2022-12 Monthly Archive
Misc ideas
“Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.”
– Brian Kernighan
The IA32_ prefix in each MSR stands for IA32e, which means this MSR only valid in 64bit mode.
Linux既然是通过中断来进行系统调用的,那为什么在进入内核态后不处于中断上下文而是进程上下文? - 知乎
In x86 you cannot use rip directly as the source or destination of a mov. To change rip you must jmp or call, or ret.
Extern is a short name for external.
不只 Linux,Windows 也没有使用分段机制。
clock() won't include the time where the process is sleeping. [c++ -
Branch types
- either direct or indirect
- either relative or absolute
- either conditional or unconditional
These properties of a branch are almost orthogonal. Common combinations are:
- direct relative conditional:
if - direct relative unconditional:
goto,call - direct absolute unconditional: Some function calls.
- direct absolute conditional: Rare, not many hardware architectures can encode such an instruction.
- indirect absolute unconditional. Function pointers. This is usually the most expensive branch type.
assembly - Different types of branches - Stack Overflow
Return stack buffer (RSB)
A function will normally return to where it is called from. The return instruction is an indirect jump that reads its target address from the call stack.
As we know, an indirect jump can be speculated, so many microprocessors have a separate prediction mechanism for return instructions. This mechanism is based on a so-called return stack buffer, which is a local mirror of the call stack.
Return-oriented programming
Return-oriented programming - Wikipedia
Branch prediction / speculative execution
Branch prediction answers the question "which", then it can fetch the next instruction, that's all.
Speculative execution go one step further and get the result on that selected branch.
cpu architecture - difference between speculation and prediction - Stack Overflow
Speculative execution can work WITHOUT branch prediction:
More specifically, consider an example where the program’s control flow depends on an uncached value located in external physical memory. As this memory is much slower than the CPU, it often takes several hundred clock cycles before the value becomes known. Rather than wasting these cycles by idling, the CPU attempts to guess the direction of control flow, saves a checkpoint of its register state, and proceeds to speculatively execute the program on the guessed path. When the value eventually arrives from memory, the CPU checks the correctness of its initial guess. If the guess was wrong, the CPU discards the incorrect speculative execution by reverting the register state back to the stored checkpoint, resulting in performance comparable to idling. However, if the guess was correct, the speculative execution results are committed, yielding a significant performance gain as useful work was accomplished during the delay.
From: Spectre Attacks: Exploiting Speculative Execution
How to write a device driver
Linux Device Drivers: Linux Driver Development Tutorial | Apriorit
Sockaddr
sockaddr_in 和 sockaddr 是并列的结构,指向 sockaddr_in 的结构体的指针也可以指向 sockaddr 的结构体,并代替它。也就是说,你可以使用 sockaddr_in 建立你所需要的信息,在最后用进行类型转换就可以了。
同时,他们一些 field 的 offset 也是一样的,比如 sockaddr_un.sun_family 和 sockaddr.sa_family.
Pedro Alves - Re: [pushed] Fix struct sockaddr/sockaddr_in/sockaddr_un strict aliasing
clock_gettime
It is a system call.
CLOCK_MONOTONIC: A nonsettable system-wide clock that represents monotonic time since—as described by POSIX—"some unspecified point in the past". On Linux, that point corresponds to the number of seconds that the system has been running since it was booted.
FIFO
FIFOs are essentially the same as pipes, except that FIFOs are named permanent files that are stored in filesystem directories.
Help - QNX CAR 2 Documentation
Inotify
Inotify can be used to monitor individual files, or to monitor directories. When a directory is monitored, inotify will return events for the directory itself, and for files inside the directory.
thread_local
/usr Merge
Fedora (and other distributions) have finished work on getting rid of the separation of /bin and /usr/bin, as well as /sbin and /usr/sbin, /lib and /usr/lib, and /lib64 and /usr/lib64. All files from the directories in / will be merged into their respective counterparts in /usr, and symlinks for the old directories will be created instead:
/bin → /usr/bin
/sbin → /usr/sbin
/lib → /usr/lib
/lib64 → /usr/lib64
Why?
Session id (sid), process group id (pgid), and process id (pid)
In Unix every process belongs to a group which in turn belongs to a session.
The first process in the process group becomes the process group leader and the first process in the session becomes the session leader. Every session can have one TTY associated with it. Only a session leader can take control of a TTY.
unix - What is the reason for performing a double fork when creating a daemon? - Stack Overflow
In order to manage all of these processes, the kernel needs to group the processes in ways more complicated than the simple parent-child relationship we have already discussed. These groupings are called sessions and process groups.
When a user logs out of a system, the kernel needs to terminate all the processes the user had running (otherwise, users would leave a slew of old processes sitting around waiting for input that can never arrive). To simplify this task, processes are organized into sets of sessions.
Every session is tied to a terminal from which processes in the session get their input and to which they send their output. That terminal may be the machine's local console, a terminal connected over a serial line, or a pseudo terminal that maps to an X window or across a network (see Chapter 16 for information on pseudo terminal devices). The terminal to which a session is related is called the controlling terminal (or controlling tty) of the session. A terminal can be the controlling terminal for only one session at a time.
Sessions and Process Groups | The Process Model of Linux Application Development | InformIT
SELinux
Double fork to create a daemon, why?
unix - What is the reason for performing a double fork when creating a daemon? - Stack Overflow
Autofs
这个软件主要作用:主要用于自动挂载文件系统; 如果它检测到用户正在试图访问一个尚未挂载的文件系统,它就会自动检测该文件系统,如果它存在,那么 autofs 会自动将其挂载。 另一方面,如果它检测到某个已经挂载的文件系统在一段时间内没有被使用,那么 autofs 会自动将其卸载。
/etc/fstab
Your Linux system's filesystem table, aka fstab, is a configuration table designed to ease the burden of mounting and unmounting file systems to a machine.
In the time of the ancients, users had to manually mount these drives to a file location using the mount command. The fstab file became an attractive option because of challenges like this. It is designed to configure a rule where specific file systems are detected, then automatically mounted in the user's desired order every time the system boots.
❯ sudo cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/disk/by-uuid/06ac0265-d454-44d3-b97a-3761d91f4d78 / ext4 defaults 0 1
/dev/disk/by-uuid/8920-0687 /boot/efi vfat defaults 0 1
/swap.img none swap sw 0 0
An introduction to the Linux /etc/fstab file | Enable Sysadmin
Virtual file system
The purpose of a VFS is to allow client applications to access different types of concrete file systems in a uniform way.
Can mount points be overlapped?
Of course yes, you seem to have no problem accepting that /sys is mounted inside of / or that /dev is mounted inside of / or that /dev/shm is mounted inside of /dev or that /home is mounted inside of / or that /tmp is mounted inside of / or that /var/tmp is mounted inside of /, so what is the difference that you perceive with /sys and /sys/kernel/debug?
clock()
clock() function returns the total (for all CPUs) processor time used by the program.
clock() doesn't contain the time block on I/O, etc, you can have a try: https://github.com/tristone13th/code-snippets/blob/main/c/cycles.c
The clock() time depends upon how the operating system allocate resources to the process.
c - How does the clock function work behind the scene in a multithreading program? - Stack Overflow
Wall clock time, user cpu time, system cpu time, cpu time, process time, elapsed time
CPU time (or process time) is the amount of time for which a central processing unit (CPU) was used for processing instructions of a computer program or operating system, as opposed to elapsed time, which includes for example, waiting for input/output (I/O) operations or entering low-power (idle) mode.
Wall clock time is the elapsed time, so it contains:
- user cpu time,
- system cpu time,
- block time.
Wall clock time measure between the start of the process and 'now'.
Sometimes, wall clock also refer to a real world wall clock.
Q: Does this mean that the wall-clock time will always be greater than the cpu time?
A: On a single core machine, yes, but multi-core machines and multi-threaded programs can use more than 1 CPU second per elapsed second.
What specifically are wall-clock-time, user-cpu-time, and system-cpu-time in Unix? - Stack Overflow
c - How does the clock function work behind the scene in a multithreading program? - Stack Overflow
What's the location for PID 1 executable?
❯ sudo readlink -f /proc/1/exe
/usr/lib/systemd/systemd
Hyrum's Law
With a sufficient number of users of an API, it does not matter what you promise in the contract: all observable behaviors of your system will be depended on by somebody.
Nonblocking file descriptors
O_NONBLOCK 和 O_NDELAY 所产生的结果都是使 I/O 变成非搁置模式 (non-blocking),在读取不到数据或是写入缓冲区已满会马上 return,而不会搁置程序动作,直到有数据或写入完成。
所以 read, write 这些系统调用是否会阻塞取决于 fd 的 flag,而不是预先设置好的。
By default, all file descriptors on Unix systems start out in "blocking mode".
这篇文章值得一读:Blocking I/O, Nonblocking I/O, And Epoll
To summarize, using NONBLOCKING in epoll has benifies when the buffer size is small, so a traditional BLOCKING fd will need to be epoll_waited many times determined by data/buffer, if we use NONBLOCKING fd, then we can just loop read until all the data are read and the read return EWOULDBLOCK.
EAGAIN
EAGAIN is often raised when performing non-blocking I/O. It means "there is no data available right now, try again later".
c - What does EAGAIN mean? - Stack Overflow
Fcntl
manipulate file descriptor.
int fcntl(int fd, int cmd, ... /* arg */ );
fcntl() can take an optional third argument. Whether or not this argument is required is determined by cmd.
.sock File
You can understand it is an address, which is an endpoint for the remote to communicate.
- for network applications, the address is a (host, port).
- for local communication, the address is just a file path.
So the address format actually is depend on the address family: sockets - What is Address Family? - Stack Overflow
So if you are implementing a server, you can use sock.bind((host, port)) or sock.bind("/tmp/test.sock"). If you are implementing a client, you can use sock.connect((host, port)) or sock.connect("/tmp/test.sock")
Note: the .sock file is created automatically, you can see the code: python - how to make a socket server listen on local file - Stack Overflow
Ldd
ldd is a powerful command-line tool that allows users to view an executable file's shared object dependencies.
root@ubuntu:~# ldd /bin/ls
linux-vdso.so.1 (0x00007ffed38da000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007fab27f0a000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fab27b19000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3
...
Why we make the hardware be aware of a "stack" concept?
Can an ISA be implemented without the stack concept, i.e, without the push, pop, %rsp, %rbp, and such things?
yes, of course, many RISCs are like that if you just mean not having special instructions with an implicit register operand.
If so, are there any such ISAs exist in the real world?
Yes, MIPS is like that, to my understanding. Not even exception handling uses the stack implicitly.
assembly - Why make ISA be aware of the existence of "stack" concept? - Stack Overflow
Why x86 is aware of the stack?
Because they push data on the stack when a hardware interrupt occurs. This means that data is written onto the stack without software interaction, so the hardware of the CPU must know which register is the stack register.
assembly - What is the benefit of having a dedicated stack pointer register? - Stack Overflow
Can push and pop be replaced by mov?
mov is faster, machine code size for push/pop is smaller.
Normally you should always use mov ecx, 9 for performance reasons.
Use ExplorerPatcher to switch back to Win10 taskbar on Win11
valinet/ExplorerPatcher: This project aims to enhance the working environment on Windows
Will x86 call save the context?
Calling convention - Wikipedia
Call won't save any context other than the %rip (It will push the %rip of the return address to stack), you can see call as combination of jmp and push.
The context is saved by the function, not by call.
*.Cmd File after building kernel
Basically, this is kernel compilation optimisation. These files are used to prevent make from working too much when unnecessary. As you can read above, a some_name.o.cmd file would be there to keep tracks of what's been done already/needs to be done when it comes to the compilation of some_name.o.[^1]
Extern
Tell the compiler that the variable that we are declaring was defined elsewhere, so defer the symbol finding process from compilation to linkage.
Variables should not be defined in the .h files. Its ok to declare them there. Because int x; sort of things are declaring and defining the variable in the same time, so we need to add extern before it to just declare them.
所以,如果想要让两个 compile unit(.c 文件)共同使用同一个变量,那么需要在共同包含的头文件中使用 extern 声明,在某一个源文件中定义(初始化)即可。
c - Should variable definition be in header files? - Stack Overflow
Why not function? Because when a function is declared, the extern keyword is implicitly assumed.
Why sometimes we still can see extern before the function declaration?
Technically, every function in a library public header is 'extern', however labeling them as such has very little to no benefit, depending on the compiler.
syntax - Effects of the extern keyword on C functions - Stack Overflow
Syslog / dmesg
syslog contains the output from dmesg (the ring buffer), it also contains far more than dmesg output like output from applications.
linux - Differences in /var/log/{syslog,dmesg,messages} log files - Super User
/var/log/messages maintain the general system activity logs and dmesg maintains only the kernel logs.
- On my Ubuntu machine, I can see the output at
/var/log/syslog. - On a RHEL/CentOS machine, the output is found in
/var/log/messages.
Ubuntu uses rsyslog rather than syslog, config files are rsyslog.conf and /etc/rsyslog.d/*. sudo systemctl status syslog you will see the status.
How to create a debug log:
RSyslog Documentation - rsyslog
What is D-Bus in Linux?
D-Bus 是一个为应用程序间通信的消息总线系统,用于进程之间的通信。
D-Bus is an abstract concept, which can have many implementations, such as libdbus, and other implementations like GDBus (GNOME), QtDBus (Qt/KDE), dbus-java and sd-bus (part of systemd).
We already have AF_UNIX sockets and FIFOs, why use D-Bus?
While AF_UNIX sockets/FIFOs only shovel raw bytes between processes, D-Bus defines actual message encoding and adds concepts like method call transactions, an object system, security mechanisms, multicasting and more.
看起来 D-Bus 在 Ubuntu 上是默认安装的。
If you want to investigate deeper in the sd-bus in systemd, here for your reference:
The introduction to D-Bus Concepts which can let your be quickly familiar with D-Bus is also in this blog.
Where is my shada file for nvim?
/.local/state/nvim
Socket is not just for network communication
DPU
"Metaphor" In Computer Science
Plan 9: Everything is a file.
Systemd: Everything is a unit.
What is send buffer / receive buffer (发送缓冲区 / 接收缓冲区)
什么是二进制日志?
How to see Linux process/pid hierarchy?
pstree. That's the output from an Ubuntu Server 22.04.
systemd─┬─ModemManager───2*[{ModemManager}]
├─NetworkManager───2*[{NetworkManager}]
├─agetty
├─blkmapd
├─cron
├─dbus-daemon
├─irqbalance───{irqbalance}
├─multipathd───6*[{multipathd}]
├─networkd-dispat
├─nfsdcld
├─packagekitd───2*[{packagekitd}]
├─polkitd───2*[{polkitd}]
├─rpc.idmapd
├─rpc.mountd
├─rpc.statd
├─rpcbind
├─rsyslogd───3*[{rsyslogd}]
├─snapd───27*[{snapd}]
├─sshd───sshd───sshd───bash───fish─┬─pstree
│ └─{fish}
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-network
├─systemd-resolve
├─systemd-timesyn───{systemd-timesyn}
├─systemd-udevd
├─tmux───{tmux}
├─tmux: server───2*[fish]
├─udisksd───4*[{udisksd}]
├─unattended-upgr───{unattended-upgr}
└─wpa_supplicant
**Why there is also a systemd under the init systemd?
Obviously, not all processes are started by shell
linux - Can a process run regardless of any shell? - Super User
File descriptor 0, 1 and 2
How to setup Linux auto-started program
What is "resizable bar"?
GETSEC
Introduced by Intel TXT (Trusted Execution Technology) feature.
Intel firmware interface table (intel fit)
A Firmware Interface Table (FIT) is a data structure inside BIOS flash and consists of multiple entries. Each entry defines the starting address and attributes of different components in the BIOS.
The FIT is generated at build time, based on the size and location of the firmware components.
The CPU processes the FIT before executing the first BIOS instruction located at the reset vector (0FFFFFFF0h).
The FIT boot is a method the processors use to establish a root of trust for the BIOS.
Difference between txt, boot guard and fit (firmware interface table)
It seems they are both for establishing a root of trust environment when booting, so what's the difference?
Boot Guard and TXT have been converged (Converged BtG/TXT or CBnT).
Ubuntu apt update clock error
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"
What is the command to update time and date from internet - Ask Ubuntu
What is HMAC (Hash-based Message Authentication Code)?
What is MAC (Message Authentication Code)?
如果同时需要识别出篡改和伪装,即要确认消息的完整性,又要对消息进行认证,这种情况下就需要消息认证码。
MAC 不提供加密,发送时是通过明文 + MAC 来发送的。若要同时实现保密认证,同时需要对信息进行加密。
MAC 需要双方有共享密钥。
MAC 算法的缺陷:发送者和接受者之间共享密钥。
Does a bus have a controller?
Is system clock a constant value?
它被设置为默认启用。您无需下载或配置任何东西。
睿频和超频的区别
鉴于超频对于普通用户有些难度,于是 intel 在 2008 年正式发布了面向大众,无需自己超频的睿频加速技术(Turbo Boost)。
CPU 可以工作在睿频最低频率范围以下吗?
为什么超频需要加电压?
慢慢提高倍频,不稳定后增加电压,再次提高倍频,再次增加电压,直到你觉得满意、不能增高了、温度超高为止。
讲的很详细。
CPU超频的原理是什么?为什么超频要提高电压?提高/降低电压对CPU有害吗? - 知乎
这个要好好看看!
初探Linux CPU动态调频与实测_He11o_Liu的博客-CSDN博客
I/O Virtualization Models
A VMM must support virtualization of I/O requests from guest software. I/O virtualization may be supported by a VMM through any of the following models:
- Emulation: A VMM may expose a virtual device to guest software by emulating an existing (legacy) I/O device. VMM emulates the functionality of the I/O device in software over whatever physical devices are available on the physical platform. I/O virtualization through emulation provides good compatibility (by allowing existing device drivers to run within a guest), but pose limitations with performance and functionality.
- New Software Interfaces: This model is similar to I/O emulation, but instead of emulating legacy devices, VMM software exposes a synthetic device interface to guest software. The synthetic device interface is defined to be virtualization-friendly to enable efficient virtualization compared to the overhead associated with I/O emulation. This model provides improved performance over emulation, but has reduced compatibility (due to the need for specialized guest software or drivers utilizing the new software interfaces).
- Assignment: A VMM may directly assign the physical I/O devices to VMs. In this model, the driver for an assigned I/O device runs in the VM to which it is assigned and is allowed to interact directly with the device hardware with minimal or no VMM involvement. Robust I/O assignment requires additional hardware support to ensure the assigned device accesses are isolated and restricted to resources owned by the assigned partition. The I/O assignment model may also be used to create one or more I/O container partitions that support emulation or software interfaces for virtualizing I/O requests from other guests. The I/O-container-based approach removes the need for running the physical device drivers as part of VMM privileged software.
- I/O Device Sharing: In this model, which is an extension to the I/O assignment model, an I/O device supports multiple functional interfaces, each of which may be independently assigned to a VM. The device hardware itself is capable of accepting multiple I/O requests through any of these functional interfaces and processing them utilizing the device's hardware resources.
From Intel VT-d Spec.
Enhanced Intel SpeedStep® Technology
Enhanced Intel SpeedStep technology allows the system to dynamically adjust processor voltage and core frequency, which can result in decreased power consumption and heat production.
增强型 SpeedStep 技术可以动态调整 CPU 频率,当 CPU 使用率低下或接近零的时候动态降低 CPU 的倍率,令其工作频率下降,从而降低电压、功耗以及发热;而一旦监测到 CPU 使用率很高的时候,立即恢复到原始的速率工作。
和睿频(Turbo Boost)的区别?
Turbo boost are predefined clock speeds for a specific amount of cores active.
Overclock Vs Turbo Boost VS Intel Speedstep : pcmasterrace
看起来睿频是根据核的数量来决定核的频率,而 SpeedStep 是根据每一个核的任务量来决定。
Core i9-7900X - Intel - WikiChip
如何计算 CPU 使用率?
How to specify the output device for kernel when booting?
You must compile serial support into the kernel and not as a module.
It is possible to specify multiple devices for console output. You can define a new kernel command line option to select which device(s) to use for console output. You can specify multiple console= options on the kernel command line. Output will appear on all of them.
console=device,options
default kernel output device
If no console device is specified, the first device found capable of acting as a system console will be used. At this time, the system first looks for a VGA card and then for a serial port. So if you don’t have a VGA card in your system the first serial port will automatically become the console.
Linux Serial Console — The Linux Kernel documentation
What happen when a terminal start?
Start a terminal emulator program, such as xterm, gnome-terminal, lxterm, konsole, …
Allocate a pty. The pty is a pair of character device files:
- the pty master, which is the side that the terminal emulator opens,
- and the pty slave, which is the side that programs running inside the terminal have open.
The master is /dev/ptmx (which every terminal emulator has open) and the slave is /dev/pts/NUMBER. The kernel driver for pseudo-terminals keep track of which process controls the master for each slave device. The terminal emulator can retrieve the path to the corresponding slave through an ioctl on the master device.
Once the terminal emulator has opened the master device, it starts a subprocess (typically a shell, but it's up to the user who invoked the terminal emulator to decide). The emulator does this in the usual way to invoke a program:
- fork a child process,
- open the slave pty device on file descriptors 0, 1 and 2 (standard input, standard output and error stream),
- execute the shell or other program in the child process.
When the child (or any other process) writes to the pty slave, the emulator sees input on the pty master.
Conversely, when the emulator writes to the master device, it is seen as input on the slave.
Why don't the terminal allocate a tty?
No matter the terminal is started by a local DE or by a sshd, the tty is also a pts, rather than a tty, so why don't the terminal allocate a tty?
A terminal is simply a process, so it can have multiple child process, just like a master can have multiple slaves.
tty - How does a Linux terminal work? - Unix & Linux Stack Exchange
linux - How does PTS slave communicate with PTM file descriptor? - Unix & Linux Stack Exchange
What is tty[1-n] and why so many ttys?
You can press Ctrl + Alt + F1 : (tty1, X is here) to change to tty1, if you are on desktop, then the GUI will show up.
You can press Ctrl + Alt + Fn : (ttyn) to switch to any other ttys, which will prompt you to login when you first switch to it.
linux 系统,默认它有且只有七个 tty,也就是七个真的终端,也就是说可以把这台电脑想成只有七台真实存在的打印机连到了这台电脑上面。 (linux 将它虚拟化了),但事实上七个控制台并不够,万一八个人操作这个电脑呢? 所以在七个真的终端 (tty) 下又有许多伪终端,也可以操作电脑。
tty 和串口的关系又是什么呢?
TTY is a device commonly attached to early computers' serial ports.
ttyS, ttyUSB
ls -l /dev/ttyS* 出来的是虚拟串口。
Why xorg needs a tty?
I don't know, just remember it.
Maybe because we can use startx to start a X system, so we need to based on the tty to get some outer signals?
什么是 Wayland?
Wayland 和 X11 是平行的关系,一个更加先进的实现。
Why Use Wayland versus X11? | CBT Nuggets
Xorg, xserver, X11, VNC?
xorg 和 X11 可以被近似认为等价。X11 是标准(version 11 of X Server),xorg 是实现(貌似没有其它实现)。
VNC is cross-platform. Xserver is only for X environment.
xserver 是标准的一部分。
An X server program runs on your desktop (computer with a graphical display) and communicates with various client programs (on your remote machine). The server program accepts requests for graphical output (from your remote machine) and sends back user input (keyboard, mouse).
X Window System protocols and architecture
xinit, xorg, X11, x server这些有什么区别(和联系)? - 知乎
Memory layout management
User-space programs can (and will) move the stack and heap around as they please. The operating system doesn't really need to know where stack and heap are.
Overhead / Cost of VMexit
The Cost of Virtualization Exits – Yasser Shalabi – Graduate Student UIUC
自修改代码
程序代码段为只读属性,为什么还有自修改代码?_GlowChar的博客-CSDN博客
What is user runtime dir?
To generalize, the purpose of the user runtime directory is to replace all of the various traditional uses of /tmp for session related files, subdirectories, and so on.
linux - What is this folder /run/user/1000? - Unix & Linux Stack Exchange
求物之妙,如系风捕景,能使是物了然于心者,千万人而不一遇也。