Language Selection

English French German Italian Portuguese Spanish

Latest Open Access LWN: Fedora, Linux Kernel, and Graphics

Filed under
Graphics/Benchmarks
Linux
Red Hat
  • Fedora's foundations meet proprietary drivers

    The Fedora project's four "foundations" are named "Freedom", "Friends", "Features", and "First". Among other things, they commit the project to being firmly within the free-software camp ("we believe that advancing software and content freedom is a central goal for the Fedora Project, and that we should accomplish that goal through the use of the software and content we promote") and to providing leading-edge software, including current kernels. Given that the kernel project, too, is focused on free software, it is interesting to see a call within the Fedora community to hold back on kernel updates in order to be able to support a proprietary driver.

    On September 5, Fedora kernel maintainer Laura Abbott announced that the just-released 4.13 kernel would be built for the (in-development) Fedora 27 release, and that it would eventually find its way into the Fedora 25 and 26 releases as well. That is all in line with how Fedora generally operates; new kernels are pushed out to all supported releases in relatively short order. Running current kernels by default is clearly a feature that many Fedora users find useful.

    More recently, though, James Hogarth noted that the NVIDIA proprietary driver did not work with the 4.13 kernel. This kind of breakage is not all that unusual. While the user-space ABI must be preserved, the kernel project defends its right to change internal interfaces at any time. Any problems that out-of-tree code experiences as a result of such changes is deemed to be part of the cost of staying out of the mainline. There is little sympathy for those who have to deal with such issues, and none at all if the out-of-tree code in question is proprietary. Community-oriented projects like Fedora usually take a similar attitude, refusing to slow down for the sake of proprietary code.

  • Notes from the LPC tracing microconference

    The "tracing and BPF" microconference was held on the final day of the 2017 Linux Plumbers Conference; it covered a number of topics relevant to heavy users of kernel and user-space tracing. Read on for a summary of a number of those discussions on topics like BPF introspection, stack traces, kprobes, uprobes, and the Common Trace Format.

    Unfortunately, your editor had to leave the session before it reached its end, so this article does not reflect all of the topics discussed there. For those who are interested, this Etherpad instance contains notes taken by participants at the session.

  • An update on live kernel patching

    In the refereed track at the 2017 Linux Plumbers Conference (LPC), Jiri Kosina gave an update on the status and plans for the live kernel patching feature. It is a feature that has a long history—pre-dating Linux itself—and has had a multi-year path into the kernel. Kosina reviewed that history, while also looking at some of the limitations and missing features for live patching.

    The first question that gets asked about patching a running kernel is "why?", he said. That question gets asked in the comments on LWN articles and elsewhere. The main driver of the feature is the high cost of downtime in data centers. That leads data center operators to plan outages many months in advance to reduce the cost; but in the case of a zero-day vulnerability, that time is not available. Live kernel patching is targeted at making small security fixes as a stopgap measure until the kernel can be updated during a less-hurried, planned outage. It is not meant for replacing the kernel bit by bit over time, but as an emergency measure when the kernel is vulnerable.

  • Safety-critical realtime with Linux

    Doing realtime processing with a general-purpose operating-system like Linux can be a challenge by itself, but safety-critical realtime processing ups the ante considerably. During a session at Open Source Summit North America, Wolfgang Mauerer discussed the difficulties involved in this kind of work and what Linux has to offer.

    Realtime processing, as many have said, is not synonymous with "real fast". It is, instead, focused on deterministic response time and repeatable results. Getting there involves quantifying the worst-case scenario and being prepared to handle it — a 99% success rate is not good enough. The emphasis on worst-case performance is at the core of the difference with performance-oriented processing, which uses caches, lookahead algorithms, pipelines, and more to optimize the average case.

  • A memory allocation API for graphics devices

    At last year's X.Org Developers Conference (XDC), James Jones began the process of coming up with an API for allocating memory so that it is accessible to multiple different graphics devices in a system (e.g. GPUs, hardware compositors, video decoders, display hardware, cameras, etc.). At XDC 2017 in Mountain View, CA, he was back to update attendees on the progress that has been made. He has a prototype in progress, but there is plenty more to do, including working out some of the problems he has encountered along the way.

    Jones has been at NVIDIA for 13 years and has been working on this problem in various forms for most of that time, he said. Allocating buffers and passing them around between multiple drivers is a complicated problem. The allocator will sit in the same place as the Generic Buffer Management (GBM) component is today; it will be used both by applications and by various user-space driver components. The allocator will support both vendor-agnostic (e.g. Android ION) and vendor-specific back-ends, as well as combinations of the two.

More in Tux Machines

today's howtos

Today in Techrights

Security Leftovers

  • One-stop counterfeit certificate shops for all your malware-signing needs

    The Stuxnet worm that targeted Iran's nuclear program almost a decade ago was a watershed piece of malware for a variety of reasons. Chief among them, its use of cryptographic certificates belonging to legitimate companies to falsely vouch for the trustworthiness of the malware. Last year, we learned that fraudulently signed malware was more widespread than previously believed. On Thursday, researchers unveiled one possible reason: underground services that since 2011 have sold counterfeit signing credentials that are unique to each buyer.

  • How did OurMine hackers use DNS poisoning to attack WikiLeaks? [Ed: False. They did not attack Wikileaks; they attacked the DNS servers/framework. The corporate media misreported this at the time.
    The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.
  • Intel didn't give government advance notice on chip flaws

    Google researchers informed Intel of flaws in its chips in June. The company explained in its own letter to lawmakers that it left up to Intel informing the government of the flaws.

    Intel said that it did not notify the government at the time because it had “no indication of any exploitation by malicious actors,” and wanted to keep knowledge of the breach limited while it and other companies worked to patch the issue.

    The company let some Chinese technology companies know about the vulnerabilities, which government officials fear may mean the information was passed along to the Chinese government, according to The Wall Street Journal.

  • Intel hid CPU bugs info from govt 'until public disclosure'

    As iTWire reported recently, Intel faces a total of 33 lawsuits over the two flaws. Additionally, the Boston law firm of Block & Leviton is preparing a class action lawsuit against Intel chief executive Brian Krzanich for allegedly selling a vast majority of his Intel stock after the company was notified of the two security flaws and before they became public.

  • Intel did not tell U.S. cyber officials about chip flaws until made public [iophk: "yeah right"]

    Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers [sic] had not exploited the vulnerabilities.

  • LA Times serving cryptocurrency mining script [iophk: "JS"]

    The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker [sic] appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.

  • Facebook's Mandatory Malware Scan Is an Intrusive Mess

    When an Oregon science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook’s malware scanner if she wanted to get back in. Charity couldn’t use Facebook until she completed the scan, but the file the company provided was for a Windows device—Charity uses a Mac.

  • Tinder plugs flaw that enabled account takeover using just a phone number

    As Tinder uses Facebook profile pics for its users to lure in a mate or several, the 'dating' app is somewhat tied to the social network. When a swipe-hungry Tinder user comes to login to their account they can either do so via Facebook or use their mobile number.

  • `

Android Leftovers