Language Selection

English French German Italian Portuguese Spanish

New LWN Kernel (Linux) Articles, Paywall Just Removed

Filed under
  • Some unreliable predictions for 2019

    Kernel development will become more formal. One of the things that has traditionally attracted a certain type of developer to kernel work is the fact that many of the normal rules don't apply. Kernel development often requires working with high levels of complexity, combined with the ups and downs of dealing with real-world hardware; in that setting, pulling together any sort of solution can be an accomplishment. The result is a sort of cowboy culture that emphasizes working solutions over formal designs.

    The increasing level of complexity in the kernel and in the hardware it drives has made that approach less tenable over the years. The kernel community has responded in a number of ways, including better documentation and better testing. One real harbinger of the future, though, may be the work that has been quietly happening to develop a formal memory-ordering model that makes it possible to reason about concurrency and ensure that kernel code is correct. If the kernel is going to continue to scale, this kind of approach will have to spread to other areas. There will be grumbling, since adding formality may slow the pace of development. But, with luck, it should also slow the issuance of urgent bug fixes and security updates.

    More kernel APIs will be created for BPF programs rather than exported as traditional system calls; we are heading toward a world where a significant amount of kernel functionality is only available via BPF. The result will be a significant increase in flexibility and efficiency, but some growing pains should also be expected. The BPF API sees even less review than other kernel interfaces, and the community's record with the latter is decidedly less than perfect. This may be the year when we realize that we haven't yet figured out how to provide such low-level access to the kernel in ways that can be supported indefinitely.

    Somebody will attempt to test the kernel community's code of conduct and its enforcement processes in the coming year. The community will handle that test without trouble, though, just as it has been handling the constant stream of trolling emails attempting to stir up strife. At the end of the year, the code of conduct will look pretty much the way it does now: a set of expectations that helps to improve behavior in the community, but not a big deal in general.

  • Some 4.20 development statistics

    This year's holiday gifts will include the 4.20 kernel; that can only mean that it is time for another look at where the code going into this release has come from. This development cycle was typically busy and brought a lot of new code into the kernel. There are some new faces showing up in the statistics this time around, but not a lot of surprises otherwise.
    As of this writing, 13,856 non-merge changesets have found their way into the mainline repository for the 4.20 release; they were contributed by 1,743 developers. That makes 4.20 the busiest cycle since 4.15, but only by a little bit; both numbers are essentially in line with recent release history. Of those 1,743 developers, 283 were first-time contributors this time around.

  • What's coming in the next kernel release (part 1)

    When the 4.20 kernel was released on December 23, Linus Torvalds indicated that he would try to keep to the normal merge window schedule despite the presence of the holidays in the middle of it. Thus far, he seems to be trying to live up to that; just over 8,700 changesets have been merged for the next release, which seems likely to be called 5.0. A number of long-awaited features are finally landing in the kernel with this release.

  • Live patching for CPU vulnerabilities

    The kernel's live-patching (KLP) mechanism can apply a wide variety of fixes to a running kernel but, at a first glance, the sort of highly intrusive changes needed to address vulnerabilities like Meltdown or L1TF would not seem like likely candidates for live patches. The most notable obstacles are the required modifications of global semantics on a running system, as well as the need for live patching the kernel's entry code. However, we at the SUSE live patching team started working on proof-of-concept live patches for these vulnerabilities as a fun project and have been able to overcome these hurdles. The techniques we developed are generic and might become handy again when fixing future vulnerabilities.
    For completeness, it should be noted that these two demo live patches have been implemented for kGraft, but kGraft is conceptually equivalent to KLP.

    At the heart of the Meltdown vulnerability is the CPU speculating past the access rights encoded in the page table entries (PTEs) and thereby enabling malicious user-space programs to extract data from any kernel mapping. The kernel page-table isolation (KPTI) mechanism blocks such attacks by switching to stripped-down "shadow" page tables whenever the kernel returns to user space. These mirror the mappings from the lower, user-space half of the address space, but lack almost anything from the kernel region except for the bare minimum needed to reenter the kernel and switch back to the fully populated page tables. The difficulty, from a live-patching perspective, is to keep the retroactively introduced shadow page tables consistent with their fully populated counterparts at all times. Furthermore, the entry code has to be made to switch back and forth between the full and shadow page table at kernel entries and exits, but that is outside of the scope of what is live patchable with KLP.

    For the L1TF vulnerability, recall that each PTE has a _PAGE_PRESENT bit that, when clear, causes page faults upon accesses to the corresponding virtual memory region. The PTE bits designated for storing a page's frame number are architecturally ignored in this case. The Linux kernel swapping implementation exploits this by marking the PTEs corresponding to swapped-out pages as non-present and reusing the physical address part to store the page's swap slot number. Unfortunately, CPUs vulnerable to L1TF do not always ignore the contents of these "swap PTEs", but can instead speculatively misinterpret the swap slot identifiers as physical addresses. These swap slot identifiers, being index-like in nature, tend to alias with valid physical page-frame numbers, so this speculation allows for extraction of the corresponding memory contents. The Linux kernel mitigation is to avoid this aliasing by bit-wise inverting certain parts of the swap PTEs. Unfortunately, this change of representation is again something which is not safely applicable to a running system with KLP's consistency guarantees alone.

  • Improving idle behavior in tickless systems

    Most processors spend a great deal of their time doing nothing, waiting for devices and timer interrupts. In these cases, they can switch to idle modes that shut down parts of their internal circuitry, especially stopping certain clocks. This lowers power consumption significantly and avoids draining device batteries. There are usually a number of idle modes available; the deeper the mode is, the less power the processor needs. The tradeoff is that the cost of switching to and from deeper modes is higher; it takes more time and the content of some caches is also lost. In the Linux kernel, the cpuidle subsystem has the task of predicting which choice will be the most appropriate. Recently, Rafael Wysocki proposed a new governor for systems with tickless operation enabled that is expected to be more accurate than the existing menu governor.

More in Tux Machines

Games: Zombie Panic! Source, Dicey Dungeon, NVIDIA RTX, Steam Play, Battle Motion, Ravva and the Cyclops Curse, Feudal Alloy

  • The Beta of Zombie Panic! Source was updated recently, should work better on Linux
    Zombie Panic! Source is currently going through an overhaul, as part of this it's coming to Linux with a version now in beta and the latest update should make it a better experience. [...] I personally haven't been able to make any of the events yet, so I have no real thoughts on the game. Once it's out of beta and all servers are updated, I will be taking a proper look as it looks fun. No idea when this version will leave beta, might be a while yet.
  • Dicey Dungeons, the new unique roguelike from Terry Cavanagh and co introduces quests
    We have a lot of roguelikes available on Linux (seriously, we do) yet Dicey Dungeons from Terry Cavanagh, Marlowe Dobbe, and Chipzel still remains fresh due to the rather unique game mechanics. I still can't get over how fun the dice mechanic is, as you slot dice into cards to perform actions. It's different, clever and works really well.
  • Quake 2 now has real-time path tracing with Vulkan
    If you have one of the more recent NVIDIA RTX graphics cards, here's an interesting project for you to try. Q2VKPT from developer Christoph Schied implements some really quite advanced techniques.
  • Steam Play versus Linux Version, a little performance comparison and more thoughts
    Now that Steam has the ability officially to override a Linux game and run it through Steam Play instead, let's take a quick look at some differences in performance. Before I begin, let's make something clear. I absolutely value the effort developers put into Linux games, I do think cross-platform development is incredibly important so we don't end up with more lock-in. However, let's be realistic for a moment. Technology moves on and it's not financially worth it to keep updating old games, they just don't sell as well as newer games (with exceptions of course). As the years go on, there will be more ways to run older games better and better, of that I've no doubt.
  • Battle Motion, a really silly massive fantasy battle game will have Linux support
    Sometimes when looking around for new games I come across something that really catches my eye, Battle Motion is one such game as it looks completely silly.
  • Ravva and the Cyclops Curse looks like a rather nice NES-inspired platformer
    Another lovely looking retro-inspired platformer! Ravva and the Cyclops Curse from developer Galope just released this week with Linux support.
  • Become a fish inside a robot in Feudal Alloy, out now with Linux support
    We've seen plenty of robots and we've seen a fair amount of fish, but have you seen a fish controlling a robot with a sword? Say hello to Feudal Alloy.

Addressing Icons Themes (Again)

I wrote some time ago on how platforms have a responsibility to respect the identity of applications, but now there’s some rumblings that Ubuntu’s community-built Yaru icon set (which is a derivative of the Suru icon set I maintain) intends to ignore this and infringe upon applications’ brands by modifying their icons... [...] For instance, the entire point of the GNOME icon refresh initiative is to address visual mismatches between third-party app icons and GNOME icons and we been have reaching out to developers to see about updating their icons to new design—this is the appropriate approach for a platform visual overhaul, by the way—which could always use more help on. Now I don’t see this ever happening, but I have hopes that someday Ubuntu will fully embrace GNOME and promote it as its desktop solution—especially given the desktop is out of the scope of the Ubuntu business these days. Read more

Wine 4.0 RC7

  • Wine Announcement
    The Wine development release 4.0-rc7 is now available.The Wine development release 4.0-rc7 is now available.
  • Juicy like the good stuff, Wine 4.0 RC7 is out with a delightful aroma
    No need to worry about a sour aftertaste here, we're of course talking about the wonderful software and not the tasty liquid. As usual, they're in bug-fix mode while they attempt to make the best version of Wine they can and so no super huge features made it in.
  • Wine 4.0-RC7 Released With Fixes For Video Player Crashes, Game Performance Issues
    Wine 4.0 should be officially out soon, but this weekend the latest test release of it is Release Candidate 7 that brings more than one dozen fixes. Wine 4.0 remains in a feature freeze until its release, which will likely be within the next two weeks or so. Since last Friday's Wine 4.0-RC6, the RC7 release has 13 known bug fixes. Catching our interest are some game performance regressions being resolved, including for Hot Pursuit, Project CARS, Gas Guzzlers, and others. There are also video player crash fixes when opening audio or video files.

Wikipedia cofounder: How and why I transitioned to Linux—how you can, too

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn’t until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line. (Let me explain. “Bash” means “Bourne-again shell,” a rewrite of the class Unix shell “sh.” A “shell” is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like “move this file there” and “download that file from this web address” and “inject this virus into that database”. The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal–which runs Bash, the standard Linux shell.) Even then (and in the following years when I got into programming again), I didn’t learn much beyond things like cd (switch directory) and ls (list directory contents). It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest “distro” (flavor of Linux) was Red Hat Linux, so that’s what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn’t use it much. Read more