Vue normale
The bpftop tool
bpftop provides a dynamic real-time view of running eBPF programs. It displays the average execution runtime, events per second, and estimated total CPU % for each program. This tool minimizes overhead by enabling performance statistics only while it is active.
The Open Collective Foundation is shutting down
Unfortunately, over the past year, we have learned that Open Collective Foundation's business model is not sustainable with the number of complex services we have offered and the fees we pay to the Open Collective Inc. tech platform.In late 2023, we made the decision to pause accepting new collectives in order to create space for us to address the issues. Unfortunately, it became clear that it would not be financially feasible to make the necessary corrections, and we determined that OCF is not viable.
Some more information can be found in the Dissolution FAQ. Note that the Open Collective Foundation is distinct from Open Source Collective, which has hastened to point out that it remains in operation as before, and both are distinct from the Open Collective platform.
[$] LWN.net Weekly Edition for February 29, 2024
[$] A sandbox mode for the kernel
Stable kernels 6.7.8 and 6.6.20
Kernel prepatch 6.8-rc7
So we finally have a week where things have calmed down, and in fact 6.8-rc7 is smaller than usual at this point in time. So if that keeps up (but that's a fairly notable "if") I won't feel like I need to do an rc8 this release after all.So no guarantees, but assuming no bad surprises, we'll have the final 6.8 next weekend.
Security updates for Tuesday
[$] Formalizing policy zones for memory
[$] LWN.net Weekly Edition for March 7, 2024
[$] Better linked-list traversal in BPF
Huang: IRIS (Infra-Red, in situ) Project Updates
The technique works because although silicon looks opaque at visible light, it is transparent starting at near-infrared wavelengths (roughly 1000 nm and longer). Today's commodity optics and CMOS cameras are actually capable of working with lights at this wavelength; thus, IRIS is a low-cost and effective technique for confirming the construction of chips down to block level. For example, IRIS can readily help determine if a chip has the correct amount of RAM, number of CPU cores, peripherals, bond pads, etc. This level of verification would be sufficient to deter most counterfeits or substitutions.
The 6.8 kernel has been released
So it took a bit longer for the commit counts to come down this release than I tend to prefer, but a lot of that seemed to be about various selftest updates (networking in particular) rather than any actual real sign of problems. And the last two weeks have been pretty quiet, so I feel there's no real reason to delay 6.8.
Significant changes in this release include the deadline servers scheduling feature, support for memory-management auto-tuning in DAMON, the large anonymous folios feature, the kernel samepage merging advisor, the ability to prevent writes to block devices containing mounted filesystems, the listmount() and statmount() system calls, the first device driver written in Rust, the removal of the (never finished) bpfilter packet-filtering system, three new system calls for managing Linux security modules, support for data-type profiling in the perf tool, guest-first memory for KVM virtualization, the Intel Xe graphics driver, and a lot more. See the LWN merge-window summaries (part 1, part 2) for more information.
[$] Development statistics for 6.8
Huston: KeyTrap!
It's by no means "[devastating]" for the DNS, and the fix is much the same as the previous fix. As well as limiting the number of queries that a resolver can generate to resolve a queried name, a careful resolver will limit both the elapsed time and perhaps the amount of the resolver's processing resources that are used to resolve any single query name.It's also not a novel discovery by the ATHENE folk. The vulnerability was described five years ago by a student at the University of Twente. I guess the issue was that the student failed to use a sufficient number of hysterical adjectives in describing this DNS vulnerability in the paper!
Security updates for Tuesday
Today's hardware vulnerability: register file data sampling
RFDS may allow a malicious actor to infer data values previously used in floating point registers, vector registers, or integer registers. RFDS does not provide the ability to choose which data is inferred
Only Atom cores are affected, but those cores can be found inside a number of processors. See this documentation commit for more information.