Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Operating Systems Linux

Linux 5.4 Released 35

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.
This discussion has been archived. No new comments can be posted.

Linux 5.4 Released

Comments Filter:
  • I don't understand those features. Does it run Facebook and the Internet?

    • Re:What? (Score:4, Funny)

      by a_n_d_e_r_s ( 136412 ) on Monday November 25, 2019 @02:43PM (#59453194) Homepage Journal

      It only runs your hardware.

      For Internet you need lynx.

      • Look, you've clearly started this fight, so I'll accept, and I'll say, it's Links that I'll use, thank you very much! That, and Gopher.
        Now get off my lawn!
    • Re: (Score:3, Funny)

      SystemD is adding Facebook support in the next release.

      On first boot you'll be prompted to sign in with your Facebook account.

    • Re:What? (Score:5, Informative)

      by slack_justyb ( 862874 ) on Monday November 25, 2019 @03:51PM (#59453574)

      featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel;

      This is the kernel LSM LOCKDOWN feature that's been super controversial. Pass lockdown=enabled to the kernel and the system will prevent everyone, including the root user from writing to certain nodes. Such as /dev/mem, /dev/kmem, /dev/port and so on. Linus has famously quoted as saying, "I will not change Linux to deep throat Microsoft" [arstechnica.com]. So yeah, it has been something on the back burner for being included into the kernel for awhile now due to the very mixed feelings people have had for it.

      virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host;

      Provides a better way to exchange files and folders between VMs on Linux [phoronix.com], aims to replace virtio-8p (which itself was based on the 9P protocol from Plan 9, shoutout to all the users of Plan 9!!). Additionally, virtio-fs provides better POSTIX compliance, QEMU will be shipping support for virtio-fs very soon.

      fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices;

      Um, exactly what it says. This is a Google thing they are bringing in to the kernel to provide read-only support like dm-verity but outside of dm-verity. This will bring this ability to things like ext4 and f2fs and thus you'll need appropriate e2progs or f2fs-tools to read the hashtable. Long story short, works pretty much the same way dm-verity works except on files and not devices, so if you're wondering how it all stays secure, just go there [kernel.org] and read up on it and compare to the fs version. [kernel.org]

      dm-clone, which allows live cloning of dm targets;

      I really hope this doesn't need to be explained. This just adds that functionality to the kernel's device manager (dm) set of tools. Documentation on how to use it can be found here. [kernel.org] Just head towards the bottom there.

      two new madvise() flags for improved app memory management on Android

      Two new flags for madvise [man7.org] which gives advice on memory usage. This is to boost NUMA [wikipedia.org] setups. You can read all the gory details here [kernel.org]. This is basically for Google's Android OS, but I'm sure someone else will be happy it's there, I guess.

      support for new Intel/AMD GPUs

      This is support for Dali, Renoir AMD GPUs. Arcturus Intel GPU with boot flag support to turn on Navi 12 & 14 Intel GPUs (so Navi 12/14 is not on by default and support for 5.4 is labeled experimental). Also brings LRU (least recently used) support for AMD GPUs [phoronix.com] which allows AMD GPUs to operate at better performance. Yes, LRU is a specific AMD thing as far as I know. Intel might have something similar but may call it something else. Oh and middle finger to nVidia. [wired.com]

      support for the

      • Two new flags for madvise [man7.org] which gives advice on memory usage. This is to boost NUMA [wikipedia.org] setups. You can read all the gory details here [kernel.org]. This is basically for Google's Android OS, but I'm sure someone else will be happy it's there, I guess.

        Nice... PUN intended about process access priorities. We should now see better response in realtime audio work without having to resort to using a different compile setting to obtain lower latency in audio conversion and recording functions.

        Future releases of Jack audio and other software might not need a kernel tweaked away from a multiuser mode to do its job at a low enough latency for audio performance. Will still need to set process access levels but the new series of kernels should be much easier to

      • It's very odd that LSM LOCKDOWN is controversial. This is roughly the same feature as BSD Securelevels, though with some more fine-grained control. In theory, it's very useful if you want to protect your system against attackers who compromise a process that runs with root privilege. In practice, the kernel attack surface is so large that a motivated attacker can probably bypass it.
      • Yes, exfat is finally a proper module in the kernel. I guess Microsoft's patent finally wore off.

        I think it's still valid. I seem to remember hearing that Microsoft made a promise not to sue for infringing on that patent or something...

        Ah, here it is: https://www.zdnet.com/article/... [zdnet.com]

  • by Anonymous Coward
    5.3 or 5.4?
  • by ZombieCatInABox ( 5665338 ) on Monday November 25, 2019 @03:33PM (#59453438)

    Finally ! If virtio-fs' performance is on par with other virtio devices, we'll finally have a near bare metal file sharing solution between multiple virtual machines simultaniously. Until now our only choices were drive passthrough, which did not allow simultanious share, or samba and its pathetic throughput.

    And since I use Fedora, I'll be able to start playing with these new features within days, if not hours. :)

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...