泰晓资讯 10月 / 第 2 期 / 2019 —— 资讯收集 about tinylab.org HOT 6 CLOSED

Upstreaming multipath TCP

The multipath TCP (MPTCP) protocol (and the Linux implementation of it) have been under development for a solid decade; MPTCP offers a number of advantages for devices that have more than one network interface available. Despite having been deployed widely, though, MPTCP is still not supported by the upstream Linux kernel. At the 2019 Linux Plumbers Conference, Matthieu Baerts and Mat Martineau discussed the current state of the Linux MPTCP implementation and what will be required to get it into the mainline kernel.

MPTCP是由RFC 6824所定义的，它的核心想法是，允许一个网络连接（network connection）能通过多条物理路径来收发数据。有一个很典型的应用场景就是手机，手机拥有WiFi和4G网络接口，如果能同时利用这两条路来发送数据，肯定能够得到更高的带宽，容错性也更高（其中一条路径状态变化并不会导致网络连接中断）。

过去差不多10年中，multipath TCP (MPTCP)协议以及在Linux kernel的支持一直在持续开发。MPTCP对于拥有超过一个网卡接口的设备来说有很多好处。虽然现在有很多地方已经采用了MPTCP，不过upstream Linux kernel里面尚未正式支持。2019 Linux Plumbers Conference会议上，Matthieu Baerts和Mat Martineau讨论了Linux MPTCP当前实现的状态，以及如何才能合入mainline kernel。

from tinylab.org.

Fixing getrandom()

the ongoing saga of securely and reliably providing random numbers to user space.

A report of a boot hang in the 5.3 series has led to an enormous, somewhat contentious thread on the linux-kernel mailing list. The proximate cause was some changes that made the ext4 filesystem do less I/O early in the boot phase, incidentally causing fewer interrupts, but the underlying issue was the getrandom() system call, which was blocking until the /dev/urandom pool was initialized—as designed. Since the system in question was not gathering enough entropy due to the lack of unpredictable interrupt timings, that would hang more or less forever. That has called into question the design and implementation of getrandom().

内核5.3版本里面有人报出一个启动过程中死机问题，最终演化成了一个影响很大的、充满争议性的linux-kernel mailing list讨论话题。大概介绍一下这里的问题，因为近期有些改动导致ext4文件系统在boot阶段早期所做的I/O操作数量变少了，也就是说中断发生的次数变少了，与此同时Linux的getramdom() syscall设计的行为是在 /dev/urandom 初始化完成之前会一直阻塞住、不返回给user space调用者。而出问题的系统上，启动早期阶段没有搜集到足够的随机事件（主要是那些随机的中断event不够多），所以这种系统可能会一直保持死机状态。这个话题最后引起关于getramdon()的实现机制的争论。

这个问题的讨论非常长，反转也很多。Torvalds的最终决定还不清楚是什么。

同时也表明内核社区又一次在API/ABI设计上出了问题。Torvalds以及其他人都认为getrandom()的行为不应该是永远阻塞的，不过这个信息给出的时候晚了5年。API/ABI的review是kernel过去多年都想改善的，希望这次能给大家提个醒，今后能花更多时间来review和test这些ABI相关的改动，否则如何能承诺ABI永远不变呢？

from tinylab.org.

Compiling to BPF with GCC

LLVM is no longer the only way to compile for the BPF virtual machine.

The addition of extended BPF to the kernel has opened up a whole range of use cases, but few developers actually write BPF code. It is, like any other assembly-level language, a tedious pain to work with; developers would rather use a higher-level language. For BPF, the language of choice is C, which is compiled to BPF with the LLVM compiler. But, as Jose Marchesi described during the Toolchains microconference at the 2019 Linux Plumbers Conference, LLVM will soon have company, as he has just added support for a BPF back-end to the GCC compiler.

from tinylab.org.

Python 3.8 稳定版正式发布

Python 语言项目于 October 14th, 2019 正式释出了新的大更新版本 v3.8，下一个版本 3.9 已在开发之中。

Python 语言每一年半时间发布一个大更新版本，今年早些时候开发者谈论加快发布节奏，比如采用一年一次大更新，但决定尚未作出。

相比 3.7 ，Python 3.8 的主要变化包括：

• 新的赋值表达式语法 :=；它被昵称为 “海象运算符”, 因为它很像是海象的眼睛和长牙。
• 新增了一个函数形参语法 / 用来指明某些函数形参必须使用仅限位置而非关键字参数的形式；
• 用于已编译字节码文件的并行文件系统缓存；
• 调试构建使用与发布构建相同的 ABI；
• 增加 = 说明符用于 f-string。 用于自动记录表达式和调试文档；
• 新的 C API 用来配置 Python 初始化，
  等等，更多可浏览文档 https://docs.python.org/zh-cn/3.8/whatsnew/3.8.html。

from tinylab.org.

Linux Sudo bug opens root access to unauthorized users
https://siliconangle.com/2019/10/14/linux-sudo-bug-opens-root-access-unprivileged-users/

Sudo, the main command in Linux that allows users to run tasks, has been found to have a vulnerability that allows unauthorized users to execute commands as a root user.

The vulnerability, known as CVE-2019-14287, does require a nonstandard configuration but nonetheless does open the door to unauthorized users.

编号为 CVE-2019-14287 的 Sudo 安全漏洞，Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序。
sudo中存在安全漏洞。攻击者可利用该漏洞以root权限运行命令。
Debian项目和Canonical很快修复了一个影响Sudo程序的关键安全漏洞，该程序允许用户使用其他用户的安全特权运行程序，敦促用户立即更新他们的系统。

from tinylab.org.

Zephyr RTOS 2.0 Release Highlights
https://www.linux.com/articles/zephyr-rtos-2-0-release-highlights/

Last month, the Zephyr Project announced the release of Zephyr RTOS 2.0 and we are excited to share the details with you! Zephyr 2.0 is the first release of Zephyr RTOS after the 1.14 release with Long-Term support in April 2019. It is also a huge step up from the 1.14 release, bringing a wide list of new features, significant enhancements in existing features, as well as a large list of new HW platforms and development boards.

On the Kernel side, we enhanced the compatibility with 64-bit architectures, and significantly improved the precision of timeouts, by boosting the default tick rate for tickless kernels.

Additionally, we are excited to welcome ARM Cortex-R into the list of architectures supported in Zephyr RTOS.

A major achievement in this release is the stabilization of the Bluetooth Low Energy (BLE) split controller, which is now the default BLE controller in the Zephyr RTOS.
上个月，Zephyr项目宣布发布Zephyr RTOS 2.0，我们很高兴与您分享详细信息！ Zephyr 2.0是Zephyr RTOS的第一个版本，在1.14版本之后于2019年4月提供了长期支持。它与1.14版本相比也有了巨大的进步，带来了一系列新功能，现有功能的重大增强以及 作为大量新的硬件平台和开发板的清单。

在内核方面，通过提高无滴答内核的默认滴答率，我们增强了与64位体系结构的兼容性，并显着提高了超时精度。

此外，我们很高兴欢迎ARM Cortex-R进入Zephyr RTOS支持的体系结构列表。

此版本的主要成就是稳定了低功耗蓝牙（BLE）拆分控制器，该控制器现在是Zephyr RTOS中的默认BLE控制器。

在网络领域，

from tinylab.org.