news
Latest Half Dozen From LWN
-
GNU/Linux
-
Kernel Space
-
LWN ☛ More timing side-channels for the page cache
In 2019, researchers published a way to identify which file-backed pages were being accessed on a system using timing information from the page cache, leading to a handful of unpleasant consequences and a change to the design of the mincore() system call. Discussion at the time led to a number of ad-hoc patches to address the problem. The lack of new page-cache attacks suggested that attempts to fix things in a piecemeal fashion had succeeded. Now, however, Sudheendra Raghav Neela, Jonas Juffinger, Lukas Maar, and Daniel Gruss have found a new set of holes in the Linux kernel's page-cache-timing protections that allow the same general class of attack.
-
LWN ☛ Practical uses for a null filesystem
One of the first changes merged for the upcoming 7.0 release was nullfs, an empty filesystem that cannot actually contain any files. One might logically wonder why the kernel would need such a thing. It turns out, though, that there are places where a null filesystem can come in handy. For 7.0, nullfs will be used to make life a bit easier for init programs; future releases will likely use nullfs to increase the isolation of kernel threads from the init process.
-
LWN ☛ A safer kmalloc() for 7.0
A pull request that touches over 8,000 files, changing over 20,000 lines of code in the process, is (fortunately) not something that happens every day. It did happen at the end of the 7.0 merge window, though, when Linus Torvalds merged an extensive set of changes by Kees Cook to the venerable kmalloc() API (and its users). As a result of that work, though, the kernel has a new set of type-safe memory-allocation functions, with a last-minute bonus change to make the API a little easier to use.
-
LWN ☛ BPF comes to io_uring at last [LWN.net]
The kernel's asynchronous io_uring interface maintains two shared ring buffers: a submission queue for sending requests to the kernel, and a completion queue containing the results of those requests. Even with shared memory removing much of the overhead of communicating with user space, there is still some overhead whenever the kernel must switch to user space to give it the opportunity to process completion requests and queue up any subsequent work items. A patch set from Pavel Begunkov minimizes this overhead by letting programmers extend the io_uring event loop with a BPF program that can enqueue additional work in response to completion events. The patch set has been in development for a long time, but has finally been accepted.
To use io_uring, the programmer sets up appropriate shared buffers with io_uring_setup() and mmap() before putting a number of io_uring_sqe (submission queue event) structures in the submission queue. The kernel can be notified of the presence of new events to process in two ways: by setting up a dedicated kernel thread to poll the queue, or by having user space call io_uring_enter() periodically.
-
-
-
Distributions and Operating Systems
-
Fedora Family / IBM
-
LWN ☛ Fedora ponders a "sandbox" technology lifecycle [LWN.net]
Fedora Project Leader (FPL) Jef Spaleta has issued a ""modest proposal"" for a technology-innovation-lifecycle process that would provide more formal structure for adopting technologies in Fedora. The idea is to spur innovation in the project without having an adverse impact on stability or the release process. Spaleta's proposal is somewhat light on details, particularly as far as specific examples of which projects would benefit; however, the reception so far is mostly positive and some think that it could make Fedora more "competitive" by being the place where open-source projects come to grow.
Spaleta said some people may have already heard about his idea, which he has been calling the ""Fedora Sandbox"". It would be used to test, refine, and validate ""experimental features, components, output, process or services"" without a commitment to integrate any of the experiments into Fedora. The technologies that would be appropriate for the sandbox are those that need to mature or prove themselves in some way. For example, a technology may need time to become stable enough to rely on, or it may be stable but need to demonstrate that there is enough community interest to sustain the technology long term.
-
-
-
Leftovers
-
Security
-
Privacy/Surveillance
-
LWN ☛ Cindy Cohn on privacy battles old and new
Cindy Cohn is the executive director of the Electronic Frontier Foundation (EFF) and she gave the Saturday morning keynote at SCALE 23x in Pasadena about some of the work she and others have done to help protect online rights, especially digital privacy. The talk recounted some of the history of the court cases that the organization has brought over the years to try to dial back privacy invasions. One underlying theme was the role that attendees can play in protecting our rights, hearkening back to earlier efforts by the technical community.
Cohn has been the executive director for the past decade and worked for EFF for 26 years, plus a few years before that informally. She is soon to be the former executive director as she is stepping down, ""because it's time to pass the torch"", sometime over the northern-hemisphere summer. She was wearing a T-shirt that colleagues had made for her which said "Let's sue the government"; she said ""I'm not done suing the government"" even though she is leaving the leadership role. On her way out she has written a book, Privacy's Defender, which came out on March 10, two days after her talk. The keynote was her ""first official stab at a 'book talk'"".
-
-
-