Language Selection

English French German Italian Portuguese Spanish

Linux 5.3, LWN's Kernel Coverage and the Linux Foundation

Filed under
Linux
  • Linux 5.3 Enables "-Wimplicit-fallthrough" Compiler Flag

    The recent work on enabling "-Wimplicit-fallthrough" behavior for the Linux kernel has culminated in Linux 5.3 with actually being able to universally enable this compiler feature.

    The -Wimplicit-fallthrough flag on GCC7 and newer warns of cases where switch case fall-through behavior could lead to potential bugs / unexpected behavior.

  • EXT4 For Linux 5.3 Gets Fixes & Faster Case-Insensitive Lookups

    The EXT4 file-system updates have already landed for the Linux 5.3 kernel merge window that opened this week.

    For Linux 5.3, EXT4 maintainer Ted Ts'o sent in primarily a hearty serving of fixes. There are fixes from coverity warnings being addressed to typos and other items for this mature and widely-used Linux file-system.

  • Providing wider access to bpf()

    The bpf() system call allows user space to load a BPF program into the kernel for execution, manipulate BPF maps, and carry out a number of other BPF-related functions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of program loaded, are capable of creating various types of mayhem. As a result, most BPF operations, including the loading of almost all types of BPF program, are restricted to processes with the CAP_SYS_ADMIN capability — those running as root, as a general rule. BPF programs are useful in many contexts, though, so there has long been interest in making access to bpf() more widely available. One step in that direction has been posted by Song Liu; it works by adding a novel security-policy mechanism to the kernel.
    This approach is easy enough to describe. A new special device, /dev/bpf is added, with the core idea that any process that has the permission to open this file will be allowed "to access most of sys_bpf() features" — though what comprises "most" is never really spelled out. A non-root process that wants to perform a BPF operation, such as creating a map or loading a program, will start by opening this file. It then must perform an ioctl() call (BPF_DEV_IOCTL_GET_PERM) to actually enable its ability to call bpf(). That ability can be turned off again with the BPF_DEV_IOCTL_PUT_PERM ioctl() command.

    Internally to the kernel, this mechanism works by adding a new field (bpf_flags) to the task_struct structure. When BPF access is enabled, a bit is set in that field. If this patch goes forward, that detail is likely to change since, as Daniel Borkmann pointed out, adding an unsigned long to that structure for a single bit of information is unlikely to be popular; some other location for that bit will be found.

  • The io.weight I/O-bandwidth controller

    Part of the kernel's job is to arbitrate access to the available hardware resources and ensure that every process gets its fair share, with "its fair share" being defined by policies specified by the administrator. One resource that must be managed this way is I/O bandwidth to storage devices; if due care is not taken, an I/O-hungry process can easily saturate a device, starving out others. The kernel has had a few I/O-bandwidth controllers over the years, but the results have never been entirely satisfactory. But there is a new controller on the block that might just get the job done.
    There are a number of challenges facing an I/O-bandwidth controller. Some processes may need a guarantee that they will get at least a minimum amount of the available bandwidth to a given device. More commonly in recent times, though, the focus has shifted to latency: a process should be able to count on completing an I/O request within a bounded period of time. The controller should be able to provide those guarantees while still driving the underlying device at something close to its maximum rate. And, of course, hardware varies widely, so the controller must be able to adapt its operation to each specific device.

    The earliest I/O-bandwidth controller allows the administrator to set maximum bandwidth limits for each control group. That controller, though, will throttle I/O even if the device is otherwise idle, causing the loss of I/O bandwidth. The more recent io.latency controller is focused on I/O latency, but as Tejun Heo, the author of the new controller, notes in the patch series, this controller really only protects the lowest-latency group, penalizing all others if need be to meet that group's requirements. He set out to create a mechanism that would allow more control over how I/O bandwidth is allocated to groups.

  • TurboSched: the return of small-task packing

    CPU scheduling is a difficult task in the best of times; it is not trivial to pick the next process to run while maintaining fairness, minimizing energy use, and using the available CPUs to their fullest potential. The advent of increasingly complex system architectures is not making things easier; scheduling on asymmetric systems (such as the big.LITTLE architecture) is a case in point. The "turbo" mode provided by some recent processors is another. The TurboSched patch set from Parth Shah is an attempt to improve the scheduler's ability to get the best performance from such processors.
    Those of us who have been in this field for far too long will, when seeing "turbo mode", think back to the "turbo button" that appeared on personal computers in the 1980s. Pushing it would clock the processor beyond its original breathtaking 4.77MHz rate to something even faster — a rate that certain applications were unprepared for, which is why the "go slower" mode was provided at all. Modern turbo mode is a different thing, though, and it's not just a matter of a missing front-panel button. In short, it allows a processor to be overclocked above its rated maximum frequency for a period of time when the load on the rest of system overall allows it.

    Turbo mode can thus increase the CPU cycles available to a given process, but there is a reason why the CPU's rated maximum frequency is lower than what turbo mode provides. The high-speed mode can only be sustained as long as the CPU temperature does not get too high and, crucially (for the scheduler), the overall power load on the system must not be too high. That, in turn, implies that some CPUs must be powered down; if all CPUs are running, there will not be enough power available for any of those CPUs to go into the turbo mode. This mode, thus, is only usable for certain types of workloads and will not be usable (or beneficial) for many others.

  • EdgeX Foundry Announces Production Ready Release Providing Open Platform for IoT Edge Computing to a Growing Global Ecosystem

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge IoT computing independent of hardware, silicon, application cloud, or operating system, today announced the availability of its “Edinburgh” release. Created collaboratively by a global ecosystem, EdgeX Foundry’s new release is a key enabler of digital transformation for IoT use cases and is a platform for real-world applications both for developers and end users across many vertical markets. EdgeX community members have created a range of complementary products and services, including commercial support, training and customer pilot programs and plug-in enhancements for device connectivity, applications, data and system management and security.

    Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications.

More in Tux Machines

Fedora and Red Hat: New F30 Builds, Flock Report, Servers and Package Management Domain Model

  • Ben Williams: F30-20190818 updated isos released.

    The Fedora Respins SIG is pleased to announce the latest release of Updated F30-20190816 Live ISOs, carrying the 5.2.8-200 kernel. This set of updated isos will save considerable amounts of updates after install. ((for new installs.)(New installs of Workstation have 1.2GB of updates)). A huge thank you goes out to irc nicks dowdle, satellite,Southern-Gentlem for testing these iso.

  • Flock to Fedora 2019 Conference report

    Last week I attended “Flock to Fedora” conference in Budapest, Hungary. It was a Fedora contributors conference where I met some developers, project leaders, GSoC interns. Below is a brief report of my attendance.

  • What salary can a sysadmin expect to earn?

    The path to reliable salary data sometimes is sometimes paved with frustration. That’s because the honest answer to a reasonable question—what should I be paid for this job?—is usually: "It depends." Location, experience, skill set, industry, and other factors all impact someone’s actual compensation. For example, there’s rarely a single, agreed-upon salary for a particular job title or role. All of the above applies to system administrators. It’s a common, long-established IT job that spans many industries, company sizes, and other variables. While sysadmins may share some common fundamentals, it’s certainly not a one-size-fits-all position, and it’s all the truer as some sysadmin roles evolve to take on cloud, DevOps, and other responsibilities. What salary can you expect to earn as a sysadmin? Yeah, it depends. However, that doesn’t mean you can’t get a clear picture of what sysadmin compensation looks like, including specific numbers. This is information worth having handy if you’re a sysadmin on the job market or seeking a promotion. Let’s start with some good news from a compensation standpoint. Sysadmins—like other IT pros these days—are in demand. "In today’s business environment, companies are innovating and moving faster than ever before, and they need systems that can keep up with the pace of their projects and communications, as well as help everything run smoothly," says Robert Sutton, district president for the recruiting firm Robert Half Technology. "That’s why systems administrators are among the IT professionals who can expect to see a growing salary over the next year or so."

  • Run Mixed IT Efficiently, The Adient – SUSE Way.

    When you have multiple distributions, such as Red Hat and SUSE, you can reduce administration complexity and save administration time and resources with a common management tool. Adient had applications running on both SUSE Linux Enterprise Server and Red Hat Enterprise Linux. Adient deployed SUSE Manager to manage their Mixed IT environment involving both distributions.

  • Package Management Domain Model

    When I wrote this model, we were trying to unify a few different sorts of packages. Coming from SpaceWalk, part of the team was used to wokring on RPMS with the RPM Database for storage, and Yum as the mechanism for fetching them. The other part of the team was coming from the JBoss side, working with JAR, WAR, EAR and associated files, and the Ivy or Maven building and fetching the files. We were working within the context of the Red Hat Network (as it was then called) for delivering content to subscribers. Thus, we had the concept of Errata, Channels, and Entitlements which are somewhat different from what other organizations call these things, but the concepts should be general enough to cover a range of systems. There are many gaps in this diagram. It does not discuss the building of packages, nor the relationship between source and binary packages. It also does not provide a way to distinguish between the package storage system and the package fetch mechanism. But the bones are solid. I’ve used this diagram for a few years, and it is useful.

Review: AcademiX GNU/Linux 2.2

What sets AcademiX apart from other distributions is the EDU software manager. This package manager provides curated lists of educational software, which are grouped by subject and by age range. This package manager makes finding educational software really easy. There is software for astronomy, biology, geography, foreign languages, and many other subjects. While there are gaps in the availability of applications covering various subjects, that is a gap in the broader open source application ecosystem, not something specific to AcademiX. While some of the rough edges I noted with the installation process and the desktop customization make me a hesitant to recommend AcademiX to new Linux users, Educational Technology professionals should perhaps try out AcademiX just to use the EDU package manager to explore various open source applications. While installing and updating software was easy and basically the same experience as any other modern, Debian-based distribution, the fact that some of the packages come from servers in Romania means that some package downloads can be much slower than downloading from the world-wide network of Debian mirrors. For individual packages and small collections of packages this is not too noticeable, but it is still an issue. The frustrating part is the fact that the speeds are not consistent. Sometimes I was downloading at only 40kbps, but other times it was much faster. I experienced the same issue when trying to download the ISO. One download took about 20 minutes for the 1.7GB image but some other attempts took 4 hours. Final thoughts AcademiX GNU/Linux is an interesting distribution, but it has some rough edges that need to be cleaned up. Honestly, I really, really wanted to like this distribution (good distributions aimed at the educational market are always needed), but found it to be merely okay. AcademiX has a lot of potential, but it is just not there yet. DebianEdu/Skolelinux is far more polished while serving almost the exact same niche. However, if the AcademiX team cleans up some of the issues I noted above, especially the installer issues, I think future versions of AcademiX might turn out to be worthwhile. The EDU software installer is well organized and aids in discovering educational software, so that is one solid advantage AcademiX offers, but overall the distribution needs more work and polish before I could move it from "this distribution is okay" to "you should give this distribution a try". Read more

Security: ECB, Bluetooth and AppArmor Crash Course

  • ECB server hacked – Data disclosure of the European Central Bank – Bank hacks from Mexico to Bangladesh

    The Europeans probably do not even know about „what is going on“ and according to ex finance minister of Greece – finance ministers do not have a lot to say in the ECB – the IMF has – there are no recordings of the meetings of „The Eurogroup“ – so transparency over decision making processes is rather bad. After all just like the (more or less ideal) „big brother“ the FED it is not under direct democratic influence – does what it wants – every word the FED CEO says is analyzed and influences financial market decisions. „One of the sites of the European Central Bank (ECB) has been hacked. The attackers gained access to sensitive users ‚ information, however, the internal system of the Bank has not been compromised.

  • Specification vulnerability in devices that speak Bluetooth is addressed

    The discovery of a flaw in Bluetooth specification that could enable an attack to spy on your information made news this week; the attacker could be able to weaken the encryption of Bluetooth devices and snoop on communications or send falsified ones to take over a device, said The Verge.

  • FrOSCon 2019 - openSUSE booth & AppArmor Crash Course

    Last weekend, I was at FrOSCon - a great Open Source conference in Sankt Augustin, Germany. We (Sarah, Marcel and I) ran the openSUSE booth, answered lots of questions about openSUSE and gave the visitors some goodies - serious and funny (hi OBS team!) stickers, openSUSE hats, backpacks and magazines featuring openSUSE Leap. We also had a big plush geeko, but instead of doing a boring raffle, we played openSUSE Jeopardy where the candidates had to ask the right questions about Linux and openSUSE for the answers I provided.

Manjaro 18.0.4 Illyria Xfce review - Nice but somewhat crude

Overall, Manjaro 18.0.4 Illyria Xfce is a decent distro. It has lots of good and unique points. Network, media and phone support is good. You get a colorful repertoire of high-quality programs, the performance and battery life are excellent, and the desktop is fairly pretty. The system was also quite robust and stable. But then, there were issues - including inconsistent behavior compared to the Plasma crop. The installation can be a bit friendlier (as Plasma one does). The package management remains the Achilles' Heel of this distro. Having too many frontends is confusing, and none of them do a great job. The messages on dependencies, the need for AUR (if you want fancy stuff), and such all create unnecessary confusing. There were also tons of visual papercuts, and I struggled getting things in order. All in all, Manjaro is getting better all the time, but it is still too geeky for the common person, as it breaks the fourth wall of nerdiness too often. 7/10, and I hope it can sort itself out and continue to deliver the unique, fun stuff that gets sidelined by the rough edges. Read more