Language Selection

English French German Italian Portuguese Spanish

Linux 5.3, LWN's Kernel Coverage and the Linux Foundation

Filed under
Linux
  • Linux 5.3 Enables "-Wimplicit-fallthrough" Compiler Flag

    The recent work on enabling "-Wimplicit-fallthrough" behavior for the Linux kernel has culminated in Linux 5.3 with actually being able to universally enable this compiler feature.

    The -Wimplicit-fallthrough flag on GCC7 and newer warns of cases where switch case fall-through behavior could lead to potential bugs / unexpected behavior.

  • EXT4 For Linux 5.3 Gets Fixes & Faster Case-Insensitive Lookups

    The EXT4 file-system updates have already landed for the Linux 5.3 kernel merge window that opened this week.

    For Linux 5.3, EXT4 maintainer Ted Ts'o sent in primarily a hearty serving of fixes. There are fixes from coverity warnings being addressed to typos and other items for this mature and widely-used Linux file-system.

  • Providing wider access to bpf()

    The bpf() system call allows user space to load a BPF program into the kernel for execution, manipulate BPF maps, and carry out a number of other BPF-related functions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of program loaded, are capable of creating various types of mayhem. As a result, most BPF operations, including the loading of almost all types of BPF program, are restricted to processes with the CAP_SYS_ADMIN capability — those running as root, as a general rule. BPF programs are useful in many contexts, though, so there has long been interest in making access to bpf() more widely available. One step in that direction has been posted by Song Liu; it works by adding a novel security-policy mechanism to the kernel.
    This approach is easy enough to describe. A new special device, /dev/bpf is added, with the core idea that any process that has the permission to open this file will be allowed "to access most of sys_bpf() features" — though what comprises "most" is never really spelled out. A non-root process that wants to perform a BPF operation, such as creating a map or loading a program, will start by opening this file. It then must perform an ioctl() call (BPF_DEV_IOCTL_GET_PERM) to actually enable its ability to call bpf(). That ability can be turned off again with the BPF_DEV_IOCTL_PUT_PERM ioctl() command.

    Internally to the kernel, this mechanism works by adding a new field (bpf_flags) to the task_struct structure. When BPF access is enabled, a bit is set in that field. If this patch goes forward, that detail is likely to change since, as Daniel Borkmann pointed out, adding an unsigned long to that structure for a single bit of information is unlikely to be popular; some other location for that bit will be found.

  • The io.weight I/O-bandwidth controller

    Part of the kernel's job is to arbitrate access to the available hardware resources and ensure that every process gets its fair share, with "its fair share" being defined by policies specified by the administrator. One resource that must be managed this way is I/O bandwidth to storage devices; if due care is not taken, an I/O-hungry process can easily saturate a device, starving out others. The kernel has had a few I/O-bandwidth controllers over the years, but the results have never been entirely satisfactory. But there is a new controller on the block that might just get the job done.
    There are a number of challenges facing an I/O-bandwidth controller. Some processes may need a guarantee that they will get at least a minimum amount of the available bandwidth to a given device. More commonly in recent times, though, the focus has shifted to latency: a process should be able to count on completing an I/O request within a bounded period of time. The controller should be able to provide those guarantees while still driving the underlying device at something close to its maximum rate. And, of course, hardware varies widely, so the controller must be able to adapt its operation to each specific device.

    The earliest I/O-bandwidth controller allows the administrator to set maximum bandwidth limits for each control group. That controller, though, will throttle I/O even if the device is otherwise idle, causing the loss of I/O bandwidth. The more recent io.latency controller is focused on I/O latency, but as Tejun Heo, the author of the new controller, notes in the patch series, this controller really only protects the lowest-latency group, penalizing all others if need be to meet that group's requirements. He set out to create a mechanism that would allow more control over how I/O bandwidth is allocated to groups.

  • TurboSched: the return of small-task packing

    CPU scheduling is a difficult task in the best of times; it is not trivial to pick the next process to run while maintaining fairness, minimizing energy use, and using the available CPUs to their fullest potential. The advent of increasingly complex system architectures is not making things easier; scheduling on asymmetric systems (such as the big.LITTLE architecture) is a case in point. The "turbo" mode provided by some recent processors is another. The TurboSched patch set from Parth Shah is an attempt to improve the scheduler's ability to get the best performance from such processors.
    Those of us who have been in this field for far too long will, when seeing "turbo mode", think back to the "turbo button" that appeared on personal computers in the 1980s. Pushing it would clock the processor beyond its original breathtaking 4.77MHz rate to something even faster — a rate that certain applications were unprepared for, which is why the "go slower" mode was provided at all. Modern turbo mode is a different thing, though, and it's not just a matter of a missing front-panel button. In short, it allows a processor to be overclocked above its rated maximum frequency for a period of time when the load on the rest of system overall allows it.

    Turbo mode can thus increase the CPU cycles available to a given process, but there is a reason why the CPU's rated maximum frequency is lower than what turbo mode provides. The high-speed mode can only be sustained as long as the CPU temperature does not get too high and, crucially (for the scheduler), the overall power load on the system must not be too high. That, in turn, implies that some CPUs must be powered down; if all CPUs are running, there will not be enough power available for any of those CPUs to go into the turbo mode. This mode, thus, is only usable for certain types of workloads and will not be usable (or beneficial) for many others.

  • EdgeX Foundry Announces Production Ready Release Providing Open Platform for IoT Edge Computing to a Growing Global Ecosystem

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge IoT computing independent of hardware, silicon, application cloud, or operating system, today announced the availability of its “Edinburgh” release. Created collaboratively by a global ecosystem, EdgeX Foundry’s new release is a key enabler of digital transformation for IoT use cases and is a platform for real-world applications both for developers and end users across many vertical markets. EdgeX community members have created a range of complementary products and services, including commercial support, training and customer pilot programs and plug-in enhancements for device connectivity, applications, data and system management and security.

    Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications.

More in Tux Machines

Fedora, Red Hat and IBM Leftovers

  • Feora: How to setup an anonymous FTP download server

    Sometimes you may not need to set up a full FTP server with authenticated users with upload and download privileges. If you are simply looking for a quick way to allow users to grab a few files, an anonymous FTP server can fit the bill. This article shows you show to set it up.

  • Kubernetes networking, OpenStack Train, and more industry trends

    As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.

  • How collaboration fueled a development breakthrough at Greenpeace

    We'd managed to launch a prototype of Planet 4, Greenpeace's new, open engagement platform for activists and communities. It's live in more than 38 countries (with many more sites). More than 1.75 million people are using it. We've topped more than 3.1 million pageviews. To get here, we spent more than 650 hours in meetings, drank 1,478 litres of coffee, and fixed more than 300 bugs. But it fell short of our vision; it still wasn't the minimum lovable product we wanted and we didn't know how to move it forward. We were stuck. Planet 4's complexity was daunting. We didn't always have the right people to address the numerous challenges the project raised. We didn't know if we'd ever realize our vision. Yet a commitment to openness had gotten us here, and I knew a commitment to openness would get us through this, too.

  • After Seven Quarters Of Growth, Power Systems Declines

    The tough compares have hit home on IBM’s Power Systems business, but the good news is that this has happened after seven consecutive quarters of growth for the Power-based server business that Big Blue owns lock, stock, and barrel. Even with this decline, which was quite steep because of the triple whammy of tough compares (more on that in a moment), there is still a healthy underlying Power Systems business that is much better off than the last time it was hit by similar declines. Let’s take a look at the numbers for IBM’s Power Systems division and then work our way up through its Systems group and to the company at large. According to the presentation put together by IBM’s chief financial officer, Jim Cavanaugh, to go over the numbers for the third quarter of 2019, the Power Systems division had a decline of 27 percent in constant currency (meaning growth in local currencies aggregated across those economies), with as-reported sales also being down 27 percent. In other words, currency had no effect on the overall Power Systems business even if it did impact IBM’s sales, as reported in U.S. dollars, by 1.3 percent in the period ended in September.

  • Red Hat Government Symposium: Transforming culture and creating open innovation powerhouses

    For state, local and federal government agencies, digital transformation means much more than just migrating away from legacy technology systems. It involves inspiring ideas, encouraging communication and collaboration, and empowering government employees to forge their organizations’ innovation pathways.  That’s why we are focusing on cultural transformation at our upcoming Red Hat Government Symposium. This year’s one-day event—Open transforms: A future built on open source—will be on Nov. 12, 2019, in Washington, D.C., and will feature a stellar lineup of keynotes and panels, as well as fantastic networking opportunities with industry peers.  

  • Journey to the Future of Money with Red Hat at Money 20/20

    Event season is in full swing for the Red Hat Financial services team, and this time, we are headed to the bright lights of Las Vegas to attend Money 20/20 USA, being held from October 27 - 30th. Red Hat will be attending to sponsor a number of activities and discuss the important role open source technologies play in the future of payments, money and banking activities. 

SUSE Leftovers

  • Digital Transformation – it’s dead, Jim?

    However, digital transformation is like life – it’s an ongoing process, not something you just do once and then it’s done and dusted. A large part of digital transformation is your cloud strategy, which I wrote about fairly recently. That is also something that isn’t a one-off task, but is instead an evolving, transformational process. It was interesting to see, after speaking to attendees at the Gartner event in Frankfurt, that a number of them still hadn’t defined their cloud strategy outside of “we need to move everything to the cloud for cost savings and agility”, while some hadn’t even begun writing a cloud strategy. Looking at a chart showing the trends in Google searches for digital transformation in the US (the global trend is the same) over the past 5 years, you can see that while it trends up and then down fairly regularly, it still continues to grow on the whole. So if it’s been around for a while, why does it continue to grow, and is it still relevant?

  • New Security Tools for Application Delivery

    What if you could shut down cybercriminals’ most frequently used method of attack? At SUSE we’ve recently made a move to help you get closer to that goal. As you may know, SUSE recently released new versions of our application delivery solutions, SUSE CaaS Platform 4 and SUSE Cloud Application Platform 1.5. The releases contain a number of important updates and features, but the one most exciting in terms of protecting your organization is the addition of Cilium to SUSE CaaS Platform.

Security: Patches, Nostromo, PureBoot and Microsoft's Latest DRM Lock-down (Locking GNU/Linux Out for 'Security')

  • Security updates for Monday

    Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).

  • Nostromo web servers exposed by resurrected RCE vulnerability

    A security researcher has disclosed the existence of a remote code execution (RCE) vulnerability in the open source Nostromo web server software. On Monday, a threat analyst and bounty hunter with the online handle Sudoka published a technical analysis of the bug, tracked as CVE-2019-16278. The vulnerability impacts Nostromo, also known as nhttpd, a niche web server used by some in the Unix and open source community but altogether dwarfed in popularity by Apache. In a blog post, Sudoka said the vulnerability stems from shortcomings in how the path of URLs are verified. Inadequate URL checks mean that an unauthenticated attackers is able to force a server to point to a shell file, resulting in the potential execution of arbitrary code.

  • PureBoot Best Practices

    Recently we started offering the PureBoot Bundle–PureBoot installed and configured on your laptop at the factory and bundled with a pre-configured Librem Key so you can detect tampering from the moment you unbox your laptop. It’s been great to see so many customers select the PureBoot Bundle and now that PureBoot is on so many more customer laptops, we felt it was a good time to write up a post to describe some best practices when using PureBoot. If you are just getting started with PureBoot and want to know the basics, check out our Getting Started Guide for pointers on what to do when you start up your PureBoot Bundle for the first time. In this post I’ll assume you have already gone through the first boot and first reboot of your laptop and have settled into daily use.

  •                
  • Secured-core PCs offer new defense against firmware attacks
                     
                       

    Microsoft, chipmakers, and several PC makers on Monday announced Secured-core PCs, which use hardware-based defense mechanisms to combat firmware-level security attacks.

  •                
  • Microsoft's New Plan to Defend the Code Deep Within PCs
                     
                       

    The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on a system. Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way. Only the chip manufacturers will hold the encryption keys to broker these checks, and they're burned onto the CPUs during manufacturing rather than interacting with the firmware's amorphous, often unreliable code layer.

  •                            

Games: Remote Play Together, OpenRA, The Coma 2, Humble Store and Shiver

  • Steam 'Remote Play Together' is now in Beta, allowing local multiplayer games over the net

    Today, Valve have released an exciting update to the Steam Beta Client which adds in Remote Play Together, allowing you to play local co-op, local multiplayer and shared/split screen games over the net with your friends. From what Valve said, it will allow up to four players "or even more in ideal conditions", meaning if you all have reasonable internet connections you might be able to play with quite a few people. Something that has of course been done elsewhere, although the advantage here is no extra payments or software needed as it runs right from the Steam client. It's very simply done too. Just like you would invite friends to join your online game, you invite them to Remote Play Together from the Steam Friends list and if they accept…away you go. Only the host needs to own the game too, making it easy to get going.

  • Another OpenRA preview build is up needing testing, Tiberian Sun support is coming along

    Work continues on the open source game engine OpenRA which allows you to play Command & Conquer, Red Alert and Dune 2000 on Linux and other modern platforms with support for Tiberian Sun progressing well. [...] One issue they've been dealing with is deployable units in Tiberian Sun, while OpenRA had basic support for the feature due to the Construction Yards in classic C&C it wasn't suitable for Tiberian Sun. Now though? They've overhauled it and expanded it. You can now queue up deploy commands between other orders, deployable units can be ordered to pack up and then move somewhere else as a single action too. Additionally, the code for aircraft and helicopter movement has also been given an overhaul to add in many of the extra features and dynamics needed for Banshees, Orcas, and Carryalls. The transport behaviour for the Carryall was also updated, with unit pick-up behaviour closer to the original game and allowing you to queue up multiple transport runs.

  • Devespresso Games join with Headup for Western release of The Coma 2: Vicious Sisters

    The Korean survival horror-adventure The Coma 2: Vicious Sisters from Devespresso Games is now getting a helping hand from publisher Headup for Western audiences. Also confirmed through the press emails is that The Coma 2 will be entering Steam Early Access on November 5th, with a full release expected in "Q1 2020".

  • Humble Store is doing a Female Protagonist Sale, plus the upcoming Steam sale dates leaked

    The week has only just begun and there's plenty of sales going on, with even more coming up. Let's have a little look. First up, Humble Store is doing a Female Protagonist Sale celebrating various heroines across multiple genres.

  • Kowai Sugoi Studios close up so they've made their point & click horror 'Shiver' free

    Times are tough for indies, with Kowai Sugoi Studios announcing they're closing up shop and so they've set their point and click horror title Shiver free for everyone. Kowai Sugoi Studios said in a blog post on the official site that this month they're shutting down, no reason for it was given but they gave their "sincere appreciation to our friends, family, and fans" for supporting them along the way. Shiver seems to be their only game, released originally back in 2017.