Language Selection

English French German Italian Portuguese Spanish

Kernel: SMT, Linux 5.5 Addition, and Lockdown in Linux 5.4

Filed under
Linux
  • Does SMT still make sense?

    Whatever machine you’re reading this on, it’s highly likely that not all of the CPUs shown by the OS are actually physical processors. That’s because most modern processors use simultaneous multithreading (SMT) to improve performance by executing tasks in parallel.

    Intel’s implementation of SMT is known as hyperthreading, and it was originally introduced in 2002 as a way to improve the performance of Pentium 4 and Xeon CPUs that didn’t require increasing the clock frequency. Most Intel CPUs supported the HyperThread Technology (HTT) apart from the Core line of products until the Nehalem microarchitecture which was introduced in 2008. Recently, Intel have announced that they’re moving away from hyperthreading again with their Core product line.

    AMD too have dabbled with SMT, and the diagram below shows how SMT works in the Zen microarchitecture.

  • Freedreno's MSM DRM Driver Getting Support For Older Adreno Parts On Linux 5.5

    Rob Clark and his gang working on the Freedreno/MSM driver stack have prepared their kernel driver changes slated for the upcoming Linux 5.5 cycle.

    Besides fixes and other code cleaning to the MSM Direct Rendering Manager driver, Linux 5.5 will see support for some older Qualcomm Adreno parts with this reverse-engineered open-source driver.

  • Short Topix: Kernel Lockdown Feature Coming To Linux

    Coming to the Linux Kernel 5.4 branch, the Linux Security Module (LSM) will prevent "high level" access -- in some cases, even root -- from tampering with kernel functionality, according to an article on ZDnet. The feature will (at least initially) be turned off by default, because of the possibility that it might "break" existing systems.

    Here's an excerpt from the description on the git.kernel.org website:

    This patchset introduces an optional kernel lockdown feature, intended to strengthen the boundary between UID 0 and the kernel. When enabled, various pieces of kernel functionality are restricted. Applications that rely on low-level access to either hardware or the kernel may cease working as a result - therefore this should not be enabled without appropriate evaluation beforehand.

    The LSM should strengthen security by widening the division between userland and the kernel. The new module should restrict certain kernel functionality, even for the root user. This should make it harder for compromised root accounts to wreak havoc on the rest of the operating system.

    The LSM module has two lockdown modes. "If set to integrity, kernel features that allow userland to modify the running kernel are disabled," said Torvalds. "If set to confidentiality, kernel features that allow userland to extract confidential information from the kernel are also disabled."

    The new lockdown feature got its start in the early 2010s, and was spearheaded by Matthew Garrett, now a Google engineer. The main objections to it came from Linus Torvalds, as evidenced in this 2013 article on ArsTechnica (warning: adult language at link). As a result, some Linux vendors (such as RedHat) created their own security module separate from the kernel, that ran on top of the kernel. A middle ground was reached between the parties in 2018, and work has progressed from there.

More in Tux Machines

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.

Bill Wear, Developer Advocate for MAAS: foo.c

I remember my first foo. It was September, 1974, on a PDP-11/40, in the second-floor lab at the local community college. It was an amazing experience for a fourteen-year-old, admitted at 12 to audit night classes because his dad was a part-time instructor and full-time polymath. I should warn you, I’m not the genius in the room. I maintained a B average in math and electrical engineering, but A+ averages in English, languages, programming, and organic chemistry (yeah, about that….). The genius was my Dad, the math wizard, the US Navy CIC Officer. More on him in a later blog — he’s relevant to what MAAS does in a big way. Okay, so I’m more of a language (and logic) guy. But isn’t code where math meets language and logic? Research Unix Fifth edition UNIX had just been licensed to educational institutions at no cost, and since this college was situated squarely in the middle of the military-industrial complex, scoring a Hulking Giant was easy. Finding good code to run it? That was another issue, until Bell Labs offered up a freebie. It was amazing! Getting the computer to do things on its own — via ASM and FORTRAN — was not new to me. What was new was the simplicity of the whole thing. Mathematically, UNIX and C were incredibly complex, incorporating all kinds of network theory and topology and numerical methods that (frankly) haven’t always been my favorite cup of tea. I’m not even sure if Computer Science was a thing yet. But the amazing part? Here was an OS which took all that complexity and translated it to simple logic: everything is a file; small is beautiful; do one thing well. Didn’t matter that it was cranky and buggy and sometimes dumped your perfectly-okay program in the bit bucket. It was a thrill to be able to do something without having to obsess over the math underneath. Read more Also: How to upgrade to Ubuntu 20.04 Daily Builds from Ubuntu 19.10

Intel is Openwashing With 'OpenVINO'

Desktop GNU/Linux: Ubuntu 20.04, Slackware Live Plasma5 edition ISO and Latest ZDNet Clickbait