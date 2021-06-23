LWN's Latest Kernel Reports (Paywall Lapsed)
-
Some 5.14 development statistics
The 5.14 kernel was released on August 29 after a nine-week development period. This cycle was not as active as its predecessor, which set a record for the number of developers involved, but there was still a lot going on and a number of long-awaited features were merged. Now that the release is out, the time has come for our traditional look at where the code in 5.14 came from and how it got there.
To create 5.14, the kernel community applied 14,735 non-merge changesets from 1,912 developers; 261 of those developers made their first kernel contribution during this cycle. There were 861,000 lines of code added to the kernel and 321,000 lines removed, for a net growth of 540,000 lines.
-
Nftables reaches 1.0
The Linux kernel is a fast-moving project, but change can still be surprisingly slow to come at times. The nftables project to replace the kernel's packet-filtering subsystem has its origins in 2008, but is still not being used by most (or perhaps even many) production firewalls. The transition may be getting closer, though, as highlighted by the release of nftables 1.0.0 on August 19.
The first public nftables release was made by Patrick McHardy in early 2009. At that time, the kernel had a capable packet-filtering subsystem in the form of iptables, of course, that was in widespread use, but there were a number of problems driving a change. These include the fact that the kernel had (and still has) more than one packet-filtering mechanism: there is one for IPv4, another for IPv6, yet another for ARP, and so on. Each of those subsystems is mostly independent, with a lot of duplicated code. Beyond that, iptables contains an excessive amount of built-in protocol knowledge and suffers from a difficult API that, among other things, makes it impossible to update a single rule without replacing the entire set.
The core idea behind nftables was to throw away all of that protocol-aware machinery and replace it with a simple virtual machine that could be programmed from user space. Administrators would still write rules referring to specific packet-header fields and such, but user-space tooling would translate those rules into low-level fetch and compare operations, then load the result into the kernel. That resulted in a smaller packet-filtering engine that was also far more flexible; it also had the potential to perform better. It looked like a win, overall, once the minor problem of transitioning a vast number of users had been overcome.
-
Not-a-GPU accelerator drivers cross the line
As a general rule, the kernel community is happy to merge working device drivers without much concern for the availability of any associated user-space code. What happens in user space is beyond the kernel's concern and unaffected by the kernel's license. There is an exception, though, in the form of drivers for graphical processors (GPUs), which cannot be merged in the absence of a working, freely-licensed user-space component. The question of which drivers are subject to that rule has come up a few times in recent years; that discussion has now come to a decision point with an effort to block some Habana Labs driver updates from entry into the 5.15 kernel.
The GPU-driver rule is the result of a "line in the sand" drawn by direct-rendering (DRM) maintainer Dave Airlie in 2010. The kernel side of most GPU drivers is a simple conduit between user space and the device; it implements something similar to a network connection. The real complexity of these drivers is in the user-space component, which uses the kernel-provided channel to control the GPU via a (usually) proprietary protocol. The DRM maintainers have long taken the position that, without a working user-space implementation, they are unable to judge, maintain, or test the kernel portion of the driver. They have held firm for over a decade now, and feel that this policy is an important part of the progress that this subsystem has made over that time.
At its core, a GPU is an accelerator that is optimized to perform certain types of processing much more quickly than even the fastest CPU can. Graphics was the first domain in which these accelerators found widespread use, but it is certainly not the last. More recently, there has been a developing market in accelerators intended to perform machine-learning tasks; one of those, the Habana Gaudi, is supported by the Linux kernel.
-
- Login or register to post comments
- Printer-friendly version
- 485 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Emacs discusses web-based development workflows
Discussions on ways to "modernize" the Emacs editor have come up in various guises over the past few years. Changes of that nature tend to be somewhat contentious in the Emacs community, pitting the "old guard" that values the existing features (and keybindings) against those who argue for changes to make Emacs more approachable (and aesthetically pleasing) to newcomers. Those discussions tend toward mega-thread status, so it should be no surprise that a query about possibly moving Emacs development to a "forge" (e.g. GitHub or GitLab) got similar treatment. As always in Emacs-land, there are multiple facets to the discussion, including the desirability of moving away from an email-based workflow, accommodating younger, forge-centric developers without forcing existing developers into that model, and—naturally—licensing. As a newcomer to the emacs-devel mailing list, Daniel Fleischer may not have expected the voluminous response he got to an August 26 post asking about the status of a "move to a new VC [version control] system, e.g. Gitlab". The somewhat provocative subject of the email, "Gitlab Migration", probably helped draw eyes (and responses) as well. There are no current plans to make a migration of that sort, of course, and a two-year-old feature request at GitLab shows a "pretty daunting" level of work needed, Dmitry Gutov said.
Another Batch of Important Linux Kernel Security Updates Arrives for Ubuntu Users, Patch Now
The new Linux kernel security update comes one and a half months after the previous update and it’s available for the Ubuntu 21.04 (Hirsute Hippo), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver) operating system series. Patched in these kernel updates are several security vulnerabilities affecting the KVM hypervisor for AMD processors on all Ubuntu releases. These include CVE-2021-3656 and CVE-2021-3653, both flaws allowing an attacker in a guest virtual machine to read or write to portions of the host’s physical memory, as well as CVE-2021-22543, a use-after-free vulnerability that could allow an attacker who could start and control a virtual machine to expose sensitive information or execute arbitrary code. These issues were discovered and reported by Maxim Levitsky and Paolo Bonzini.
GNOME 41 Release Candidate Is Out with Last Minute Bug Fixes and Improvements
GNOME 41 is the next major release of the acclaimed desktop environment for GNU/Linux distributions, and it promises many new features, updated and new apps, as well as numerous improvements and bug fixes. The Release Candidate (RC) milestone comes hot on the heels of the beta release announced at the end of August, and fixes a bug in the new Calls app that prevented SIP from working when using multiple network interfaces and adds last minute touches around SIP account management and its UI.
today's leftovers
Recent comments
3 hours 31 min ago
5 hours 48 min ago
6 hours 6 min ago
7 hours 47 min ago
7 hours 55 min ago
8 hours 4 min ago
15 hours 44 min ago
17 hours 19 min ago
1 day 2 hours ago
1 day 4 hours ago