All posts by corbet

Kroah-Hartman: Meltdown and Spectre Linux Kernel Status – Update

Post Syndicated from corbet original

Here’s a
brief update from Greg Kroah-Hartman
on the kernel’s handling of the
Meltdown and Spectre vulnerabilities. “This shows that my kernel is
properly mitigating the Meltdown problem by implementing PTI (Page Table
Isolation), and that my system is still vulnerable to the Spectre variant
1, but is trying really hard to resolve the variant 2, but is not quite
there (because I did not build my kernel with a compiler to properly
support the retpoline feature).

Wine 3.0 released

Post Syndicated from corbet original

Version 3.0 of the
Wine Windows emulation layer has been released. “This release
represents a year of development effort and over 6,000 individual
” Most of the improvements seem to be around Direct3D
graphics, but it also now possible to package up Wine as an Android app;
see the release notes for

[$] Shrinking the kernel with link-time optimization

Post Syndicated from corbet original

This is the second article of a series discussing various methods of
reducing the size of the Linux kernel to make it suitable for small

The first article
provided a short rationale for this topic, and covered the link-time
garbage collection, also called the ld --gc-sections method. We’ve seen
that, though it is pretty straightforward, link-time garbage collection has
issues of its own when applied to the kernel, making achieving optimal
results more
difficult than it is worth. In this article we’ll have a look at what the
compiler itself can do using link-time optimization.

[$] Monitoring with Prometheus 2.0

Post Syndicated from corbet original

Prometheus is a monitoring tool
built from scratch by SoundCloud in 2012. It works by pulling metrics from
monitored services and storing them in a time series database (TSDB). It
has a powerful query language to inspect that database, create alerts, and
plot basic graphs. Those graphs can then be used to detect anomalies or
trends for (possibly automated) resource provisioning. Prometheus also has
extensive service discovery features and supports high availability

That’s what the brochure says, anyway; let’s see how it works in the hands
of an old grumpy system administrator. I’ll be drawing comparisons
with Munin and Nagios frequently because those are the tools I have
used for over a decade in monitoring Unix clusters.

Analyzing the Linux boot process (

Post Syndicated from corbet original

Alison Chaiken looks
in detail at how the kernel boots
Besides starting buggy spyware, what function does early boot
firmware serve? The job of a bootloader is to make available to a newly
powered processor the resources it needs to run a general-purpose operating
system like Linux. At power-on, there not only is no virtual memory, but no
DRAM until its controller is brought up.

[$] Deadline scheduling part 1 — overview and theory

Post Syndicated from corbet original

The deadline scheduler enables the user to specify a realtime task’s
using well-defined realtime abstractions, allowing the system to make
the best scheduling decisions, guaranteeing the scheduling of realtime
tasks even in higher-load systems.
This article, the first in a series of two, provides an introduction to
realtime scheduling (deadline
scheduling in particular) and some of the theory behind it.

LSFMM 2018 call for proposals

Post Syndicated from corbet original

The 2018 Linux Storage, Filesystem, and Memory-Management Summit will be
held April 23-25 in Park City, Utah. The call for proposals has just gone
out with a tight deadline: they need to be received by January 31.
LSF/MM is an invitation-only technical
workshop to map out improvements to the Linux storage, filesystem and
memory management subsystems that will make their way into the
mainline kernel within the coming years.

[$] Meltdown/Spectre mitigation for 4.15 and beyond

Post Syndicated from corbet original

While some aspects of the kernel’s defenses against the Meltdown and
Spectre vulnerabilities were more-or-less in place when the problems were
disclosed on January 3, others were less fully formed. Additionally,
many of the mitigations (especially for the two Spectre variants) had not
been seen in public prior to the disclosure, meaning that there was a lot
of scope for discussion once they came out. Many of those discussions are
slowing down, and the kernel’s initial response has mostly come into
focus. The 4.15 kernel will include a broad set of mitigations, while some
others will have to wait for later; read on
for details on where things stand.

[$] Active state management of power domains

Post Syndicated from corbet original

The Linux kernel’s generic power domain (genpd) subsystem has been
extended to
support active state management of the power domains in the
4.15 development cycle. Power domains were
traditionally used to enable or disable power to a region of a system on
chip (SoC) but, with the recent updates, they can control the clock rate or
amount of power supplied to that region as well.
These changes improve the kernel’s ability to run the system’s hardware at
the optimal power level for the current workload.

Click below (subscribers only) for the full article contributed by Viresh

Kernel prepatch 4.15-rc8

Post Syndicated from corbet original

The 4.15-rc8 kernel prepatch is out for
testing. Among other things, it includes the “retpoline” mechanism
intended to mitigate variant 2 of the Spectre vulnerability. Testing
of this change will be hard, though, since it requires a version of GCC
that almost nobody has — watch LWN for a full article in the near future.
I’m still hoping that this will be the last
rc, despite all the Meltdown and Spectre hoopla. But we will just have to
see, it obviously requires this upcoming week to not come with any huge

[$] Opening up the GnuBee open NAS system

Post Syndicated from corbet original

GnuBee is the brand name
for a line of open hardware boards designed to provide
Linux-based network-attached storage. Given the success of the
crowdfunding campaigns for the first two products, the GB-PC1 and
(which support 2.5 and 3.5 inch drives respectively), there appears to be a
market for these devices. Given that Linux is quite good at attaching
storage to a network, it seems likely they will perform their core function
more than adequately. My initial focus when exploring my GB-PC1 is not the
performance but the openness: just how open is it really? The best analogy
I can come up with is that of a door with rusty hinges: it can be opened,
but doing so requires determination.

O’Callahan: The Fight For Patent-Unencumbered Media Codecs Is Nearly Won

Post Syndicated from corbet original

Robert O’Callahan notes
an important development
in the fight for media codecs without patent
issues. “Apple joining the Alliance for Open Media is a really big
deal. Now all the most powerful tech companies — Google, Microsoft, Apple,
Mozilla, Facebook, Amazon, Intel, AMD, ARM, Nvidia — plus content providers
like Netflix and Hulu are on board. I guess there’s still no guarantee
Apple products will support AV1, but it would seem pointless for Apple to
join AOM if they’re not going to use it: apparently AOM membership obliges
Apple to provide a royalty-free license to any ‘essential patents’ it holds
for AV1 usage.

[$] A new kernel polling interface

Post Syndicated from corbet original

Polling a set of file descriptors to see which ones can perform I/O without
blocking is a useful thing to do — so useful that the kernel provides three
different system calls (select(),
and epoll_wait()
— plus some variants) to perform it. But sometimes three is not enough;
there is now a proposal circulating for a fourth kernel polling interface.
As is usually the case, the motivation for this change is performance.

[$] Is it time for open processors?

Post Syndicated from corbet original

The disclosure of the Meltdown and Spectre
has brought a
new level of attention to the security bugs that can lurk at the hardware
level. Massive amounts of work have gone into improving the (still poor)
security of our software, but all of that is in vain if the hardware gives
away the game. The CPUs that we run in our systems are highly proprietary
and have been shown to contain unpleasant surprises (the Intel management
engine, for example). It is thus natural to wonder whether it is time to
make a move to open-source hardware, much like we have done with our
software. Such a move may well be possible, and it would certainly offer
some benefits, but it would be no panacea.

Kroah-Hartman: Meltdown and Spectre Linux Kernel Status

Post Syndicated from corbet original

Here’s an
update from Greg Kroah-Hartman
on the kernel’s response to Meltdown and
Spectre. “If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck. The lack of patches to resolve the Meltdown problem is so minor compared to the hundreds of other known exploits and bugs that your kernel version currently contains. You need to worry about that more than anything else at this moment, and get your systems up to date first.

Also, go yell at the people who forced you to run an obsoleted and insecure
kernel version, they are the ones that need to learn that doing so is a
totally reckless act.”