Академический Документы
Профессиональный Документы
Культура Документы
do that on my machine. This paper hopes The only remaining questions are, what files do
to address the former by shedding light on we want to prefetch, and how do we generate
several tools (some old, some new) that en- a list of them? When the read-ahead service
able userspace programmers to gain some in- was first added to Fedora, the file list was cre-
sight into what is really going on. It addresses ated using a kernel patch that simply printkd
the latter by means of showing examples that the filename of every file open()d during the
may shock, scare, and embarrass their authors first five minutes of uptime. (It was necessary to
into writing code with better thought out algo- capture the results over a serial console, due to
rithms. the huge volume of data overflowing the dmesg
ring buffer very quickly.)
Bonus warnings can be enabled with com- Additionally, use of certain functions without
piler options -Wall and -Wextra (this op- checking their return code will also result in a
tion used to be -W in older gcc releases) warning. Some 30-40 or so C runtime functions
have had such checks added to them.
For the truly anal, static analysis tools such as
splint [7], and sparse [8] may turn up additional It also traps a far-too-common1 bug: mem-
problems. set with size and value arguments transposed.
Code that does this:
In March 2006, a security hole was found in
Xorg [9] by the Coverity Prevent scanner [10]. memset(ptr, sizeof(foo), 0);
The code looked like this.
now gets a compile time warning which looks
if (getuid() == 0 || geteuid != 0) like this:
No gcc warnings are emitted during this compi-
warning: memset used with
lation, as it is valid code, yet it does completely
constant zero length parameter;
the wrong thing. Splint on the other hand in-
this could be due to transposed
dicates that something is amiss here with the
parameters
warning:
Even the simpler (and deprecated) bzero func-
Operands of != have incompatible types tion is not immune from screwups of the size
([function (void) returns
__uid_t], int): geteuid != 0
parameter it seems, as this example shows:
Types are incompatible.
(Use -type to inhibit warning)
bzero(pages + npagesmax, npagesmax
- npagesmax);
Recent versions of gcc also allow programs to
Another useful gcc feature that was deployed in
be compiled with the -D_FORTIFY_SOURCE=
Fedora Core 5 was the addition of a stack over-
2 which enables various security checks in var-
flow detector. With all applications compiled
ious C library functions. If the size of memory
with the flags
passed to functions such as memcpy is known
at compile time, warnings will be emitted if the 1 Across 1282 packages in the Fedora tree, 50 of them
len argument overruns the buffer being passed. had a variant of this bug.
2006 Linux Symposium, Volume One 447
Figure 3: /proc/timertop
[5] http://valgrind.org
5 Conclusions. [6] http://people.redhat.com/
drepper/defprogramming.pdf
The performance issues discussed in this paper
are not typically reported by users. Or, if they [7] http://www.splint.org
are, the reports lack sufficient information to [8] http://www.codemonkey.org.
root-cause the problem. That is why it is impor- uk/projects/git-snapshots/
tant to continue to develop tools such as those sparse
outlined in this paper, and to run these tools
against the code base moving forward. The [9] http://lists.freedesktop.
work is far from over; rather, it is a continual org/archives/xorg/
effort that should be engaged in by all involved 2006-March/013992.html
parties. http://blogs.sun.com/
roller/page/alanc?entry=
With increased interest in power management, security_hole_in_xorg_6
not only for mobile devices, but for desktops
and servers too, a lot more attention needs to [10] http://www.coverity.com
be paid to applications to ensure they are op-
timised for power. Further development of [11] kill-a-watt:
monitoring tools such as the current gnome- http://www.thinkgeek.com/
power-manager work is key to understanding gadgets/electronic/7657
where the problem areas are.
[12] watts-up:
Whilst this paper pointed out a number of spe- http://www.powermeterstore.
cific problems, the key message to be conveyed com/plug/wattsup.php
is that the underlying problem does not lie with
any specific package. The problem is that de-
velopers need to be aware of the tools that are
available, and be informed of the new tools be-
ing developed. It is through the use of these
tools that we can make Linux not suck.
450 Why Userspace SucksOr 101 Really Dumb Things Your App Shouldnt Do
Proceedings of the
Linux Symposium
Volume One
Review Committee
Jeff Garzik, Red Hat Software
Gerrit Huizenga, IBM
Dave Jones, Red Hat Software
Ben LaHaise, Intel Corporation
Matt Mackall, Selenic Consulting
Patrick Mochel, Intel Corporation
C. Craig Ross, Linux Symposium
Andrew Hutton, Steamballoon, Inc.
Authors retain copyright to all submitted papers, but have granted unlimited redistribution rights
to all as a condition of submission.