Chinaunix首页 | 论坛 | 博客
  • 博客访问: 610137
  • 博文数量: 197
  • 博客积分: 7001
  • 博客等级: 大校
  • 技术积分: 2155
  • 用 户 组: 普通用户
  • 注册时间: 2005-02-24 00:29
文章分类

全部博文(197)

文章存档

2022年(1)

2019年(2)

2015年(1)

2012年(100)

2011年(69)

2010年(14)

2007年(3)

2005年(7)

分类: LINUX

2010-07-28 15:59:54



1.


原来的版本不能阻止offline attack。
The integrity measurement architecture (IMA) has been a part of Linux for roughly a year now—it was merged for 2.6.30—and it can be used to attest to the integrity of a running Linux system.

In its default configuration, IMA calculates hash values for executables, files which are mmap()ed for execution, and files open for reading by root. That list of hashes is consulted each time those files are accessed anew, so that unexpected changes can be detected. In addition, IMA can be used with the trusted platform module (TPM) hardware, which is present in many systems, to sign a collection of these hash values in such a way that a remote system can verify that only "trusted" code is running (remote attestation).

But an attacker could modify the contents of the disk by accessing it under another kernel or operating system. That could potentially be detected by the remote attestation, but cannot be detected by the system itself. EVM sets out to change that.

办法:利用security.evm签名

One of the additions that comes with the EVM patch set is the , which maintains the file's integrity measurement (hash value) as an extended attribute (xattr) of a file. The security.ima xattr is used to store the hash, which gets compared to the calculated value each time the file is opened.


just calculates a hash over the extended attributes in the security namespace (e.g. security.ima, security.selinux, and security.SMACK64), uses the TPM to sign it, and stores it as the security.evm attribute on the file. Currently, the key to be used with the TPM signature gets loaded onto the root keyring by readevmkey, which just prompts for a password at the console. Because an attacker doesn't have the key, an offline attack cannot correctly modify the EVM xattr when it changes file data.

2  Slab allocator of the week: SLUB+Queuing

first :感觉:最初背离slab,现在又向slab靠拢
a single per-CPU queue containing pointers to free objects belonging to the cache。当队列满或empty之前时,以batch为单位填充。
 
second:用bitmap管理slab中的空闲对象,取代原来的link list, 保证了cache性能。
The SLUB+Q patches achieve this goal by using a bitmap to track which objects in a given page are free. If the number of objects which can fit into a page is small enough, this bitmap can be stored in the page structure in the system memory map; otherwise it is placed at the end of the page itself.



1. Btrfs: broken by design?

inline extent 将导致大量的内部碎片,该特性原来是为了提高空间利用率。


相关材料
新一代 Linux 文件系统 btrfs 简介





Concurrency-managed workqueues and thread priorities
Overview of concurrency managed workqueue


The CMWQ work is intended to address a number of problems with current kernel workqueues. At the top of the list is the proliferation of kernel threads; current workqueues can, on a large system, run the kernel out of process IDs before user space ever gets a chance to run. Despite all these threads, current workqueues are not particularly good at keeping the system busy; workqueues may contain a backlog of work while the CPU sits idle. Workqueues can also be subject to deadlocks if locking is not handled very carefully. As a result, the kernel has grown a number of workarounds and some competing deferred-work mechanisms.


To resolve these problems, the CMWQ code maintains a set of worker threads on each processor; these threads are shared between workqueues, so the system is not overrun with workqueue-specific threads. The special scheduler class once used by CMWQ is long gone, but the code still has hooks into the scheduler which it can use to track which worker threads are actually executing at any given time. If all workqueue threads on a CPU have blocked waiting on some resource, and if there is queued work to do, the CMWQ code will kick off a new thread to work on it. The CMWQ code can run multiple jobs from the same CPU concurrently - something the current workqueue code will not do. In this way, the CPU is always kept busy as long as there is work to be done.





1. Improving lost and spurious IRQ handling

当中断丢失或者假中断过多时,polling反而是有效之策
the necessary response when interrupts go bad is returning to polling.



irq: better lost/spurious irq handling,见



2The state of realtime Linux
需要了解的几个工作


Peter Zijlstra's

3 ARM and defconfig files
2.6.36可能去掉defconfig文件



1 Linux 对rc2以后patch的态度
I absolutely do NOT want any new code. I want regression fixes, fixes for security issues, and fixes for oopses. Nothing
else.


2 Another OOM killer rewrite

把内存留给正在结束的进程
One change opens up the kernel's final memory reserves to processes which are either exiting or are about to receive a fatal signal; that should allow them to clean up and get out of the way, freeing memory quickly.

考虑allocation domain
Another prevents the killing of processes which are in a separate memory allocation domain from the process which hit the OOM condition; killing those processes is unfair and unlikely to improve the situation.

先杀最坏的子进程
it attempts to pick the child which currently has the highest "badness" score

杀掉短期内大量创建的子进程
A new heuristic which has been added is the "forkbomb penalty."

low memory 耗尽时杀进程起不到什么作用
another change affects behavior when memory is exhausted in the low memory zone. So, instead of invoking the OOM killer, low-memory allocation requests will simply fail unless the __GFP_NOFAIL flag is present.

最有争议之处
The most controversial part of the patch is a complete rewrite of the badness() function which assigns a score to each process in the system.

对oom killer的评论
But best thing I've found to do is just put everything in seperate cgroups with memory limits set at around 80% by default, so no single thing can take out the whole system.


“The old way to do this is with rlimits. I've always set rlimits on vsize of every process -- my default is half of real memory (there's a bunch of swap space in reserve too). Before Linux, rlimits (under a different name) were the norm, but on Linux the default is unlimited and I think I'm the only one who changes it.

Rlimits have a severe weakness in that a process just has to fork to get a whole fresh set of limits, but they do catch the common case of the single runaway process.”


3 Writing a WMI driver - an introduction
是ACPI的扩展。

首先得到GUID,然后根据ACPI_WMI_METHODACPI_WMI_EVENT处理方法和事件




1 Idling ACPI idle
一个主要原因是BIOS靠不住.
Linux no longer depends on ACPI to handle idle state transitions on Nehalem and Atom processors.
见[linux-pm] idle-test patches queued for upstream


2 What comes after suspend blockers
又是一个总结, 把事情做正确真不容易.

3 2.6.35 merge window part 3
The fsync() member of struct file_operations has lost its struct dentry pointer argument, which was not used by any implementations
The have been merged, changing how truncate() is handled in the VFS layer.
阅读(834) | 评论(0) | 转发(0) |
0

上一篇:MFC对话框的 回车

下一篇:switch_to

给主人留下些什么吧!~~