How Google Uses Linux

postfail writes 'lwn.net coverage of the 2009 Linux Kernel Summit includes a recap of a presentation by Google engineers on how they use Linux. According to the article, a team of 30 Google engineers is rebasing to the mainline kernel every 17 months, presently carrying 1208 patches to 2.6.26 and inserting almost 300,000 lines of code; roughly 25% of those patches are backports of newer features.'

A New Culture

Hmmm... Techno-Amish? (i.e. "We'll use your roads, but not your damned cars!")

Re:A New Culture

[MichaelSmith]

Funnily enough the roads were there before the cars.

Re:A New Culture

[trytoguess]

Amish don't avoid technology based on a point on a timeline. They believe in maintaining a certain lifestyle (strong family bonds, avoid thing that promote sloth luxury or vanity, etc), and many tech is seen as disruptive to such things. What is and isn't ok is debated tweaked and constantly modified depending on which Amish group you're dealing with. This is a good place for more info.

Fair chance you were just joking, but I figure, why not go on a info dump?

Release the patches already

[Dice]

They monitor all disk and network traffic, record it, and use it for analyzing their operations later on. Hooks have been added to let them associate all disk I/O back to applications - including asynchronous writeback I/O.

I. Want. This.

Re:Release the patches already

Try iotop.

http://guichaz.free.fr/iotop/

Re:Release the patches already

[Darkness404]

Its kinda common sense that Google would see how much disk space is used or how much CPU time is used. I mean, what admin -doesn't- know that 2 Gigabytes of space is used by xxxx@gmail.com? Even if all the data was super-encrypted you would still know how large the file is.

Re:Release the patches already

Can we donate some money and buy these people a site that _doesn't_ look like a goatse link?

Re:Release the patches already

[Jurily]

In contrast to goatse, which has all the content on one page?

Togh

Google does not distribute the binaries, so they are not obliged to publish the source.

Re:Togh

[MichaelSmith]

TFA does suggest though that google have gotten themselves into a horrible mess with their local changes and would be better off by offloading their stuff to the community and taking properly integrated releases.

Re:Togh

[pathological+liar]

Yeah great work Linus.

The distros STILL stick with older versions and backport fixes, because who in their right mind is going to bump a kernel version in the middle of a support cycle? It's even MORE broken because the kernel devs rarely identify security fixes as such, and often don't understand the security implications of a fix, so they don't always get backported as they should.

The Linux dev model is NOT something to be proud of.

Re:Togh

[grcumb]

The Linux dev model is NOT something to be proud of.

Indeed:

"The Linux dev model is the worst form of development, except for all those other forms that have been tried from time to time." - Winston Churchill

... Oh wait, no. That was me, actually.

Re:Togh

Oh actually I think the form of development used by the BSDs is a lot better. At least it is a lot more efficient. They don't just crap software and deprecate it as soon as it remotely works (hal).

Re:Togh

[grcumb]

The Linux dev model is NOT something to be proud of.

Indeed:

"The Linux dev model is the worst form of development, except for all those other forms that have been tried from time to time." - Winston Churchill

... Oh wait, no. That was me, actually.

Holy humour-impaired down-modding, Batman! How is the above a troll?

For those too dense to get the joke: I actually agree that the Linux development model has significant weaknesses. It's just that, despite its shortcomings, it actually has proven workable for many years now.

I'm not implying that there aren't better community-driven coding projects in existence. Nor do I want to suggest that critiquing the community is unwarranted (or even unwanted). It's just that, for all its warts, it has produced consistent results over the years.

Re:Togh

[bheekling]

If you think udev and devtmpfs conflict, you don't know what each of them are supposed to do.

If you read about them, you'd know that devtmpfs just populates /dev as devices are discovered by the kernel during boot. Which means udev doesn't have to spend several seconds parsing /sys to populate /dev with information the kernel already had.

Now during init, udev's job is to parse udev rules and add user configuration plus fix the permissions of nodes in /dev. Afterwards it also monitors device addition and generates events which apps can monitor (recent versions added a gobject interface too), and adds device nodes according to rules, if any.

In essence, devtmpfs's job is to allow a bootable system without the need to maintain a static /dev or depend on udev for a recovery shell.

devfs was bad, really bad because there was no naming system back then, and every driver did something different causing utter chaos (which led to different distros patching the kernel in different ways to change the node names). Now there's uniformity, and the kernel knows what to call the basic device nodes created by the drivers.

Re:Open source is the coat tails that Google rides

[i_ate_god]

you missed the point of open source then

Is it worth it?

[ToasterMonkey]

The whole article sounds so painful, what do they actually get out of it?

Google started with the 2.4.18 kernel - but they patched over 2000 files, inserting 492,000 lines of code. Among other things, they backported 64-bit support into that kernel. Eventually they moved to 2.6.11, primarily because they needed SATA support. A 2.6.18-based kernel followed, and they are now working on preparing a 2.6.26-based kernel for deployment in the near future. They are currently carrying 1208 patches to 2.6.26, inserting almost 300,000 lines of code. Roughly 25% of those patches, Mike estimates, are backports of newer features.

In the area of CPU scheduling, Google found the move to the completely fair scheduler to be painful. In fact, it was such a problem that they finally forward-ported the old O(1) scheduler and can run it in 2.6.26. Changes in the semantics of sched_yield() created grief, especially with the user-space locking that Google uses. High-priority threads can make a mess of load balancing, even if they run for very short periods of time. And load balancing matters: Google runs something like 5000 threads on systems with 16-32 cores.

Google makes a lot of use of the out-of-memory (OOM) killer to pare back overloaded systems. That can create trouble, though, when processes holding mutexes encounter the OOM killer. Mike wonders why the kernel tries so hard, rather than just failing allocation requests when memory gets too tight.

Ooooh... efficiency.. I'm curious what the net savings is.. compared to buying more cheap hardware.

So what is Google doing with all that code in the kernel? They try very hard to get the most out of every machine they have, so they cram a lot of work onto each.

(30 * kernel engineer salary) / (generic x86 server + cooling + power) = ?

Re:Is it worth it?

[Rockoon]

This company had about a million servers last time I cared to find out. I dont think 'more cheap hardware' means the same thing to you as it does to Google.

Re:Is it worth it?

[Sir_Lewk]

They are already running absolutely absurd amounts of cheap hardware. "Just buying more" is something that I'm sure they are already doing all the time but clearly that only goes so far.

(30 * kernel engineer salary) / (generic x86 servers + cooling + power) = ?

I suspect the answer to that is a very very small number.

Re:Is it worth it?

[coolsnowmen]

You are clearly not an engineer of scientist. Aside from the fact that some people just like to solve technical problems, I am betting google's logic goes something like this:
We have a problem that is basically only costing us $0.01*10,000computers/day. While that seems low, we plan on staying in business a long time, we could pay someone to solve the problem. Then there is that X factor, that if you don't do it, if you stop innovating, your competitors will, and they will get more and you will get less from the pool of money that is out there. In addition to that, the CS guy you paid to solve that is now worth more to your company (if you employed him) because [s]he now has a better understanding of a complex bit of code (the linux kernel) that you rely on heavily.

Re:Is it worth it?

[dingen]

Ooooh... efficiency.. I'm curious what the net savings is.. compared to buying more cheap hardware.

We're talking about Google here. They have dozens of datacenters all over the globe, filled with hundreds of thousands of servers. Some estimate even a million servers or more.

So lets assume they have indeed a million servers and they need 5% more efficiency out of their server farms. Following your logic, it would be better to add 50,000 (!) cheap servers which consume space, power and require cooling and maintenance, but I'll bet you paying a handful of engineers to tweak your software is *a lot* cheaper. Especially since Google isn't "a project" or something. They're here for the long run. They're here to stay and in order to make that happen, they need to get the most from their platform as possible.

Re:Is it worth it?

[Rockoon]

Also consider the fact that Google has been basically deploying new servers non-stop for many many years. They are already purchasing cheap hardware at a very high rate. Even a tiny 1% improvement in efficiency for the existing and future servers is a huge huge win for them.

That could amount to hundreds of millions of dollars saved over the next decade, and it doesnt take a genius to realize that a couple dozen programmer salaries will be a hell of a lot less than that.

Re:Is it worth it?

[LordNimon]

Porting patches from one kernel version to another is not innovation.

A while back I got an invitation to work for Google as a kernel developer. I declined to interview, because I already had a job doing just that. This article makes me glad I never accepted that offer. I feel sorry for those kernel developers at Google. Porting all that code back-and-forth over and over again. Now *that's* a crappy job.

Re:Is it worth it?

[Taur0]

I really hope you're not an engineer, because your solution to a problem should never be: "Screw the most efficient solution, we'll just go out and buy more and waste more energy!" These incremental increases in efficiency will drastically change a product overtime, look at cars for example. The countless engineers working at GM, Toyota, Ford, etc. could have easily said: "meh whatever, just make them buy more gas". The modern combustion engine is only about 30% efficient, but that's far better than when the combustion engine was first thought of, which was somewhere around 0.4%.

Low memory conditions

[jones_supa]

Google makes a lot of use of the out-of-memory (OOM) killer to pare back overloaded systems. That can create trouble, though, when processes holding mutexes encounter the OOM killer. Mike wonders why the kernel tries so hard, rather than just failing allocation requests when memory gets too tight.

This is something I have been wondering too. Doesn't it just lead to applications crashing more often than them normally reporting they cannot allocate more memory?

Re:Low memory conditions

[IamTheRealMike]

Well, most programs are not OOM safe. It turns out to be really hard to write programs that behave gracefully in OOM scenarios. Killing a sacrificial process when the system is out of memory works OK if you have a pretty good idea of priority ordering of the processes, which Google systems do.

Does Google give coade back

[TorKlingberg]

Does Google give any code and patches back to the Linux kernel maintainers? Since they probably only use it internally and never distribute anything they are not required to by the GPL, but it would still be the right thing to do.

Re:Does Google give coade back

[MBCook]

Yes, they do. Since they use older kernels and have... unique... needs, they aren't a huge contributor like RedHat, but they do a lot.

During 2.6.31, they were responsible for 6% of the changes to the kernel.

Re:Does Google give coade back

[marcansoft]

Andrew Morton, Google employee and maintainer of the -mm tree, contributed the vast majority of the changes filed under "Google" (and most of those changes aren't Google-specific - Andrew has been doing this since before he was employed there). If you subtract Andrew, Google is responsible for a tiny part of kernel development last I heard, unfortunately.

Re:Does Google give coade back

[CyrusOmega]

A lot of companies will also use a single employee for all of their commits too. I know the company I used to work for made one man look like a code factory to a certain open source project, but, in fact, it was a team of 20 or so devs behind him doing the real work.

Re:Does Google give coade back

[ibwolf]

most of those changes aren't Google-specific

Why would they submit "Google-specific" patches?

It would make sense for them to only submit those patches that they believed to be of general utility. Other stuff would likely not be accepted.

Re:Does Google give coade back

[marcansoft]

Andrew has been doing a large amount of kernel work for some time now, before his employment with Google. Note that the 6% figure is under non-author signoffs - people that patches went through, instead of people who actually authored them. Heck, even I submitted a patch that went through Andrew once (and I've submitted like 5 patches to the kernel). Andrew does a lot of gatekeeping for the kernel, but he doesn't write that much code, and he certainly doesn't appear to be committing code written by Google's kernel team under his name as a committer.

Google isn't even on the list of actual code-writing employers, which means they're under 0.9%. I watched a Google Tech Talk about the kernel once (I forget the exact name) where it was mentioned that Google was (minus Andrew) somewhere in the 40th place or so of companies who contribute changes to Linux.

Re:Does Google give coade back

[farnsworth]

Google is responsible for a tiny part of kernel development last I heard, unfortunately.

I don't know that much about google's private modifications, but the question of "what to give back" does not always have a clear default answer. I've modified lots of OSS in the past and not given it back, simply because my best guess was that I am the only person who will ever want feature x. There's no point in cluttering up mailing lists or documentation with something extremely esoteric. It's not because I'm lazy or selfish or greedy -- sometimes the right answer is to just keep things to yourself. (Of course, there are times when I've modified something hackishly, and had been too lazy or embarrassed to send it back upstream :)

Perhaps google answers this question in a different way than others would, but that doesn't necessarily conflict with "the spirit of OSS", whatever that might be.

Re:Does Google give coade back

[itzdandy]

If you subtract search engines google is responsible for a a tiny portion of the internet. Andrew gets benies from google so I suppose they do get some credit for the quantity of his work as he needs to eat and pay rent so that he can code.

Re:Does Google give coade back

[marcansoft]

By that I meant "developed for Google, useful to other people".

We can divide Andrew's potential kernel work into 4 categories:

1. Private changes for Google, not useful for other people.
2. Public changes for Google, deemed useful to other people but originally developed to suit Google's needs.
3. Public changes of general usefulness. Google might find them useful, but doesn't drive their development.
4. Maintaining -mm and signing off and merging other people's stuff

Points 1 and 2 can be considered a result of Andrew's employment at google. Points 3 and 4 would happen even if he weren't employed at Google. From my understanding, the vast majority of Andrew's work is point 4 (that's why he's listed under non-author signoffs as 6%, along with Google). Both Andrew's and Google's commit-author contributions are below 0.9%.

So what we can derive from the data in the article, assuming it's accurate, is:

• Google's employees as a whole authored less than 0.9% of the changes that went into 2.6.31
• Andrew authored less than 0.8% of the 2.6.31 changes
• Andrew signed off on 6% of the 2.6.31 changes
• Besides Andrew, 3 other changes were signed off by Google employees (that's like .03%)

So no, Google doesn't contribute much to the kernel. Having Andrew on board gives them some presence and credibility in kernel-land, but they don't actually author much public kernel code. Hiring someone to keep doing what they were already doing doesn't make you a kernel contributor.

Re:Open source is the coat tails that Google rides

[IamTheRealMike]

Hmm, you realize that Android alone is over 10 million lines of code right? That's a pretty big open source contribution right there. But then there's also over a million lines of code across 100+ smaller projects too. So I am not sure what your definition of "table scraps" is but it's significantly more lines of code than most companies do.

Re:The Win32 Way

[Sam+Douglas]

In Unix if malloc returns null then the memory allocation failed and you don't have the memory. A well written program should check that. Overcommitting memory can have efficiency advantages, but things can also turn out badly. Linux has heuristics to determine how much to overcommit the memory, or it can be disabled entirely.

http://utcc.utoronto.ca/~cks/space/blog/unix/MemoryOvercommit

http://utcc.utoronto.ca/~cks/space/blog/linux/LinuxVMOvercommit

Are you nuts

I'm not a huge goog fan, I never take their cookies so I don't use anything but search..but JUST search is way more "give back" than table scraps. If they announced tomorrow their search would now cost x-dollars a year, as long as it was somewhat reasonable,like an extra 5 bucks a month on top of my ISP bill, I'd pay for those table scraps. Google search has done more than anything else to make the web actually *useful* since the invention of the hyperlink.

Sure, there are other search engines, but if you actually learn to *use* the features and filters present wih google's, it just stomps all the others flat.

Whatever they give back in terms of code is just gravy on top of that.

DTrace

They monitor all disk and network traffic, record it, and use it for analyzing their operations later on. Hooks have been added to let them associate all disk I/O back to applications - including asynchronous writeback I/O.

I. Want. This.

DTrace code:

#pragma D option quiet

io:::start
{
                @[args[1]->dev_statname, execname, pid] = sum(args[0]->b_bcount);
}

END
{
                printf("%10s %20s %10s %15s\n", "DEVICE", "APP", "PID", "BYTES");
                printa("%10s %20s %10d %15@d\n", @);
}

Output:

# dtrace -s ./whoio.d
^C
        DEVICE APP PID BYTES
          cmdk0 cp 790 1515520
              sd2 cp 790 1527808

More examples at:

http://wikis.sun.com/display/DTrace/io+Provider

wtf?

Oh sorry...title had me thinking this was penguin porn

Real example...

[Fished]

Back in the 90's, we had a customized patch to Apache to make it forward tickets within our intranet as supplied by our (also customized) Kerberos libraries for our (also customized) build of Lynx. It all had to do with a very robust system for managing customer contacts that ran with virtually no maintenance from 1999 to 2007--and I was the only person who understood it because I wrote it as the SA--when it was scrapped for a "modern" and "supportable" solution that (of course) requires a dozen full-time developers and crashes all the time.

Not really bitching too much, because that platform was a product of the go-go 90's, and IT doctrine has changed for the better. No way should a product be out there with all your customer information that only one person understands. But it was a sweet solution that did its job and did its job well for a LONG time. Better living through the UNIX way of doing things!

But, anyway, I never bothered to contribute any of the patches from that back to the Apache tree (or the other trees) because they really only made sense in that particular context and as a group. If you weren't doing EXACTLY what we were doing, there was no point in the patches, and NOBODY was doing exactly what we were doing.

Re:So about 1/10th Sun's contribution

[Again]

That's a drop in the bucket compared to what Sun has contributed to open source. Of course, slashdot appears to be perversely against Sun for some reason I cannot fathom.

Names are very important. The name Sun reminds of that place on the other side of the door where if we go, our skin gets red and burns. Google reminds us of that friendly homepage that would load under 5 seconds on dial-up.

Reminds me of Android

[cycoj]

Somehow I'm reminded about the whole Android thing. Google really seems to have the urge to only do their own thing. Same thing with android where they have thrown out the whole "Linux" userspace to reinvent the wheel (only not as good, see Harald Welte's Blog for a rant about it). Here it seems the same thing they just do their own thing without merging back and disregarding experiences others might have had.

On a side note, their problems with the Completely Fair Scheduler should be a good argument for pluggable schedulers. It shows one scheduler can't fit all use cases, but I doubt Linus will listen.
C

Re:Open source is the coat tails that Google rides

[petrus4]

They take and take from open source and throw back a couple of table scraps and you people all kiss their ass for it.

300K lines of code? Yep, table scraps.

For people who wonder why I continue to want to see the end of the FSF, the above attitude is the reason why. Stallman and his organisation are the reason for it.

Aside from being ugly and spiritually bankrupt, reciprocity paranoia is based on completely erroneous reasoning, as well. The same people who talk about how music piracy isn't harming anyone, because it doesn't physically take away from a finite supply of copies, are also those who express the above paranoia about people "taking," from FOSS, as if that is somehow a physically finite resource, when music isn't.

Get rid of your fear.

Re:Solaris

[T-Ranger]

And yet, tar is still broken. Well, maybe not today, but it sure as fuck was in 1994.

Pick your poison.