Linux 3.17 has been released on Sun, 5 Oct (this document was only finished on Sunday, 13 - sorry for the delay)
Summary: This release adds support for USB device sharing over IP, support for Xbox One controllers, support for Apple's thunderbolt, a new sealing API that restricts operations on shared memory file descriptors that allows easier shared memory programming for developers, support for page fault tracing in perf trace, support for only using signed kernels in kexec, a getrandom() syscall for more secure random number generation, and graphic "render nodes" are no longer experimental. There are also new drivers and many other small improvements.
- Prominent features
- USB device sharing over IP
- 'File sealing' eases handling of shared memory
- Graphic "render nodes" feature enabled by default
- Improved power management features enabled for more Radeon GPUs
- Thunderbolt support
- Support for Xbox One controllers
- More secure generation of random numbers with the getrandom() syscall
- Support for page fault tracing in perf trace
- perf timechart adds I/O mode
- Signed kexec kernels
- Drivers and architectures
- Memory management
- Block layer
- Power management
- File systems
- Other news sites that track the changes of this release
1. Prominent features
1.1. USB device sharing over IP
USB/IP is a project that provides a general USB device sharing system over IP network. To share USB devices between computers with their full functionality, USB/IP encapsulates "USB I/O messages" into TCP/IP payloads and transmits them between computer. Original USB device drivers and applications can be also used for remote USB devices without any modification of them. A computer can use remote USB devices as if they were directly attached.
This project has been for a while in the "staging" area, and it's now considered stable enough for prime consumption. Userspace tools can be found at tools/usb/usbip
1.2. 'File sealing' eases handling of shared memory
When various processes communicate with each other via shared memory, they have to be careful and synchronize, because the shared memory can be modified by others at any time, or shrink and grow the buffer. This makes IPC via shared memory fragile, forces servers to do extra checks, encourages making local copies of shared memory and makes zero-copy operations impossible if the source of shared memory is not trusted.
This release includes the concept of "file sealing". Files from shmfs can be "sealed" through fcntl(2) different flags that restrict determinate behaviours: shrinking the file, growing, writing to it or setting new seals.
Sealing allows sharing shmfs files without any trust-relationship. This is enforced by rejecting seal modifications if you don't own an exclusive reference to the given file. So if a process owns a file-descriptor, it can be sure that no-one besides him can modify the seals on the given file. This allows mapping shared files from untrusted parties without the fear of the file getting truncated or modified by an attacker.
This has some useful uses. For example, a graphic server (e.g. Wayland) may want to reject any file descriptors that don't have the SEAL_SHRINK seal set. That way, any memory-mappings are guaranteed to stay accessible (while at the same time allowing to grow the buffer). Another example would be a general purpose IPC mechanism such as D-Bus. With sealing, zero-copy can be easily done by sharing a file-descriptor that has SEAL_SHRINK | SEAL_GROW | SEAL_WRITE seals set. This way, the source can store sensible data in the file, seal the file and then pass it to the destination. The destination verifies these seals are set and then can parse the message in-line, or even do safe multicasts of the message and allow all receivers parse the same zero-copy file without affecting each other.
Recommended LWN article: Sealed files
Recommended blog article: memfd_create(2)
1.3. Graphic "render nodes" feature enabled by default
"Render nodes" is a feature merged in Linux 3.12. It allows to create different device nodes for the GPU and the display, thus allowing applications to use the GPU for off-screen rendering by talking directly to the DRM device node.
For more details about render nodes, see this blog
1.4. Improved power management features enabled for more Radeon GPUs
1.5. Thunderbolt support
Thunderbolt is a hardware interface that combines PCI Express and Displayport into one serial signal alongside a DC connection for electric power, transmitted over one cable. Up to six peripherals may be supported by one connector through various topologies. Co-developed by Intel and Apple, it's mostly used in Apple devices.
1.6. Support for Xbox One controllers
1.7. More secure generation of random numbers with the getrandom() syscall
Linux systems usually get their random numbers from /dev/[u]random. This interface, however, is vulnerable to file descriptor exhaustion attacks, where the attacker consumes all available file descriptors, and is inconvenient for containers. The getrandom(2) syscall, analogous to OpenBSD's getentropy(2), solves that problems.
Recommended LWN article: A system call for random numbers: getrandom()
1.8. Support for page fault tracing in perf trace
1756272.905 ( 0.000 ms): curl/5937 majfault [0x7fa7261978b6] => /usr/lib/x86_64-linux-gnu/libkrb5.so.26.0.0@0x85288 (d.) 1862866.036 ( 0.000 ms): wget/8460 majfault [__clear_user+0x3f] => 0x659cb4 (?k)
1.9. perf timechart adds I/O mode
Currently, perf timechart records only scheduler and CPU events (task switches, running times, CPU power states, etc); this release adds I/O mode which makes it possible to record IO (disk, network) activity. In this mode perf timechart will generate SVG with I/O charts (writes, reads, tx, rx, polls).
1.10. Signed kexec kernels
Kexec is a Linux feature that allows to boot a Linux kernel from an existing Linux kernel. It is used for faster rebooting or even for automatically booting a new kernel after a crash. However, UEFI "secure boot" systems are not supposed to allow to boot unsigned operating systems. Kexec allows to bypass the UEFI secure boot by kexec'ing into a unsigned kernel. To solve this problem, this release incorporates support for only allowing to kexec kernels that are signed.
Recommended LWN article: Reworking kexec for signatures
2. Drivers and architectures
All the driver and architecture-specific changes can be found in the Linux_3.17-DriversArch page
A resizable, Scalable, Concurrent Hash Table commit
firmware loader: allow disabling of udev as firmware loader commit
Add a option to enable dwarf4 debug info format commit
Support the "split debug info" debug info model present in gcc 4.7+ and newer binutils. It avoids having to copy it around multiple times, from the object files to the final executable, lowers the disk space and defaults to compressed debug data commit
sysfs: disallow world-writable files. commit
rcu: Remove CONFIG_PROVE_RCU_DELAY commit
4. Memory management
dma-buf: add poll support commit
dma-buf: A new "fence" mechanism allows to do cross-device synchronization of DMA buffers. Fences are attached to a buffer which is being filled or consumed by hardware, to allow userspace to pass the buffer without waiting to another device. For example, userspace can call page_flip ioctl to display the next frame of graphics after kicking the GPU but while the GPU is still rendering. The display device sharing the buffer with the GPU would attach a callback to get notified when the GPU's rendering-complete IRQ fires, to update the scan-out address of the display, without having to wake up userspace commit, commit
Export NR_SHMEM via sysinfo(2) / si_meminfo() interfaces commit
5. Block layer
brd: add module option to enable RAM disk visibility in /proc/partitions commit
drbd: New net configuration option socket-check-timeout commit
6. Power management
scripts/analyze_suspend.py: update to v3.0, which includes back-2-back suspend testing, device filters to reduce the html size, the inclusion of device_prepare and device_complete callbacks, a USB topography list, and the ability to control USB device autosuspend commit
7. File systems
Adjust statfs() space utilization calculations according to RAID profiles commit
Add a new /proc/fs/nfsd/max_connections file commit
ipv6: Implement automatic generation of flow labels for IPv6 packets on transmit commit
openvswitch: Enable tunnel GSO for Open vSwitch bridge. commit
timestamp: ACK timestamp for bytestreams commit
timestamp: SCHED timestamp on entering packet scheduler commit
timestamping: TCP timestamping commit
Remove deprecated syststamp timestamp commit
bridge: netlink dump interface at par with brctl commit
virtio-blk: support multiple virtual queues that can get assigned to host's hardware queues commit
virtio-net: rx busy polling support, 1 byte netperf tcp_rr shows 127% improvement commit
vfio: EEH support for VFIO PCI device commit
hyperv: Add netpoll support commit
perf trace: Add possibility to switch off syscall events commit
perf bench: Add --repeat option commit
perf inject: Add --kallsyms parameter commit
perf kvm: Add stat support on s390 commit
perf tools: Add --debug optionto set debug variable commit
tracing: Add ftrace_graph_notrace boot parameter for specifying notrace filter for function graph tracer at boot time commit
seccomp: implement SECCOMP_FILTER_FLAG_TSYNC commit
selinux: Report permissive mode in avc: denied messages. commit
Parser for a PKCS#7 signed-data message as described in part of RFC 2315 commit
pefile: Support for PE file signature verification commit