CybserSecurity News

Tag: Linux Kernel

  • Linux is greatly improving boot performance through patches

    The Linux system has been preparing a series of patches since February this year to shorten the boot time of the system on AMD EPYC and Intel Xeon platforms. Through these patch improvements, the Linux kernel startup time on the 96-thread Skylake platform has been reduced from 500 milliseconds to 34 milliseconds.
    install software Linux

    These series of patches are mainly used to improve the startup performance of multi-core/multi-threaded server and workstation processor systems. Essentially, it improves the utilization of processor cores and threads to shorten the Linux Kernel startup time and supports platforms such as AMD RPYC server processor, AMD RYZEN thread tearer series, Intel Xeon Xeon server processor, etc.

    The Linux Kernel maintenance team can obtain higher parallel performance through optimizations related to the time stamp counter synchronization (TSC synchronization) of the kernel execution and the start of the processor interrupt phase. The maintenance team also checked the time spent in the initial INIT/SIPI phase to see if there is any room for optimization.

    Interested users can click here to view patch details.

  • Linux kernel disables Samsung 860/870 SSD TRIM and NCQ

    As early as 2019, users reported that there would be problems when using Samsung 860 Evo SATA SSD on Linux systems, but due to the small number of reports, this problem did not attract attention. The Samsung 870 Evo SATA SSD that was launched subsequently has the same problem. This problem is mainly related to the performance of the drive, and various abnormal locks and error messages may occur during use.

    After two years of investigation, Linux engineers confirmed that there are some faults in the above-mentioned solid-state hard drives. As a countermeasure, the maintenance team in the latest version of Linux Kernel has banned the TRIM and NCQ functions of the above-mentioned solid-state disks through patches, both of which are used to optimize the drive.

    Samsung 870 EVO SSD

    According to the survey results, it has been determined that the Queued Trim command used by the SATA versions of Samsung 860 Evo and 870 Evo will cause failures of Intel, ASmedia, and Marvell SATA ACHI controllers, and such failures are more likely to occur on the ATI AMD ACHI platform.

    The TRIM command allows the operating system to notify the solid-state drive which data is no longer in use and can be erased. After the data is sorted through the Trim command, the write speed of the solid-state drive can be improved. At present, almost all newly introduced solid-state hard drives support the TRIM command and are automatically turned on.

    NCQ is a technology on SATA, which allows the system to optimize the queuing and movement of data according to the load for best performance. Both NCQ and TRIM are used to improve the performance of the drive. When it is turned on by default, compatibility failures may cause Linux users to encounter problems, such as the system stalls for 20 to 30 seconds during the startup phase.

    As a countermeasure, Linux Kernel has disabled all TRIM and NCQ functions of the 860 and 870 Evo SATA versions. Of course, this may have a performance impact, but unfortunately, there is no other solution for the time being.

    It is worth noting that Samsung is somewhat ambiguous on this issue. Samsung seems to have disabled the Queued Trim function for all 800 series SSDs, but Samsung told the Linux Kernel maintenance team that there are no problems with models other than 840 and 850, but this time the repair is 860 and 870. In view of such problems, it is recommended that Linux users do not use all the hard drives of the Samsung 800 series, to avoid such failures that affect the use or cause performance degradation.

  • Linux 5.15 will enable “-Werror” for all kernel builds by default

    Linus Torvalds submitted and incorporated a change to Linux 5.15 to enable the “-Werror” compiler flag for all kernel builds by default. The “-Werror” compiler flag treats all warnings as build errors, thereby forcing developers to pay attention to some build warnings that may be ignored at ordinary times, and give priority to them because they will interrupt the build process. Many software projects now use “-Werror” by default to strengthen quality control to ensure that warnings are resolved, but most of them have not reached the scale of the Linux kernel.
    Zonefs Linux file system

    Linus pointed out in the submission that the construction of the kernel should not cause any compiler warnings. At the same time, this patch adds WERROR as a Kconfig switch, which controls whether to enable the “-Werror” flag, which is turned on by default. However, if the new compiler version introduces new warnings and the kernel cannot fix them immediately, you can also disable the “-Werror” flag at this time.

    Finally, Linus expressed the hope that this feature can reduce the pull requests it receives because many of these requests are warnings that have not been noticed by the automated process.

  • Linux Kernel will support AV1 decoding

    At present, the number of hardware platforms that provide accelerated AV1 encoding on the market is still very limited, but as more hardware supporting this royalty-free video codec encoding/decoding comes on the market, the media subsystem of the Linux kernel is also getting ready to support it.

    Daniel Almeida from Collabora issued a “request for comments” (RFC) series of patches to implement the stateless AV1 user-space API (AV1 uAPI) for the Linux kernel in the media subsystem.

    Linux Kernel 4.20

    AV1 uAPI is built around the design and requirements of the AOMedia AV1 specification and follows the stateless design that the media subsystem has been working hard to develop. With the introduction of this series of patches, “VIVPU” is also used as a virtual driver to display the user-space API. VIVPU does not try any actual decoding/encoding, just to implement the user-space API for testing purposes. Collabora has also developed a GStreamer decoder for this virtual drive.

    If you are interested in the work of the Linux media subsystem around stateless AV1 decoding, check out this patch.

  • Linux has canceled support for IDE drivers in the 5.14 kernel version

    For younger computer players, it is estimated that there is not much idea about the IDE interface. Parallel ATA hard drives have also disappeared in the mainstream market for a long time. The PATA standard specification was produced in the mid-1980s, and it was quickly promoted due to its low price and strong compatibility. With the continuous improvement of DMA mode transmission speed standards, especially after the Intel 430TX chipset provides support for Ultra DMA 33, it became the standard interface for hard disks and optical drives on the market at that time.

    Linux kernel removing support x32

    Recently, Linux founder Linus Torvalds released an update on the Linux kernel mailing list, announcing the arrival of version 5.14 of the Linux kernel. At the same time, it was confirmed that support for IDE drivers will be canceled. In recent years, with the development of computers, the IDE interface has long become irrelevant, and the SATA interface has completely replaced it.

    This news is not surprising. At the beginning of the year, upstream developers already had such a proposal. About two years ago, the traditional IDE driver code was essentially obsolete and was marked to be removed around 2021. With the continuous development of the Linux kernel, it is becoming more and more difficult to support the code of legacy devices. In addition to the reduction in demand, it is necessary to partially remove the support for certain devices to reduce the code. Linus Torvalds said that this work should have been done a long time ago, but simply deleting the code related to IDE driver support is not enough to balance the growth of the kernel, but it is still a good thing to see the cleanup of historical legacy code.

    But it should be noted that this only involves IDE driver support. The IDE itself will still be provided on the modern Linux kernel version through the libata layer, after all, many old devices are still using IDE devices. The Linux kernel has relied on libata for better support for a long time and will stick to it.

  • The patch to add Rust support to the Linux kernel is ready

    On July 4, a revised set of patches was submitted to the Linux kernel mailing list. The patch provided support for using Rust as an auxiliary programming language in the Linux kernel. With Rust, the security of the Linux kernel and memory can be improved.

    The whole set of patches contains 17 sub-items. It not only provides preliminary Rust support for the Linux kernel but also provides a driver example with a total of more than 33,000 lines of new code.

    Facebook Rust Foundation

    Miguel Ojeda has been leading the work of “Rust for Linux”. Previously, we also reported that Google-funded the project to improve the security of the Linux kernel so that this programming language can be used in the kernel. Although the kernel merger of Linux 5.14 is still in progress, this set of patches is not currently marked as “Pull Request”, so it is expected that this set of patches will not officially land on Linux until the next merge cycle.

    The enabling of Rust for Linux has now reached more than 33,000 lines of code. One of the reasons why so much code is included is that a subset of Rust’s “alloc” standard library is currently included in the data structure, and some content has been added to it. This allows developers to customize according to their needs. At the same time, provide the required time to upstream to evaluate this change. The ultimate goal is to put everything the kernel needs in the upstream “alloc” and remove it from the kernel tree

    Another change of these new patches is that in the previous version if you want to compile the Linux kernel, you need to use the nightly version of the Rust compiler, and now the kernel can use the beta and stable versions of the Rust compiler. However, because the support for the kernel does require some of the latest features of the Rust compiler, the Beta version and the stable version will fail to compile under certain circumstances.

    In addition to supporting AArch64, PowerPC, and x86_64, ARM 32-bit and RISC-V are now also supported by this Rust for Linux. For more details, you can find these latest Rust for Linux kernel patches in the kernel mailing list.

  • Google sponsors the Linux project, the Linux kernel will have Rust code for the first time

    The search engine giant is trying hard to use Rust code in the Linux kernel, which is a major technological change after only using the C language for decades. Google said on Thursday that they are funding a project to improve the security of Linux by writing the kernel part of the operating system in the Rust programming language. If the project succeeds, this change will mark a major technological change in an open-source software project. This move can strengthen the security of the Internet and smart devices. After all, Linux is the foundation of Android, Chrome OS, and many infrastructures on the Internet.

    Miguel Ojeda has written the software used in the particle accelerator and has worked on programming language security. Therefore, Google signed a contract with Miguel, hoping to use his work in Rust for Linux and related security background to improve the memory security of the Linux kernel. This contract will last until at least next year.

    Google’s goal is not to replace all the C code in the Linux operating system with Rust, but to use Rust to selectively improve existing parts and parts that will be added in the future.

    Since the Linux operating system was launched in 1991, it has been written in the powerful but somewhat “old” C programming language. The C language was introduced as early as 1972, and it is more vulnerable to hacker attacks than contemporary programming languages.

    In contrast to C, Rust was developed by Mozilla, the developer of the Firefox browser, and is now managed by the independent Rust Foundation. This programming language makes it safer to write software to memory. Moreover, in Stack Overflow’s annual developer survey, Rust has been ranked as the most favorite programming language for five consecutive years.

  • Linux 5.10 LTS will continue to be maintained until the end of 2026

    As the latest long-term support version, Linux 5.10 LTS was only planned to be maintained until the end of 2022 when it was first launched. However, after enough companies intervened to improve and test, Linux 5.10 LTS will now be maintained until the end of 2026.

    Linux 5.10 LTS was originally planned to be maintained until the end of next year, while previous kernels such as Linux 5.4 LTS will be maintained until 2024, and even earlier Linux 4.19 LTS and 4.14 LTS will be maintained until 2024. In contrast, the life cycle of Linux 5.10 LTS appears to be very short. This is mainly due to the limited number of developers and organizations that have helped test new candidate versions and promised to use this kernel LTS series. But now that enough participants have joined the 5.10 LTS, Greg Kroah-Hartman confirmed that he will maintain this version together with Sasha Levin until December 2026.

    This will allow Linux 5.10 LTS to receive six years of continuous maintenance. At the same time, Linux 4.4 LTS will end its support early next year after six years of operation. This is good news for a series of branch systems that use the Linux 5.10 kernel, such as the Debian 11 and Android 12 operating systems.

  • The sound updates for Linux 5.13 have been merged into the mainline

    The audio-related update for Linux 5.13 has been released and has been merged into the mainline. This year, PipeWire continues to gain attention in improving the sound of the Linux userspace, and the kernel’s sound driver continues to be improved, and support for new devices has been added.

    In this version, the Linux kernel introduces the VirtIO sound driver, which complies with the new VirtIO sound device specification and is part of the IO virtualization standard. VirtIO sound is designed for situations where audio is needed but device pass-through or emulation is not available.

    Linux kernel removing support x32

    Here are some highlights:

    Core:
    – A common mute-LED framework was introduced;
    used by HD-audio for now, more adaption will follow later.
    The former “Mic Mute-LED Mode” mixer control has been replaced with
    the corresponding sysfs now.
    – User-control management was changed to count consumed bytes instead
    of capping by number of elements;
    this will allow more controls in the normal usage pattern while
    avoiding the possible memory exhaustion DoS

    ASoC:
    – Continued refactoring and cleanups in ASoC core and generic card
    drivers
    – Wide range of small cppcheck and warning fixes
    – New drivers for Freescale i.MX DMA over rpmsg, Mediatek MT6358
    accessory detection, and Realtek RT1019, RT1316, RT711 and RT715

    USB-audio:
    – Continued improvements and fixes of the implicit feedback mode,
    including better support for Pioneer and Roland/BOSS devices

    HD-audio:
    – Default back to non-buffer preallocation on x86
    – Cirrus codec improvements, more quirks for Realtek codecs

    Others:
    – New virtio sound driver
    – FireWire Bebob updates

  • Sony will bring Linux a solution to insufficient device memory

    Sony engineer Peter Enderborg recently proposed a new Watchdog software in an email from LKML. The full name of Watchdog is Watchdog Timer, also known as COP (Computer Operating Properly) timer, which is generally used in computers to detect unrecoverable errors and reset the system in this case. Similarly, in the case of out-of-memory (OOM), there are some watchdogs that can perform corresponding functions.

    However, according to Peter Enderborg, the new watchdog will not perform a hard restart but will take “pre defined actions” to try to kill any unimportant processes that cause this low memory situation. This method uses “oom_score_adj” functions to perform corresponding operations, and the watchdog will kill these processes with the highest “oom_score_adj”.

    Linux kernel removing support x32

    “oom_score” is the score assigned by the Linux kernel to each running process. The larger the number, the higher the memory usage of the process. At the same time, “oom_score_adj” can help the system determine which processes should be killed, so as to correctly handle these processes in the event of OOM.

    “oom_score_adj” varies from -1000 to 1000. The larger the number, it means that the process is not so important to the system at the time and can be terminated in the event of OOM. At present, this proposal is still being solicited for comments (RFC).