One of our regular reader asks:
How do I turn on IOMMU (Linux kernel Calgary patch) DMA support under Linux?
Most modern Linux has support for IOMMU. An IOMMU is a device that will support mapping memory addresses. There is currently high-end branded server hardware that support this, but no desktop machines support IOMMU, AFAIK. An example IOMMU is the AGP and PCI Express graphics cards.
More about IOMMU
According to wikipedia:
The IOMMU or input/output memory management unit is a computer memory management unit (MMU) that connects a DMA-capable I/O bus to the primary storage memory. Like the CPU memory management unit, an IOMMU takes care of mapping virtual addresses (also called device addresses or I/O addresses) to physical addresses and some units guarantee memory protection from misbehaving devices.
[ Image: Comparison of the I/O memory management unit (IOMMU) to the memory management unit (MMU) ]
The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:
- Large regions of memory can be allocated without the need to be contiguous in physical memory – the IOMMU will take care of mapping contiguous virtual addresses to fragmented physical addresses. Thus, the use of vectored I/O (scatter-gather lists) can sometimes be avoided.
- Memory protection from malicious or misbehaving devices \u2013 a device cannot read or write to memory that hasn’t been explicitly allocated (mapped) for it.
- Virtualized guest operating systems can safely be granted direct access to hardware.
- In general, the IOMMU provides isolation (memory protection) and address translatio
Turn on IOMMU
In order to turn on IOMMU, you need to pass following parameter to boot kernel (assuming that support is compiled into running kernel – most modern Linux kernel / distro has support, for e.g. Fedora / CentOS / RHEL / Suse etc):
Open /etc/grub.conf or /boot/grub/menu.lst file
Append above string to kernel line:
kernel /boot/vmlinuz-2.6.17-10-generic root=UUID=317464f6-8be2-4f54-88e3-694dcc8cd3c4 ro quiet splash iommu=calgary
Save and close the file. Reboot the server.
A note about IOMMU support
Please note that you need hardware and software to support IOMMU. Above instructions will just turn on Linux kernel software support. Since current hardware support is limited to high-end expensive server most Linux distro does not enable calgary DMA address mapping with memory protection by default.
=> AMD I/O Virtualization Technology (IOMMU) Specification
Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your systemâ€™s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:
A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.
=> A step-by-step guide to building a new SELinux policy module
On May 12, 2003 Sco attacked Linux and other companies. Now U.S. District Court Judge Dale Kimball has ruled that Novell owns Unix’s IP (intellectual property) rights i.e SCO has no rights to use Unixâ€™s IP and Unixware software.
This ruling is good news for organizations and end users like you and me who use Linux and open-source software products everyday.
It was all started when SCO filed a suit against IBM claiming that it had violated SCO’s rights by contributing Unix code to Linux kernel. Now SCO’s threat to the Linux community is over.
Novell Wins Ruling Against SCO In High-Profile Linux Case:
The court’s ruling has cut out the core of SCO’s case and, as a result, eliminates SCO’s threat to the Linux community based upon allegations of copyright infringement of UNIX,” Novell said in a statement. “We are extremely pleased with the outcome.
USB devices are quite common these days. I’ve digital cam, Pen drive, external hard disk, mouse and other stuff. So how do I tell what hardware is connected via USB to my Linux desktop?
lsusb is a utility for displaying information about USB buses in the system and the devices connected to them. To make use of all the features of this program, you need to have a Linux kernel which supports the /proc/bus/usb interface.
-v command option is very informative. It tells lsusb to be verbose and display detailed information about the devices shown. This includes configuration descriptors for the deviceâ€™s current speed. Class descriptors will be shown, when available, for USB device classes including hub, audio, HID, communications, and chipcard.
lsusb command Examples
A device driver is computer program allowing other computer programs to interact with a computer hardware device. Writing a Linux device driver is considered as a black art by many. If you ever been tempted to try writing a device driver, this howto will serve as a kick start guide:
For many seasoned Linux developers, device drivers still remain a bit of a mysterious black art practiced by a select few. While no single article could possibly attempt to covered everything there is to know about writing drivers, Valerie Henson gives us a brief taste of what’s involved, by implementing a device to return “Hello World” using all the major driver frameworks.
On a related note if you just want get a comprehensive overview of kernel configuration and building, a critical task for Linux users and administrators, try Linux Kernel in a Nutshell
/dev/hello_world: A Simple Introduction to Device Drivers under Linux (linuxdevcenter.com)
/proc/filesystems is the file used to detect filesystems supported by running kernel. You can quickly run grep or cat command to display the list of all supported file system. nodev indicates that the file system is not associated with a physical device such as /dev/sdb1. If you see ext3 or vfat, it means you will be able to mount ext3 and vfat based file systems.
Following cat command will quickly tell you what filesystems supported by currently running Linux kernel:
$ cat /proc/filesystems
For example, if the iso9660 fllesystem not listed, you can not mount standard CD-ROM file system. To add support simply recompile kernel with iso9660 filesystem support.
You can easily mount remote server file system or your own home directory using special sshfs and fuse tools.
FUSE – Filesystem in Userspace
FUSE is a Linux kernel module also available for FreeBSD, OpenSolaris and Mac OS X that allows non-privileged users to create their own file systems without the need to write any kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.
You need to use SSHFS to access to a remote filesystem through SSH or even you can use Gmail account to store files.
Following instructions are tested on CentOS, Fedora Core and RHEL 4/5 only. But instructions should work with any other Linux distro without a problem.
Step # 1: Download and Install FUSE
Visit fuse home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://superb-west.dl.sourceforge.net/sourceforge/fuse/fuse-2.6.5.tar.gz
Untar source code:
# tar -zxvf fuse-2.6.5.tar.gz
Compile and Install fuse:
# cd fuse-2.6.5
# make install
Step # 2: Configure Fuse shared libraries loading
You need to configure dynamic linker run time bindings using ldconfig command so that sshfs command can load shared libraries such as libfuse.so.2:
# vi /etc/ld.so.conf.d/fuse.conf
Append following path:
Step # 3: Install sshfs
Now fuse is loaded and ready to use. Now you need sshfs to access and mount file system using ssh. Visit sshfs home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://easynews.dl.sourceforge.net/sourceforge/fuse/sshfs-fuse-1.7.tar.gz
Untar source code:
# tar -zxvf sshfs-fuse-1.7.tar.gz
Compile and Install fuse:
# cd sshfs-fuse-1.7
# make install
Mounting your remote filesystem
Now you have working setup, all you need to do is mount a filesystem under Linux. First create a mount point:
# mkdir /mnt/remote
Now mount a remote server filesystem using sshfs command:
# sshfs firstname.lastname@example.org: /mnt/remote
- sshfs : SSHFS is a command name
- email@example.com: – vivek is ssh username and rock.nixcraft.in is my remote ssh server.
- /mnt/remote : a local mount point
When promoted supply vivek (ssh user) password. Make sure you replace username and hostname as per your requirements.
Now you can access your filesystem securely using Internet or your LAN/WAN:
# cd /mnt/remote
# cp -a /ftpdata . &
To unmount file system just type:
# fusermount -u /mnt/remote
# umount /mnt/remote
Support for Linux kernel AIO (Asynchronous I/O) has been included in the version 2.6. By enabling Lighttpd AIO you can gain good performance gain. But what is AIO?
Usually your application needs to wait till I/O call is finished. AIO enables even a single application thread to overlap I/O operations with other processing, by providing an interface for submitting one or more I/O requests in one system call without waiting for completion, and a separate interface to reap completed I/O operations associated with a given completion group (see Linux AIO home page for more details).
Lighttpd 1.5.x support AIO. First make sure you have libaio installed:
# yum install libaio-devel
Next grab lighttpd source code and compile with –with-linux-aio option:
# ./configure --with-openssl --with-linux-aio
# make; make install
Create configuration file and put following directive in lighttpd.conf file:
server.network-backend = "linux-aio-sendfile"
Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart
Use httpd_load / ab command Performance Benchmarks a Web server.
Please note that Iâ€™ve tested above instructions on Redhat Enterprise Linux 4/5 and Cent OS.
LVM is an implementation of a logical volume manager for the Linux kernel. The biggest advantage is that LVM provides the ability to make a snapshot of any logical volume.