprise Linux 4.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following bugs:

* the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have make DNS spoofing attacks easier.

The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder.

* A set of patches detailed as "sys_times: Fix system unresponsiveness during many concurrent invocation of sys_times()" and "Minor code cleanup to sys_times() call" introduced regression which caused a kernel panic under high load. These patches were reverted in the current release.

* A process could hang in an uninterruptible state while accessing application data files due to race condition in asynchronous direct I/O system calls.

* USB devices would not be detected on a PowerEdge R805 system. USB devices are now able to be detected on the aforementioned system with this update.

Further, these updated packages add the following enhancement:

* Added HDMI support for AMD ATI chipsets RS780, RV610, RV620, RV630, RV635, RV670 and RV770.

How do I upgrade my kernel on RHEL 4.x?

Type the following command as root user:
# up2date -uf

RHEL5: Linux Kernel kexec-tools bug fix update

An updated kexec-tools package that fixes a bug is now available for RHEL systems. The kexec-tools package provides tools that facilitate a new kernel to boot using the Linux kernel kexec feature, either on a normal or a panic reboot. Users of kexec-tools are advised to upgrade to this updated package, which resolves the following issue:

bt: unwind: failed to locate return link
makedumpfile corrupts vmcore on ia64: crash's bt fails to unwind

How do I fix this issue?

Type the following command as root user:
# yum update

Multipath I/O is a fault-tolerance and performance enhancement technique whereby there is more than one physical path between the CPU in a computer system and its mass storage devices through the buses, controllers, switches, and bridge devices connecting them.

A simple example would be a SCSI disk connected to two SCSI controllers on the same computer or a disk connected to two Fibre Channel ports. Should one controller, port or switch fail, the operating system can route I/O through the remaining controller transparently to the application, with no changes visible to the applications, other than perhaps incremental latency.

This is useful for:

  1. Dynamic load balancing
  2. Traffic shaping
  3. Automatic path management
  4. Dynamic reconfiguration

Linux device-mapper

In the Linux kernel, the device-mapper serves as a generic framework to map one block device onto another. It forms the foundation of LVM2 and EVMS, software RAIDs, dm-crypt disk encryption, and offers additional features such as file-system snapshots.

Device-mapper works by processing data passed in from a virtual block device, that it itself provides, and then passing the resultant data on to another block device.

How do I setup device-mapper multipathing in CentOS / RHEL 4 update 2 or above?

Open /etc/multipath.conf file, enter:
# vi /etc/multipath.conf
Make sure following line exists and commented out:

devnode_blacklist {
        devnode "*"
}

Make sure default_path_grouping_policy option in the defaults section set to failover. Here is my sample config:

defaults {
       multipath_tool  "/sbin/multipath -v0"
       udev_dir        /dev
       polling_interval 10
       default_selector        "round-robin 0"
       default_path_grouping_policy    failover
       default_getuid_callout  "/sbin/scsi_id -g -u -s /block/%n"
       default_prio_callout    "/bin/true"
       default_features        "0"
       rr_min_io              100
       failback                immediate
}

Save and close the file. Type the following command to load drivers:
# modprobe dm-multipath
# modprobe dm-round-robin

Start the service, enter:
# /etc/init.dmultipathd start
multipath is used to detect multiple paths to devices for fail-over or performance reasons and coalesces them:
# multipath -v2
Turn on service:
# /sbin/chkconfig multipathd on
Finally, create device maps from partition tables:
# kpartx -a /dev/mapper/mpath#
You need to use fdisk on the underlying disks such as /dev/sdc.

References:

  • man page kpartx,multipath, udev, dmsetup and hotplug

Good news and great contribution from HP. You can study all those advanced features for academic project.

AdvFS is a file system that was developed by Digital Equipment Corp and continues to be part of HP's
Tru64 operating system. It offers many advanced features. Continuing its efforts to advance customer adoption of Linux, HP today announced the contribution of its Tru64 UNIX Advanced File System (AdvFS) source code to the open source community. The code on this site is licensed under the GPLv2 to be compatible with the Linux kernel.

The AdvFS source code includes capabilities that increase uptime, enhance security and help ensure maximum performance of Linux file systems. HP will contribute the code as a reference implementation of an enterprise Linux file system under the terms of General Public License Version 2 for compatibility with the Linux kernel, as well as provide design documentation, test suites and engineering resources.

Now the million dollar question - Is there any reason to pick AdvFS fs over any of the other 20+ file systems such as XFS/ext2/ext3 under Linux?