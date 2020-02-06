Systemd 245 is soon shipping as the first feature update of 2020 and it's another big one. Most notable with systemd 245 is the introduction of systemd-homed for reimagining how Linux home directories are managed and modernizing them. Systemd-homed allows for better handling password and encryption management, better self-containment and migratable, and other improvements. Expect systemd-homed to continue to be expanded upon in future releases. As part of systemd-homed are other new features that are related like the systemd "userdb" bits for supporting rich user and group records in a JSON format.

As another step towards tightening up the Linux kernel security, Intel's Kristen Carlson Accardi has proposed "FGKASLR" as a significant step forward for better enhancing the Kernel Address Space Layout Randomization. The Linux kernel has employed kernel address space layout randomization (KASLR) since 2005 for fending off possible exploits that rely upon jumping to known positions within memory. While KASLR makes memory addresses for the kernel less predictable, attackers could still ultimately determine the base address of the kernel through enough guessing or leaking kernel addresses. But in aiming to make KASLR more effective, Kristen Carlson Accardi has proposed finer grained kernel address space randomization, or FGKASLR for short.

For those using GNU Make in particular as their build system, the parallel build times are about to be a lot faster beginning with Linux 5.6 for large core count systems. This landing just after the AMD Threadripper 3990X 64-core / 128-thread CPU launch is one example of systems to benefit from this kernel change when compiling a lot of code and making use of many GNU Make jobs. Linus Torvalds himself changed around the kernel's pipe code to use exclusive waits when reading or writing. While this doesn't mean much for traditional/common piping of data, the GNU Make job-server is a big benefactor as it relies upon a pipe for limiting the parallelism. This technique though employed by the GNU Make job server is inefficient with today's high core count CPUs as all of the spawned processes are woken up rather than a single reader to be woken upon a writer's release.

Not yet mainlined in the Linux kernel but currently queued as part of the x86/cpu changes for next round is the ability for the kernel to detect split locks and either warn the offending applications or kill the processes. Split locks are when an atomic instruction operates on data spanning multiple cache lines. Due to the atomic nature, a global bus lock is needed when working on two cache lines and that in turn causes a big performance hit for the overall system performance. This Linux kernel support for detecting split locks is contingent upon x86_64 CPUs supporting the capability for generating alignment check exceptions (#AC) on encountering a split lock. For now the necessary MSR appears to be only supported on Intel CPUs.