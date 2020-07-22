It’s a very slow day, and I awoke at 4:30 with the burning need to finish tessellation shaders. Or maybe I was just burning because it’s so hot out. In either case, I had a couple remaining tests that were failing, and, upon closer inspection and a lot of squinting, I determined that the problem was the use of partial writes to patch output variables in tessellation control shaders. With this knowledge in hand, I set about resolving the issue in the most bulldozer way possible, with no regard for how much of the code would survive once I discovered which nir pass I probably wanted to be running instead.

While it was just two days ago that AMDVLK 2020.Q3.1 debuted and normally there is a two to three week release cadence for these open-source AMD Radeon Vulkan driver code drops, this morning was already met by the debut of AMDVLK 2020.Q3.2. This expedited AMDVLK 2020.Q3.2 release is coming principally due to a few bugs. AMDVLK 2020.Q3.2 has changed its preference around Y-coordinate swizzle modes for 3D color attachments with GFX10/Navi, restricts its pipeline cache flush optimization to only cases where it's certainly legal behavior, updating against the Vulkan API 1.2.146 headers, and extends its "defer reusing command stream chunk concept" to all scenarios. There is also fixes for a shared metadata bug on GFX6 (Southern Islands) and fixing of some 999e5 format failures.

Intel open-source developer Kristen Carlson Accardi continues work on Function Granular Kernel Address Space Layout Randomization (FGKASLR) as a big improvement over traditional KASLR address space layout randomization. FGKASLR was originally published earlier this year, 15 years after the debut of KASLR for randomizing the base address of the running kernel. With FGKASLR, individual kernel functions are reordered so that even if the kernel's randomized based address is revealed, an attacker still wouldn't know the location in memory of particular kernel functions as the relative addresses will be different.

That (Linux) Containers are a userspace fiction is a well-known dictum nowadays. It simply expresses the fact that there is no container kernel object in the Linux kernel. Instead, userspace is relatively free to define what a container is. But for the most part userspace agrees that a container is somehow concerned with isolating a task or a task tree from the host system. This is achieved by combining a multitude of Linux kernel features. One of the better known kernel features that is used to build containers are namespaces. The number of namespaces the kernel supports has grown over time and we are currently at eight. [...] So from the section above it should be clear that seccomp provides a few desirable properties that make it a natural candiate to look at to help solve our mknod(2) and mount(2) problem. Since seccomp intercepts syscalls early in the syscall path it already gives us a hook into the syscall path of a given task. What is missing though is a way to bring another task such as the LXD container manager into the picture. Somehow we need to modify seccomp in a way that makes it possible for a container manager to not just be informed when a task inside the container performs a syscall it wants to be informed about but also how to make it possible to block the task until the container manager instructs the kernel to allow it to proceed.

People everywhere are standing up for free software The above is a statement from Michael Stenta, lead developer of FarmOS, and a LibrePlanet 2020 speaker. He submitted his thoughts for us to add to the "Working Together for Free Software" pages, which we have been updating as part of a summer push highlighting "free software in action." On these pages, we explore the different reasons why people dedicate their time to free software, and highlight all the different ways that user freedom is important to them. With each submission that comes in, we realize again just how far the fight for software freedom stretches. Thankfully, like Michael and many other community members that we have spoken to recently, there are people all over the globe and in many industries, who are fighting for justice. Right here in the Boston area, Micky Metts (also known as FreeScholar, and a member of Agaric, a worker-owned cooperative of Web developers), is working with the Boston Public School system to host an online Learning Management System (LMS), as schools will not be open for the summer, and possibly not even in the fall. Agaric is using some packages the FSF put together with Canvas as the LMS and BigBlueButton as the video chat/whiteboard. On Micky's "Working Together" page, you can find more information about the timely and relevant work that Agaric does with free software in education, immigration, and community engagement.