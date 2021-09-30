LWN's In-Depth Article About Linux (Kernel) and Linux 5.16 Sound
Lessons from the linux-distros mailing list [LWN.net]
The oss-security mailing list is specifically set up for reports and discussion of security flaws in open-source software after their embargo, if any, has expired. But the response to a recent report of the fix for a security flaw in the Linux kernel went in a different direction than usual. The report did not break the two-week embargo period, instead it was "late", which has highlighted some problems in the management of flaws of this nature.
The report from Lin Ma was for a use-after-free vulnerability in the near-field communication (NFC) protocol stack in the kernel. It had been found by fuzzing and was duly reported to the closed security@kernel.org and linux-distros mailing lists on September 1; it was assigned CVE-2021-3760 on the same day. Ma gave a detailed report of the problem to oss-security on October 26—nearly two months later. The flaw itself is difficult to trigger; it may require a compromised NFC device to send the malicious packet sequence.
Alexander Peslyak (or "Solar Designer"), who administers oss-security and linux-distros, replied, noting the large gap in time before the public disclosure, which Ma had apologized for in the report. Peslyak said that there were multiple problems in the handling of the report to linux-distros. "Let's use this opportunity to learn from the mishandling of this issue and avoid that for other issues."
Replacing congestion_wait() [LWN.net]
Memory management is a balancing act in a number of ways. The kernel must balance the needs of current users of memory with anticipated future needs, for example. The kernel must also balance the act of reclaiming memory for other uses, which can involve writing data to permanent storage, with the rate of data that the underlying storage devices are able to accept. For years, the memory-management subsystem has used storage-device congestion as a signal that it should slow down reclaim. Unfortunately, that mechanism, which was a bit questionable from the beginning, has not worked in a long time. Mel Gorman is now trying to fix this problem with a patch set that moves the kernel away from the idea of waiting on congestion.
Synchronized GPU priority scheduling [LWN.net]
Since the early days, Unix-like systems have implemented the concept of process priorities, where higher-priority processes are given more CPU time to get their work done. Implementations have changed, and alternatives (such as deadline scheduling) are available for specialized situations, but the core priority (or, in an inverted sense, "niceness") concept remains essentially the same. What should happen, though, in a world where increasing amounts of computing work is done outside of the CPU? Tvrtko Ursulin has put together a patch set showing how the nice mechanism can be extended to GPUs as well.
As Ursulin describe the situation, the "current processing landscape seems to be more and more composed of pipelines where computations are done on multiple hardware devices". The kernel directly controls the availability of CPU time for the work that is actually done on the CPU. But, increasingly, computing work is offloaded to GPUs, AI accelerators, or cryptocurrency-mining peripherals. Those processors, while capable, can also be overloaded by the demands placed on them. If they run their workloads in a way that disagrees with the kernel's idea of process priorities, the end result may not be what the user would like to see.
As an example, Ursulin pointed out that the Chrome browser will lower the priority of tabs that are not currently in the foreground. If one of those background tabs is doing a lot of rendering in the GPU, though, it may slow down the foreground tab even though the background work is supposed to be running at low priority. It turns out that at least some of these GPUs, including some Intel i915 versions, can perform priority-based scheduling internally. But that requires informing the GPU of the relevant priorities, and there is currently no way to communicate those decisions, which are made in user space, to the GPU.
Controlling the CPU scheduler with BPF [LWN.net]
While the BPF virtual machine has been supported by Linux for most of the kernel's existence, its role for much of that time was limited to, as its full name (Berkeley packet filter) would suggest, filtering packets. That began to change in 2012 with the introduction of seccomp() filtering, and the pace picked up in 2014 with the arrival of the extended BPF virtual machine. At this point, BPF hooks have found their way into many kernel subsystems. One area that has remained BPF-free, though, is the CPU scheduler; that could change if some version of this patch set from Roman Gushchin finds its way into the mainline.
There are several CPU schedulers in the kernel, each of which works cooperatively to handle specific types of workloads. In systems without realtime processes, though, almost all scheduling is done by the Completely Fair Scheduler (CFS), to the point that most people probably just think of it as "the scheduler". CFS is a complicated beast; it embodies a set of hard-learned heuristics that seek to maximize performance for a wide variety of workloads, and has a number of knobs to tweak for the cases where the heuristics need help. CPU scheduling is a complex task, though, and it is not surprising that the results from CFS are not always seen as being optimal by all users.
Linux 5.16 Sound Ready To Play On AMD VanGogh + Yellow Carp, Continues USB Low-Latency - Phoronix
The Linux sound subsystem is seeing some useful and significant additions with the Linux 5.16 kernel.
Sound subsystem maintainer Takashi Iwai of SUSE today submitted the feature pull, which has already been accepted into mainline.
Security Leftovers
Join the fight against software patents with the revamped campaign site
There are many problems caused by the enforcement of patents in the software industry, but it is important to first understand how user and developer freedoms are affected. If you don't know what End Software Patents (ESP) is about, please read the recent article we posted on the issue of software patents. To support the continued fight against software patents, we are happy to announce that the ESP campaign pages have been completely revamped! In this brief post, we will go over the main changes that you should know about. ESP has been active for many years, campaigning and influencing public policies around the world. The campaign has been extremely influential, and has become known as one of the most popular global campaigns against software patents, especially after publishing Patent Absurdity, a documentary that demonstrated the severity of the issue. So far, it has been able to influence important court rulings and policy decisions on software patents in a positive direction. However, a major challenge that ESP had to face was to attract people who were not familiar with the legal aspects of software. The main target audience consisted mainly of developers, lawyers, and people related to the software industry. But this wasn't optimal, because software patents ultimately affect every single software user.
