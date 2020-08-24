Kernel: Coming Up in Linux 5.10 and Bootlin Contributes SquashFS Support to U-Boot
BPF Preload / User Mode Debugging Additions On The Way For Linux 5.10
The "first real user" of the BPF user mode driver facility is on the way for Linux 5.10.
Hitting bpf-next a few days ago is some interesting work destined for Linux 5.10. "This patch set is the first real user of user mode driver facility. The general use case for user mode driver is to ship vmlinux with preloaded BPF programs. In this particular case the user mode driver populates bpffs instance with two BPF iterators. In several months BPF_LSM project would need to preload the kernel with its own set of BPF programs and attach to LSM hooks instead of bpffs. BPF iterators and BPF_LSM are unstable from uapi perspective. They are tracing based and peek into arbitrary kernel data structures. One can question why a kernel module cannot embed BPF programs inside. The reason is that libbpf is necessary to load them. First libbpf loads BPF Type Format, then creates BPF maps, populates them. Then it relocates code sections inside BPF programs, loads BPF programs, and finally attaches them to events. Theoretically libbpf can be rewritten to work in the kernel, but that is massive undertaking...Hence the decision is to ship vmlinux with user mode drivers that load BPF programs. Just like kernel modules extend vmlinux BPF programs are safe extensions of the kernel and some of them need to ship with vmlinux."
Linux 5.10 Slated To Use New Intel SERIALIZE In Fending Off Speculative Execution Bugs
Queued now in the "x86/cpu" development branch ahead of the Linux 5.10 kernel later this year is the change to make use of Intel's new "SERIALIZE" instruction within the kernel's "sync_core" code that is used for stopping the speculative execution and prefetching of modified code.
Earlier this year Intel's programming reference manual documented the new SERIALIZE instruction set to come next year with Sapphire Rapids and Alder Lake. SERIALIZE is used for ensuring all flags/register/memory modifications are complete and all buffered wrties drained to memory before proceeding to the next instruction. SERIALIZE comes as a result of the speculative execution bugs hitting Intel particularly hard over the past few years.
Bootlin contributes SquashFS support to U-Boot
SquashFS is a very popular read-only compressed root filesystem, widely used in embedded systems. It has been supported in the Linux kernel for many years, but so far the U-Boot bootloader did not have support for SquashFS, so it was not possible to load a kernel image or a Device Tree Blob from a SquashFS filesystem in U-Boot.
[...]
Of course, the SquashFS driver is still fresh, and there is a chance that more extensive and widespread testing will uncover a few bugs or limitations, which we’re sure the broader U-Boot community will help address. Overall, we’re really happy to have contributed this new functionality to U-Boot, it will be useful for our projects, and we hope it will be useful to many others in the embedded Linux community!
AGX Xavier carrier board offers multiple M.2 options
Auvidea’s $329 “X220-LC” carrier for the Linux-powered Jetson AGX Xavier module offers 2x HDMI 2.0, 2x USB 3.0, and 2x CAN plus GbE, PCIe, and M.2 with support for NVMe and optional modules including PoE. Auvidea has launched a low-cost version of an earlier, 349 Euro ($411) X220 carrier board that similarly supports Nvidia’s high-end, Arm-based Jetson AGX Xavier module. The X220-LC offers a reduced feature set in exchange for a lower 279 Euro ($329) price.
Games: Futex2, Hardware, RPCS3
Enough with the Linux security FUD
Like all operating systems, Linux isn't perfectly secure. Nothing is. As security guru, Bruce Schneider said, "Security is a process, not a product." It's just that, generally speaking, Linux is more secure than its competitors. You couldn't tell that from recent headlines which harp on how insecure Linux is. But, if you take a closer look, you'll find most -- not all, but most -- of these stories are bogus. For instance, Boothole sounded downright scary. You could get root access on any system! Oh no! Look again. The group which discovered it comes right out and says an attacker needs admin access in order for their exploit to do its dirty work. Friends, if someone has root access to your system, you already have real trouble. Remember what I said about Linux not being perfect? Here's an example. The initial problem was real, albeit only really dangerous to an already hacked system. But several Linux distributors botched the initial fix so their systems wouldn't boot. That's bad.
Python Programming
