Who Writes Linux – Insight Into Individual Linux Kernel Contributors

Posted on in Categories Linux, News last updated April 2, 2008

A report from the Linux Foundation details individual kernel contributions and suggests enterprise use is expanding. However there is elite group inside community. During the past three years, the top 10 individual developers have contributed nearly 15 per cent of the changes to the kernel, while the top 30 developers have submitted 30 per cent, the report states.

Al Viro, David S. Miller and Adrian Bunk authored most of the patches; Andrew Morton came in fifth. Linus Torvalds, the creator of Linux, is found far down on the list. Viro has contributed 1,571 changes to the kernel, which sits at the core of the Linux operating system, over the past three years.

According to Jim Zemlin, executive director at The Linux Foundation:

Never before in the history of computing have there been so many companies, users and developers united behind one project, specifically one that has seen so much commercial success.

Some interesting facts about Linux kernel

Who is Writing Linux?

  • Every Linux kernel is being developed by nearly 1,000 developers working for more than 100 different corporations.

Who is Sponsoring Linux?

  • More than 70 percent of total contributions to the kernel come from developers working at a range of companies including IBM, Intel, The Linux Foundation, MIPS Technology, MontaVista, Movial, NetApp, Novell and Red Hat.

How Fast is Linux Developed and Released?

  • An average of 3,621 lines of code are added to the kernel tree every day, and a new kernel is released approximately every 2.7 months.

=> Linux Foundation Publishes Study on Linux Development Statistics: Who Writes Linux and Who Supports It

How To Build Secure and Portable Linux Based System

Posted on in Categories Hardware, Howto, Linux, Linux desktop, Linux distribution, Security last updated March 18, 2008

Interesting idea that explains how to build awesome secure and portable system using Linux. From the article:

I designed this system with both security and portability in mind. My system uses a Linux kernel and the entire thing, applications, personal data, etc, takes up 1GB of space. It is split up into two parts, the operating system, and my personal data. The operating system is a 700MB live-CD, GRML, that generates a completely fresh install every single time I boot up the computer. Doing this means that if my system is ever hacked into, a simple restart of my computer fixes the problem. This also means that any configuration changes made or private information stored by any application, restarting reverts everything to a clean slate.

The personal data is encrypted using an AES-256 algorithm. The password I type in actually unlocks a special encrypted file which unlocks the real encryption information, meaning that my actual password is never stored in RAM (more specifically, DRAM). To prevent highly sensitive information from being discovered by remote hackers, which this layer of encryption would not protect against, an extra layer of encryption using either GPG or AES-256 provides two layers of encryption for highly sensitive data.

=> My Awesome Secure and Portable System

How To Patch Running Linux Kernel Source Tree

Posted on in Categories Howto, Linux, Linux distribution, RedHat/Fedora Linux, Security, Sys admin, Tips last updated February 12, 2008

Yesterday, I wrote about a serious Linux kernel bug and fix. However, few readers like to know about patching running Linux kernel. Patching production kernel is a risky business. Following procedure will help you to fix the problem.

Step # 1: Make sure your product is affected

First find out if your product is affected by reported exploit. For example, vmsplice() but only affects RHEL 5.x but RHEL 4.x,3.x, and 2.1.x are not affected at all. You can always obtain this information by visiting vendors bug reporting system called bugzilla. Also make sure bug affects your architectures. For example, a bug may only affect 64 bit or 32 bit platform.

Step # 2: Apply patch

You better apply and test patch in a test environment. Please note that some vendors such as Redhat and Suse modifies or backports kernel. So it is good idea to apply patch to their kernel source code tree. Otherwise you can always grab and apply patch to latest kernel version.

Step # 3: How do I apply kernel patch?

WARNING! These instructions require having the skills of a sysadmin. Personally, I avoid recompiling any kernel unless absolutely necessary. Most our production boxes (over 1400+) are powered by mix of RHEL 4 and 5. Wrong kernel option can disable hardware or may not boot system at all. If you don’t understand the internal kernel dependencies don’t try this on a production box.

Change directory to your kernel source code:
# cd linux-2.6.xx.yy
Download and save patch file as fix.vmsplice.exploit.patch:
# cat fix.vmsplice.exploit.patch
Output:

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!len))
                        break;
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
                        break;

                /*

Now apply patch using patch command, enter:
# patch < fix.vmsplice.exploit.patch -p1
Now recompile and install Linux kernel.

I hope this quick and dirty guide will save someones time. On a related note Erek has unofficial patched RPMs for CentOS / RHEL distros.

How To Track Changes in Your Linux Filesystem

Posted on in Categories File system, Howto, Linux, RedHat/Fedora Linux, Sys admin, Tips last updated January 25, 2008

kfsmd is an interesting tool to keep track of changes in your filesystems. This tool based upon inotify which is a Linux kernel subsystem that provides file system event notification. Useful for file auditing. From the article:

Applications can ask the Linux kernel to report changes to selected files and directories. I created the Kernel Filesystem Monitoring Daemon (kfsmd) to make monitoring filesystem changes simple. Command-line clients for kfsmd come in two categories: monitoring and logging. The monitoring client produces output on the console whenever something happens to a filesystem you are watching. You can log to either a Berkeley DB4 file or a PostgreSQL database.

=> Use kfsmd to keep track of changes in your filesystems

Related: Linux audit files to see who made changes to a file

GPL v2.0 is Perfect for Linux – Says Linus Torvalds

Posted on in Categories GNU/Open source, Links, Linux, News last updated January 8, 2008

Linux creator Linus Torvalds, in an interview being made public by the Linux Foundation Tuesday, stressed that version 2 of the GPL (GNU General Public License) still makes the most sense for the Linux kernel over the newer GPL version 3. Among GPL 3 highlights are protections against patent infringement lawsuits and provisions for license compatibility. Torvalds acknowledged he had spoken out against GPL 3 before it was released. He had opposed digital rights management provisions in early-2006, calling them burdensome.

Linus Torvalds, programmer, creator of the Linux kernel

On patent trolls, he says:

Yeah, they’re kind of like the tourists that you can’t bomb because there’s nothing there to bomb. There are just these individuals that don’t have anything to lose. That breaks the whole cold war model and seems to be one of the reasons that even big companies are now starting to realize that patents and software are a really bad idea.

The in-depth discussion has been split into two parts; the first segment is available today at Linux foundation blog. The next installment will be available in two weeks. Transcripts are also available on the LF website.

=> You can listen to complete conversations podcast here. If you’d rather read a transcript, you can find it here. (via Yahoo news – Image credit Wikipedia Linus article)

Download of the day: Linux kernel 2.6.23

Posted on in Categories Download of the day, GNU/Open source, Linux last updated October 10, 2007

Linux kernel version 2.6.23 has been released and available for download. Linus Torvalds writes:

Yeah, it got delayed, not because of any huge issues, but because of various bugfixes trickling in and causing me to reset my “release clock” all the time. But it’s out there now, and hopefully better for the wait.Not a whole lot of changes since -rc9, although there’s a few updates to mips, sparc64 and blackfin in there. Ignoring those arch updates, there’s basically a number of mostly one-liners (mostly in drivers, but there’s some networking fixes and soem VFS/VM fixes there too).

This version includes the new and shiny CFS process scheduler, a simpler read-ahead mechanism, the lguest ‘Linux-on-Linux’ paravirtualization hypervisor, XEN guest support, KVM smp guest support, and variable process argument length. SLUB is now the default slab allocator, there’s SELinux protection for exploiting null dereferences using mmap, XFS and ext4 improvements, PPP over L2TP support. Also the ‘lumpy’ reclaim algorithm, a userspace driver framework, the O_CLOEXEC file descriptor flag, splice improvements, a new fallocate() syscall, lock statistics, support for multiqueue network devices, various new drivers, and many other minor features and fixes. See kernel change log here for more information.

Download Linux kernel version 2.6.23

=> Visit official Linux kernel web site here. See how to compile Linux kernel.

Troubleshooting tip: stap ~ systemtap script translator / driver command not working under CentOS Linux

Posted on in Categories CentOS, Linux, Sys admin, Troubleshooting last updated September 25, 2007

The stap program is the front-end to the Systemtap tool. It accepts probing instructions (written in a simple scripting language), translates those instructions into C code, compiles this C code, and loads the resulting kernel module into a running Linux kernel to perform the requested system trace/probe functions.

SystemTap provides free software (GPL) infrastructure to simplify the gathering of information about the running Linux system. This assists diagnosis of a performance or functional problem. SystemTap eliminates the need for the developer to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.

We have several developers who use stap. Usually it works out of box. For example following program prints hello world on screen if SystemTap and related packages are installed:

stap -e 'probe begin { log ("hello world") }'

However under CentOS Linux version 5 (RHEL 5), you will get an error as follows:

semantic error: libdwfl failure (dwfl_linux_kernel_report_offline): No such file or directory while resolving probe point kernel.function("sys_*")

Install kernel-debuginfo package

To get rid of this problem, you have to simply install kernel-debuginfo package:
# yum install kernel-debuginfo
Please note that the installed kernel-debuginfo package must be for the same kernel release level and processor, so you may have to enter the following command:
# yum install kernel-debuginfo-KERNEL-VERSION-NUMBER

Hope this troubleshooting tip will help you out while working with systemtap (stap) scripts.

Linux kernel enable the IOMMU – input / output memory management unit support

Posted on in Categories High performance computing, Howto, Linux, Linux distribution, Linux Virtualization last updated September 11, 2007

One of our regular reader asks:

How do I turn on IOMMU (Linux kernel Calgary patch) DMA support under Linux?

Most modern Linux has support for IOMMU. An IOMMU is a device that will support mapping memory addresses. There is currently high-end branded server hardware that support this, but no desktop machines support IOMMU, AFAIK. An example IOMMU is the AGP and PCI Express graphics cards.

More about IOMMU

According to wikipedia:

The IOMMU or input/output memory management unit is a computer memory management unit (MMU) that connects a DMA-capable I/O bus to the primary storage memory. Like the CPU memory management unit, an IOMMU takes care of mapping virtual addresses (also called device addresses or I/O addresses) to physical addresses and some units guarantee memory protection from misbehaving devices.

Comparison of the I/O memory management unit (IOMMU) to the memory management unit (MMU).
[ Image: Comparison of the I/O memory management unit (IOMMU) to the memory management unit (MMU) ]

The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:

  1. Large regions of memory can be allocated without the need to be contiguous in physical memory – the IOMMU will take care of mapping contiguous virtual addresses to fragmented physical addresses. Thus, the use of vectored I/O (scatter-gather lists) can sometimes be avoided.
  2. Memory protection from malicious or misbehaving devices \u2013 a device cannot read or write to memory that hasn’t been explicitly allocated (mapped) for it.
  3. Virtualized guest operating systems can safely be granted direct access to hardware.
  4. In general, the IOMMU provides isolation (memory protection) and address translatio

Turn on IOMMU

In order to turn on IOMMU, you need to pass following parameter to boot kernel (assuming that support is compiled into running kernel – most modern Linux kernel / distro has support, for e.g. Fedora / CentOS / RHEL / Suse etc):
iommu=calgary
Open /etc/grub.conf or /boot/grub/menu.lst file
vi grub.conf
Append above string to kernel line:
kernel /boot/vmlinuz-2.6.17-10-generic root=UUID=317464f6-8be2-4f54-88e3-694dcc8cd3c4 ro quiet splash iommu=calgary
Save and close the file. Reboot the server.

A note about IOMMU support

Please note that you need hardware and software to support IOMMU. Above instructions will just turn on Linux kernel software support. Since current hardware support is limited to high-end expensive server most Linux distro does not enable calgary DMA address mapping with memory protection by default.

See also:

=> AMD I/O Virtualization Technology (IOMMU) Specification