-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.xml
875 lines (717 loc) · 62.2 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Better Tomorrow with Computer Science</title>
<link>/</link>
<description>Recent content on Better Tomorrow with Computer Science</description>
<generator>Hugo -- gohugo.io</generator>
<language>en</language>
<lastBuildDate>Fri, 20 Sep 2024 10:32:00 -0400</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Introducing Context Parallelism</title>
<link>/2024-09-20/introducing-context-parallelism/</link>
<pubDate>Fri, 20 Sep 2024 10:32:00 -0400</pubDate>
<guid>/2024-09-20/introducing-context-parallelism/</guid>
<description>In the previous analysis of sequence parallelism, I covered two papers 1 2. Those are early works about sequence parallelism and didn&rsquo;t get attention as there was low demand for context parallelism. After LLMs are required to have longer context support, new papers that tackle the problems of such early works have been emerged.
What are the Problems of Early Sequence Parallelism Works? # Both works follow the traditional attention computation: compute QK^T, apply mask.</description>
</item>
<item>
<title>Perseus Accepted to SOSP'24</title>
<link>/news/20240805-perseus/</link>
<pubDate>Mon, 05 Aug 2024 22:00:00 -0400</pubDate>
<guid>/news/20240805-perseus/</guid>
<description>Perseus has been accepted to SOSP'24. Perseus is for optimizing energy consumption of large model distributed training while minimizing impact to training throughput.</description>
</item>
<item>
<title>Flash Attention</title>
<link>/2024-01-21/flash-attention/</link>
<pubDate>Sun, 21 Jan 2024 11:20:00 -0500</pubDate>
<guid>/2024-01-21/flash-attention/</guid>
<description>This post explains flash attention 1 2.
More references are also useful to understand flash attention as well 3 4 5.
Backgrounds # Attention # $$\text{Attention}(Q, K, V)=\text{softmax}(\frac{QK^T}{\sqrt{d^k}})V$$
This equation can be implemented as:
class OPTAttention(nn.Module): def forward(...): # hidden states is an input tenor of Attention layer # Calculate Q, K, and V with linear projections to the input # query_states = self.q_proj(hidden_states) # key_states = self.k_proj(hidden_states) # value_states = self.</description>
</item>
<item>
<title>Tensor Parallelism and Sequence Parallelism: Detailed Analysis</title>
<link>/2024-01-11/tensor-parallelism-and-sequence-parallelism-detailed-analysis/</link>
<pubDate>Thu, 11 Jan 2024 18:20:00 -0500</pubDate>
<guid>/2024-01-11/tensor-parallelism-and-sequence-parallelism-detailed-analysis/</guid>
<description>This post explains how tensor model parallelism and sequence parallelism work especially on attention layer, and how they are different.
Backgrounds # Attention Layer # Attention calculation with a single sequence with T number of tokens. d_attn is config.embed_dim // config.num_attention_heads Bold boxes are model parameters, while others are temporarily created tensors. All the other terms are borrowed from HuggingFace Transformers OPT config. Implementation of computing attention:</description>
</item>
<item>
<title>LLM Inference: Continuous Batching and PagedAttention</title>
<link>/2024-01-07/llm-inference-continuous-batching-and-pagedattention/</link>
<pubDate>Sun, 07 Jan 2024 20:20:00 -0500</pubDate>
<guid>/2024-01-07/llm-inference-continuous-batching-and-pagedattention/</guid>
<description>Recent days, many papers have been published to optimize LLM inference. This post introduces two of them, which focus on improving throughput by exploiting characteristics of batched LLM serving and characteristics of attention.
Orca # Orca, published in OSDI'22, proposes two novel techniques: 1. continuous batcing (or iteration-level scheduling) 1, and 2. selective batching.
Continuous Batching # Before the introduction of continuous batching, static batching starts batch at once and wait all batch to complete their computation.</description>
</item>
<item>
<title>LLM Inference: Autoregressive Generation and Attention KV Cache</title>
<link>/2024-01-07/llm-inference-autoregressive-generation-and-attention-kv-cache/</link>
<pubDate>Sun, 07 Jan 2024 18:20:00 -0500</pubDate>
<guid>/2024-01-07/llm-inference-autoregressive-generation-and-attention-kv-cache/</guid>
<description>This post explains the basic of LLM inference, mainly focusing on differences from training LLM.
Autreogressive Text Generation # Unlike training, where tokens are parallelized and trained, inference generates tokens one by one. Therefore, to create a full sentence, several forward pass should be executed (# tokens times). The following video from HuggingFace illustrates how it works.
Autoregressive token generation. Source: HuggingFace
Before generating the first token, LLM first puts all input tokens to generate context.</description>
</item>
<item>
<title>Oobleck Accepted to SOSP'23</title>
<link>/news/20230714-oobleck/</link>
<pubDate>Fri, 14 Jul 2023 15:45:00 -0400</pubDate>
<guid>/news/20230714-oobleck/</guid>
<description>Oobleck has been accepted to SOSP'23! Oobleck is a distributed training framework that supports fast fault tolerance without full restart from checkpoint.</description>
</item>
<item>
<title>Torch FX Transformation and Pipeline Parallelism</title>
<link>/2023-04-22/torch-fx-transformation-and-pipeline-parallelism/</link>
<pubDate>Sat, 22 Apr 2023 11:13:00 -0400</pubDate>
<guid>/2023-04-22/torch-fx-transformation-and-pipeline-parallelism/</guid>
<description>Torch fx # torch.fx is a PyTorch module that captures a model and applies transformation for optimization 1. In recent days, the importance of model optimization is getting more important. torch.fx enables transparent transformation without touching to the original model implementation, allowing fine-grained model optimization.
Since PyTorch 2.0, it seems TorchDynamo replaces legacy fx.tracer for tracing the model. This post focuses on existing torch.fx module, and I will post another one regarding TorchDynamo if I have a chance.</description>
</item>
<item>
<title>Using HuggingFace Transformers</title>
<link>/2023-04-19/using-huggingface-transformers/</link>
<pubDate>Wed, 19 Apr 2023 16:10:00 -0400</pubDate>
<guid>/2023-04-19/using-huggingface-transformers/</guid>
<description>HF Transformers # HuggingFace (🤗) Transformers is a library that enables to easily download the state-of-the-art pretrained models. It is also possible to create and train a model from scratch, after modifying the structure of existing models. Although the library starts from transformer based language models, it became a general community hub and includes other models such as convolution based Resnet.
It can easily be installed via pip 1:
pip install transformers Most code is borrowed from HuggingFace transformers example codes.</description>
</item>
<item>
<title>Internship at Tesla in Summer 2023</title>
<link>/news/20230419-summer-intern/</link>
<pubDate>Wed, 19 Apr 2023 15:45:00 -0400</pubDate>
<guid>/news/20230419-summer-intern/</guid>
<description>I am going to work as an Intern at Tesla Autopilot Infrastructure team. Can&rsquo;t wait to experience and work on large scale supercomputers that I have never seen before!</description>
</item>
<item>
<title>Changed Blog Theme</title>
<link>/news/20221229-changed-theme/</link>
<pubDate>Thu, 29 Dec 2022 11:22:00 -0400</pubDate>
<guid>/news/20221229-changed-theme/</guid>
<description>Changed blog theme to Congo. Thanks James Panther for making a good theme!</description>
</item>
<item>
<title>Analyzing Parallelization of Attention</title>
<link>/2022-08-03/analyzing-parallelization-of-attention/</link>
<pubDate>Wed, 03 Aug 2022 14:30:00 -0400</pubDate>
<guid>/2022-08-03/analyzing-parallelization-of-attention/</guid>
<description>We exploit the inherent parallelism in the multi-head attention operation to partition the self-attention block (shown in Figure 5b). The key (K), Query (Q), and value (V) matrices can be partitioned in a column-parallel fashion. The output linear layer can then directly operate on the partitioned output of the attention operation (weight matrix partitioned across rows).
Deepak Narayanan et al, Efficient large-scale language model training on GPU clusters using megatron-LM, SC'21</description>
</item>
<item>
<title>Analysis of Transformer Model</title>
<link>/2022-07-30/analysis-of-transformer-model/</link>
<pubDate>Sat, 30 Jul 2022 23:48:00 -0400</pubDate>
<guid>/2022-07-30/analysis-of-transformer-model/</guid>
<description>This post analyzes transformer models, specifically memory and computation overhead.
Many transformer based models just explain themselves as a model with X-B parameters; I wanted to break it down and look into the model structure how they are stored and used in actual computing hardware.
Many illustrations and analysis are based on the following papers 1.
Transformer-based Model # Since Google announed attention and transformer models in 2017 2, MLP and image classification models are rapidly adopting transformer layers.</description>
</item>
<item>
<title>Parallelism in Distributed Deep Learning</title>
<link>/2022-06-11/parallelism-in-distributed-deep-learning/</link>
<pubDate>Sat, 11 Jun 2022 19:33:00 -0400</pubDate>
<guid>/2022-06-11/parallelism-in-distributed-deep-learning/</guid>
<description>Distributed deep learning refers to use a distributed system that includes several workers to perform inference or training deep learning. Since mid 2010, people have been thinking about accelerating deep learning with scale-out, and distributd deep learning has been introduced. Parameter server is one of the well-known architecture for distributed deep learning.
Recent days, many parallelization mechanisms, the way of distributing computation to multiple workers, have been introduced. First one was to split batches into several microbatches and distributed it, namely data parallelism, which the parameter server architecture is for.</description>
</item>
<item>
<title>Using RDMA CM</title>
<link>/2022-03-16/using-rdma-cm/</link>
<pubDate>Wed, 16 Mar 2022 23:37:00 -0500</pubDate>
<guid>/2022-03-16/using-rdma-cm/</guid>
<description>Years before, I posted how to use libibverbs for RDMA communication.
When initializing queue pair connection, we need some destination information:
bool changeQueuePairStateToRTR(struct ibv_qp* queue_pair, int ib_port, uint32_t destination_qp_number, uint16_t destination_local_id) { struct ibv_qp_attr rtr_attr; memset(&amp;rtr_attr, 0, sizeof(rtr_attr)); rtr_attr.qp_state = ibv_qp_state::IBV_QPS_RTR; rtr_attr.path_mtu = ibv_mtu::IBV_MTU_1024; rtr_attr.rq_psn = 0; rtr_attr.max_dest_rd_atomic = 1; rtr_attr.min_rnr_timer = 0x12; rtr_attr.ah_attr.is_global = 0; rtr_attr.ah_attr.sl = 0; rtr_attr.ah_attr.src_path_bits = 0; rtr_attr.ah_attr.port_num = ib_port; rtr_attr.dest_qp_num = destination_qp_number; // here rtr_attr.</description>
</item>
<item>
<title>Implementing Basic RPC with C++20</title>
<link>/2022-03-12/implementing-basic-rpc-with-c-20/</link>
<pubDate>Sat, 12 Mar 2022 10:40:00 -0500</pubDate>
<guid>/2022-03-12/implementing-basic-rpc-with-c-20/</guid>
<description>This post explains how a basic RPC framework can be implemented by using modern C++ functionalities. The explanation in this post is heavily inspired from:
simple-rpc by evenleo buttonrpc-cpp14 by button-chen C++ Features used # Parameter Pack 1 # Parameter pack is similar to C variadic arguments that are used in printf() family:
int printf(char *format, ...); which is implemented with va_ variadic function API [src]:
int printf(const char* format, .</description>
</item>
<item>
<title>Open vSwitch in NVIDIA BlueField SmartNIC</title>
<link>/2022-01-17/open-vswitch-in-nvidia-bluefield-smartnic/</link>
<pubDate>Mon, 17 Jan 2022 14:54:00 -0500</pubDate>
<guid>/2022-01-17/open-vswitch-in-nvidia-bluefield-smartnic/</guid>
<description>In embedded CPU (ECPF: Embedded CPU Physical Function) mode of NVIDIA BlueField DPU, Open vSwitch (OvS) is used for packet processing. Once BlueField Linux is installed, several frameworks are installed together as well, and OvS is one of them.
# in SmartNIC Linux $ systemctl status openvswitch-switch ● openvswitch-switch.service - LSB: Open vSwitch switch Loaded: loaded (/etc/init.d/openvswitch-switch; generated) Active: active (running) since Sun 2022-01-16 18:17:46 UTC; 1 day 2h ago Docs: man:systemd-sysv-generator(8) Process: 227259 ExecStart=/etc/init.</description>
</item>
<item>
<title>Configuring NVIDIA BlueField2 SmartNIC</title>
<link>/2022-01-06/configuring-nvidia-bluefield2-smartnic/</link>
<pubDate>Thu, 06 Jan 2022 20:53:00 -0500</pubDate>
<guid>/2022-01-06/configuring-nvidia-bluefield2-smartnic/</guid>
<description>SmartNIC is a new emerging hardware where a NIC with general-purpose CPU cores. NVIDIA BlueField2 equips 8 ARM Cortex A-72 cores, which can be used to process offloaded functions. This functions are not limited to packet processing, but can also be more complicated applications, e.g., file system, etc.
This post talks about how to configure NVIDIA BlueField2 SmartNIC, on CloudLab r7525 machines.
Regarding CloudLab, please refer to [this paper](https://www.usenix.org/conference/atc19/presentation/duplyakin). Regarding NVIDIA BlueField2 SmartNIC/DPU, please refer to [NVIDIA DPU introduction page](https://www.</description>
</item>
<item>
<title>Libvirt VM Network Accessibility</title>
<link>/2021-05-03/libvirt-vm-network-accessibility/</link>
<pubDate>Mon, 03 May 2021 16:47:00 +0900</pubDate>
<guid>/2021-05-03/libvirt-vm-network-accessibility/</guid>
<description>Libvirt provides virtual networking 1 to VMs with a virtual network switch, which is implemented with a bridge by default:
$ ip addr ... 20: virbr0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:e9:7b:57 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever libvirt provides several modes for this bridge, two of which will be introduced in this post so that we can directly access to VMs via networking: NAT mode + port forwarding, and routed mode.</description>
</item>
<item>
<title>Using Intel IOAT DMA</title>
<link>/2021-04-26/using-intel-ioat-dma/</link>
<pubDate>Mon, 26 Apr 2021 09:02:00 +0900</pubDate>
<guid>/2021-04-26/using-intel-ioat-dma/</guid>
<description>I/OAT (I/O Acceleration Technology) 1 # Intel I/OAT is a set of technologies for improving I/O performance. This post specifically illustrates how to use Intel QuickData Technology, which enables data copy by the chipset instead of the CPU, to move data more efficiently and provide fast throughput.
Using Linux DMA Engine # I/OAT (specifically QuickData Technology) is implemented as ioatdma kernel module in Linux, and integrated into the Linux DMA subsystem.</description>
</item>
<item>
<title>Reconfiguring Ceph</title>
<link>/2021-04-23/reconfiguring-ceph/</link>
<pubDate>Fri, 23 Apr 2021 16:19:00 +0900</pubDate>
<guid>/2021-04-23/reconfiguring-ceph/</guid>
<description>Configuring Ceph # Ceph daemons use /etc/ceph/ceph.conf by default for configuration. However, modern ceph clusters are initialized with cephadm, which deploys deach daemon in individual containers; then, how we can apply configuration changes to Ceph daemons?
1. Dynamic Configuration Injection 1 # Warning: it is not reliable; make sure that the changed parameter is active. Otherwise, use method 2.
Use injectargs to inject configuration values into the existing values.</description>
</item>
<item>
<title>Testing Ceph RBD Performance with Virtualization</title>
<link>/2021-03-24/testing-ceph-rbd-performance-with-virtualization/</link>
<pubDate>Wed, 24 Mar 2021 11:20:00 +0900</pubDate>
<guid>/2021-03-24/testing-ceph-rbd-performance-with-virtualization/</guid>
<description>This post explains how I measured Ceph RBD performance with block/network virtualization technology (virtio and vhost), and the result.
VM execution is done through qemu-system-x86_64, without using libvirt.
Host: Fedora 33 (Linux kernel 5.10.19) Guest: Ubuntu 20.04 LTS Server (Linux kernel 5.4.0.67) # Qemu general configuration qemu-system-x86_64 --machine q35,accel=kvm, --enable-kvm \ -m 2048 -smp 2 -cpu host \ -vnc :0 \ -hda disk.qcow2 \ &lt;append configuration-specific options&gt; Performance is measured with fio running on the guest VM with the following configuration file:</description>
</item>
<item>
<title>Virtio and Vhost Architecture - Part 2</title>
<link>/2021-03-15/virtio-and-vhost-architecture-part-2/</link>
<pubDate>Mon, 15 Mar 2021 12:24:00 +0900</pubDate>
<guid>/2021-03-15/virtio-and-vhost-architecture-part-2/</guid>
<description>This post explains overheads of virtio, and introduce vhost that increases performance of virtio.
Virtio Review &amp; Vhost Introduction # virtio-net example diagram. [Source] VirtI/O is implemented with virtqueues, shared by the guest and QEMU process. When the guest rings a doorbell after inserting requests into the virtqueue, the context is forwarded to host KVM handler (VM-exit), and again to QEMU process via ioeventfd. QEMU process reads the request from the shared virtqueue, and handles it.</description>
</item>
<item>
<title>Virtio and Vhost Architecture - Part 1</title>
<link>/2021-03-10/virtio-and-vhost-architecture-part-1/</link>
<pubDate>Wed, 10 Mar 2021 17:01:00 +0900</pubDate>
<guid>/2021-03-10/virtio-and-vhost-architecture-part-1/</guid>
<description>This post explains virtio and vhost, device virtualization techniques used in Linux kernel virtual machine (KVM). Here, I focus only on block device and network device virtualization.
Virtio (Virtual I/O) # Virtio is one of I/O (block, NIC, etc) virtualization techniques that are used in virtualization. It is a paravirtualized I/O solution that implements a set of communication framework for I/O interaction between guest applications and hypervisor 1 2, which means a device driver that is aware of virtualization is required.</description>
</item>
<item>
<title>Using Ceph RBD as a QEMU Storage</title>
<link>/2021-03-04/using-ceph-rbd-as-a-qemu-storage/</link>
<pubDate>Thu, 04 Mar 2021 14:40:00 +0900</pubDate>
<guid>/2021-03-04/using-ceph-rbd-as-a-qemu-storage/</guid>
<description>This post explains how we can use a Ceph RBD as a QEMU storage. We can attach a Ceph RBD to a QEMU VM through either virtio-blk or vhost-user-blk QEMU device (vhost requires SPDK).
Assume that a Ceph cluster is ready following the manual.
Setting a Ceph client Configuration 1 # For a node to access a Ceph cluster, it requires some configuration:
Config file setup User authentication setup This step requires an access permission to a host; a host refers to a node that is already configured as a client or running a cluster daemon.</description>
</item>
<item>
<title>Analyzing Ceph Network Module</title>
<link>/2020-12-23/analyzing-ceph-network-module/</link>
<pubDate>Wed, 23 Dec 2020 11:38:00 +0900</pubDate>
<guid>/2020-12-23/analyzing-ceph-network-module/</guid>
<description>This post explains how Ceph daemons and clients communicate with each other, with Ceph network architecture.
Ceph offical document provides a very high-level diagram that depicts the Ceph architecture:
High level Ceph architecture. [src] However, I could not find out detailed documents explaining how clients with librados actually communicate with daemons, except a few blog post 1 2 3 4 5 6 7. Even after reading those, I was not clear how they work.</description>
</item>
<item>
<title>Building Container Image inside Container using Buildah</title>
<link>/2020-11-09/building-container-image-inside-container-using-buildah/</link>
<pubDate>Mon, 09 Nov 2020 15:09:00 +0900</pubDate>
<guid>/2020-11-09/building-container-image-inside-container-using-buildah/</guid>
<description>This post explains how we build a container image inside a container, isolating all dependent packages into the container.
The introduction below clearly shows why it is required.
Lots of people would like to build OCI/container images within a system like Kubernetes. Imagine you have a CI/CD system that is constantly building container images, a tool like Red Hat OpenShift/Kubernetes would be useful for distributing the load of builds. Until recently, most people were leaking the Docker socket into the container and then allowing the containers to do docker build.</description>
</item>
<item>
<title>Accelerating Ceph RPM Packaging: Using Multithreaded Compression</title>
<link>/2020-11-07/accelerating-ceph-rpm-packaging-using-multithreaded-compression/</link>
<pubDate>Sat, 07 Nov 2020 19:07:00 +0900</pubDate>
<guid>/2020-11-07/accelerating-ceph-rpm-packaging-using-multithreaded-compression/</guid>
<description>This post explains how we can accelerate buildig a Ceph RPM package. Knowledge in the post can be generally applied to packaging all other applications, not only Ceph.
Ceph source code is managed by Github 1, and it contains several shell scripts for packaging as well. Before illustrating how these scripts work, we have to figure out how RPM packaging works.
1. RPM Packaing 101 # RPM (originally stands for Red Hat Package Manager) is a package management system developed by Red Hat 2.</description>
</item>
<item>
<title>Deploying a Ceph Development Environment Cluster</title>
<link>/2020-11-03/deploying-a-ceph-development-environment-cluster/</link>
<pubDate>Tue, 03 Nov 2020 13:09:00 +0900</pubDate>
<guid>/2020-11-03/deploying-a-ceph-development-environment-cluster/</guid>
<description>This post explains how we can deploy a Ceph development cluster from Ceph source code.
I tested it in Windows 10 + Docker for Windows with WSL2 engine + WSL2 Ubuntu 20.04.
1. Prerequisites # Two Github repositores are necessary: Ceph 1 and Ceph-dev-docker 2.
Ceph dev docker is a kind of wrapper that automates all required steps for deloying Ceph development cluster. It users Docker container to deploy the local development of Ceph.</description>
</item>
<item>
<title>Introduction to Ceph</title>
<link>/2020-08-30/introduction-to-ceph/</link>
<pubDate>Sun, 30 Aug 2020 14:16:00 +0900</pubDate>
<guid>/2020-08-30/introduction-to-ceph/</guid>
<description>Ceph is an open-source distributed software platform 1 2. It mainly focuses on scale-out file system including storage distribution and availability.
Ceph Cluster Overview. [Source] Ceph Cluster Overview. [Source] Ceph Cluster Overview. [Source] A ceph storage cluster roughly consists of three components:
Ceph Storage Nodes: equip physical storage media, and Ceph Object Storage Daemons (OSDs, or ceph-osd), Ceph Monitors (ceph-mon), and Ceph Managers (ceph-mgr) manage them.</description>
</item>
<item>
<title>Introduction to Flatpak</title>
<link>/2020-08-27/introduction-to-flatpak/</link>
<pubDate>Thu, 27 Aug 2020 17:22:00 +0900</pubDate>
<guid>/2020-08-27/introduction-to-flatpak/</guid>
<description>Flatpak is one of app sandboxing frameworks, along with AppImage and Snap 1. Although Snap is the most famous one, I think the internal architecture of Flatpak is more reliable.
Fedora Silverblue and EndlessOS provide software installation primarily via Flathub, a central repository of Flatpak based applications 2 3.
This post briefly summarizes how to use Flatpak in terms of implementing a sample applications.
Installing Flatpak # In Ubuntu distributions, there is no Flatpak preinstalled, while it is in Fedora.</description>
</item>
<item>
<title>Dynamic Kubelet Configuration</title>
<link>/2020-08-24/dynamic-kubelet-configuration/</link>
<pubDate>Mon, 24 Aug 2020 09:21:00 +0900</pubDate>
<guid>/2020-08-24/dynamic-kubelet-configuration/</guid>
<description>Kubelet, at launch time, loads configuration files from pre-specified files. Changed configurations are not applied into the running Kubelet process during runtime, hence manual restarting Kubelet is required after modification.
Dynamic Kubelet configuration eliminates this burden, making Kubelet monitors its configuration changes and restarts when it is updated1. It uses Kubernetes a ConfigMap object.
Kubelet Flags for Dynamic Configuration # Dynamic kubelet configuration is not enabled by default. To be specific, one of required configurations is missing; the following flags for Kubelet are required for dynamic configuration:</description>
</item>
<item>
<title>Introduction to Fedora Silverblue</title>
<link>/2020-07-15/fedora-silverblue/</link>
<pubDate>Wed, 15 Jul 2020 12:35:00 +0900</pubDate>
<guid>/2020-07-15/fedora-silverblue/</guid>
<description>Fedora Silverblue # Fedora Silverblue 1 is an immutable desktop operating system based on Fedora Linux distribution. What immutable does mean is that most directories including rootfs (/) are mounted as read-only, and user applications run in an isolated execution environment. It is a part of Atomic Host project, and share the same underlying system with Fedora CoreOS (FCOS).
For this purpose, Fedora Silverblue adopted two technologies:</description>
</item>
<item>
<title>Go Modules: an Alternative to GOPATH for Package Distribution</title>
<link>/2020-04-04/go-modules/</link>
<pubDate>Sat, 04 Apr 2020 19:27:00 +0900</pubDate>
<guid>/2020-04-04/go-modules/</guid>
<description>This post introduces Go modules, introduced in Go version 1.11.
Go Modules? # Go 1.11 introduces a new dependency mangement system, Go modules (That&rsquo;s why Go uses the environment variable name GO111MODULE: indicating to use Go 1.11 module).
Google introduced Go module as an alternative to GOPATH for versioning and package distribution. At first I did not understand what it means specifically. Here is my explanaion.
Importing Packages without Go Modules # Go programmers can import third-party packages (i.</description>
</item>
<item>
<title>Programming Kubernetes CRDs</title>
<link>/2020-02-13/programming-kubernetes-crd/</link>
<pubDate>Thu, 13 Feb 2020 10:13:00 +0900</pubDate>
<guid>/2020-02-13/programming-kubernetes-crd/</guid>
<description>In [previous post], I briefly introduced a custom resource definition and how to create it through CLI. In this post, I introduce how to implement Go code that programatically specifies a CRD and a custom controllers that handles CRD events.
Many tutorials are exist, but not perfect 1 2 3 4 [^tutorial4]. I by myself implement a new custom controller to fully understand how it works, and introduce almost full details here.</description>
</item>
<item>
<title>Kubernetes Custom Resource Definition (CRD)</title>
<link>/2020-02-11/kubernetes-custom-resource/</link>
<pubDate>Tue, 11 Feb 2020 17:23:00 +0900</pubDate>
<guid>/2020-02-11/kubernetes-custom-resource/</guid>
<description>One of main advantages of Kubernetes API is flexibility; users can add a custom resource to the Kubernetes cluster, and Kubernetes apiserver manages defined custom resources like standard resources (e.g. ReplicaSet, etc). Main introduction in Kubernetes document is in [here].
A major confusing point comes from ambiguous distinction between Custom Resource Definition (CRD) and Aggregated APIserver (AA). Even the document explains some differences of two types of implementation, it is not clearly understandable.</description>
</item>
<item>
<title>Introduction to Programming Infiniband RDMA</title>
<link>/2020-02-09/introduction-to-programming-infiniband/</link>
<pubDate>Sun, 09 Feb 2020 19:58:00 +0900</pubDate>
<guid>/2020-02-09/introduction-to-programming-infiniband/</guid>
<description>This post explains the basic of RDMA programming. There are many examples and posts regarding this, however, I personally could not find enough explanations for the examples. It was hard to understand how it works, and here I summarize what I got.
Backgrounds # Channel Adapter (CA) # Channel adapter refers an end node in the infiniband network. It is equivalent of Ethernet network interface card (NIC), but with more features regarding Infiniband and RDMA 1.</description>
</item>
<item>
<title>Building Mellanox OFED from source code</title>
<link>/2020-01-25/building-mellanox-ofed-from-source/</link>
<pubDate>Sat, 25 Jan 2020 10:28:00 +0900</pubDate>
<guid>/2020-01-25/building-mellanox-ofed-from-source/</guid>
<description>Mellanox is a manufacturer of networking products based on infiniband, which in these days are used for Remote DMA (RDMA). Though their documents are explained and managed well in their [website], I cannot find how to build an infiniband device driver from source code they provide.
Building Mellanox OFED source code: inside install script # Source code can be downloaded in [here]. Currently the latest version of MLNX_OFED is 4.7-3.2.9.0.</description>
</item>
<item>
<title>Generate a Self-signed Certificate</title>
<link>/2020-01-07/self-signed-certificate/</link>
<pubDate>Tue, 07 Jan 2020 16:12:00 +0900</pubDate>
<guid>/2020-01-07/self-signed-certificate/</guid>
<description>Public Key Management and X.509 Certificates A self-signed certificate is a ceritificate, which is not signed by a certificate authority (CA) 1 2. (There is no parent-like CA when creating a CA, CA itself is a self-signed certificate.) When using Kubernetes, kubeadm automatically genereates a self-signed Kubernetes CA before generating other certificates.
Steps to create a certificate 3 # Follow the steps to create a self-signed certificate:
Generate a private key Generate a Certificate Signing Request (CSR) Generate a self-signed certificate Generate a private key # A generated certificate must be signed with the Certificate Authority&rsquo;s private key, which we are going to make here.</description>
</item>
<item>
<title>Kubernetes Authentication: Client Certificate</title>
<link>/2019-12-18/kubernetes-authentication/</link>
<pubDate>Wed, 18 Dec 2019 09:26:00 +0900</pubDate>
<guid>/2019-12-18/kubernetes-authentication/</guid>
<description>1
For access control, Kubernetes steps the procedures above for each API operation: authentication (who can access), authorization (what can be accessed), and admisssion control. This post is about Kubernetes authentication.
All API accesses are handled by Kubernetes api server. All accesses have to be authenticated by the API server for Kubernetes operations. Kubernetes API server serve on 2 ports: one for testing, and the other for all other cases.</description>
</item>
<item>
<title>Cmake for Custom Library Build System in Go</title>
<link>/2019-12-10/cmake-for-custom-library-build-system-in-go/</link>
<pubDate>Tue, 10 Dec 2019 15:04:00 +0900</pubDate>
<guid>/2019-12-10/cmake-for-custom-library-build-system-in-go/</guid>
<description>In the previous post, I implemented a Go shim layer that enables c++ codes to use Go functionalities. This post dives a little bit deeper into CMake build system for this interaction.
The following CMakeLists.txt provides a binary compilation altogether with compiling Go based static library.
cmake_minimum_required(VERSION 3.0)project(test)set(TARGET_OUT test.out)set(TARGET_LIB test.lib)# Go configurations set(GO_SRCS test.go)set(GO_LIBNAME libtest.a)# Custom command for &#39;go build -buildmode=c-archive ...&#39; # to create a library from Go codes. add_custom_command(OUTPUT ${GO_LIBNAME} DEPENDS ${GO_SRCS} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} COMMAND env go build -buildmode=c-archive -o &#34;${CMAKE_CURRENT_BINARY_DIR}/${GO_LIBNAME}&#34; ${CMAKE_GO_FLAGS} ${GO_SRCS} COMMENT &#34;Building Go library&#34;)# Add a custom target for the library.</description>
</item>
<item>
<title>Implementing Kubernetes C++ Client Library using Go Client Library</title>
<link>/2019-11-28/implementing-kubernetes-cpp-client-library/</link>
<pubDate>Thu, 28 Nov 2019 21:09:00 +0900</pubDate>
<guid>/2019-11-28/implementing-kubernetes-cpp-client-library/</guid>
<description>Linking Go and C # Since Go 1.5, Go supports packaging Go codes into a shared or static library, which can be linked in C programs 1.
package main // buildmode=[c-archive|c-shared] requires exactly one main package import &#34;C&#34; import &#34;fmt&#34; //export hello func hello(name string) { fmt.Printf(&#34;Hello from Go, %s!\n&#34;, name); } func main() {} ## as c-shared library go build -buildmode=c-shared -o libtest.so test.go ## as c-archive(static) library go build -buildmode=c-archive -o libtest.</description>
</item>
<item>
<title>Installing Kubernetes and cri-o in Debian</title>
<link>/2019-11-21/installing-kubernetes-and-crio-in-debian/</link>
<pubDate>Thu, 21 Nov 2019 18:32:00 +0900</pubDate>
<guid>/2019-11-21/installing-kubernetes-and-crio-in-debian/</guid>
<description>This post summarizes how to install cri-o container runtime and initialize a Kubernetes master node in Debian machine. Tested with Debian 10 running on a VirtualBox VM.
root@kubernetesdebian:/etc# cat os-release PRETTY_NAME=&#34;Debian GNU/Linux 10 (buster)&#34; NAME=&#34;Debian GNU/Linux&#34; VERSION_ID=&#34;10&#34; VERSION=&#34;10 (buster)&#34; VERSION_CODENAME=buster ID=debian HOME_URL=&#34;https://www.debian.org/&#34; SUPPORT_URL=&#34;https://www.debian.org/support&#34; BUG_REPORT_URL=&#34;https://bugs.debian.org/&#34; Installing cri-o # 0. Prerequiste for using cri-o with Kubernetes # Kubernetes requires the following configurations be set before using cri-o container runtime [link]:
modprobe overlay modprobe br_netfilter cat &gt; /etc/sysctl.</description>
</item>
<item>
<title>Interactions between cri-o and conmon in Kubernetes</title>
<link>/2019-11-18/interactions-between-crio-and-conmon/</link>
<pubDate>Mon, 18 Nov 2019 23:07:00 +0900</pubDate>
<guid>/2019-11-18/interactions-between-crio-and-conmon/</guid>
<description>cri-o # cri-o is a lightweight container runtime framework for Kubernetes. After introducing Open Container Initiative (OCI) container standard, Red Hat implemented cri-o to support the OCI standard and optimize performances by getting rid of unuseful features from Docker for Kubernetes; hence it is lightweight and for Kubernetes.
{: width=&ldquo;1000px&rdquo;} cri-o Archituecture. It manages containers under the supervison of Kubelet, a node agent of Kubernetes.</description>
</item>
<item>
<title>Code Server: Using vscode via Web Browsers</title>
<link>/2019-11-10/code-server/</link>
<pubDate>Sun, 10 Nov 2019 14:05:00 +0900</pubDate>
<guid>/2019-11-10/code-server/</guid>
<description>vscode running as a standalone app (lower right), and vscode frontend UI running in Safari web browser (upper left). Their looks are nearly identical except for menu, etc.
Visual Studio Code # Visual Studio Code, implemented and managed by Microsoft, is one of the best open-source code editors over the world. I&rsquo;am using this too for almost every works; programming codes, writing Markdowns, writing Latex, etc. With tremendous number of plugins, its functionality is nearly limitless.</description>
</item>
<item>
<title>Kubernetes</title>
<link>/2019-11-07/kubernetes/</link>
<pubDate>Thu, 07 Nov 2019 11:17:00 +0900</pubDate>
<guid>/2019-11-07/kubernetes/</guid>
<description>Kubernetes # Kubernetes is is an container-based cluster orchestration tool, originally implemented by Google. It manages containerized workloads and services in clusters.
Kubernetes is really an orchestration tool?
Kubernetes does not call itself as an orchestration system, due to its different behaviors from the technical definition of &ldquo;orchestration&rdquo;.
Orchestration (from [Wikipedia])
Orchestration is the automated configuration, coordination, and management of computer systems and software.
Orchestration (from [bmc])</description>
</item>
<item>
<title>Container Runtime</title>
<link>/2019-10-31/container-runtime/</link>
<pubDate>Thu, 31 Oct 2019 21:36:00 +0900</pubDate>
<guid>/2019-10-31/container-runtime/</guid>
<description>From Docker to Kubernetes, these days container solutions are emerging.
{: .center-image width=&ldquo;1000px&rdquo;} Why Docker? source: https://www.docker.com. They clear state that Docker is a Container Runtime.
In the era of Docker the term &ldquo;Container runtime&rdquo; was quite clear; the software that runs and manages containers. but as the internal architecture is being complicated and various container frameworks are introduced, this definition becomes unclear.
Here are very clear explanations what is container runtime exactly, written by Ian Lewis:</description>
</item>
<item>
<title>Open Container Initiative (OCI) Standard, Image Spec</title>
<link>/2019-10-10/open-container-initiative-image-spec/</link>
<pubDate>Thu, 10 Oct 2019 20:35:00 +0900</pubDate>
<guid>/2019-10-10/open-container-initiative-image-spec/</guid>
<description>The Open Container Initiative (OCI) standard is an open standard for Linux containers. As born in 2013, Docker has been a de-facto standard of Linux container framework, but the OCI standard was born for a need of open standard, based on the Docker manifest. As the standard is based on Docker manifest, its specifications and structures are very similar to Dockers', enabling providing compatibilities between Docker and OCI-based container frameworks.</description>
</item>
<item>
<title>Managing Github Pages blog with VScode and Jekyll</title>
<link>/2019-09-28/jekyll-vscode/</link>
<pubDate>Sat, 28 Sep 2019 14:31:00 +0900</pubDate>
<guid>/2019-09-28/jekyll-vscode/</guid>
<description>In recent days, I barely managed my blog after graduation. Switching my most favorite code editor from Atom to VScode also makes it hard, since there is no plugins such like Jekyll Atom. It provides an integrated Jekyll commands, and several tools for post management. There is a plugin named Jekyll Snippets in VScode marketplace, , but I don&rsquo;t think it is not comparable to Atom&rsquo;s plugin.
As I do not want to use several editors, I kept looking for a way to manage my blog with VScode, and I found a reasonable one: using VScode insider, Docker Jekyll and jekyll-post plugin.</description>
</item>
<item>
<title>Implementing a New Custom Netlink Family Protocol</title>
<link>/2019-02-07/implementing-a-new-custom-netlink-family-protocol/</link>
<pubDate>Thu, 07 Feb 2019 17:00:00 +0900</pubDate>
<guid>/2019-02-07/implementing-a-new-custom-netlink-family-protocol/</guid>
<description>Netlink Protocol # Netlink is a communication protocol between kernel and userspace. Unlike ioctl(), netlink is based on socket, which enables notification from the kernel to userspace. With ioctl(), the kernel can only send a response regarding to a user request. With netlink socket, however, user processes can be blocked via blocking functions such as recv() to receive any messages from the kernel.
#include &lt;asm/types.h&gt;#include &lt;sys/socket.h&gt;#include &lt;linux/netlink.h&gt; netlink_socket = socket (AF_NETLINK, socket_type, netlink_family); There are some predefined famous netlink protocol family: for instance, NETLINK_ROUTE for routing and link updates, NETLINK_KOBJECT_UEVENT for device events, and so on.</description>
</item>
<item>
<title>udev: Function Flow for KOBJECT_UEVENT kernel group message </title>
<link>/2018-11-28/udev-function-flow-for-kobject_uevent-kernel-group-message/</link>
<pubDate>Wed, 28 Nov 2018 14:03:15 +0900</pubDate>
<guid>/2018-11-28/udev-function-flow-for-kobject_uevent-kernel-group-message/</guid>
<description>Identifying the device # {: .center-image} [source]
When a USB device is inserted to system, the very first initialization function to be started is drivers/usb/core/usb.c:usb_init(), written in [here]. The USB root hub driver (i.e. hcd) initiates the USB device initialization, the USB core takes the control and initializes an actual device structure struct usb_device.
linux/include/linux/usb.h struct usb_device { int devnum; char devpath[16]; ... struct usb_device *parent; struct usb_bus *bus; struct usb_host_endpoint ep0; struct device dev; .</description>
</item>
<item>
<title>udev: Device Manager for the Linux Kernel in Userspace</title>
<link>/2018-11-27/udev-device-manager-for-the-linux-kernel-in-userspace/</link>
<pubDate>Tue, 27 Nov 2018 10:05:14 +0900</pubDate>
<guid>/2018-11-27/udev-device-manager-for-the-linux-kernel-in-userspace/</guid>
<description>What is udev? # udev (userspace /dev) is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primaily manages device nodes in the /dev directory. At the same time, udev also handls all user space events raised when hardware devices are added into the system or removed from it, including firmware loading as reuqired by certain devices.
https://en.wikipedia.org/wiki/Udev
udev first appeared at Linux kernel version 2.</description>
</item>
<item>
<title>systemd Boot Process</title>
<link>/2018-11-22/systemd-boot-process/</link>
<pubDate>Thu, 22 Nov 2018 13:49:40 +0900</pubDate>
<guid>/2018-11-22/systemd-boot-process/</guid>
<description>What is systemd? # systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system.
https://www.freedesktop.org/wiki/Software/systemd
systemd is now the init process running as PID 1 as indicated above. /sbin/init was the actual init process of Linux (also known as System V init boot system), it is now replaced with /usr/lib/systemd in many Linux distributions.</description>
</item>
<item>
<title>Intel SGX Sealing</title>
<link>/2017-10-09/intel-sgx-sealing/</link>
<pubDate>Mon, 09 Oct 2017 15:26:34 +0900</pubDate>
<guid>/2017-10-09/intel-sgx-sealing/</guid>
<description>There is a few information related to sealing, even no detailed explanation in the paper: Intel SGX explaned. All in this post are from Intel, with a little thought of mine.
Sealing # Sealing is a service that Intel provides with Intel SGX technology for secure data saving.
Intel SGX provides protections data only if it is in the enclave, part of main memory. Therefore, when the enclave process exits, the enclave will be destroyed and any data that is secured whithin the enclave will be lost.</description>
</item>
<item>
<title>NVMeDirect</title>
<link>/2017-09-06/nvmedirect/</link>
<pubDate>Wed, 06 Sep 2017 20:40:37 +0900</pubDate>
<guid>/2017-09-06/nvmedirect/</guid>
<description>NVMeDirect Overview # NVMeDirect is a software framework that is used to directly access to a NVMe SSD from a user space application.
In the existing system, applications should access to a storage through several software I/O stacks. {: .center-image width=&ldquo;800px&rdquo;}
As the storage media is getting faster, overheads by the software stack takes larger portion of I/O time. Hence, this software I/O stack is being reduced as shown in the above figure.</description>
</item>
<item>
<title>Enabling AtomicOps in VFIO PCI Passthrough</title>
<link>/2017-08-16/enabling-atomicops-in-vfio-pci-passthrough/</link>
<pubDate>Wed, 16 Aug 2017 16:48:47 +0900</pubDate>
<guid>/2017-08-16/enabling-atomicops-in-vfio-pci-passthrough/</guid>
<description>I tried to use AMD&rsquo;s GPU for research, with the software stack called AMD ROCm. AMD ROCm is a AMG discrete GPU compatible Heterogeneous System Architecure (HSA) framework.
HSA is unique properties, different from OpenCL or CUDA: user mode queuing mode. {: .center-image}
Instead of traditional driver centrl models, in HSA, user applications are responsible to create a request packet to the command queue heading to the GPU directly.</description>
</item>
<item>
<title>GPU Resource Management</title>
<link>/2017-06-23/gpu-resource-management/</link>
<pubDate>Fri, 23 Jun 2017 10:13:09 +0900</pubDate>
<guid>/2017-06-23/gpu-resource-management/</guid>
<description>This post is a study of the paper Operating Systems Challenges for GPU Resource Management (International Workshop on Operating Systems Platforms for Embedded Real-Time Applications, 2011), and Implementing Open-Source CUDA Runtime (Programming Symposium, 2013).
{: .center-image width=&ldquo;800px&rdquo;}
The GPU channel is an interface that bridges across the CPU and the GPU contexts, especially when sending GPU commands from the CPU to the GPU.
GPU channel is the only way to send GPU commands to the GPU.</description>
</item>
<item>
<title>Implementing and Using Custom Intel SGX Trusted Library 2</title>
<link>/2017-06-01/implementing-and-using-custom-intel-sgx-trusted-library-2/</link>
<pubDate>Thu, 01 Jun 2017 19:58:54 +0900</pubDate>
<guid>/2017-06-01/implementing-and-using-custom-intel-sgx-trusted-library-2/</guid>
<description>In the previous post, I showed how to link a trusted function that can be called insdie the enclave.
However, Intel SGX provides a way to import EDL to make a library have an ECALL. The post from Intel is [here].
1. Implementing a trusted SGX library # As we do in the previous post, make a trusted library.
{: .center-image}
So our simple trusted SGX library has a function named ecall_testlib_sample.</description>
</item>
<item>
<title>Implementing and Using Custom Intel SGX Trusted Library</title>
<link>/2017-05-31/implementing-and-using-custom-intel-sgx-trusted-library/</link>
<pubDate>Wed, 31 May 2017 18:42:44 +0900</pubDate>
<guid>/2017-05-31/implementing-and-using-custom-intel-sgx-trusted-library/</guid>
<description>Intel SGX Trusted Library # Trusted libraries are libraries that are linked to a SGX program, and used inside an enclave. Hence, it should follow SGX enclave restrictions to be used.
According to Intel SGX SDK document, restrictions are as follow.
Trusted libraries are static libraries that linked with the enclave binary. This functions/objects can only be used from within the enclave. (=ECALL cannot be implemented in a library) We should not link the enclave with any trusted library including C/C++ standard libraries.</description>
</item>
<item>
<title>Usermode Helper API</title>
<link>/2017-05-10/usermode-helper-api/</link>
<pubDate>Wed, 10 May 2017 01:58:06 +0900</pubDate>
<guid>/2017-05-10/usermode-helper-api/</guid>
<description>We already know that fork() and exec() are system calls for making a new process from user space.
However, system calls cannot be called in kernel space. Then how to execute a process from kernel space?
Usermode Helper API is for creating a user mode process from kernel space.
Data structure that is used for the API is struct subprocess_info.
/linux/include/kmod.h struct subprocess_info { struct work_struct work; struct completion* complete; const char* path; char** argv; char** envp; int wait; int retval; int (*init)(struct subprocess_info* info, struct cred* new); void (*cleanup)(struct subprocess_info* info); void* data; }; Simple example from the reference:</description>
</item>
<item>
<title>CPU Affinity</title>
<link>/2017-05-09/cpu-affinity/</link>
<pubDate>Tue, 09 May 2017 21:56:25 +0900</pubDate>
<guid>/2017-05-09/cpu-affinity/</guid>
<description>CPU affinity, also called CPU pinning, enables the binding of a process or a thread to a specific CPU core, or CPU cores.
The following function is provided as a standard library to set affinity. [reference]
#include &lt;sched.h&gt; int sched_setaffinity(pid_t pid, size_t cpusetsize, cpu_set_t *mask); int sched_getaffinity(pid_t pid, size_t cpusetsize, cpu_set_t *mask); On success, schedu_setaffinity() and sched_getaffinity() return 0. On error, -1 is returned, and errno is set appropriately.
cpu_set_t can be set by defined macros as follows.</description>
</item>
<item>
<title>Calling Kernel Module's Function from The Other Kernel Module</title>
<link>/2017-05-03/calling-kernel-modules-function-from-the-other-kernel-module/</link>
<pubDate>Wed, 03 May 2017 15:18:17 +0900</pubDate>
<guid>/2017-05-03/calling-kernel-modules-function-from-the-other-kernel-module/</guid>
<description>I made two kernel modules, one of which calls a function of the other module, but it kept saying me that WARNING: &quot;&lt;function_name&gt;&quot; undefined!. Even though I exported the function, there actually is another step that I should follow.
References: http://stackoverflow.com/a/9499893
What I did before finding the reference was to export the target function.
/kernel1/functions.h void function1(void); /kernel1/functions.c #include &lt;linux/module.h&gt;void function1(void){}; EXPORT_SYMBOL(function1); However, the other kernel module (say it kernel2) does not know where function1() exists.</description>
</item>
<item>
<title>KVM Internal: How a VM is Created?</title>
<link>/2017-05-02/kvm-internal-how-a-vm-is-created/</link>
<pubDate>Tue, 02 May 2017 20:26:56 +0900</pubDate>
<guid>/2017-05-02/kvm-internal-how-a-vm-is-created/</guid>
<description>KVM is an acronym of &ldquo;Kernel based Virtual Machine&rdquo;, and is a virtualization infrastructure for the Linux kernel that turns it into a hypervisor.
It is used with QEMU to emulate some peripherals, called QEMU-KVM.
The basic architecture for KVM is as follows.
{: .center-image}
KVM Architecture. {: .center} QEMU process runs as a userspace process on top of the Linux kernel with KVM module, and a guest kernel runs on the of emulated hardware in QEMU.</description>
</item>
<item>
<title>Git Basics</title>
<link>/2017-05-02/git-basics/</link>
<pubDate>Tue, 02 May 2017 09:58:43 +0900</pubDate>
<guid>/2017-05-02/git-basics/</guid>
<description>1. Initialize a Git Repository # $ git init This will create .git directory to store all information for version control.
2. Checking out a Remote Repository # $ git checkout https://github.com/username/abc.git $ git checkout https://github.com/username/abc.git branch_name The last .git can be omitted. This will copy files in the remote repository. You can directly checkout a branch by adding branch_name to the tail of the command.
To checkout a remote branch into the existing git local repository, use the following:</description>
</item>
<item>
<title>Analyzing Gdev</title>
<link>/2017-04-27/analyzing-gdev/</link>
<pubDate>Thu, 27 Apr 2017 22:35:30 +0900</pubDate>
<guid>/2017-04-27/analyzing-gdev/</guid>
<description>Gdev # Gdev is an open-source CUDA software, containing device drivers, CUDA runtimes, CUDA/PTX compilers, and so on.
You can download it from [here].
Detail implementations are described in the other paper that the author wrote, Implementing Open-Source CUDA Runtime. (link)
Internal Implementation # {: .center-image}
Implementation of Gdev Gdev uses the existing open-source NVIDIA device driver, Nouveau. It also supports NVIDIA proprietary drivers and pscnv as well, pscnv is not maintained and NVIDIA driver is not an open-source.</description>
</item>
<item>
<title>Introduction to VFIO</title>
<link>/2017-04-27/introduction-to-vfio/</link>
<pubDate>Thu, 27 Apr 2017 13:14:24 +0900</pubDate>
<guid>/2017-04-27/introduction-to-vfio/</guid>
<description>Virtual Function I/O (VFIO) # Introduced to replace the old-fashioned KVM PCI device assignment (virtio). Userspace driver interface Use IOMMU (AMD IOMMU, Intel VT-d, etc) Full PCI interrupt, MMIO and I/O port access, PCI configuration space access support Take an abstract view of a device: to support anything! VFIO Device Filer descriptor # located in /dev/vfio
Each divided into regions
Each region maps to a device resource (MMIO BAR, IO BAR, PCI configuration space) Region count and information discovered through ioctl.</description>
</item>
<item>
<title>GPU Architecture Overview</title>
<link>/2017-04-27/gpu-architecture-overview/</link>
<pubDate>Thu, 27 Apr 2017 10:15:41 +0900</pubDate>
<guid>/2017-04-27/gpu-architecture-overview/</guid>
<description>GPU Model # {: .center-image width:600px}
It explains several important designs that recent GPUs have adopted.
MMIO.
The CPU communicates with the GPU via MMIO. Hardware engines for DMA are supported for transferring large amounts of data, however, commands should be written via MMIO. The I/O ports can be used to indirectly access the MMIO regions, but rarely used. An open source device driver Nouveau currently never uses it.</description>
</item>
<item>
<title>Hooking an SGX ENCLS Leaf Function Call from KVM</title>
<link>/2017-04-21/hooking-an-sgx-encls-leaf-function-call-from-kvm/</link>
<pubDate>Fri, 21 Apr 2017 20:36:41 +0900</pubDate>
<guid>/2017-04-21/hooking-an-sgx-encls-leaf-function-call-from-kvm/</guid>
<description>Environment # Host: Ubuntu 14.04.5 LTS, Linux kernel 4.6.0, Intel Core-i7 6700 Skylake processor Guest: Ubuntu 14.04.4 LTS, Linux kernel 3.16.5, QEMU-KVM based virtual machine (using Intel VT-x) 1. ENCLS # SGX Programming Reference, Section 5.2.1
ENCLS instruction is used to execute an enclave system function (privileged) of specified leaf number.
Software specifies the leaf function by setting the appropriate value in the register EAX as input.</description>
</item>
<item>
<title>Adding an Additional SGX Instruction</title>
<link>/2017-04-14/adding-an-additional-sgx-instruction/</link>
<pubDate>Fri, 14 Apr 2017 23:22:59 +0900</pubDate>
<guid>/2017-04-14/adding-an-additional-sgx-instruction/</guid>
<description>Implementing a SGX SDK Function for the Instruction # 1. Function Declaration # Declare a Function into /linux-sgx/common/inc/sgx_urts.h.
... sgx_status_t SGXAPI sgx_create_abc(void); 2. Function Definition # Define a Function into any file in /linux-sgx/psw/urts/. I defined it in /linux-sgx/psw/urts/linux/urts.cpp, as follows.
extern &#34;C&#34; sgx_status_t sgx_create_abc() { printf(&#34;Hello from %s!\n&#34;, __func__); return SGX_SUCCESS; } Also, you should define a function with the same name in /linux-sgx/sdk/simulation/urtssim/urts_deploy.c, but with void return type and no parameters.</description>
</item>
<item>
<title>Intel SGX SDK Functions for Enclave Creation</title>
<link>/2017-04-14/intel-sgx-sdk-functions-for-enclave-creation/</link>
<pubDate>Fri, 14 Apr 2017 13:58:12 +0900</pubDate>
<guid>/2017-04-14/intel-sgx-sdk-functions-for-enclave-creation/</guid>
<description>Many research papers have dealed about how SGX internally works, however, none have handled how SGX SDK works.
This post explains how Intel Linux SGX SDK calls Intel SGX CPU instructions, to create an enclave.
As we all know, There is an SGX instruction we use to create an enclave, EADD. This is a Intel CPU microcode instruction. However, a user program does not directly call this instruction, but calls sgx_create_enclave() SDK function.</description>
</item>
<item>
<title>Linux Kernel Memory Map Operations</title>
<link>/2017-04-07/linux-kernel-memory-map-operations/</link>
<pubDate>Fri, 07 Apr 2017 09:55:25 +0900</pubDate>
<guid>/2017-04-07/linux-kernel-memory-map-operations/</guid>
<description>Memory mapping is one of the most important features to protect the memory system in Linux.
Linux provides several functions to map a physical address into a virtual address.
1. mmap # Linux/fs/sysfs/bin.c:337 static int mmap(struct file* file, struct vm_area_struct* vma) {...} mmap() maps the file to a virtual memory. And this can be used with the special file /dev/mem (system memory) or /dev/kmem (kernel memory).
2. vm_insert_pfn # This function is called by sgx_enclave_add_page().</description>
</item>
<item>
<title>Intel SGX Instructions in Enclave Initialization</title>
<link>/2017-04-05/intel-sgx-instructions-in-enclave-initialization/</link>
<pubDate>Wed, 05 Apr 2017 22:13:25 +0900</pubDate>
<guid>/2017-04-05/intel-sgx-instructions-in-enclave-initialization/</guid>
<description>1. ECREATE # [Intel SGX Explained p63] Section 5.3.1. Creation [Programming References p21] Section 5.3. ECREATE An enclave is born when the system software issues the ECREATE instruction, which turns a free EPC page into the SECS for the new enclave.
ECREATE copies an SECS structure outside the EPC into an SECS page inside the EPC. The internal structure of SECS is not accessible to software.
Software sets the following fields in the source structure: SECS:BASEADDR, SECS:SIZE, and ATTRIBUTES.</description>
</item>
<item>
<title>Intel SGX Protection Mechanism</title>
<link>/2017-04-03/intel-sgx-protection-mechanism/</link>
<pubDate>Mon, 03 Apr 2017 14:09:50 +0900</pubDate>
<guid>/2017-04-03/intel-sgx-protection-mechanism/</guid>
<description>All Figure numbers are same with those in the paper.
Glossary # PMH: Page Miss Handler. MMU: Memory Management Unit. TLB: Translation Look-aside Buffer. FSM: Finite State Machine. EPC: Enclave Page Cache. EPCM: Enclave Page Cache Map. PRM: Processor Reserved Memory. ELRANGE: Enclave Linear Address Range. Address Translation # Concepts # Section 2.5.1 Address Translation Concepts
System software relies on the CPU&rsquo;s address translation mechanism for implementing isolation among less privileged pieces of software.</description>
</item>
<item>
<title>PCI Express I/O System</title>
<link>/2017-04-03/pci-express-i/o-system/</link>
<pubDate>Mon, 03 Apr 2017 12:12:58 +0900</pubDate>
<guid>/2017-04-03/pci-express-i/o-system/</guid>
<description>I/O Hardware Overview # The basic I/O hardware elements, such as ports, buses, and device controllers, accomodate a wide variety of I/O devices.
To encapsulate the details and oddities of different devices, the kernel of an operating system is structured to use device-driver modules.
A device communicates with a computer system by sending signals over a cable or through the air.
The device communicates with the machine via a connection point, or port.</description>
</item>
<item>
<title>Using Jekyll with Atom Editor</title>
<link>/2017-04-01/using-jekyll-with-atom-editor/</link>
<pubDate>Sat, 01 Apr 2017 09:55:05 +0900</pubDate>
<guid>/2017-04-01/using-jekyll-with-atom-editor/</guid>
<description>{: .center-image}
{: width=&ldquo;860px&rdquo;, height=&ldquo;390px&rdquo;,}
Atom is a modern, approachable text editor.
Until the last year, I had used Sublime Text for a text editor. However, after I saw some post examining Atom, I switched to it.
It is as modern as Sublime Text, and plugins are much much more powerful, I think.
I am using Markdown (Especially, Markdown Preview), Latex, Git, and Jekyll package on Atom.</description>
</item>
<item>
<title>New blog with Jekyll</title>
<link>/2017-04-01/new-blog-with-jekyll/</link>
<pubDate>Sat, 01 Apr 2017 01:56:49 +0900</pubDate>
<guid>/2017-04-01/new-blog-with-jekyll/</guid>
<description>After unexpectedly erasing all data in my previous blog, I did not make another blog for a long time.
Now I restarted a blog, now with Jekyll and Github Pages.
Comparing Wordpress, it has following advantages:
The format of posts, Markdown, is easy to edit in anywhere. I need to accustom markup languages, e.g., LaTex or Markdown. Use Git system. chance to be more familiar with Git? Not as many plugins as in Wordpress, but all the necessary are provided and fast!</description>
</item>
<item>
<title></title>
<link>/_redirects</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/_redirects</guid>
<description></description>
</item>
<item>
<title></title>
<link>/about/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/about/</guid>
<description></description>
</item>
<item>
<title></title>
<link>/research/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/research/</guid>
<description>false</description>
</item>
</channel>
</rss>