• Immutable Page
  • Info
  • Attachments

Linux 3.17

Linux 3.17 has been released on Sun, 5 Oct (this document was only finished on Sunday, 13 - sorry for the delay)

Summary: This release adds support for USB device sharing over IP, support for Xbox One controllers, support for Apple's thunderbolt, a new sealing API that restricts operations on shared memory file descriptors that allows easier shared memory programming for developers, support for page fault tracing in perf trace, support for only using signed kernels in kexec, a getrandom() syscall for more secure random number generation, and graphic "render nodes" are no longer experimental. There are also new drivers and many other small improvements.

  1. Prominent features
    1. USB device sharing over IP
    2. 'File sealing' eases handling of shared memory
    3. Graphic "render nodes" feature enabled by default
    4. Improved power management features enabled for more Radeon GPUs
    5. Thunderbolt support
    6. Support for Xbox One controllers
    7. More secure generation of random numbers with the getrandom() syscall
    8. Support for page fault tracing in perf trace
    9. perf timechart adds I/O mode
    10. Signed kexec kernels
  2. Drivers and architectures
  3. Core
  4. Memory management
  5. Block layer
  6. Power management
  7. File systems
  8. Networking
  9. Virtualization
  10. Tracing/perf
  11. Security
  12. Crypto
  13. Other news sites that track the changes of this release

1. Prominent features

1.1. USB device sharing over IP

USB/IP is a project that provides a general USB device sharing system over IP network. To share USB devices between computers with their full functionality, USB/IP encapsulates "USB I/O messages" into TCP/IP payloads and transmits them between computer. Original USB device drivers and applications can be also used for remote USB devices without any modification of them. A computer can use remote USB devices as if they were directly attached.

This project has been for a while in the "staging" area, and it's now considered stable enough for prime consumption. Userspace tools can be found at tools/usb/usbip

Code: commit, commit

Project: http://usbip.sourceforge.net

1.2. 'File sealing' eases handling of shared memory

When various processes communicate with each other via shared memory, they have to be careful and synchronize, because the shared memory can be modified by others at any time, or shrink and grow the buffer. This makes IPC via shared memory fragile, forces servers to do extra checks, encourages making local copies of shared memory and makes zero-copy operations impossible if the source of shared memory is not trusted.

This release includes the concept of "file sealing". Files from shmfs can be "sealed" through fcntl(2) different flags that restrict determinate behaviours: shrinking the file, growing, writing to it or setting new seals.

Sealing allows sharing shmfs files without any trust-relationship. This is enforced by rejecting seal modifications if you don't own an exclusive reference to the given file. So if a process owns a file-descriptor, it can be sure that no-one besides him can modify the seals on the given file. This allows mapping shared files from untrusted parties without the fear of the file getting truncated or modified by an attacker.

This has some useful uses. For example, a graphic server (e.g. Wayland) may want to reject any file descriptors that don't have the SEAL_SHRINK seal set. That way, any memory-mappings are guaranteed to stay accessible (while at the same time allowing to grow the buffer). Another example would be a general purpose IPC mechanism such as D-Bus. With sealing, zero-copy can be easily done by sharing a file-descriptor that has SEAL_SHRINK | SEAL_GROW | SEAL_WRITE seals set. This way, the source can store sensible data in the file, seal the file and then pass it to the destination. The destination verifies these seals are set and then can parse the message in-line, or even do safe multicasts of the message and allow all receivers parse the same zero-copy file without affecting each other.

Recommended LWN article: Sealed files

Recommended blog article: memfd_create(2)

Code and preliminary API documentation: commit, commit

1.3. Graphic "render nodes" feature enabled by default

"Render nodes" is a feature merged in Linux 3.12. It allows to create different device nodes for the GPU and the display, thus allowing applications to use the GPU for off-screen rendering by talking directly to the DRM device node.

This feature had been considered experimental for a while and could only be enabled with the "drm.rnodes=1" module parameter. In this release, render nodes have been enabled by default.

For more details about render nodes, see this blog

Code: commit

1.4. Improved power management features enabled for more Radeon GPUs

Dynamic power management (dpm) has been re-enabled by default on Cayman and BTC devices.

Also, a new module parameter (radeon.bapm=1) has been added to enable bidirectional application power management (bapm) on APUs where it's disabled by default due to stability issues.

Code: commit, commit, commit

1.5. Thunderbolt support

Thunderbolt is a hardware interface that combines PCI Express and Displayport into one serial signal alongside a DC connection for electric power, transmitted over one cable. Up to six peripherals may be supported by one connector through various topologies. Co-developed by Intel and Apple, it's mostly used in Apple devices.

Code: commit

1.6. Support for Xbox One controllers

This release adds support for Xbox One controllers.

Code: (commit)

1.7. More secure generation of random numbers with the getrandom() syscall

Linux systems usually get their random numbers from /dev/[u]random. This interface, however, is vulnerable to file descriptor exhaustion attacks, where the attacker consumes all available file descriptors, and is inconvenient for containers. The getrandom(2) syscall, analogous to OpenBSD's getentropy(2), solves that problems.

Recommended LWN article: A system call for random numbers: getrandom()

Code: commit

1.8. Support for page fault tracing in perf trace

This release adds page fault tracing support to 'perf trace'. Using -F/--pf option user can specify whether he wants minor, major or all pagefault events to be traced. Output example:

1756272.905 ( 0.000 ms): curl/5937 majfault [0x7fa7261978b6] => /usr/lib/x86_64-linux-gnu/libkrb5.so.26.0.0@0x85288 (d.) 
1862866.036 ( 0.000 ms): wget/8460 majfault [__clear_user+0x3f] => 0x659cb4 (?k)

Code: commit, commit, commit

1.9. perf timechart adds I/O mode

Currently, perf timechart records only scheduler and CPU events (task switches, running times, CPU power states, etc); this release adds I/O mode which makes it possible to record IO (disk, network) activity. In this mode perf timechart will generate SVG with I/O charts (writes, reads, tx, rx, polls).

Code: commit, commit

1.10. Signed kexec kernels

Kexec is a Linux feature that allows to boot a Linux kernel from an existing Linux kernel. It is used for faster rebooting or even for automatically booting a new kernel after a crash. However, UEFI "secure boot" systems are not supposed to allow to boot unsigned operating systems. Kexec allows to bypass the UEFI secure boot by kexec'ing into a unsigned kernel. To solve this problem, this release incorporates support for only allowing to kexec kernels that are signed.

Recommended LWN article: Reworking kexec for signatures

Code: commit, commit, commit, commit, commit, commit, commit

2. Drivers and architectures

All the driver and architecture-specific changes can be found in the Linux_3.17-DriversArch page

3. Core

  • A resizable, Scalable, Concurrent Hash Table commit

  • firmware loader: allow disabling of udev as firmware loader commit

  • Add a option to enable dwarf4 debug info format commit

  • Support the "split debug info" debug info model present in gcc 4.7+ and newer binutils. It avoids having to copy it around multiple times, from the object files to the final executable, lowers the disk space and defaults to compressed debug data commit

  • Support initramfs and initrd bigger than 2 GiB commit, commit

  • sysfs: disallow world-writable files. commit

  • rcu: Remove CONFIG_PROVE_RCU_DELAY commit

4. Memory management

  • dma-buf: add poll support commit

  • dma-buf: A new "fence" mechanism allows to do cross-device synchronization of DMA buffers. Fences are attached to a buffer which is being filled or consumed by hardware, to allow userspace to pass the buffer without waiting to another device. For example, userspace can call page_flip ioctl to display the next frame of graphics after kicking the GPU but while the GPU is still rendering. The display device sharing the buffer with the GPU would attach a callback to get notified when the GPU's rendering-complete IRQ fires, to update the scan-out address of the display, without having to wake up userspace commit, commit

  • iommu: Add sysfs support commit, commit

  • Export NR_SHMEM via sysinfo(2) / si_meminfo() interfaces commit

5. Block layer

  • brd: add module option to enable RAM disk visibility in /proc/partitions commit

  • drbd: New net configuration option socket-check-timeout commit

6. Power management

  • scripts/analyze_suspend.py: update to v3.0, which includes back-2-back suspend testing, device filters to reduce the html size, the inclusion of device_prepare and device_complete callbacks, a USB topography list, and the ability to control USB device autosuspend commit

7. File systems

  • Btrfs

    • Adjust statfs() space utilization calculations according to RAID profiles commit

  • XFS

    • Add a sysfs /sys/fs/xfs/ directory with various files providing information about XFS filesystems commit, commit, commit, commit, commit

    • Create libxfs infrastructure, libxfs will be used by userspace tools commit

  • SMB

    • Add sparse file support commit

    • Enable fallocate punch hole ("fallocate -p") commit

    • Enable fallocate -z support commit

  • f2fs

    • Add nobarrier mount option commit

    • Support cross-rename rename2() syscall commit

    • Support O_TMPFILE commit

  • nilfs2

  • NFS

    • Add a new /proc/fs/nfsd/max_connections file commit

8. Networking

  • ipv6: Implement automatic generation of flow labels for IPv6 packets on transmit commit

  • openvswitch: Enable tunnel GSO for Open vSwitch bridge. commit

  • timestamp: ACK timestamp for bytestreams commit

  • timestamp: SCHED timestamp on entering packet scheduler commit

  • timestamping: TCP timestamping commit

  • Remove deprecated syststamp timestamp commit

  • bridge: netlink dump interface at par with brctl commit

  • Wireless

    • Add support for Rx reordering offloading commit

    • Remove PID controller based rate control algorithm commit

  • Bluetooth

  • netfilter/nftables

    • Add generic ARP packet logger commit

    • bridge: add generic packet logger commit

    • bridge: add reject support commit

    • kill ulog targets (deprecated by the NFLOG target) commit

    • nft_log: complete logging support commit

  • SCTP

    • Deprecate rfc6458, 5.3.2. SCTP_SNDRCV support commit

    • Implement rfc6458, 5.3.4. SCTP_SNDINFO cmsg support commit

    • Implement rfc6458, 5.3.5. SCTP_RCVINFO cmsg support commit

    • Implement rfc6458, 5.3.6. SCTP_NXTINFO cmsg support commit

    • Implement rfc6458, 8.1.31. SCTP_DEFAULT_SNDINFO support commit

9. Virtualization

  • virtio-blk: support multiple virtual queues that can get assigned to host's hardware queues commit

  • virtio-net: rx busy polling support, 1 byte netperf tcp_rr shows 127% improvement commit

  • vfio: EEH support for VFIO PCI device commit

  • hyperv: Add netpoll support commit

  • xen: EFI under Xen dom0 support commit, commit

10. Tracing/perf

  • perf timechart: add IO mode commit, commit

  • perf trace: Add support for pagefault tracing commit, commit, add pagefault statistics commit

  • perf trace: Add possibility to switch off syscall events commit

  • perf bench: Add --repeat option commit

  • perf hists browser: Display columns header text on 'H' press commit, commit

  • perf inject: Add --kallsyms parameter commit

  • perf kvm: Add stat support on s390 commit

  • perf tools: Add --debug optionto set debug variable commit

  • tracing: Add ftrace_graph_notrace boot parameter for specifying notrace filter for function graph tracer at boot time commit

11. Security

12. Crypto

  • drbg: NIST SP800-90A compliant Deterministic Random Bit Generator commit, commit

  • Parser for a PKCS#7 signed-data message as described in part of RFC 2315 commit

  • pefile: Support for PE file signature verification commit

13. Other news sites that track the changes of this release

Tell others about this page:

last edited 2015-02-01 14:19:54 by Morot