Language Selection

English French German Italian Portuguese Spanish

Kernel: Restricted DMA and AMD Work in Linux 5.11

Filed under
Linux

  • Restricted DMA

    A key component of system hardening is restricting access to memory; this extends to preventing the kernel itself from accessing or modifying much of the memory in the system most of the time. Memory that cannot be accessed cannot be read or changed by an attacker. On many systems, though, these restrictions do not apply to peripheral devices, which can happily use direct memory access (DMA) on most or all of the available memory. The recently posted restricted DMA patch set aims to reduce exposure to buggy or malicious device activity by tightening up control over the memory that DMA operations are allowed to access.
    DMA allows devices to directly read from or write to memory in the system; it is needed to get reasonable I/O performance from anything but the slowest devices. Normally, the kernel is in charge of DMA operations; device drivers allocate buffers and instruct devices to perform I/O on those buffers, and everything works as expected. If the driver or the hardware contains bugs, though, the potential exists for DMA transfers to overwrite unrelated memory, leading to corrupted systems and unhappy users. Malicious (or compromised) hardware can use DMA to compromise the system the hardware is attached to, making users unhappier still; examples of this type of attack have been posted over the years.

    One way to address this problem is to place an I/O memory-management unit (IOMMU) between devices and memory. The kernel programs the IOMMU to allow access to a specific region of memory; the IOMMU then keeps devices from straying outside of that region. Not all systems are equipped with an IOMMU, though; they are mostly limited to the larger processors found in desktop machines, data centers, and the like. Mobile systems usually lack an IOMMU.

  •  

  • A Fix Has Been Proposed For The Slower AMD Performance On Linux 5.11

    With the in-development Linux 5.11 kernel there are many great features and improvements especially for AMD users with some new drivers and other pleasant enhancements. But as I outlined back on Christmas day: Linux 5.11 Is Regressing Hard For AMD Performance With Schedutil. Fortunately, a fix is now en route to the Linux 5.11 kernel for fixing that performance regression affecting AMD Zen 2/3 desktops and servers. 

    As outlined in that original article after bisecting the sizable performance regressions and in follow-up tests, AMD hardware performing slower on Linux 5.11 came down to the CPU frequency invariance support introduced this cycle and is utilized by the "Schedutil" CPU frequency scaling governor. With Schedutil often being the default for AMD systems on newer versions of the Linux kernel, this regression on Linux 5.11 compared to prior kernel releases has been unfortunate. 

  • Linux 5.11 Is Now Looking Great For AMD Zen 2 / Zen 3 Performance - Phoronix

    Not only is the AMD "CPU frequency invariance regression" from that new support with the in-development Linux 5.11 kernel on course to address the performance shortcomings I outlined last month, but with the patched kernel for a number of workloads the performance is now ahead of where it was at with Linux 5.10.

More in Tux Machines

Debian: Rejections, LTS Work, and Bugfixes

  • Thorsten Alteholz: My Debian Activities in February 2021

    FTP master This month I accepted 162 and rejected 28 packages, which is again a small increase compared to last month. The overall number of packages that got accepted was 291. Debian LTS This was my eightieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

  • RCBW 21.9 – jwiltshire.org.uk

    A recent upload of electrum suffers from the serious bug #981374. On the face of it this is just a missing package dependency: can you help with testing and preparing an updated package to fix this? You don’t need to be a Debian Developer to get stuck into this one!

Videos and Shows: KDE Community Edition PinePhone and This Week in Linux

  • KDE Community Edition PinePhone Unboxing and First Try! - YouTube

    In this video I'm "unboxing" (or, rather, showing the box and its contents) of the pinephone, and trying it for my first time!

  • This Week in Linux 141: GRUB 2 Security Flaw, Linux Mint to Force Updates?, Valve’s Steam Link

    On this episode of This Week in Linux, we’re going to try something different with the show. Let me know what you think of the changes. This episode is completely stacked with exciting news, we’ve got a ton of Distro News from Ubuntu, openSUSE, Linux Mint, SystemRescue, IPFire, and even Linux From Scratch. A vulnerability was found in GRUB 2 that lets someone bypass Secure Boot so we’ll talk about that and just how bad is it? The EU announced some great news related to Right to Repair. Valve has announced that Steam Link is now available on Linux and it’s a real game changer. We’ve also got some media production news to check out this week from Blender, Ardour and a new synthesizer called Vital. All that and much more on Your Weekly Source for Linux GNews!

Hands-On with Raspup on Raspberry Pi 4: Puppy Linux for Tinkerers

If you never heard of Raspup before, let me tell you that it’s a Debian-based GNU/Linux distribution built from the Woof-CE build system that was originally developed by Barry Kauler, the creator of Puppy Linux, and binary compatible with Raspbian (the official Raspberry Pi OS). As such, Raspup is a Puppy Linux port for Raspberry Pi. Raspup was created by Michael Amadio and it’s designed to run on ARMv7l hardware, specifically on the Raspberry Pi Zero, Raspberry Pi 1, Raspberry Pi 2, Raspberry Pi 3, Raspberry Pi 3+, and Raspberry Pi 4 single-board computers (SBCs). Read more

Desktop Software: Thunar 4.16.4, Kate Themes, and XDG

  • Thunar 4.16.4 Is Released

    The latest version of the Thunar file manager for the Xfce desktop environment has six bug-fixes and updated translations for four languages.

  • Cross Platform Light & Dark Themes and Icons

    On the most Unices that use X11/Wayland and therefore are capable of running the full Plasma Desktop the state of light & dark themes and the accompanied icon themes is really good for KDE Frameworks based application. Just take a look at these two screenshots of a light and dark mode Kate running on GNU Linux/X11 & Plasma Desktop.

  • Task-based menus for a file

    Just throwing this out for wider talk perhaps. I have been silently watching a list called xdg@lists.freedesktop.org. Now the list talks about freedesktop standards which basically is trying to have some sort of standards that all desktop environments can follow. One of the discussions on the specific list shared above is and was about ‘New MimeType fields in .desktop’ . It is a fascinating thread with many people giving loads of interesting view points. If you are into desktops even casually, you would enjoy the discussions thoroughly. [...] There are also lot of banking stuff that we cannot do on free software, especially in India as lot of powerful proprietary interests are there which make sure that no public API’s are available, or even if there is, it would be something half-done or after back and forth, they say, this is just for show, as had shared last year. I would probably add another section later to talk about it. From what little I know, in Europe the law mandates that there are public API’s not only for banking but wherever public money (read taxpayer money) is involved. Again, not all countries, but some more than others. At least, that is what I had seen over the years.