All posts by corbet

[$] The rapid growth of io_uring

Post Syndicated from corbet original https://lwn.net/Articles/810414/rss

One year ago, the io_uring subsystem did
not exist in the mainline kernel; it showed up in the 5.1 release in May
2019. At its core, io_uring is a mechanism for performing asynchronous
I/O, but it has been steadily growing beyond that use case and adding new
capabilities. Herein we catch up with the current state of io_uring, where
it is headed, and an interesting question or two that will come up along
the way.

[$] How to contribute to kernel documentation

Post Syndicated from corbet original https://lwn.net/Articles/810404/rss

Some years back, I was caught in a weak moment and somehow became the
kernel documentation maintainer. More recently, I’ve given a few talks on
the state of kernel documentation and the sort of work that needs to be
done to make things better. A key part of getting that work done is
communicating to potential contributors the tasks that they might helpfully
take on — a list that was, naturally, entirely undocumented. To that end,
a version of the following document is currently under review and headed
for the mainline. Read on to see how you, too, can help to make the
kernel’s documentation better.

Roose: PHP in 2020

Post Syndicated from corbet original https://lwn.net/Articles/810158/rss

Brent Roose argues that
it is time to take another look at PHP. “In this post, I want to
look at this bright side of PHP development. I want to show you that,
despite its many shortcomings, PHP is a worthwhile language to learn. I
want you to know that the PHP 5 era is coming to an end. That, if you want
to, you can write modern and clean PHP code, and leave behind much of the
mess it was 10 years ago.

[$] process_madvise(), pidfd capabilities, and the revenge of the PIDs

Post Syndicated from corbet original https://lwn.net/Articles/810076/rss

Once upon a time, there were few ways for one process to operate upon
another after its creation; sending signals and ptrace() were
about it. In recent years, interest in
providing ways for processes to control others has been on the increase,
and the kernel’s process-management API has been expanded accordingly.
Along these lines, the process_madvise() system call has been proposed as a way for one process to influence
how memory management is done in another. There is a new
process_madvise() series which is interesting in its own right,
but this series has also raised a couple of questions about how process
management should be improved in general.

[$] KRSI and proprietary BPF programs

Post Syndicated from corbet original https://lwn.net/Articles/809841/rss

The “kernel runtime security instrumentation” (or KRSI) patch set enables
the attachment of BPF programs to every security hook in the kernel; LWN covered this work in December. That article
focused on ABI issues, but it deferred another potential problem to
our 2020 predictions: the possibility that
vendors could start shipping proprietary BPF programs for use with
frameworks like KRSI. Other developers
did pick up on the possibility that KRSI could be abused this way, though,
leading to a discussion on whether
KRSI should continue to allow the loading of BPF programs that do not carry
a GPL-compatible license.

Fedora CoreOS out of preview (Fedora Magazine)

Post Syndicated from corbet original https://lwn.net/Articles/809917/rss

Fedora Magazine reports
that the Fedora CoreOS distribution is now deemed ready for use.
Fedora CoreOS is a new Fedora Edition built specifically for running
containerized workloads securely and at scale. It’s the successor to both
Fedora Atomic Host and CoreOS Container Linux and is part of our effort to
explore new ways of assembling and updating an OS. Fedora CoreOS combines
the provisioning tools and automatic update model of Container Linux with
the packaging technology, OCI support, and SELinux security of Atomic
Host.

[$] Scheduling for the Android display pipeline

Post Syndicated from corbet original https://lwn.net/Articles/809545/rss

Android users make heavy use of the displays on their devices for almost
all of their interaction; good display performance is thus critical for a
satisfactory user experience. Achieving that performance is not always
easy; there are a lot of pieces that need to work together, and the kernel
does not always support this collaboration as well as one might like. The
Android team is currently considering a number of combinations of existing
kernel features and possible enhancements in its efforts to provide the
best display experience possible.

GNU Guile 3.0.0 released

Post Syndicated from corbet original https://lwn.net/Articles/809825/rss

Version 3.0.0 of the Guile implementation of the Scheme programming
language has been released. There’s a lot of work here, including a new,
lower-level byte code implementation, interleaved internal definitions, a
new exception implementation, and much more. “Guile programs now run up to 4 times faster, relative to Guile 2.2,
thanks to just-in-time (JIT) native code generation. Notably, this
brings the performance of “eval” as written in Scheme back to the level
of ‘eval’ written in C, as in the days of Guile 1.8.

[$] Accelerating netfilter with hardware offload, part 1

Post Syndicated from corbet original https://lwn.net/Articles/809333/rss

Supporting network protocols at high speeds in pure software is getting
increasingly difficult, with 25-100Gb/s interfaces available now and
200-400Gb/s starting to show up. Packet processing at 100Gb/s must happen in 200 cycles or less, which does
not leave much room for processing at the operating-system
level. Fortunately some operations can be performed by hardware,
including checksum verification and offloading parts of the packet send and
receive paths.

As modern hardware adds more functionality, new options are
becoming available. The 5.3 kernel includes a patch set from Pablo Neira
Ayuso that added
support
for offloading some packet filtering with netfilter. This patch
set not only adds the offload support, but also performs a refactoring of
the existing offload paths in the generic code and the network card
drivers. More work came in the following kernel releases. This seems like a
good moment to review the recent advancements in offloading in the network
stack.

Exploit that gives remote access affects ~200 million cable modems (ars technica)

Post Syndicated from corbet original https://lwn.net/Articles/809447/rss

Ars technica reports
on the “Cable Haunt” vulnerability
that afflicts a large number of
cable modems. “The first and most straightforward way is to serve malicious JavaScript that causes the browser to connect to the modem. Normally, a mechanism called cross-origin resource sharing prevents a Web application from one origin (such as malicious.example.com) from working on a different origin (such as 192.168.100.1, the address used by most or all of the vulnerable modems).

Websockets, however, aren’t protected by CORS, as the mechanism is usually
called. As a result, the modems will accept the remote JavaScript, thereby
allowing attackers to reach the endpoint and serve it code.” Thus
far, there doesn’t seem to be any information out there on whether routers
running OpenWrt are vulnerable.

Szorc: Mercurial’s Journey to and Reflections on Python 3

Post Syndicated from corbet original https://lwn.net/Articles/809336/rss

Here is a
longish blog entry
from Mercurial maintainer Gregory Szorc on the
painful process of converting Mercurial to Python 3. “I
anticipate a long tail of random bugs in Mercurial on Python 3. While the
tests may pass, our code coverage is not 100%. And even if it were, Python
is a dynamic language and there are tons of invariants that aren’t caught
at compile time and can only be discovered at run time. These invariants
cannot all be detected by tests, no matter how good your test coverage
is. This is a feature/limitation of dynamic languages. Our users will
likely be finding a long tail of miscellaneous bugs on Python 3 for
years.

5.5-rc6 and stable kernels too

Post Syndicated from corbet original https://lwn.net/Articles/809256/rss

The 5.5-rc6 kernel prepatch is out for
testing. “Let’s see how things go. I do suspect that this ends up
being one of those ‘rc8’ releases, not because things look particularly bad
right now, but simply because the holiday season has meant that both the
testing side and the development side have been quiet. But who
knows?

On the stable side,
5.4.11,
4.19.95,
4.14.164,
4.9.209, and
4.4.209
have all been released with another set of important fixes.

[$] configfd() and shifting bind mounts

Post Syndicated from corbet original https://lwn.net/Articles/809125/rss

The 5.2 kernel saw the addition of an extensive new API for the mounting
(and remounting) of filesystems; this
article
covered an early version of that API. Since then, work in this
area has mostly focused on enabling filesystems to support this API fully.
James Bottomley has taken a look at this API as part of the job of
redesigning his shiftfs filesystem and
found it to be incomplete. What has followed is a significant set of
changes that promise to simplify the mount API — though it turns out that
“simple” is often in the eye of the beholder.

OpenWrt 19.07.0

Post Syndicated from corbet original https://lwn.net/Articles/809159/rss

Version 19.07.0 of the OpenWrt router distribution is available.
With this release, the OpenWrt project brings all supported targets back
to a single common kernel version and further refines and broadens
existing device support. It also introduces a new ath79 target and
brings support for WPA3.
” There are some known issues; read through
the full announcement before updating.

[$] Grabbing file descriptors with pidfd_getfd()

Post Syndicated from corbet original https://lwn.net/Articles/808997/rss

In response to a growing desire for ways to control groups of processes
from user space, the kernel has added a number of mechanisms that allow one
process to operate on another. One piece that is currently missing,
though, is the ability for a process to snatch a copy of an open file
descriptor from
another. That gap may soon be filled, though, if the pidfd_getfd()
system-call patch set
from Sargun Dhillon is merged.

Maddock: The End of Indie Web Browsers

Post Syndicated from corbet original https://lwn.net/Articles/809051/rss

Samuel Maddock writes
that the adoption of the “encrypted media extensions” by the World Wide Web
Consortium has had just the sort of effect that people were worried about four years ago.
No longer is it possible to build your own web browser capable of
consuming some of the most popular content on the web. Websites like
Netflix, Hulu, HBO, and others require copyright content protection which
is only accessible through browser vendors who have license agreements with
large corporations.