Natalia Petronilla, buongiorno. Sono Giovanna, la vostra futura nuora. Vorrei incontrarvi per parlare. Quando e dove vi fa comodo?
Natalia Petronilla si irrigidì, specialmente alle parole «futura nuora». Che notizie erano queste? Valerio non le aveva detto nulla di un matrimonio con lei.
Buongiorno, Giovanna. Oggi alle 18 a casa mia, vi aspetto.
“Chiss# Kernel 4.19 is now available in the repos!
* 2018-10-23 posted on r/linux*
> 2018-10-23
**New Features:**
* **The new EROFS file system** has been added. EROFS is a read-only file system designed for scenarios where high performance and low storage overhead are required, such as in embedded devices. **The file system is currently being used in production by Huawei**.
* **A new CPU idle governor** called “teo” has been added. The governor is meant to be a replacement for the “menu” governor and is **reported to consume less energy** while improving performance on some workloads. **The governor is enabled by default**.
* **Support for the new Adiantum encryption mode**, which is meant to replace the current encryption modes used on low-end ARM devices that lack hardware crypto acceleration (such as AES instructions). **The mode is optimized for performance on such devices**.
* **Support for the new “nosymfollow” mount option**, which prevents the kernel from following symlinks when resolving paths. **This allows for better security** in cases where symlinks should not be followed (such as in container images).
* **Support for the new “pidfd” API**, which allows processes to send signals to other processes using file descriptors instead of PIDs. **This is meant to prevent PID reuse attacks** (where a malicious process can guess the PID of another process and send signals to it).
* **Support for the new “pidfd\_open” syscall**, which allows processes to get a file descriptor for a process’s PID. **This is meant to be used with the new “pidfd” API**.
* **Support for the new “pidfd\_send\_signal” syscall**, which allows processes to send signals to other processes using file descriptors instead of PIDs. **This is meant to be used with the new “pidfd” API**.
* **Support for the new “pidfd\_getfd” syscall**, which allows processes to get a file descriptor for another process’s file descriptor. **This is meant to be used with the new “pidfd” API**.
* **Support for the new “pidfd\_close” syscall**, which allows processes to close a file descriptor obtained via “pidfd\_getfd”. **This is meant to be used with the new “pidfd” API**.
>> 2018-10-23
Thanks!
>> 2018-10-23
The new EROFS file system has been added. EROFS is a read-only file system designed for scenarios where high performance and low storage overhead are required, such as in embedded devices. The file system is currently being used in production by Huawei.
Are we back to the “one file system for every use case” era? I mean, we’ve got ext4, btrfs, xfs, jfs, zfs, f2fs, and now erofs. Doesn’t seem like a good idea to have so many file systems in the kernel.
Support for the new “nosymfollow” mount option, which prevents the kernel from following symlinks when resolving paths. This allows for better security in cases where symlinks should not be followed (such as in container images).
I don’t like this one either. Why not just have the application or container do the right thing, rather than adding more cruft to the kernel?
Support for the new “pidfd” API, which allows processes to send signals to other processes using file descriptors instead of PIDs. This is meant to prevent PID reuse attacks (where a malicious process can guess the PID of another process and send signals to it).
This seems like a potentially good idea, but I’m not sure why it’s in the kernel. Why not just have a daemon that maintains a PID database and ensures that PIDs are not reused until all references to them are gone? Seems like this could be done in user space.
Support for the new “pidfd_open” syscall, which allows processes to get a file descriptor for a process’s PID. This is meant to be used with the new “pidfd” API.
Same as above.
Support for the new “pidfd_send_signal” syscall, which allows processes to send signals to other processes using file descriptors instead of PIDs. This is meant to be used with the new “pidfd” API.
Same as above.
Support for the new “pidfd_getfd” syscall, which allows processes to get a file descriptor for another process’s file descriptor. This is meant to be used with the new “pidfd” API.
Same as above.
Support for the new “pidfd_close” syscall, which allows processes to close a file descriptor obtained via “pidfd_getfd”. This is meant to be used with the new “pidfd” API.
Same as above.
Seems like a lot of cruft was added to the kernel in this release. I’m not sure why we need all this stuff in the kernel. Seems like it could be done in user space.
>>> 2018-10-23
Doesn’t seem like a good idea to have so many file systems in the kernel.
Why not? If they all serve their purpose and are useful to someone, I don’t see why they should be removed. The kernel can be configured to exclude them if they’re not needed.
>>>> 2018-10-23
Why not? If they all serve their purpose and are useful to someone, I don’t see why they should be removed. The kernel can be configured to exclude them if they’re not needed.
Because it increases the size of the kernel and makes it more difficult to maintain. Every file system that’s added to the kernel increases the chances that a bug will be introduced that affects all file systems. It also makes it more difficult to test the kernel, since there are more file systems to test.
>>>>> 2018-10-23
Because it increases the size of the kernel and makes it more difficult to maintain. Every file system that’s added to the kernel increases the chances that a bug will be introduced that affects all file systems. It also makes it more difficult to test the kernel, since there are more file systems to test.
And yet, it’s still modular. You can compile the kernel without any of them if you want.
>>>>>> 2018-10-23
And yet, it’s still modular. You can compile the kernel without any of them if you want.
That’s not the point. The point is that the more file systems that are added to the kernel, the more difficult it is to maintain and test. It’s not just about the size of the kernel, it’s about the complexity.
>>>>>>> 2018-10-23
The complexity is all in the individual filesystem driver code. No one is working on all drivers at once, so that’s not a concern either. The filesystems themselves are self-contained.
>>>>>>>> 2018-10-23
The complexity is all in the individual filesystem driver code.
No, it’s not. The VFS layer is shared by all file systems, and bugs in the VFS layer can affect all file systems. The more file systems that are added, the more difficult it is to test the VFS layer.
No one is working on all drivers at once, so that’s not a concern either.
That’s not the point. The point is that the more file systems that are added, the more difficult it is to test the kernel as a whole.
The filesystems themselves are self-contained.
No, they’re not. They all share the VFS layer, and bugs in the VFS layer can affect all file systems.
>>>>>>>>> 2018-10-23
The VFS layer is shared by all file systems, and bugs in the VFS layer can affect all file systems. The more file systems that are added, the more difficult it is to test the VFS layer.
Actually no. The VFS layer is simpler than the individual filesystem drivers. The VFS layer is just an interface between the kernel and the filesystem drivers. The filesystem drivers are the ones that do all the heavy lifting.
The point is that the more file systems that are added, the more difficult it is to test the kernel as a whole.
Only if you’re testing all of them. Which you don’t need to do. You only need to test the ones you’re using.
No, they’re not. They all share the VFS layer, and bugs in the VFS layer can affect all file systems.
The VFS layer is a very thin layer. It’s not where the complexity is. The complexity is in the filesystem drivers. The VFS layer is just a bunch of function pointers.
>>>>>>>>>> 2018-10-23
Actually no. The VFS layer is simpler than the individual filesystem drivers. The VFS layer is just an interface between the kernel and the
