Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Operating Systems Security Linux

Linux 4.19 Preparing Better CPU Security Mitigations, New EROFS File-System (phoronix.com) 88

An anonymous reader writes: Linus Torvalds released on Sunday Linux 4.19-rc1 that he describes as a "fairly frustrating merge window" following the new features landing over the past two weeks. What does this "pretty big release" offer? Phoronix's Linux 4.19 feature overview sheds light on more Spectre CPU mitigations for x86/POWER/s390, the new EROFS read-only Android file-system, a Raspberry Pi voltage driver, ThinkPad calculator key support, an in-kernel GPS subsystem, the Google GASKET driver framework, virtual kernel mode-setting, Qualcomm Adreno 600 series support, and many other improvements.
This discussion has been archived. No new comments can be posted.

Linux 4.19 Preparing Better CPU Security Mitigations, New EROFS File-System

Comments Filter:
  • by Anonymous Coward on Sunday August 26, 2018 @07:39PM (#57200192)

    I got a preview of the security Code:

    if (cpu_vendor == intel) {
                        disable_L1_cache();
                        disable_L2_cache();
                        disable_L3_cache();
                        disable_instr_cache();
                        disable_data_cache();
                        disable_branch_prediction();
                        disable_hyperthreading();
                        if (ultra_secure_mode == true) {
                                          for (i=1;i=num_cores-1;i++) {
                                                        disable_core(i);
                                          }
                        }
    }

    one can expect a heavy performance penalty, but the power consumption should go way down, so we have that going for us.

    • by Anonymous Coward

      Actually its liable to overheat after it gets caught in that infinite loop in ultra secure mode.

  • by Gravis Zero ( 934156 ) on Sunday August 26, 2018 @07:55PM (#57200276)

    Only buy AMD.

    • Re: (Score:2, Offtopic)

      by AHuxley ( 892839 )
      We can talk about the benchmark results too.
  • New ERO file-system, not mentioned in TFA, what can that be...
    • by Tailhook ( 98486 )

      It's a read-only file system from Huawei, intended to be an improvement on over existing read-only file systems for Android devices. Yes, this is the same Huawei that makes phone you can't (couldn't, may not be able to in the future...?) take into a US military facility, FWIW.

      • Yes, this is the same Huawei that makes phone you can't (couldn't, may not be able to in the future...?) take into a US military facility, FWIW.

        It's worth nothing. Sudden panic banning Chinese equipment without any actionable intelligence is bad enough, but conflating the company with some open source code that has been independently reviewed and mainlined in the kernel is worth even less.

        • by Tailhook ( 98486 )

          Sudden panic banning

          The US congress has been warning US corporations to avoid Huawei and ZTE since 2012. You reveal your own ignorance if you actually believe current events are something sudden or surprising.

          Australia has joined the US in banning Huawei from infrastructure work. They recognize this company is simply a commercial arm of the PLA and are wisely keeping it out of critical infrastructure.

          This is the sort of naiveté people in the US use to have about Russia.

          • The US congress has been warning US corporations to avoid Huawei and ZTE since 2012. . You reveal your own ignorance if you actually believe current events are something sudden or surprising.

            LOL WUT? If you think what was happening in 2012 is any way remotely comparable to the actions of the past 4 months I have a bridge to sell you, one with a government warning label.

            Australia has joined the US in banning Huawei from infrastructure work.

            Yep. The 51st State of America expressing its independence once again. Interestingly you note yourself here that the ban is new, the multinational effort is new, yet you accuse me of ignorance for realising that a fucking lot has changed in the past few months?

            They recognize this company is simply a commercial arm of the PLA

            They recognise the USA has told people without ever producing a shred

  • by cerberusss ( 660701 ) on Monday August 27, 2018 @12:48AM (#57201200) Journal

    The summary left out a pretty important point from the article, in my opinion:

    The USB Type-C display mode alternate driver was merged to the mainline kernel for stepping up the DP Type-C support, but more work on integrating with the DRM drivers is still being tackled.

    So what this means, is that you have a dongle or monitor cable with USB-C on one end, and DisplayPort on the other end.

    This is important, because I expect to see new laptops coming out, that only have USB-C/Thunderbolt 3. The obvious existing ones are from Apple, but I expect that more laptops will come out with no other ports except USB-C/Thunderbolt 3.

    • by Anonymous Coward

      The summary left out a pretty important point from the article, in my opinion:

      The USB Type-C display mode alternate driver was merged to the mainline kernel for stepping up the DP Type-C support, but more work on integrating with the DRM drivers is still being tackled.

      Slight confusing:

      * DP = DisplayPort: https://www.displayport.org/displayport-over-usb-c/

      But if you transpose them:

      * PD = PowerDelivery: http://www.usb.org/developers/powerdelivery/

      Of course you can connect a display using DP to a laptop, and also have the screen have PD to charge the battery.

    • Not likely outside apple. Most other manufacturers will keep at least one A port because they aren't stupid enough to assume everyone has a wireless mouse and all mouse transmitters are USB-A. They might have a single Halo product that mimics Apple but the majority will include A ports.

  • by azrael29a ( 1349629 ) on Monday August 27, 2018 @03:36AM (#57201538)
    By looking at the name of EROFS I thought we will finally have a dedicated porn filesystem. So disappointed.
  • Linux has been modular for decades, so you only include what you use. So if you don't use the filesystem or the patch, you don't install the filesystem or patch.

    Interactions should only be with the local subsystem, so a hundred modules of a hundred thousand makes no difference. You're still only looking at core functions (kernel core functions plus local API). The subsystem takes care of security, etc.

    With kernel threads, non-interacting code blocks don't need to risk blocking each other.

    Because context swi

  • What's the deal with the GPS subsystem that was mentioned for 4.19?
    What can this subsystem do and why does it have to be in the kernel?

    And yes, I buy AMD where I can.

If all else fails, lower your standards.

Working...