Hírolvasó

The IoT Microconference is a forum for developers to discuss all things IoT. Topics include tools, telemetry, device drivers, and protocols in not only the Linux kernel but also Real-Time Operating Systems such as Zephyr.

Since last year, there have been a number of new technical topics with significant updates.

• Opportunities in IoT and Edge computing with the Linux /dev/accel API
• Using the Thrift RPC framework between Linux and Zephyr
• Zephyr’s new HTTP Server (a GSoC project)
• Rust in the Zephyr RTOS: Benefits, Challenges and Missing Pieces
• BeagleConnect Freedom Updates, Greybus, and the Linux Interface
• Linux-wpan updates on 6lowpan, 802.15.4 PAN coordinators and UWB

Current Problems that require attention (stakeholders):

• IEEE 802.15.4 SubGHz improvement areas in Zephyr, Linux (Florian Grandel, Stefan Schmidt, BeagleBoard.org)
• WpanUSB upstreaming in the Linux kernel, potentially dropping Zephyr support (Andrei Emeltchenko, BeagleBoard.org)
• IEEE 802.15.4 Linux subsystem device association handling (Miquel Raynal, Alexander Aring, Stefan Schmidt)
• Zephyr potentially dropping Bluetooth IPSP?

On a slightly less technical topic.

• Reflections after Two Years of Zephyr LTSv2

We are pleased to announce that the IoT Microconference is now accepting proposals!

If you are interested in presenting an IoT-related topic involving the Linux kernel, userspace tools, firmware, Zephyr, or frameworks, please upload your submission before September 15th.

Submissions can be made via the LPC Call for Proposals, by selecting Internet of Things MC for your track.

Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).

A Google Chrome böngészőben egy olyan új funkció áll tesztelés alatt, amely képes figyelmeztetni a felhasználókat, amennyiben egy korábban általuk telepített bővítmény eltávolításra került a webáruházból rosszindulatú tevékenységre hivatkozva.

The post Új biztonsági funkció jelent meg a Google Chrome-ban first appeared on Nemzeti Kibervédelmi Intézet.

The PineTime is an inexpensive smartwatch developed by PINE64 that is designed to run open-source operating systems. Despite its low cost, however, it has most of the features expected from more expensive, proprietary smartwatches. Because it runs open-source software, though, interested developers can add any other useful features that they dream up.

Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).

Making a filesystem implementation robust in the face of maliciously created filesystem images is a challenging task even when the implementation is actively maintained, which many in the kernel are not. There is a way to make that task even harder, though: modify that filesystem image behind the implementation's back while it is mounted. A recent discussion on the linux-fsdevel list reveals an ongoing disagreement over whether (and how) this threat should be addressed.

The Document Foundation has announced the release of LibreOffice 7.6 Community. It is the last release using the existing numbering scheme as the office suite will move to date-based release numbers starting with LibreOffice 24.2 in February, 2024. Highlights of this release include support for document themes, including import and export of them, a new navigation panel for Impress and Draw, zoom-gesture support, font-handling improvements, and lots more; the release notes have all the details. LibreOffice 7.6 Community's new features have been developed by 148 contributors: 61% of code commits are from the 52 developers employed by three companies sitting in TDF's Advisory Board – Collabora, Red Hat and allotropia – or other organizations, 15% are from 7 developers at The Document Foundation, and the remaining 24% are from 89 individual volunteers.

Other 202 volunteers – representing hundreds of other people providing translations – have committed localizations in 160 languages. LibreOffice 7.6 Community is released in 120 different language versions, more than any other free or proprietary software, and as such can be used in the native language (L1) by over 5.4 billion people worldwide. In addition, over 2.3 billion people speak one of those 120 languages as their second language (L2).

Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).

On behalf of the PCI sub-system maintainers, we would like to invite everyone to join the VFIO/IOMMU/PCI micro-conference (MC) this year.

We are hoping to bring together, both in person and online, everyone interested in the VFIO, IOMMU, and PCI space to talk about the latest developments and challenges in these areas.

The PCI interconnect specification, the devices that implement it, and the system IOMMUs that provide memory and access control to them are nowadays a de-facto standard for connecting high-speed components, incorporating more and more features such as:

• Address Translation Service (ATS)/Page Request Interface (PRI)
• Single-root I/O Virtualization (SR-IOV)/Process Address Space ID (PASID)
• Shared Virtual Addressing (SVA)
• Remote Direct Memory Access (RDMA)
• Peer-to-Peer DMA (P2PDMA)
• Cache Coherent Interconnect for Accelerators
• Compute Express Link (CXL)
• Data Object Exchange (DOE)
• Component Measurement and Authentication (CMA)
• Integrity and Data Encryption (IDE)
• Security Protocol and Data Model (SPDM)
• Gen-Z

These features are aimed at high-performance systems, server and desktop computing, embedded and SoC platforms, virtualisation, and ubiquitous IoT devices.

The kernel code that enables these new system features focuses on coordination between the PCI devices, the IOMMUs they are connected to, and the VFIO layer used to manage them (for userspace access and device passthrough) with related kernel interfaces and userspace APIs to be designed in-sync and in a clean way for all three sub-systems.

The VFIO/IOMMU/PCI MC focuses on the kernel code that enables these new system features, often requiring coordination between the VFIO, IOMMU and PCI sub-systems.

Following the success of LPC 2017, 2019, 2020, 2021, and 2022 VFIO/IOMMU/PCI MC, the Linux Plumbers Conference 2023 VFIO/IOMMU/PCI track will focus on promoting discussions on the PCI core but also current kernel patches aimed at VFIO/IOMMU/PCI sub-systems with specific sessions targeting discussions requiring the three sub-systems coordination.

See the following video recordings from 2022: LPC 2022 – VFIO/IOMMU/PCI MC

Older recordings can be accessed through our official YouTube channel at @linux-pci and the archived LPC 2017 VFIO/IOMMU/PCI MC web page at Linux Plumbers Conference 2017, where the audio recordings from the MC track and links to presentation materials are available.

The tentative schedule will provide an update on the current state of VFIO/IOMMU/PCI kernel sub-systems, followed by a discussion of current issues in the proposed topics.

The following was a result of last year’s successful Linux Plumbers MC:

• Support for the /dev/iommufd device has been merged into the mainline kernel
• A discussion has been kicked off around the topic of the Instant Detection of Virtual Devices
• The work on the PCIe Endpoint Notifier has been completed and merged into the mainline kernel

Tentative topics that are under consideration for this year include (but are not limited to):

• PCI
  • Cache Coherent Interconnect for Accelerators (CCIX)/Compute Express Link (CXL) expansion memory and accelerators management
  • Data Object Exchange (DOE)
  • Integrity and Data Encryption (IDE)
  • Component Measurement and Authentication (CMA)
  • Security Protocol and Data Model (SPDM)
  • I/O Address Space ID Allocator (IOASID)
  • INTX/MSI IRQ domain consolidation
  • Gen-Z interconnect fabric
  • ARM64 architecture and hardware
  • PCI native host controllers/endpoints drivers current challenges and improvements (e.g., state of PCI quirks, etc.)
  • PCI error handling and management, e.g., Advanced Error Reporting (AER), Downstream Port Containment (DPC), ACPI Platform Error Interface (APEI) and Error Disconnect Recover (EDR)
  • Power management and devices supporting Active-state Power Management (ASPM)
  • Peer-to-Peer DMA (P2PDMA)
  • Resources claiming/assignment consolidation
  • Probing of native PCIe controllers and general reset implementation
  • Prefetchable vs non-prefetchable BAR address mappings
  • Untrusted/external devices management
  • DMA ownership models
  • Thunderbolt, DMA, RDMA and USB4 security
• VFIO
  • Write-combine on non-x86 architectures
  • I/O Page Fault (IOPF) for passthrough devices
  • Shared Virtual Addressing (SVA) interface
  • Single-root I/O Virtualization(SRIOV)/Process Address Space ID (PASID) integration
  • PASID in SRIOV virtual functions
  • Device assignment/sub-assignment
• IOMMU
  • /dev/iommufd development
  • IOMMU virtualisation
  • IOMMU drivers SVA interface
  • DMA-API layer interactions and the move towards generic dma-ops for IOMMU drivers
  • Possible IOMMU core changes (e.g., better integration with the device-driver core, etc.)

If you are interested in participating in this MC and have topics to propose, please use the Call for Proposals (CfP) process.

Otherwise, join us to discuss helping Linux keep up with the new features added to the PCI interconnect specification. We hope to see you there!

Proposals can be submitted here here by selecting Track “VFIO/IOMMU/PCI MC“

Linus Torvalds has released the 6.5-rc7 kernel prepatch, which looks to be the final release candidate before the likely release of Linux 6.5 next Sunday. Torvalds released it a little earlier than usual due to some travel; overall things look to be in good shape: But apart from the timezone difference, everything looks entirely normal. Drivers (GPU, networking and sound dominate - the usual suspects, in other words) and architecture fixes. The latter are mostly arm devicetree fixlets, but also some x86 cleanups and fallout from the embargo last week.

Not a huge amount of patches, and I really get the feeling that a lot of maintainers are on vacation. But I will be optimistic and also blame it all being quiet on things working fairly well.

It is fair to say that the DNF package manager is not the favorite tool of many Fedora users. It was brought in as a replacement for Yum but got off to a rather rocky start; DNF has stabilized over the years, though and the complaints have subsided. That can only mean one thing: it must be time to throw it away and start over from the beginning. The replacement, called DNF5, was slated to be a part of the Fedora 39 release, due in October, but that is not going to happen.

Security updates have been issued by Debian (chromium, rar, and unrar-nonfree), Fedora (microcode_ctl, trafficserver, and webkitgtk), SUSE (ImageMagick, kernel, nodejs16, nodejs18, postgresql12, postgresql15, re2c, and samba), and Ubuntu (ghostscript, haproxy, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux-hwe-5.4, linux-xilinx-zynqmp, poppler, and zziplib).

SUSE's long story of corporate ownership is gaining a new chapter; the company has announced that its majority shareholder (Marcel LUX III SARL) will be acquiring the remaining shares, and will take the company private and off of the stock exchange. "SUSE’s Management Board and Supervisory Board support the strategic opportunity from delisting of the company as it will allow SUSE to focus fully on its operational priorities and execution of its long-term strategy."

In its default configuration, the Linux kernel will allow processes to allocate more memory than the system can actually provide; this policy enables better utilization of physical memory and works just fine — most of the time. On occasions, though, the kernel may find itself unable to provide memory that processes may think already belongs to them. If the situation gets bad enough, the only solution (short of rebooting) is to declare a sort of memory bankruptcy and write off some of the kernel's debts by killing one or more processes. Over the years, a great deal of effort has gone into heuristics to select the processes that the user is least likely to miss. This problem is still clearly not solved to everybody's satisfaction, though, so it was only a matter of time before somebody introduced a way to select the out-of-memory (OOM) victim using BPF.

Security updates have been issued by Debian (open-vm-tools, openjdk-11, and openssh), Fedora (librsvg2, llhttp, opensc, and rust), Oracle (.NET 6.0, .NET 7.0, iperf3, microcode_ctl, postgresql:10, and python-requests), SUSE (openssl-1_0_0, perl-Cpanel-JSON-XS, postgresql12, and postgresql15), and Ubuntu (ceph, haproxy, heat, libpod, and postgresql-12, postgresql-14, postgresql-15).

Az Accenture Cyber Threat Intelligence (ACTI) az elmúlt öt évben a dark weben található fórumokon végzett kutatásokat. Az eredmény, hogy a kiberbűnözők tevékenységeiben jelentős növekedést figyeltek meg a macOS-t futtató rendszereket célzó támadások számában, kihasználásukkal a kiberbűnözők több millió dollárt keresnek.

The post Drasztikusan növekszik a macOS-t támadó esetek száma a dark weben first appeared on Nemzeti Kibervédelmi Intézet.

The Linux kernel has grown in complexity over the years. Complete understanding of how it works via code inspection has become virtually impossible. Today, tracing is used to follow the kernel as it performs its complex tasks. Tracing is used today for much more than simply debugging. Its framework has become the way for other parts of the Linux kernel to enhance and even make possible new features. Live kernel patching is based on the infrastructure of function tracing, as well as BPF function hooks. It is now even possible to model the behavior and correctness of the system via runtime verification which attaches to trace points. There is still much more that is happening in this space, and this microconference will be the forum to explore current and new ideas.

Results and accomplishments from the last Tracing microconference (2021):

• User events were introduced, and have finally made it into the kernel.
• The discussion around trace events to handle user faults initiated the event probe work around to the problem. That was to add probes on existing trace events to change their types. This works on synthetic events that can pass the user space file name of the entry of a system call to the exit of the system call which would have faulted in the file and make it available to the trace event.
• Dynamically creating the events directory with the eventfs patch set is queued to be accepted. This will save memory as the dentries and inodes will only be allocated when accessed.
• The discussion about function tracing with arguments has helped inspire both fprobes and function graph return value tracing.
• There’s still ongoing effort in unifying the return path tracers of function graph and kretprobes and fprobes.

Possible ideas for topics for this year’s conference:

• Use of sframes. How to get user space stack traces without requiring frame pointers.
• Updating perf and ftrace to extract user space stack frames from a schedulable context (as requested by NMI).
• Extending user events. Now that they are in the kernel, how to make them more accessible to users and applications.
• Getting more use cases with the runtime verifier. Now that the runtime verifier is in the kernel (uses tracepoints to model against), what else can it be used for.
• Wider use of ftrace_regs in fprobes and rethook from fprobes because rethook may not fill all registers in pt_regs too. How BPF handles this will also be discussed.
• Removing kretprobes from kprobes so that kprobe can focus on handling software breakpoint.
• Object tracing (following a variable throughout each function call). This has had several patches out, but has stopped due to hard issues to overcome. A live discussion could possibly come up with a proper solution.
• Hardware breakpoints and tracing memory changes. Object tracing follows a variable when it changes between function calls. But if the hardware supports it, tracing a variable when it actually changes would be more useful albeit more complex. Discussion around this may come up with a easier answer.
• MMIO tracer being used in SMP. Currently the MMIO tracer does not handle race conditions. Instead, it offlines all but one CPU when it is enabled. It would be great if this could be used in normal SMP environments. There’s nothing technically preventing that from happening. It only needs some clever thinking to come up with a design to do so.
• Getting perf counters onto the ftrace ring buffer. Ftrace is designed for fast tracing, and perf is a great profiler. Over the years it has been asked to have perf counters along side ftrace trace events. Perhaps its time to finally accomplish that. It could be that each function can show the perf cache misses of that function.

For more information, feel free to contact the MC Leads: Steven Rostedt <rostedt@goodmis.org> Masami Hiramatsu <mhiramat@kernel.org> Please follow the suggestions from this BLOG post when submitting a CFP for this track. Submissions are made via LPC submission system, selecting Track “Tracing MC”

The LWN.net Weekly Edition for August 17, 2023 is available.