Digging at the Linux’s new scheduler

Posted by jmunhoz on July 24, 2007

Reading some “old” notes about Linux this feed catched my focus. It’s about a Completely Fair Scheduler (CFS) and its implementation in Linux kernel 2.6.23

As you know fair schedulers aren’t a new thing but they’ve a deep impact in system solutions. CPU schedulers usually allocate resources fairly among processes. This approach throws some inconvenients. In fact, some of these inconvenients have important security consecuences.

From a pragmatic point of view, and when a “weak” scheduler is running, admins waste a lot of time hardening the solution against denial of services (DoS) and scheduler attacks with undesirable business consecuences.

Common schedulers are designed in a way where design goals are based in well know models. For example, a typical scheduler gives more of the machine to users with more processes or it takes no account of the user’s activity. Further, a single scheduler doesn’t provide quality of service with abstraction in mind and it means a poor solution when you want to keep your service level agreements.

So if we want to improve the final user experience then a fair scheduler should focus (at least) on the following principles:

  • every user should be scheduled for some resources
  • user entitlements are respected
  • user shares are defined/updated
  • user history is tracked

Ok, now if we play abstraction and switch user experience by “entity” experience where entity can be group, container, domain, organization, firm, customer … then you can schedule a entities’ hierarchy easily.

Finally, you’ve to know that charging models are usually deployed to implement previous principles. So in systems where you can see a fair scheduler you can see concepts like “credit transfers” or “credit bags” too :)

When I read the Ingo Molnar’s notes I decided download his development tree to check the current status and see the code in detail. Mapping previous comments to code was really interesting. In my opinion this code improvement is a step forward and although it isn’t a mature implementation yet I hope to see this CFS in the mainstream soon.

ISO/IEC 27002:2005

Posted by jmunhoz on July 19, 2007

Today I’ve been having a look at the technical revision for ISO/IEC 17799:2005. As all of you already know it was going to be renamed to ISO/IEC 27002:2005 fitting in the 2700X series, the ISO’s security management framework. Since july the 1st the standard no longer known as ISO/IEC 17799:2005 :) is now known as ISO/IEC 27002:2005.

The “new” standard establishes guidelines and contains best practices of control objectives and controls in key areas of information security management.


Bad Behavior has blocked 15 access attempts in the last 7 days.