All posts by corbet

[$] Dueling memory-management performance regressions

Post Syndicated from corbet original https://lwn.net/Articles/790985/rss

The 2019 Linux Storage, Filesystem, and
Memory-Management Summit
included a
detailed discussion
about a memory-management fix that
addressed one performance regression while causing another. That fix,
which was promptly reverted, is still believed by most memory-management
developers to implement the correct behavior, so a
patch
posted by Andrea Arcangeli in early May has relatively broad
support. That patch remains unapplied as of this writing, but the
discussion surrounding it has continued at a slow pace over the last
month. Memory-management subsystem maintainer Andrew Morton is faced with
a choice: which performance regression is more important?

[$] Short waits with umwait

Post Syndicated from corbet original https://lwn.net/Articles/790920/rss

If a user-space process needs to wait for some event to happen, there is a
whole range of mechanisms provided by the kernel to make that easy. But
calling into the kernel tends not to work well for the shortest of waits
— those measured in small numbers of microseconds. For delays of this
magnitude, developers often resort to busy loops, which have a much
smaller potential for turning a small delay into a larger one.
Needless to say, busy waiting has its own disadvantages, so Intel has come up
with a set of instructions to support short delays. A patch
set
from Fenghua Yu to support these instructions is currently working
its way through the review process.

[$] Generalized events notification and security policies

Post Syndicated from corbet original https://lwn.net/Articles/790831/rss

Interfaces for the reporting of events to user space from the kernel have
been a recurring topic on the kernel mailing lists for almost as long as
the kernel has existed; LWN covered one 15
years ago, for example. Numerous special-purpose event-reporting APIs
exist, but there are none that are designed to be a single place to
obtain any type of event. David Howells is the latest to attempt to change
that situation with a
new notification interface
that, naturally, uses a ring buffer to
transfer events to user space without the need to make system calls. The
API itself (which hasn’t changed greatly since it was posted in 2018) is not hugely controversial,
but the associated security model has inspired a few heated discussions.

Kernel prepatch 5.2-rc4

Post Syndicated from corbet original https://lwn.net/Articles/790816/rss

The 5.2-rc4 kernel prepatch is out for
testing. “We’ve had a fairly calm release so far, and on the whole that seems to
hold. rc4 isn’t smaller than rc3 was (it’s a bit bigger), but rc3 was
fairly small, so the size increase isn’t all that worrisome. I do hope
that we’ll start actually shrinking now, though.

[$] Detecting and handling split locks

Post Syndicated from corbet original https://lwn.net/Articles/790464/rss

The Intel architecture allows misaligned memory access in situations
where other architectures (such as ARM or RISC-V) do not. One such
situation is atomic operations on memory that is split across two cache
lines. This feature is largely unknown, but its impact is even less so. It
turns out that the performance and security impact can be significant,
breaking realtime applications or allowing a rogue application to slow the
system as a whole. Recently, Fenghua Yu has been working on detecting and
fixing these issues in the split-lock
patch set
, which is currently on its eighth revision.

[$] Renaming openSUSE

Post Syndicated from corbet original https://lwn.net/Articles/790298/rss

In mid-May, LWN reported on the
discussions in the openSUSE project over whether a separation from SUSE
would be a good move. It would appear that this issue has
been resolved and that openSUSE will be setting up a foundation as its new
home independent of the SUSE corporation. But now the community has been
overtaken by a new, related discussion that demonstrates a characteristic
of free-software projects: the hardest issues are usually related to
naming.

Severe vulnerability in Exim

Post Syndicated from corbet original https://lwn.net/Articles/790553/rss

Qualys has put out an advisory on a vulnerability in the Exim mail transfer
agent, versions 4.87 through 4.91; it allows for easy command execution by
a local attacker and remote execution in some scenarios. “To remotely
exploit this vulnerability in the default configuration, an attacker
must keep a connection to the vulnerable server open for 7 days (by
transmitting one byte every few minutes). However, because of the
extreme complexity of Exim’s code, we cannot guarantee that this
exploitation method is unique; faster methods may exist.
” Sites
running Exim should upgrade to 4.92 if they have not already.

CockroachDB relicensed

Post Syndicated from corbet original https://lwn.net/Articles/790307/rss

The CockroachDB database management system has been
relicensed
; the new license is non-free. “CockroachDB users can
scale CockroachDB to any number of nodes. They can use CockroachDB or embed
it in their applications (whether they ship those applications to customers
or run them as a service). They can even run it as a service
internally. The one and only thing that you cannot do is offer a commercial
version of CockroachDB as a service without buying a license.

Firefox adds tracking protection by default

Post Syndicated from corbet original https://lwn.net/Articles/790306/rss

The Mozilla blog announces
a new Firefox feature: “One of those initiatives outlined was to
block cookies from known third party trackers in Firefox. Today, Firefox
will be rolling out this feature, Enhanced Tracking Protection, to all new
users on by default, to make it harder for over a thousand companies to
track their every move. Additionally, we’re updating our privacy-focused
features including an upgraded Facebook Container extension, a Firefox
desktop extension for Lockwise, a way to keep their passwords safe across
all platforms, and Firefox Monitor’s new dashboard to manage multiple email
addresses.

Šabić: eBPF and XDP for Processing Packets at Bare-metal Speed

Post Syndicated from corbet original https://lwn.net/Articles/790243/rss

Nedim Šabić has written a
tutorial article on using the eXpress Data Path
for fast packet
filtering. “Now comes the most relevant part of our XDP program that
deals with packet’s processing logic. XDP ships with a predefined set of
verdicts that determine how the kernel diverts the packet flow. For
instance, we can pass the packet to the regular network stack, drop it,
redirect the packet to another NIC and such. In our case, XDP_DROP yields
an ultra-fast packet drop.

[$] Yet another try for fs-verity

Post Syndicated from corbet original https://lwn.net/Articles/790185/rss

The fs‑verity mechanism has its origins in the Android project; its purpose
is to make individual files read-only and enable the kernel to detect
any modifications that might have been made, even if those changes happen
offline. Previous fs‑verity implementations have run into criticism in the
development community, and none have been merged. A new
version of the patch set
was posted on May 23; it features a
changed user-space API and may have a better chance of getting into the
mainline.

[$] SIGnals from KubeCon

Post Syndicated from corbet original https://lwn.net/Articles/789715/rss

The basic organizational construct within the Kubernetes project is a set
of
Special Interest Groups (SIGs), each of which represents a different area of
responsibility within the project. Introductions to what the various SIGs
do, as well as more detailed sessions, were a core part of KubeCon + CloudNativeCon Europe 2019, as the different groups explained what
they’re doing now and their plans for the future. Two sessions, in
particular, covered the work of the Release and Architecture SIGs, both of
which have a key role in driving the project forward.

[$] A ring buffer for epoll

Post Syndicated from corbet original https://lwn.net/Articles/789603/rss

The set of system calls known collectively as epoll was
designed to make polling for I/O events more scalable. To that end, it
minimizes the amount of setup that must be done for each system call and
returns multiple events so that the number of calls can also be minimized.
But that turns out to still not be scalable enough for some users. The
response to this problem, in the form of this patch
series
from Roman Penyaev, takes a familiar form: add yet another
ring-buffer interface to the kernel.

Krita 4.2.0 released

Post Syndicated from corbet original https://lwn.net/Articles/789729/rss

Version 4.2.0
of the Krita paint tool is out. “New in Krita 4.2.0 is updated
support for drawing tablets, support for HDR monitors on Windows, an
improved color palette docker, scripting API for animation, color gamut
masking, improved selection handling, much nicer handling of the
interaction between opacity and flow and much, much, much more
” See
the release
notes
for more details.