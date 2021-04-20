Language Selection

Kernel Articles in LWN (Just Liberated From Paywall)

Submitted by Roy Schestowitz on Thursday 6th of May 2021 04:50:53 AM

     

  • Some 5.12 development statistics

    By the time the 5.12 kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainline repository for this development cycle. That makes 5.12 the slowest development cycle since 5.6, which was released at the end of March 2020. Still, there was plenty of work done for 5.12. Read on for our traditional look at where that work came from and how it got into the kernel.

    Patches were contributed to 5.12 by 1,873 developers, 262 of whom were first-time contributors; those are typical numbers, especially given the (relatively) small size of this cycle. 

    •  

  • Preventing information leaks from ext4 filesystems

    A filesystem's role is to store information and retrieve it in its original form on request. But filesystems are also expected to prevent the retrieval of information by people who should not see it. That requirement extends to data that has been deleted; users expect that data to be truly gone and will not welcome its reappearance in surprising places. Some work being done with ext4 shows the kind of measures that are required to live up to that expectation.

    In early April, Leah Rumancik posted a two-patch series making a couple of small changes to the ext4 filesystem implementation. The first of those caused the filesystem to, after a file is deleted, overwrite the space (on disk) where that file's name was stored. In response to a question about why this was needed, ext4 maintainer Ted Ts'o explained that it was meant to deal with the case where users were storing personally identifiable information (PII) in the names of files. When a file of that nature is removed, the user would like to be sure that the PII is no longer stored on the disk; that means wiping out the file names as well.

    •  

  • Avoiding unintended connection failures with SO_REUSEPORT

    Many of us think that we operate busy web servers; LWN's server, for example, sweats hard when keeping up with the comment stream that accompanies any article mentioning the Rust programming language. But some organizations run truly busy servers and have to take some extraordinary measures to keep up with levels of traffic that even language advocates cannot create. The SO_REUSEPORT socket option is one of many features that have been added to the network stack to help these use cases. SO_REUSEPORT suffers from an implementation problem that can cause connections to fail, though. Kuniyuki Iwashima has posted a patch set addressing this problem, but there is some doubt as to whether it takes the right approach.

    In normal usage, only one process is allowed to bind to any given TCP port to accept incoming connections. On busy systems, that process can become a bottleneck, even if all it does is pass accepted connections off to other processes for handling. The SO_REUSEPORT socket option, which was added to the 3.9 kernel in 2013, was meant to address that bottleneck. This option allows multiple processes to accept connections on the same port; whenever a connection request comes in, the kernel will pick one of the listening processes as the recipient. Systems using SO_REUSEPORT can dispense with the dispatcher process, improving scalability overall.

    SO_REUSEPORT does its work when the initial SYN packet (the connection request) is received; at that time, a provisional new socket is created and assigned to one of the listening processes. The new connection will first wait for the handshake to complete, after which it will sit in a queue until the selected process calls accept() to accept the connection and begin the session. On busy servers, there may be a fair number of connections awaiting acceptance; the maximum length of that queue is specified with the listen() system call.

    •  

  • Toward signed BPF programs

    The kernel's BPF virtual machine is versatile; it is possible to load BPF programs into the kernel to carry out a large (and growing) set of tasks. The growing body of BPF code can reasonably be thought of as kernel code in its own right. But, while the kernel can check signatures on loadable modules and prevent the loading of modules that are not properly signed, there is no such mechanism for BPF programs; any sufficiently privileged process can load any program that will pass the verifier. One might think that adding this checking for BPF would be straightforward, but that subsystem has some unique characteristics that make things more challenging than one might expect. There may be a solution in the works, though; fittingly, it works by loading yet another BPF program.

    Loadable kernel modules are stored as executable images in the ELF format. When one is loaded, the kernel parses that format and does the work needed to enable the module to run within the kernel; this work includes allocating memory for variables, performing relocations, resolving symbols, and more. All of the necessary information exists within the ELF file. Applying a signature to that file is simply a matter of checksumming the relevant sections and signing the result.

    BPF programs have similar needs, but the organization of the requisite information is a bit more, for lack of a better word, messy. The code itself is compiled as an executable section that is then linked into a loader program that runs in user space and invokes the bpf() system call to load the BPF program into memory. But BPF programs, too, need to have data areas allocated in the form of BPF maps, and they need relocations (of a sort) applied to be able to cope with different structure layouts on different systems. The necessary maps are "declared" as special ELF sections in the loader program; the libbpf library finds those sections and turns them into more bpf() calls. The BPF program itself is then modified (before loading into the kernel) so that it can find its maps when it runs.

    This structure poses a challenge for anybody wanting to implement signed BPF programs. The maps are a part of the program itself; if they are not established as intended, a BPF program might misbehave in interesting ways. But the kernel has no way to enforce any specific map configuration, and thus cannot ensure that a signed BPF program has been properly set up. Additionally, the need to modify the BPF program itself will break signature verification; after all, modifications to BPF programs are just the sort of thing this mechanism is expected to prevent. So, somehow, the kernel has to take a more active role in the loading of BPF programs.

Ubuntu Touch OTA-17 Arrives May 12 with NFC Support, Available for Testing Now

Ubuntu Touch OTA-17 is the next major software update for Ubuntu Phone devices, promising support for NFC hardware on various devices, including the Google Pixel 3a and Volla Phone. Besides the obvious benefits, NFC support will also enable developers to add the ability to read or write NFC tags in their apps. While UBports devs continue their transition for Ubuntu Touch to the Ubuntu 20.04 LTS (Focal Fossa) base, they added various enhancements to the Ubuntu Touch OTA-17 release. Among these, improved battery life and notifications for the Google Pixel 3a phone, a Macedonian keyboard layout, and automatic screen brightness on the Volla Phone. Read more

Device Mapper Gets Some Nice Improvements With Linux 5.13

The kernel's Device Mapper (DM) code with Linux 5.13 has some improvements worth mentioning this cycle. DM-Integrity, which via emulating a block device allows for storing additional integrity information, TRIM/DISCARD is now used to avoid needlessly rewriting of metadata. Additionally, DISCARD is also used to improve hash re-calculation. Read more

Virtual Linux Plumbers

  • Dates for Virtual Linux Plumbers now 20-24 September

    We took a look at all the events that were announced at the same time as OSS, including KVM Forum. The dates 20-24 September still seem to be clear of conference overlaps so we thought we’d grab them for Plumbers before someone else does. We also thought the timezone last year (Atlantic, 1h ahead of US Eastern and 5h behind central European) worked well, so we’ll plan to hold the conference mostly in that timezone (Although Microconference sessions can vary this if participants need. Our conference architecture will be available 24h)

  • Containers and Checkpoint/Restore Microconference Accepted into 2021 Linux Plumbers Conference – Linux Plumbers Conference 2021

    We are pleased to announce that the Containers and Checkpoint/Restore Microconference has been accepted into the 2021 Linux Plumbers Conference! The Containers and Checkpoint/Restore micro-conference brings together kernel developers, runtime maintainers, and developers working on container- and sandboxing related technologies in general to discuss current problems and agree on new features.

  • Linux Plumbers Goes Fully Virtual – Linux Plumbers Conference 2021

    You may have noticed that the Linux Foundation has announced moving OSS+ELC from Dublin to Seattle, WA due to survey results and vaccination rates in Europe. Since we agreed to co-locate with OSS+ELC this year, we’ve been debating following suit or going virtual. Unfortunately, the safety protocols imposed by event venues in the US require masks and social distancing, making it impossible to hold the interactive part of Plumbers (the Microconferences). Since Microconferences are a differentiating feature of plumbers, we felt that rather than lose such an essential element we’d move the entire conference on-line and hope to be back in-person next year.

today's leftovers

  • Open Source and IoT

    Here is a companion article to my upcoming PLI talk on the special risks and rewards of open source and standards in IoT. It was published on PLI PLUS, the online research database of PLI.

  • LibreOffice QA/Dev Report: April 2021

    LibreOffice 7.1.2 was released on April 1st

  • Announcing Mozilla Rally – Data@Mozilla

    We wrote recently about how difficult it is to understand the data companies collect from you, and what they’re doing with it. These companies determine how your data is used and who benefits. Cutting people out of decisions about their data is an inequity that harms not only individuals, but also society and the internet. We believe that you should determine who benefits from your data. Today, we’re taking a step in that direction with the alpha release of Mozilla Rally. Rally is now available for desktop Firefox users age 19 and older in the USA. Rally is aimed at rebuilding your equity in your data. We allow you to choose how to contribute your data and for what purpose. We’re building a community to help understand some of the biggest problems of the internet, and we want you to join us. [...] We started Rally as an innovation program, building on earlier experiments with trusted research institutions. We are exploring new products and public interest projects that return equity to communities in the coming months. We are data optimists and want to change the way the data economy works for both people and day-to-day business. We are committed to putting our users first every step of the way, and building a community together.

  • Aborted attempt to run FatDog in container

    I converted FatDog64 version 811 to run in a container. Get a desktop, looks OK, tested a couple of apps, such as Geany and LibreOffice, OK.

  • EasyOS 2.7.3 detects SSD in HP14 laptop

    Ramachandra reported that the SSD in his new HP14 laptop was not detect by EasyOS.

  • Arch: FOSS Activities in April 2021

    Hope people have had a lovely spring. This month has passed quickly! I have put off writing the monthly post because I was busy with a weekend project. My master thesis was about how to apply transparency logs and reproducible builds to give package rebuilders the ability to produce tamper evident logs. This is handy since any one package build can easily be proven to be part of the log, and you can very easily fill inn the history from one point in time to another by hashing files in the correct order. These days transparency logs has seen a larger adoption with projects like sigstore and trustix. What’s interesting is that kernel.org publishes a transparency log of all the git push operations.

  • 12 of the Best Free Graphic Design Software [Ed: Covers Inkscape and GIMP; also here]

    According to Inkscape’s website, the software was created for designers of all kinds including those in marketing and branding, engineering/CAD, web graphics, cartooning and for individual uses. You can get started by downloading the software to your Linux, Windows or macOS device. When I first downloaded Inkscape, the interface reminded me of Microsoft Paint. This made it really intuitive to use, and all of the features are available for free. According to the website, those features include object creation, object manipulation, fill and stroke features, operations on paths, text support, rendering and a variety of file formats. There are tons of resources available on Inkscape's website under the "Learn" tab including an FAQ section, tutorials, books/manuals and a guide to how to use Inkscape for animation. Users also have access to Inkscape's community which includes user support and discussions in the form of chat, forums and more. [...] If you're looking for a free alternative to Photoshop, GIMP is a graphic design software worth checking out. While you can't use the software online, it can be downloaded to Linux, OS X or Windows computers. GIMP stands for GNU Image Manipulation Program. It's a free software that was designed for photo retouching, image composition and image authoring, according to the website. The interface is really similar to Adobe's Photoshop, so if you're already familiar with the tools and shortcuts, using GIMP will be easy. You can get started by checking out the tutorials online which include beginner basics, photo editing tips, painting guides and more. If you're ready to try out the software yourself, you can download it here.

  • Mesa 21.1 Released With RADV Variable Rate Shading, More Intel Vulkan Improvements - Phoronix

    Mesa 21.1 is available today as the latest quarterly feature release to this collection of open-source OpenGL and Vulkan drivers. There are many features to show with this new release and it even managed to release on-schedule. Mesa 21.1 brings a wide assortment of improvements to the many contained open-source user-space drivers, but as usual are dominated by enhancements to the Intel and Radeon driver components, especially the Vulkan drivers given the mature state of the OpenGL drivers these days.

  • New Ambassador Developer Control Plane Accelerates Kubernetes Adoption Across Entire Cloud Native Software Development Lifecycle

    As development teams adopt Kubernetes, they are challenged not only by a growing list of complex technologies but also an expanded role that now includes shipping and operating the systems they build. Built on major open source Cloud Native Computing Foundation projects including Envoy, Emissary-ingress, Argo, and Telepresence, the Ambassador Developer Control Plane is an integrated solution that manages the cloud native infrastructure that developers use to code, ship, and run applications for Kubernetes environments. Ambassador DCP unlocks developer productivity for local and remote environments, enables rapid human-centric service discovery across organizations, and lets entire teams safely deploy and manage applications for production.

  • Perl Weekly Challenge 111: Search Matrix and Ordered Letters
  • Understanding DDoS Attacks and How to Prevent Them

    DDoS cyberattacks can happen anytime and devastate any business, but by understanding how they occur and how to prevent them, you can continue to surf the web safely. A distributed denial of service (DDoS) attack is a type of cyberattack that hackers often use to breach a network and overload it with unwanted traffic to disrupt services. Once the system is strained to its limit, it no longer accepts legitimate traffic, and services start to fail. Think of a DDoS attack as a crowd blocking the way into your favorite coffee shop: It's tough for you to get in, and it makes it difficult for that business to distinguish a real customer from the rest of the crowd. Because of that confusion, it's tough for businesses that are targeted by a DDoS attack to serve their customers and distinguish who's real and who's not.

  • Identifying the Differences Between VPN Protocols
  • macOS bugs causing sporadic browsing issues with Safari, Firefox, others

    According to user reports on the Apple Support Communities, the Safari 14.1 update breaks functionality on popular websites like eBay. The issue appears to predominantly affect Safari 14.1 on macOS Catalina and macOS Mojave. There are reports from developers about ongoing problems with the latest versions of Apple's browser, too. Google Chrome developer advocate Jake Archibald reports that localStorage in Safari 14.1 is broken, causing tabs with use the same localStorage for text boxes.

