Linux 5.4 Released

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.

What?

[110010001000]

I don't understand those features. Does it run Facebook and the Internet?

Re:

[110010001000]

No, but if you go donate some money to Musk and Bezos they will do it for us! It is a win-win.

Re:What?

[a_n_d_e_r_s]

It only runs your hardware.

For Internet you need lynx.

Re: What?

[aRTeeNLCH]

Look, you've clearly started this fight, so I'll accept, and I'll say, it's Links that I'll use, thank you very much! That, and Gopher.
Now get off my lawn!

Re:

[0100010001010011]

SystemD is adding Facebook support in the next release.

On first boot you'll be prompted to sign in with your Facebook account.

Re:

[0100010001010011]

Guy who is so informed about POSIX that he literally doesn't know a username can start with a numeral writes systemd.

https://github.com/systemd/sys... [github.com]

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

systemd will validate all configuration data you drop at it, making it hard to generate invalid configuration. Hence, yes, it's a feature that we don't permit invalid user names, and I'd consider it a limitation of xinetd that it doesn't refuse an invalid username.

So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but still: the username is clearly not valid.

I hope that makes sense?

Now I'm curious if using another set of capitalizations for SyStEmD will give you root access.

Re:

[dwywit]

Get a room, you two.

Internet bitch-slap fight! Film at 11

Re:

[drinkypoo]

Allowed does not mean required dipshit.

Valid means not supported also means not standards-compliant. Nobody but you said "Allowed".

Re:

[Zero__Kelvin]

The whole discussion is a Red Herring. This has already been covered ad nauseam, it was a bug where only root could "hack root", and has long since been fixed.

Re:

[0100010001010011]

Allowed doesn't mean "Eh, we should just give it root access if I don't know what to do".

Re:

[Zero__Kelvin]

That isn't what happened, and you had to already be root to exploit this bug. In the end it doesn't distract from the fact that you don't know how to even properly write the name systemd. Off you go now ...

Re:

[jeremyp]

The person in charge of SYSTEMd first claimed that you couldn't have a user beginning with a number. He based this claim on a regular expression in the configuration of one utility that could be changed by anybody with root access. That alone is enough to make me wonder if he knows enough about Linux to run an important project like SYStemD.

The next mistake was in deciding that the right thing to do when determining a user name is invalid is to run as root instead of some other non privileged user. He was p

Re:

[Zero__Kelvin]

That was a thoroughly childish, inaccurate, and absurd post. Good job little boy!

Re:

[Kotopuffs]

That was a thoroughly childish, inaccurate, and absurd post. Good job little boy!

Calling someone a "dipshit" and "little boy" isn't exactly mature either.

Re:

[Zero__Kelvin]

Sure, but at least I wasn't inaccurate or absurd ... dipshit.

Re:

[jeremyp]

No, but call it 0systemd and you're in business.

Re:

[iggymanz]

Badly designed garbage doesn't deserve proper capitalization; the exact thing the creator labeled his fecal pile is of little import.

Re:

[Zero__Kelvin]

Yes. We can all see your Slashdot user name.

Re:What?

[slack_justyb]

featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel;

This is the kernel LSM LOCKDOWN feature that's been super controversial. Pass lockdown=enabled to the kernel and the system will prevent everyone, including the root user from writing to certain nodes. Such as /dev/mem, /dev/kmem, /dev/port and so on. Linus has famously quoted as saying, "I will not change Linux to deep throat Microsoft" [arstechnica.com]. So yeah, it has been something on the back burner for being included into the kernel for awhile now due to the very mixed feelings people have had for it.

virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host;

Provides a better way to exchange files and folders between VMs on Linux [phoronix.com], aims to replace virtio-8p (which itself was based on the 9P protocol from Plan 9, shoutout to all the users of Plan 9!!). Additionally, virtio-fs provides better POSTIX compliance, QEMU will be shipping support for virtio-fs very soon.

fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices;

Um, exactly what it says. This is a Google thing they are bringing in to the kernel to provide read-only support like dm-verity but outside of dm-verity. This will bring this ability to things like ext4 and f2fs and thus you'll need appropriate e2progs or f2fs-tools to read the hashtable. Long story short, works pretty much the same way dm-verity works except on files and not devices, so if you're wondering how it all stays secure, just go there [kernel.org] and read up on it and compare to the fs version. [kernel.org]

dm-clone, which allows live cloning of dm targets;

I really hope this doesn't need to be explained. This just adds that functionality to the kernel's device manager (dm) set of tools. Documentation on how to use it can be found here. [kernel.org] Just head towards the bottom there.

two new madvise() flags for improved app memory management on Android

Two new flags for madvise [man7.org] which gives advice on memory usage. This is to boost NUMA [wikipedia.org] setups. You can read all the gory details here [kernel.org]. This is basically for Google's Android OS, but I'm sure someone else will be happy it's there, I guess.

support for new Intel/AMD GPUs

This is support for Dali, Renoir AMD GPUs. Arcturus Intel GPU with boot flag support to turn on Navi 12 & 14 Intel GPUs (so Navi 12/14 is not on by default and support for 5.4 is labeled experimental). Also brings LRU (least recently used) support for AMD GPUs [phoronix.com] which allows AMD GPUs to operate at better performance. Yes, LRU is a specific AMD thing as far as I know. Intel might have something similar but may call it something else. Oh and middle finger to nVidia. [wired.com]

support for the

Re:

[deviated_prevert]

Two new flags for madvise [man7.org] which gives advice on memory usage. This is to boost NUMA [wikipedia.org] setups. You can read all the gory details here [kernel.org]. This is basically for Google's Android OS, but I'm sure someone else will be happy it's there, I guess.

Nice... PUN intended about process access priorities. We should now see better response in realtime audio work without having to resort to using a different compile setting to obtain lower latency in audio conversion and recording functions.

Future releases of Jack audio and other software might not need a kernel tweaked away from a multiuser mode to do its job at a low enough latency for audio performance. Will still need to set process access levels but the new series of kernels should be much easier to

Re:

[TheRaven64]

It's very odd that LSM LOCKDOWN is controversial. This is roughly the same feature as BSD Securelevels, though with some more fine-grained control. In theory, it's very useful if you want to protect your system against attackers who compromise a process that runs with root privilege. In practice, the kernel attack surface is so large that a motivated attacker can probably bypass it.

Re:

[twocows]

Yes, exfat is finally a proper module in the kernel. I guess Microsoft's patent finally wore off.

I think it's still valid. I seem to remember hearing that Microsoft made a promise not to sue for infringing on that patent or something...

Ah, here it is: https://www.zdnet.com/article/... [zdnet.com]

Re:

[110010001000]

OK Boomer.

5.3 or 5.4?

[Anonymous Coward]

5.3 or 5.4?

Re:

[Z00L00K]

Depends on if you want it with warp drive or not.

Re:

[Vlad_the_Inhaler]

According to both of the links supplied, 5.4.

Re:

[jfdavis668]

They are on a rapid release schedule. It changed between writing the title and the article. They are now on 5.12.

virtio-fs: YES ! FINALLY !

[ZombieCatInABox]

Finally ! If virtio-fs' performance is on par with other virtio devices, we'll finally have a near bare metal file sharing solution between multiple virtual machines simultaniously. Until now our only choices were drive passthrough, which did not allow simultanious share, or samba and its pathetic throughput.

And since I use Fedora, I'll be able to start playing with these new features within days, if not hours. :)

Re:

[ebrandsberg]

Now to just get ZFS working again on 5.4... sigh.

Re:

[vovin]

AFAIK mainline ZFS is working on 5.4