LWN: Kernel Development Articles and Jonathan Corbet's Upcoming Linux Talk
The edge-triggered misunderstanding
The Android 12 beta release first appeared in May of this year. As is almost obligatory, this release features "the biggest design change in Android's history"; what's an Android release without requiring users to relearn everything? That historical event was not meant to include one change that many beta testers are noticing, though: a kernel regression that breaks a significant number of apps. This problem has just been fixed, but it makes a good example of why preventing regressions can be so hard and how the kernel project responds to them when they do happen.
Back in late 2019, David Howells made some changes to the pipe code to address a couple of problems. Unfortunately, that work caused the sort of regression that the kernel community finds most unacceptable: it slowed down (or even hung) kernel builds. After an extensive discussion, an unfortunate interaction with the GNU make job server was identified and a a fix by Linus Torvalds was applied that made the problem go away. The 5.5 kernel was released shortly afterward, kernel builds sped back up, and the problem was deemed to have been solved.
memfd_secret() in 5.14
The memfd_secret() system call has, in one form or another, been covered here since February 2020. In the beginning, it was a flag to memfd_create(), but its functionality was later moved to a separate system call. There have been many changes during this feature's development, but its core purpose remains the same: allow a user-space process to create a range of memory that is inaccessible to anybody else — kernel included. That memory can be used to store cryptographic keys or any other data that must not be exposed to others. This new system call was finally merged for the upcoming 5.14 release; what follows is a look at the form this call will take in the mainline kernel.
Hardening virtio
Traditionally, in virtualized environments, the host is trusted by its guests, and must protect itself from potentially malicious guests. With initiatives like confidential computing, this rule is extended in the other direction: the guest no longer trusts the host. This change of paradigm requires adding boundary defenses in places where there have been none before. Recently, Andi Kleen submitted a patch set attempting to add the needed protections in virtio. The discussion that resulted from this patch set highlighted the need to secure virtio for a wider range of use cases.
Virtio offers a standardized interface for a number of device types (such as network or block devices). With virtio, the guest runs a simplified, common driver, and the host handles the connection to the real underlying device. The communication between the virtio device (host side) and the driver (guest side) happens using data structures called virtqueues, which are typically memory buffers, though the actual implementation depends on the bus used.
"The kernel report" online, August 26
As part of the ramp-up to the 2021 Linux Plumbers Conference, LWN editor Jonathan Corbet will be presenting a version of "The kernel report" at 9:00AM US/Mountain time (15:00 UTC) on Thursday, August 26. Registration for LPC is not required; all are welcome for an update on the state of kernel development and a perspective on 30 years of the Linux kernel. Please come for an interesting discussion and to help the LPC crew stress-test the 2021 infrastructure.
Jamie McClelland: Anyone still using gitweb?
It seems like the self-hosting git world has all moved to gitlab or gitea. For a number of reasons not worth enumerating, I’m still running gitolite and recently decided I wanted to checkout my code via https using gitweb. I got through most of the installation and configuration without trouble (I could browse via the web and see all my repositories). But, when I tried to git clone using the https address I got a fatal “not found” error. It seems that gitweb, out of the box, allows for easy web-browsing of git repositories but needs some extra work if you want to clone over https. Specifically, you need to use git-http-backend.
KaOS 2021.08
It is with great pleasure to present to you the August release of a new stable ISO. Biggest news for this release are major changes in the aesthetics. The Midna theme has been redone, this includes a uniform look for SDDM and lockscreen with a (darker) transparent sidebar, cleaner splash-screen, and darker logout look. The application menu has moved from the long-used cascading menu option to the all-new Application Launcher introduced with Plasma 5.22. About eighteen months ago, KaOS set out to overhaul all the Calamares view modules into QML, this has now been just about completed (just one left, the partitioning module). This release adds another two new QML converted modules, the Users and Summary pages. It took a while, but now some other distributions are starting to use the KaOS converted modules too. The QML move gives Calamares a much more modern and uniform look with the other KaOS QML applications.
today's leftovers
Programming Leftovers
