This topic describes the kernel features and interfaces supported by Alibaba Cloud Linux. This topic is intended for users who are familiar with the Linux kernel and want to use the features of the Linux kernel.
Memory
Reference | Supported version | Description |
| Alibaba Cloud Linux supports the Memcg Exstat feature. Compared with community versions of the Linux kernel, the Alibaba Cloud Linux kernel supports the following cgroup v1 interfaces for the Memcg Exstat feature: memory.events, memory.events.local, and memory.stat. The Alibaba Cloud Linux kernel also provides statistics on the latency caused by changes in the memcg global minimum watermark and backend asynchronous reclamation. | |
| Alibaba Cloud Linux provides the memcg global minimum watermark rating feature. The global minimum watermark of resource-intensive tasks is increased to trigger direct memory reclamation. The global minimum watermark of latency-sensitive tasks is decreased to prevent direct memory reclamation. When a resource-intensive task requests a large amount of memory, the global minimum watermark is increased to throttle the resources used by the task for a short period of time to prevent direct memory reclamation for latency-sensitive tasks. After a specific amount of memory is reclaimed by using global kswapd backend reclamation, the resource-intensive task is no longer throttled. | |
| The memcg quality of service (QoS) feature can be used to control locks and limits on memory usage in a memcg. In community versions of the Linux kernel, the memcg QoS feature is supported only by the cgroup v2 interface. In Alibaba Cloud Linux kernel, the memcg QoS feature is also supported by the cgroup v1 interface. | |
| Alibaba Cloud Linux provides the backend asynchronous reclaim feature for memcgs. The backend asynchronous reclaim feature differs from the global kswapd kernel thread. The feature uses the workqueue mechanism instead of a corresponding memcg kswapd kernel thread. | |
| Alibaba Cloud Linux provides the memcg out of memory (OOM) priority policy feature. When the memcg OOM priority policy feature attempts to perform an OOM operation, the feature determines the priorities of cgroups and selects a low-priority cgroup to perform the operation. | |
| Alibaba Cloud Linux provides the Transparent Huge Pages (THP) reclaim feature. You can use the feature to fix memory usage issues caused by THP, such as OOM errors. | |
| Alibaba Cloud Linux supports the Huge Pages feature. The Huge Pages feature is suitable for business scenarios that involve large code segments. You can use the feature to allocate the executable parts of applications and dynamic-link libraries (DLLs) to huge pages to reduce instruction translation lookaside buffer (iTLB) misses and increase the 2 MB iTLB utilization of CPUs. This helps improve the application performance. | |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 supports the Kernel Electric-Fence (KFENCE) feature. Alibaba Cloud Linux 3 allows you to enable or disable KFENCE in a flexible and dynamic manner and fully capture memory pollution issues. This way, Alibaba Cloud Linux 3 balances online detection and offline debugging of memory pollution issues. | |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 provides the Page Cache Limit feature. The feature helps resolve system instability caused by unlimited page cache usage, such as business jitters and unexpected OOM errors. | |
Alibaba Cloud Linux 3 kernel version | In a non-uniform memory access (NUMA) architecture, especially on an Arm-based Elastic Compute Service (ECS) instance, each NUMA node has local memory. When a program or process on one NUMA node needs to access code snippets on other NUMA nodes, cross-node access causes additional latency and performance overheads. To resolve the preceding issues, you can use the code duptext feature to copy code snippets from a remote node to an on-premises node. |
Network
Reference | Supported version | Description |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 is optimized to support Shared Memory Communications over RDMA (SMC-R). SMC-R is based on Alibaba Cloud elastic remote direct memory access (eRDMA) and can transparently replace TCP in applications without losing functionality. SMC-R enables direct, high-speed, low-latency, and memory-to-memory communications and provides higher performance than TCP in various scenarios, such as in-memory databases, remote procedure calls (RPCs), and large file transmission. | |
| Alibaba Cloud Linux supports TCP-layer service monitoring (TCP-RT). TCP-RT is a TRACE method. TCP-RT allows you to configure event tracking in a kernel-based TCP stack to identify a request and response when a single connection carries only one concurrent request and response. Then, you can obtain information, such as the time required to receive the request in the TCP stack and the time required to process the request. TCP-RT also supports statistical analysis in the kernel system and generates statistics about specific connections on a regular basis. | |
| In Linux kernels, TCP/IP connections remain in the TIME-WAIT state for 60 seconds. The length of this period cannot be changed. However, you must shorten this period in specific scenarios, such as scenarios that have heavy TCP loads, to improve network performance. To optimize network performance in the preceding scenarios, Alibaba Cloud Linux 2 provides a kernel interface to change the duration for which TCP/IP connections remain in the TIME-WAIT state before the system closes the connections. | |
Disable the estimation feature of IPVS to prevent network jitters |
| By default, the IP Virtual Server (IPVS) module of the Linux operating system enables the estimation feature. In scenarios in which a large-sized server hosts a large number of services, such as a large-scale Kubernetes cluster scenario, the estimation feature may cause a latency of tens to hundreds of milliseconds or network jitters when the server processes network requests. You can disable the estimation feature of IPVS for Alibaba Cloud Linux images. If you do not use the feature to collect statistics such as the number of packets and connections, we recommend that you disable the estimation feature of IPVS to eliminate additional overheads and jitters that occur during statistics collection. |
Alibaba Cloud Linux 3 kernel version | In FULLNAT scenarios, such as when Anti-DDoS Proxy is used, the address of a client is translated to the address of a FULLNAT node. To obtain the real address of the client, you can connect to a backend server that runs the Alibaba Cloud Linux 3 operating system with kernel version |
Storage
Reference | Supported version | Description |
| Alibaba Cloud Linux provides the cgroup writeback feature for the cgroup v1 interface. The cgroup writeback feature allows you to limit the buffered I/O rate when you use the cgroup v1 interface. | |
| Alibaba Cloud Linux provides the weight-based throttling feature (blk-iocost) based on the cost model. The blk-iocost feature is an improvement to the weight-based disk throttling feature of the I/O subsystem (blkcg) in the kernel. | |
| Alibaba Cloud Linux provides interfaces to better monitor Linux block I/O throttling. | |
| JBD2 is the kernel thread of Ext4 file systems. In most cases, JBD2 enters the shadow (BH_Shadow) state when used, which can affect system performance. To resolve the preceding issue, Alibaba Cloud Linux provides interfaces to optimize JBD2. | |
| By default, Ext4 file systems impose restrictions that prevent hard links from being created across project quotas. However, specific scenarios require hard links to be created across project quotas. Alibaba Cloud Linux provides a custom interface to bypass the restrictions of Ext4 file systems and create hard links across project quotas. | |
| Alibaba Cloud Linux optimizes the /proc/diskstats interface that provides raw data for the I/O latency analysis tool iostat. Alibaba Cloud Linux can calculate the durations of read, write, and special I/O (discard) operations on the device side. Alibaba Cloud Linux also provides the BPF Compiler Collection (BCC) toolset to track I/O latency. | |
| An I/O hang occurs when the system becomes unstable or fails due to time-consuming I/O requests. Alibaba Cloud Linux extends the core data structure and provides a feature that locates and detects I/O hangs at low system overheads. | |
Configure the context readahead feature of file systems to improve file access performance |
| Linux uses the readahead technique to accelerate file access by prefetching data and loading the data into the page cache. Linux also supports the context readahead algorithm, which can detect interleaved sequential streams to optimize file access performance. However, in specific random access scenarios, the context readahead algorithm is prone to poor judgment and may prefetch more pages than necessary. In the preceding scenarios, you can disable the context readahead feature to significantly improve application performance. |
Alibaba Cloud Linux 3 kernel version | Target Core Module (TCM) is another name for Linux-IO Target (LIO), which is an in-kernel Internet Small Computer Systems Interface (iSCSI) target. TCM in Userspace (TCMU) is the userspace implementation of LIO. TCMU allows userspace programs to coordinate with various userspace backend implementations in a convenient manner. Based on the TCMU framework and the LIO loopback (tcm_loop) module, you can implement userspace iSCSI targets with ease. |
Monitoring
Reference | Supported version | Description |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 supports Unified Kernel Fault Event Framework (UKFEF) in kernel version | |
| Alibaba Cloud Linux provides the Pressure Stall Information (PSI) feature for the cgroup v1 interface. The PSI feature allows you to monitor CPUs, memory, and I/O performance. |
Scheduling
Reference | Supported version | Description |
| Alibaba Cloud Linux provides the CPU burst feature for the cgroup v1 interface. The CPU burst feature allows CPU-throttled containers to burst CPU utilization to deliver higher performance and lower latency. | |
| Alibaba Cloud Linux provides the group identity feature. The feature allows you to configure different identities for CPU cgroups to prioritize process tasks in the cgroups. |
Compatibility
Reference | Supported version | Description |
Statistical state change of anonymous pages in the /proc/meminfo file |
| In Alibaba Cloud Linux kernel version |
Others
Reference | Supported version | Description |
| Alibaba Cloud Linux provides kernel interfaces for the container resource visualization feature to enhance the visibility of container resources. | |
Security hardening for user namespaces in Alibaba Cloud Linux |
| Linux supports the user namespace feature. The feature enables processes to have different user IDs and group IDs in different user namespaces to isolate permissions. However, enabling the user namespace feature increases the risk of privilege escalation attacks to the system. Attackers may exploit system vulnerabilities to obtain privileged permissions and bypass the system permission control. |