LWN on Kernel: LSSNA, Open Source Summit, and NFS

• System call interception for unprivileged containers [LWN.net]

  On the first day of the 2022 Linux Security Summit North America (LSSNA) in Austin, Texas, Stéphane Graber and Christian Brauner gave a presentation on using system-call interception for container security purposes. The idea is to allow unprivileged containers, those without elevated privileges on the host, to still accomplish their tasks, some of which require privileges. A fair amount of work has been done to make this viable, but there is still more to do. Graber started things off by saying that he works for Canonical on the LXD container manager project, while Brauner works for Microsoft in various areas of Linux security. Graber said that there are two types of containers these days, privileged and unprivileged, "one is bad, one is OK". He noted that privileged containers are "unfortunately what everyone uses" for Docker containers, Kubernetes, and so on.

• Two memory-tiering patch sets [LWN.net]

  Once upon a time, computers just had one type memory, so memory within a given system was interchangeable. The arrival of non-uniform memory access (NUMA) systems complicated the situation significantly; now some memory was faster to access than the rest, and memory-management algorithms had to adapt or performance would suffer. But NUMA was just the start; today's tiered-memory systems, which may include several tiers of memory with different performance characteristics, are adding new challenges. A couple of relevant patch sets currently under review help to illustrate the types of problems that will have to be solved. The core challenge with NUMA systems is ensuring that memory is allocated on the nodes where it will be used. A process that is running mostly from memory on its local node will perform better than one that is working with a lot of remote memory. So finding the right place for a given page is a one-time task; once that page and its users have found their way to the same NUMA node, the problem is solved and the only remaining concern is to avoid separating them again. Tiered memory is built on the NUMA concept, but there are some differences. A bank of memory can be represented as a NUMA node that lacks a CPU, so that memory will not be seen as local to any process in the system. As a general rule, memory on these CPU-less nodes is slower than normal system DRAM — it might be a large bank of persistent memory, for example — but that is not necessarily the case, as we will see below. Since memory on a CPU-less node is not local to any process, there must be some other criterion that regulates the allocation of memory there. The approach that is being taken is to demote pages to such a node from faster DRAM using the kernel's normal reclaim mechanisms; in a situation where a page would otherwise have been evicted or pushed to swap, it can be moved to slower memory instead. That makes use of the slower memory while keeping that page available should it turn out to still be useful. Eventually, if that page sits unused in the slower tier, it can be pushed to an even slower tier or evicted entirely. Demoting pages to slower tiers cannot be a one-way operation, though, or performance will suffer; some of those pages will end up being accessed frequently and keeping them in slow memory will slow things down. So there needs to be a mechanism for promoting pages back to faster memory. Simply moving a page back to fast memory on the first access after demotion would be one possible approach, but that would also promote infrequently used memory and would likely create a lot of movement of pages between tiers, which would have significant costs of its own; a better solution is called for.

• A "fireside" chat [LWN.net]

  In something of an Open Source Summit tradition, Linus Torvalds and Dirk Hohndel sit down for a discussion on various topics related to open source and, of course, the Linux kernel. Open Source Summit North America (OSSNA) 2022 in Austin, Texas was no exception, as they reprised their keynote on the first day of the conference. The headline-grabbing part of the chat was Torvalds's declaration that Rust for Linux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there. Hohndel introduced himself as the chief open source officer at the Cardano Foundation; he is working to help foster an open-source ecosystem around the foundation's blockchain technology. Torvalds said that these "fireside chats" are held because of his wishes; "I do software", not public speaking, he said, so the format makes it easier for him. He effectively has outsourced figuring out what people are interested in hearing about to Hohndel; with a grin, Torvalds said, "if he asks bad questions, it's not my fault".

• NFS: the new millennium [LWN.net]

  The network filesystem (NFS) protocol has been with us for nearly 40 years. While defined initially as a stateless protocol, NFS implementations have always had to manage state, and that need has been increasingly built into the protocol over successive revisions. The early days of NFS were discussed, with a focus on state management, in the first part of this series. This article completes the job with a look at the evolution of NFS since, approximately, the beginning of this millennium. The early days of NFS were controlled by Sun Microsystems, the originator of the NFS protocol and author of both the specification and implementation. As the new millennium approached, interest in NFS increased and independent implementations appeared. Of particular relevance here are the implementations in the Linux kernel that drew my attention — particularly the server implementation — and the Filer appliance produced and sold by Network Appliance (NetApp). The community's interest in NFS extended as far as a desire to have more say in the further development of the protocol. I do not know what negotiations happened, but happen they did, and one clear outcome is documented for us in RFC 2339, wherein Sun Microsystems agreed to assign to The Internet Society certain rights concerning the development of version 4 (and beyond) of NFS, providing this development achieved "Proposed Standard" status within 24 months, meaning by early 2000. That particular deadline went wooshing past and was extended. We got a "Proposed Standard" in late 2000 with RFC 3010, which was revised for RFC 3530 in April 2003 and again for RFC 7530 in March 2015.

today's howtos

• How to Install GitLab with Docker on Ubuntu 22.04

  Gitlab Server is an open-source version of the cloud-hosted Gitlab version control. This guide will teach you how to install Gitlab Server using Docker on a Ubuntu 22.04 server.

• How to install FFmpeg on Fedora 36?

  Hello, friends. Recently, we have explained to you how to install FFmpeg on CentOS 9 Stream, but we will do it on Fedora 36 because it is a very popular system, and it is convenient to know how to do it.

• How to Enable Syntax Highlighting in Notepad++ and Create your own - Techtown

  Syntax highlighting is one of the most important features available in Notepad++ Text Editor. Very useful for Developers. During the lifetime of a code, a lot of code is added and commented on. It would be difficult to differentiate between code and comments when you open it without syntax highlighting.

• Notepad++ JSON formatter Plugin (JSONViewer) - (How) Download, Install and Use - Techtown

  JSON stands for JavaScript Object Notation is a lightweight data-interchange format. Mostly you would have used it in web service to send and receive payloads. JSON is based on the collection of name/value pairs and an ordered list of values. You can use any text editor even Notepad to create and modify JSON. Smaller files are easy to read and understand. You need a tool for the large and complex one to quickly format and compress JSON. In this article, I am going to cover JSON Plugin for Notepad++ which you can use to view, format, and compress JSON.

• Learning ACPI for ARM64 part 2: Completeing Early intialization | Adam Young's Web Log

  Last article got up through allocating the memory for the ACPI Tables. Now we want to populate them. There are many lines between the allocation of the space for the tables and the finalization of the ACPI early initialization. Why? My guess is that things in-between can either lazy load entries or depend on the ACPI table without caring what is in it.

• ACPI root pointer from UEFI System Table. | Adam Young's Web Log

  As I found out after I posted my lat entry , the correct way to find the Root pointer for the ACPI tables is to get it from the EFI System table. Where does that get set? Here’s the general flow: again, we start at init/main.c. start_kernel. However, the call is not in the ACPI code, but rather in setup_arch. The call chain goes

Unleashing the Librem 14

With the Librem 14 laptop we went a couple of new ways all at once. First of all this is the most custom laptop design we have done so far. It embodies everything we wanted to have – at the time of writing the specification. But not only that, with the Librem 14 we also started to use a liberated embedded controller (EC) firmware, besides Coreboot / PureBoot of course. The EC is a pretty primitive microcontroller that evolved from the old PC keyboard controllers. Basically it is a tiny CPU running a tiny program that does a very limited set of tasks, controlling the keyboard is still one of them. The EC also controls the power up and power down of the laptop, sequencing the different voltages, making sure that all supply voltages are OK and turned on and off at the right time etc. Additionally the EC controls functions like battery charging and maintains active communication with the main Intel CPU, to feed keyboard events into it but also to poke out information like the current temperature of the Intel package so that the EC can spin up the fans when necessary.