The Linux Kernel Has Been Forcing Different Behavior For Processes Starting With 'X' (phoronix.com) 66
"An ugly hack within the Linux kernel that has been in mainline for over three years has been called out," writes Phoronix's Michael Larabel. "Due to a buggy X.Org Server / xf86-video-modesetting DDX, the Linux kernel has been imposing different behavior on whether a process starts with 'X' and in turn disable the atomic mode-setting support." Linux security researcher and WireGuard creator, Jason Donenfeld, discovered the 'ugly code' within the kernel and commented on it via the kernel mailing list.
"The commit to this kernel with the 'X' first character check was made back in September 2019," notes Larabel. "The 'good' news is that since then on user-space side back in 2019 the xf86-video-modesetting code went ahead and disabled atomic support by default. So technically if running an updated X.Org stack within the past three years, this kernel hack isn't necessary anymore since user-space is just then avoiding the atomic API."
"The commit to this kernel with the 'X' first character check was made back in September 2019," notes Larabel. "The 'good' news is that since then on user-space side back in 2019 the xf86-video-modesetting code went ahead and disabled atomic support by default. So technically if running an updated X.Org stack within the past three years, this kernel hack isn't necessary anymore since user-space is just then avoiding the atomic API."
Engrish? (Score:4, Insightful)
I realize this supposed to be somewhat of a techy site, but not everyone here is down with the sickness of minutae about everything. It would be nice if something more coherent could have been reported rather than the presented word salad.
This is an ongoing issue in tech as a whole: assuming the audience has a clue about what you're talking about. It's like when reading instructions and they start in what is essentially the middle of the process without telling you how to get to that point. Everyone knows how to get to there so what's the big deal, right?
And before anyone says it's obvious, just remember how much knowledge we've lost because everyone knew what was being talked about so didn't bother to give details. After all, everyone knows where Punt is. Why bother explaining how to get there.
Re: Engrish? (Score:5, Informative)
atomic means the ability to update a value and not have any other observers able to see you in the middle of changing the value.
Suppose you were laying Domino's out on a table and someone else's job was to read the number you're giving them by adding up everything that's visible.
Imagine that as you were removing or laying down new Domino's to make your next number the person incorrectly assumed it was time to take the count even though you are not done making your changes.
If the updates were atomic, then the viewer would be unable to see you in the middle of changing and would instead see the original set of blocks up until some point where they see the entire new set all at once.
Locking is keeping them from looking while you are there. Atomic means you both are there but updates are either wholly done or not done but impossible to observe "in the middle".
Hope that helps
Re: (Score:3, Insightful)
atomic means the ability to update a value and not have any other observers able to see you in the middle of changing the value.
Suppose you were laying Domino's out on a table and someone else's job was to read the number you're giving them by adding up everything that's visible.
Imagine that as you were removing or laying down new Domino's to make your next number the person incorrectly assumed it was time to take the count even though you are not done making your changes.
If the updates were atomic, then the viewer would be unable to see you in the middle of changing and would instead see the original set of blocks up until some point where they see the entire new set all at once.
Locking is keeping them from looking while you are there. Atomic means you both are there but updates are either wholly done or not done but impossible to observe "in the middle".
Hope that helps
You're like that old joke about the person flying the helicopter in the fog, and is lost. He sees guy at the window of a building, and calls out to him to ask where he is. The guy at the window replies "You're in a helicopter". Where upon the pilot realizes he's flying over the top of the Microsoft campus, because the answer was technically correct, yet totally useless.
So yeah, a great definition of "atomic", but what does it actually mean for the code execution?
Re: (Score:1, Informative)
So yeah, a great definition of "atomic", but what does it actually mean for the code execution?
It means exactly what the guy described.
Or what do you think it means?
Re: Engrish? (Score:4, Informative)
Say you have some data stored in memory somewhere. Like data about a window that is displayed on screen. Lots of different processes need to access that data. The window manager, the application that owns it, maybe other apps too.
What happens when you need to update that data? Say the window manager starts updating it because the window was moved. It updates the X coordinate, but just before it updates the Y coordinate the task scheduler stops it and lets an app run instead. The app reads the window position, which is now only half updated. The X coordinate is the new one, the Y coordinate is the old one. The data is invalid.
To solve that you need an atomic update. All changes made in one go, and no other processes can access the data until the update is complete.
It's described as "atomic" because atoms were once thought to be the smallest things in existence, and indivisible. An atomic update can't be broken down, it's the smallest update allowed to that data.
Re: (Score:1)
atomic means the ability to update a value and not have any other observers able to see you in the middle of changing the value.
Suppose you were laying Domino's out on a table and someone else's job was to read the number you're giving them by adding up everything that's visible.
Imagine that as you were removing or laying down new Domino's to make your next number the person incorrectly assumed it was time to take the count even though you are not done making your changes.
If the updates were atomic, then the viewer would be unable to see you in the middle of changing and would instead see the original set of blocks up until some point where they see the entire new set all at once.
Locking is keeping them from looking while you are there. Atomic means you both are there but updates are either wholly done or not done but impossible to observe "in the middle".
Hope that helps
Not sure if this post is intended as a joke or not... Dominoes have numbers on them. Domino's is mediocre pizza.
Re: (Score:2, Funny)
After all, everyone knows where Punt is. Why bother explaining how to get there.
Eh? You might need to give some context to that. We are not all history majors. ... irony I hope :-)
Oh,
I don't really see the problem. You don't need to know what "atomic mode-setting support" is. The point is clear enough that the kernel is treating a process differently based on the first letter of its name! I hope everyone here knows what "kernel", "commit" and "API" mean, or they may be in the wrong place.
Re:Engrish? (Score:5, Informative)
Not irony, an example. Since everyone back then knew where Punt was there was no reason to explain where it was located in reference to anything else. For example, Egyptian scrolls talk about trading with Punt, but they don't say which direction it was, how long it took to get there, etc. Why? Because everyone knew where Punt was.
The same happened during the Roman period. There were certain places or people or things that everyone during that time knew so scholars never bothered to elaborate on them in their own writings. Everyone knew who Cassius Meridius Decius was and his grand palace. No need to describe it or where it was located.
Re: (Score:1)
Not irony, an example. Since everyone back then
The irony is that in complaining about obscure terminology on a tech site, you used an obscure metaphor from ancient history that few people here would have understood. You might as well have been quoting in Latin. I was wondering it is was deliberate, or just hypocritical. Either way, ironic in some sense of the word :-)
Re: (Score:1)
Not irony, an example. Since everyone back then
The irony is that in complaining about obscure terminology on a tech site, you used an obscure metaphor from ancient history that few people here would have understood. You might as well have been quoting in Latin. I was wondering it is was deliberate, or just hypocritical. Either way, ironic in some sense of the word :-)
And now you get why I used it. Yes, it is obscure and yes, not many people would get the reference, and yet the word salad we got for this kernel issue is supposed to be clear to everyone on here.
But nope, not irony [merriam-webster.com] because my intention was deliberate.
Re:Engrish? (Score:4, Insightful)
One thing to note though is that this is site is the tech equivalent of being in Rome during the Roman period. It is expected that people here know quite a bit about Linux and at least know how to Google some technical terms when they come across it.
Too many sites already exist that cater to the lowest common denominator. Slashdot doesn't need to be one of them. The important information is in the summary and is human readable, the kernel treated some processes differently. Extra information is also provided for the technical people who visit Slashdot precisely because it's not lifehacker.com or some other site catering to the lowest common denominator.
Re: (Score:2)
After all, everyone knows where Punt is.
Just beyond fourth down and long.
Re:Engrish? (Score:4, Informative)
I don't think the technical details matter, you can just ignore the tech babble you don't care about.
There was a bug of some sort in X.Org Server, to make that still work the kernel (the operating system level code) disabled whatever it was that the buggy code misused. But it did that by just doing that for every single program whose name starts with "X" .
X.Org Server code has since been changed to not do that, but the kernel still has that work around, so any other programs that happen to start with the letter X trigger the silly kernel code.
Re: Engrish? (Score:1)
As a foreigner with English as a second (bad) language, I understood the story perfectly.
Just like in Japan nobody understood my Australian friend but my English.
Join us!
Re: (Score:2)
After all, everyone knows where Punt is. Why bother explaining how to get there
Wrong! I don't...
(Guessing it's a US-specific reference...)
Re: (Score:3)
After all, everyone knows where Punt is. Why bother explaining how to get there
Wrong! I don't...
(Guessing it's a US-specific reference...)
Punt was a kingdom which existed during the Egyptian period [wikipedia.org] a few thousand years ago. Apparently it was a large trading partner of Egypt and fairly wealthy. While it is mentioned in texts, there is no description or directions of how to get to it. Why? Because apparently everyone at the time knew where Punt was so there was no need to describe its location.
Re: (Score:2)
Punt was a kingdom which existed during the Egyptian period [wikipedia.org] a few thousand years ago. Apparently it was a large trading partner of Egypt and fairly wealthy. While it is mentioned in texts, there is no description or directions of how to get to it. Why? Because apparently everyone at the time knew where Punt was so there was no need to describe its location.
Thanks!
Re: (Score:2)
What exactly are you unhappy about?
The article clearly states that there has been an ugly hack in the kernel that disables a certain functionality if the name of a process starts with X. This was done to work around some misbehaviour of the X.org X Server that was fixed a bit later, thus the hack is now obsolete unless you're running rather obsolete software.
So far, so good. I really don't see what your gripe is, what you don't understand. Slashdot *is* a tech site, so possibly there will be content that no
No one wants dick and jane stories (Score:2)
I, for one, like it when an article isn't dumbed down to the lowest common denominator. If I don't know something, it's an opportunity to learn in a way I will remember.
I've noticed a tendency in myself and others. When I am driving somewhere, and someone is in the vehicle spoon feeding me directions (or navigating solely GPS), I often have a harder time remembering how to get there again the second time than if I had to work out the route myself.
It's no different in other aspects, like this article. We
X.org (Score:3, Insightful)
Just think of how much X.org could have been improved instead of wasting time on BS like Wayland that doesn't even work right or support all the needed features.
Re: X.org (Score:4, Interesting)
Completely agree. Our small company uses X11 forwarding daily.
We have zero interest to give that up. Nothing else compares on a fast 10gig lan.
Re: (Score:2)
We have zero interest to give that up. Nothing else compares on a fast 10gig lan.
That's unintentionally funny.. Remote X sessions are so great you only need double the bandwidth of an old style PCI slot.
Re: (Score:3)
Remote X-Sessions used to work just fine on 9.6k (baud) modems.
And the worked without noticeable flaws on 64k bit (yes, bit) ISDN connections.
Re: X.org (Score:5, Informative)
Remote X11 used to use the standard X widgets that could be stored locally so very little data had to be sent to update. However, over time, everything changes to use pixmaps and more advanced controls where added. These have to be sent as images and all interactions require a round trip. For a modern X11 application it uses more bandwidth and is less responsive than more modern remote desktop software.
Hardware has also changed. The way that X11 renders works really well for cards with 2D acceleration and drawing as you go functionality. However, modern systems are 3D composited systems and designed to favor batch submissions. This is part of the reason why a laptop with linux runs the battery down so much faster because the GPU stays active a lot longer.
Re: X.org (Score:5, Informative)
^ This times a 1000.
X used to be a set of drawing commands, which didn't care over which they were sent. Over the years, X11 became a very complex shared memory implementation.
remote x11 today isn't any better than RDP or VNC. Today meaning about the past 20 years. Unless you're using the Common Desktop Environment. That actually still might use the X drawing primitives. Haven't checked.
Re: (Score:2)
In fairness, X *could* run over 9600.
Having been there and done that in the day, calling it "just fine" is a rather, uhh, strong, way of putting it.
It functioned in a pinch.
Assuming that you didn't need graphical content, that is.
Re: (Score:2)
Re: (Score:3)
>"Our small company uses X11 forwarding daily. We have zero interest to give that up. Nothing else compares on a fast 10gig lan."
We have hundreds of seats (thin desktops) using xdmcp/X11 sessions all day, every day (doing everything- browsing, LibreOffice, Email, etc). And on "just" 100Mb to the desktops (yes, we are in the process of upgrading that network now). And before that, we ran it on 10Mb.
Re: (Score:2)
If only as much effort had been put into allowing Wayland to do forwarding as they put into claiming it would one day and then into gaslighting that it isn't a useful feature.
Re: (Score:3)
Have a client do the forwarding. Wayland doesn't define a rendering protocol because it's pointless. And for all the people who point at X11 forwarding, it's pointless too. No toolkit deals with primitives and so all you are doing is pumping pixmap data down a pipe which you can do with pretty much any client service software product. Forwarding made sense when drawing X primitive circles to do xeyes was an intense task for workstations. But every modern toolkit has moved to pixel data and piping that
Re:X.org (Score:4, Insightful)
I use X forwarding almost everyday. It is extremely useful. So no, , it is no "pointless" at all.
Wayland seems pointless. At least I do not see any actual advantage people who it have. My PhD students who run Wayland are those that still have problems with screen sharing via Zoom and other problem etc. They hen reboot into X to fix it. After 15 years of Wayland development or so I am really impressed.
Wayland also breaks compatibility to several decade of APIs with no good reason. It is one of the bigger blunders the Linux community can make.
Re:X.org (Score:4, Informative)
Re: (Score:2)
No it's definitely a bug if it prevents you from sharing your screen when you want to share it.
Re: (Score:2)
It doesn't prevent you from sharing your screen. In fact I share my Wayland screen daily using programs like Google Chat and Slack. It also doesn't prevent you from sharing single windows, ah la ssh -X.
Ever heard of waypipe [freedesktop.org]? It's just like X forwarding build into ssh. As ssh doesn't have Wayland forwarding (yet?), the work around is waypipe runs ssh for you to create the required tunnels.
Re: (Score:2)
So with waypipe, if I log in on a text session with ssh, I can run a Wayland app and it shows up on my local display, nicely wrapped in ssh's crypto? Likewise for any program run from a GUI app? If, for example, I use ssh to run a wayland based terminal, a wayland program I run from the command line appears on my local display?
Re: (Score:2)
Yes. Just like `ssh -X`. It's pretty new for some definitions of new - it's not in Debian stable.
The statement from the Wayland devs that screen sharing is possible, it just wasn't something they had priorities turned out to be spot on the money. Sharing a 4K monitor under Wayland over Google Chat seems flawless, and fast. You don't see any of artefacts like tearing and freezes you get under VNC.
Re: (Score:2)
This can be easily fixed in X too. X has trusted clients and untrusted. The problem is that all modern apps need to be run as trusted. But this could be changed with moderate effort. It was not done for two reasons:
1.) Some people decided that everything old needs be rewritten. And I do think this was done e to make anything on the desktop better. The reason was mobile, because at that time some people believed Linux-based devices could be successful there if it had redesigned mobile GUIs and network trans
Re: (Score:2)
This is stupid. Premature Optimization Is the Root of All Evil!
Anyone who spent any amount of time looking at this problem knows, no one needs, wants, or is asking for a secure display server. The Linux community should not be focusing on technology for the military, they should be focusing on technology the community wants.
Re: (Score:2)
sometimes itmeans "my spacebar doesn't alwayswork".
Re: (Score:3)
Have a client do the forwarding.
Awesome, now it works only for certain clients, certain toolkits and certain compositors.
Wayland doesn't define a rendering protocol because it's pointless. And for all the people who point at X11 forwarding, it's pointless too.
I'm astounded, repeatedly, at the Wayland fanbois arrogance in repeatedly stating that everyone else is wrong with their workflows so therefore Wayland is fine. Saying it's somebody else's problem simply means you end up with a balkanised features set
Re: X.org (Score:2)
The worst part for me is window decorations are ONLY controlled by the application (though there's now an option to allow a compositor to do it).
I'd really like the option to force applications to all use the same decorations, but no, KDE and GTK applications will have different frames, buttons, button placement etc.
Doing an application using neither? Yay, now you need to worry about your own window decorations.
Maybe this has changed, but last I looked into it there was a thread where the Wayland people rel
Re: (Score:2)
The gaslighting is repeatedly asserting to people who use X11 forwarding on a daily basis that it's either useless (it's not), isn't really forwarding (it is), or don't worry, the client can handle it (sure, because the client supports X. As you said, Wayland is useless for forwarding).
Or as Judge Judy would say, "don't pee on my leg and tell me it's raining".
Re: (Score:1, Informative)
> named after its creator
"Microsoft"
XXX - Remove on 2024-09-19 (Score:2)
-
Evil X? (Score:3)
I have been out of looking at kernel or X11 code for the longest time, but the gist of it is that there was a poorly implemented code segment in X11, nobody wants to fix X11, so this was a kernel workaround specifically for that.
This sort of thing seems inevitable.
But my question is: aren't there a lot of packages dependent on X11, or have they moved on to some other base for *nix user interfaces?
Re: (Score:2)
Maybe I misread TFS, and am too tired to re-read, but I think it says the kernel workaround was to deal with an xorg problem. But the xorg problem was fixed long ago, yet the kernel workaround remains, and maybe can be removed now...
If I'm right, I'd suggest something more dynamic: kernel detects whether xorg has been fixed. If not, use workaround.
Re:Evil X? (Score:4, Informative)
From the Donenfeld e-mail:
The backstory is that some userspace code -- xorg-server -- has a modesetting DDX that isn't really coded right. With nobody wanting to maintain X11 anymore, rather than fixing the buggy code, the kernel was adjusted to avoid having to touch X11.
That's what I was going on.
Re:Evil X? (Score:4, Informative)
>"nobody wants to fix X11"
That is not the case. It was fixed years ago. If anything, you could flip that around and say "nobody wanted to fix the Linux kernel" just as easily. In reality, what probably happened was a lack of communication and the kernel team wanted something right that second, before the Xorg team could make a change, and so the kernel team put in a BAD kludge.... and then did nothing to revert it.
I mean really, if they felt they needed to IMMEDIATELY implement such a kludge, could they not have AT LEAST specified the process name be Xorg, instead of X*???? I am not sure if it is case-sensitive or not, but I have over 15 "x*" processes running on my home system right now that are not Xorg.
>"But my question is: aren't there a lot of packages dependent on X11,"
On desktop systems? Absolutely
Just replace X.org with SystemD (Score:5, Funny)
Problem solved.
Re: (Score:1)
Re: (Score:2)
Damaging Linux so badly it's users willingly return to Windows is a bit extreme, don't you think?
Re: (Score:1)
Good question. Hmmm, who does Poettering work for?
Re:Just replace X.org with SystemD (Score:4, Funny)
>"Problem solved."
OMG, please don't give them any more ideas.
Re: (Score:2)
Just imagine (Score:1)
How many of such ugly hacks are running in Windows GDI without people noticing them.
Re: (Score:1)
Only a few people and even they don't have/get time to realy look at such things, as it's property code.
atomicity (Score:1)
in recent past history the 'atom' was considered the smallest undividable miniscule entity. it could not be broken down into constituent parts.
From the computing point of view when an operation or process was labeled 'atomic' it meant that it could not be interrupted, disturbed while being modified, or observed in a partial state.
atomic operations were guaranteed to run to completion without interruption.
Re: (Score:2)
in recent past history the 'atom' was considered the smallest undividable miniscule entity
In current usage too. "Atom" is still considered the smallest undividable miniscule entity. It is considered that because that's that the word always has meant and still means. Atom comes from the Greek "atomos" meaning uncuttable. Just because what got labelled "an atom" in chemistry and physics wasn't actually uncuttable doesn't mean that the word doesn't still mean that.
The usage of "atom" and "atomic" in computing to mean an operation or group of operations together that occur as an undividable gro