Archive

An in-depth look into the ARM virtualization extensions

In their just-published article, the Genode OS developers closely examine the virtualization extensions of the ARM architecture and document the process of turning their custom kernel into a microhypervisor - a hybrid of microkernel and hypervisor. Besides covering the virtualization of memory, interrupts, time, and CPU resources, the article also presents a series of experiments with ARM's protection mechanism against DMA-based attacks.

Genode 15.02 adds support for ARM virtualization

With version 15.02, the Genode OS project complements its existing virtualization support for the x86 architecture with virtualization on ARM by turning their base-hw kernel into a microhypervisor. Besides virtualization, the most prominent underlying theme of the current release is the project's increasing focus on test automation and optimization.

Virtualization has a long history within the Genode project. After originally focusing on paravirtualized Linux kernels (L4Linux and OKLinux), the added support for the NOVA kernel and the Vancouver VMM in 2011 cleared the way towards hardware-based virtualization on the x86 architecture. In 2012, the project started exploring ARM TrustZone as another flavour of virtualization. With the Noux runtime, Genode introduced their take on OS-level virtualization. Finally, the transplantation of VirtualBox to NOVA last year marked the project's most ambitioned virtualization-related work. It enables VirtualBox to run as unprivileged user-level program on top of the NOVA microhypervisor.

During 2014, the Genode developers used those accumulated experiences to conquer another ground, namely the ARM virtualization extensions. The current release extends their custom kernel (called base-hw) with support for hosting virtual machines and adds a user-level virtual machine monitor that is capable of running an unmodified Linux-based system as guest OS. At a high level, it mirrors NOVA's virtualization architecture but for ARM-based systems. The microkernel/hypervisor implements merely the VM world switch and the virtualization of memory but leaves all the complex work to untrusted user-level virtual machine monitors. In fact, the added kernel complexity on account of virtualization support is less than 1,000 lines of code.

Besides the virtualization-related work, the base-hw kernel gained a further improved scheduler that takes IPC relationships into account, which is inspired by the pioneering work of NOVA. Furthermore, the project is happy to announce the principal ability to run Genode as secure-world OS on the upcoming USB Armory hardware platform.

Most of the other topics of the current release are concerned with improving the performance and stability of Genode-based system scenarios. The centerpiece of these efforts is a new tool kit for automating tests on a large variety of kernels and hardware platforms. In line with this overall theme, the new version vastly improves the user experience of VirtualBox on NOVA, comes with updated rump-kernel-based file-system support, and lifts long-standing scalability limitations on PC platforms.

More background information about all the improvements of version 15.02 are available in the extensive release documentation.

Linux 3.19 released

Linux kernel 3.19 has been released.

This release adds support for btrfs scrubbing and fast device replacement with RAID 5&6, support for the Intel Memory Protection Extensions that help to stop buffer overflows, support for the AMD HSA architecture, support for the debugging ARM Coresight subsystem, support for the Altera Nios II CPU architecture, networking infrastructure for routing and switching offloading, Device Tree Overlays that help to support expansion busses found on consumer development boards like the BeagleBone or Raspberry Pi, support for hole punching and preallocation in NFSv4.2, and the Android binder has been moved from the staging area to stable; it also adds new drivers; and many other small improvements.

Here is the full list of changes.

FreeRTOS 8.2.0 released

Version 8.2.0 of the embedded operating system FreeRTOS has just been released and is available to download. A complete list of changes is available, but personally I would highlight two of them: task notifications and some improvements of the popular ARM Cortex-M4F port.

Just a short introduction for those of you who have never heard about FreeRTOS before: it's a popular open source (released under a modified GPL license) embedded operating system (well, a multithreading library would be a more accurate description) which runs on many microcontrollers with just a few kilobytes of memory. It allows your embedded application to be split into several threads (called "tasks") with different priorities, and offers several mechanisms for synchronization/communication among tasks, dynamic allocation of memory etc.

The project officially supports quite a lot of combinations of toolchains and professional microcontrollers, however, it is not too difficult to port it to other microcontrollers. Would you like to run it on your Raspberry Pi? No problem, somebody has already ported it for you. You don't have a R.Pi? Never mind, you can try it in Qemu.

Why DNS in OS X 10.10 is broken, and how to fix it

For 12 years, the mDNSResponder service managed a surprisingly large part of our Mac's networking, and it managed this task well. But as of OS X 10.10, the mDNSResponder has been replaced with discoveryd, which does the same thing. Mostly.

Some of the bugs in Yosemite discussed in an article linked last week seem to have origins in moving from mDNSResponder to discoveryd. Here is an explanation of what specifically is not working, and how to fix it. However, it is not for the faint of heart: you can potentially leave your Apple in an unbootable state, and who knows what will happen when an update is installed.

Lessons from the remarkable rise and fall of Symbian

David Wood, one of the founder executives of Symbian - and the one who saw it through to the bitter end - has written a book. A very big book.

Smartphones and beyond: Lessons from the remarkable rise and fall of Symbian tells the entire story from Symbian's conception, to world domination, to its rapid demise, and it must be one of the most candid and revealing books a technology executive has ever written.

The Register's Andrew Orlowski has published a review.

Each new boot a miracle

Dreamlayers ported DOSBOX via Emscripten into a browser-functional emulator. He did it all by himself, and he did it very well, all things considered. His name for it is em-dosbox.

I'm just going to lay it out and say that Dreamlayers is a software engineering genius, one of those people with a gift for coding and making things work not just better, but understanding what things have to be left tied down and waiting for later improvements. Most of his em-dosbox notes are where Emscripten falls down as a compiling and conversion platform, with indications of how they can be improved. And buried in the code of his is an alien artifact that makes the generated javascript from the process run extremely fast.

Flaw discovered that could let anyone listen to your cell calls

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale - even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world's cellular carriers to route calls, texts and other services to each other. Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The GNU GPL to be tested in court

The GNU General Public License (version 2) is one of the most widely used open source licenses in the world. The GNU GPLv2 is commonly used in Linux distributions and open source applications. Yet, despite being widely used for decades, the GPLv2 has not been tested much in the legal system. Most GPL violations do not result in a trial and so the power of the license has remained largely untested. That is about to change. As OpenSource.com posted,

This lack of court decisions is about to change due to the five interrelated cases arising from a dispute between Versata Software, Inc. ("Versata") (its parent company, Trilogy Development Corporation, is also involved, but Versata is taking the lead) and Ameriprise Financial, Inc. ("Ameriprise")

It is expected the court cases will help define what qualifies as a derivative work and how the GPL affects software patents along with other details of how the license is interpreted.

Was isolated with a 486 – built my own 80s operating system

From an Imgur Post of the same title:

I was moved out to an extremely remote country area in the middle of NSW Australia to live with people I didn't want to live with and isolated with no internet for 7 years during my childhood/teenhood. Using the 1980s reference books from my high school library, I decided to build my own OS so that I had a more manageable way of dealing with files than the standard DOS structure.

A short but interesting read about the author's experience with pictures of the finsished product.

Go 1.4 released

Today we announce Go 1.4, the fifth major stable release of Go, arriving six months after our previous major release Go 1.3. It contains a small language change, support for more operating systems and processor architectures, and improvements to the tool chain and libraries. As always, Go 1.4 keeps the promise of compatibility, and almost everything will continue to compile and run without change when moved to 1.4.

FreeNAS 9.3 released

The FreeNAS project, a network attached storage solution based on FreeBSD, has launched FreeNAS 9.3. The new version introduces some significant changes, including the ability to roll back software updates and a new, streamlined interface.

This FreeNAS update is a significant evolutionary step from previous FreeNAS releases, featuring a simplified and reorganized Web User Interface, support for Microsoft ODX and Windows 2012 clustering, better VMWare integration, including VAAI support, a new and more secure update system with roll-back functionality, and hundreds of other technology enhancements.

The release notes for FreeNAS 9.3 contain more details and instructions for upgrading from previous releases.

Fedora 21 released

Fedora version 21 has been launched. The Fedora project, which is sponsored by Red Hat, has taken a new approach with the new version of the Fedora Linux distribution. Fedora 21 has been split into three separate product offerings: Workstation, Cloud and Server. Each product shares a common base, allowing for software compatibility between the three branches. According to the release announcement, Fedora 21 ships with a number of new administration tools, a new graphical package manager and experimental support for running the GNOME desktop on a Wayland display server. More detailed information on Fedora's latest release can be found in the project's release notes.

Fixing PC-BSD upgrade issues

A few weeks ago the PC-BSD project released version 10.1 of its FreeBSD-based operating system. While it was expected that existing users would be able to upgrade smoothly from PC-BSD 10.0 to 10.1, some community members reported problems with the project's upgrade process. The PC-BSD team has acknowledged the problem and is working on a fix.

We are working on a new upgrade patch that will hopefully solve the upgrade problem for some of you who have still not been able to successfully upgrade to 10.1. What we are planning on doing is incorporating just freebsd-update to handle this upgrade for the kernel and let the packages be installed seperately after the kernel has been upgraded.

Going forward we have some ideas on how we can improve the updating process to give a better end user experience for PC-BSD. Just one idea we’ve been thinking about is giving ourselves a little more time before letting RELEASE updates become available to the public. During the extra time period we can ask some of our more advanced users to go ahead and install the “beta” updates and provide us with feedback if issues come up that we were not able to find during our initial testing of the update.

The project hopes to implement a simplified upgrade experience and more tests to insure smoother upgrades to future releases.

Linux Mint 17.1 released

Linux Mint, one of the most popular desktop Linux distributions, has released the latest version in their 17.x series. Mint 17.x is a long term support series that will be supported through to 2019 and is binary compatible with Ubuntu 14.04. The launch of Linux Mint 17.1 includes a number of new features and small improvements. Software updating and kernel selection have been improved. The MATE desktop edition ships with two working window managers, Marco for basic funtionality and Compiz for visual effects. The Cinnamon edition of Mint also features some improvements, particularly more keyboard short-cuts and reduced memory usage. Both editions of Linux Mint feature a pastbin command which makes it easy to share image and log data on-line.

Genode 14.11 features the Intel wireless stack

The just released version 14.11 of the Genode OS framework complements the framework's arsenal of device drivers with the Intel wireless stack. This way, Genode enables the realization of microkernel-based systems on modern laptops without relying on any kind of "device-driver OS" or "Dom0". Other highlights of the release are a new dynamic linker, VirtualBox 4.3.16 on the NOVA hypervisor, a new scheduler for the HW kernel, and networking for the Raspberry Pi.

WiFi stacks are known to be extremely complex. In the Linux kernel, it is certainly one of the most sophisticated driver subsystems besides GPU drivers. From the perspective of an alternative OS, it is quite frightening. On the other hand, WiFi is an universally required feature for a general-purpose OS by today's standards. Therefore, the Genode project had to face the issue to enable a full WiFi stack on top of the framework sooner or later. In spring this year, the Genode team finally took on the engineering feat to transplant the Intel wireless stack from Linux to a user-level component on Genode. This line of work was more demanding than originally anticipated. The biggest hurdle was to get a grasp on the interactions between the various involved protocols and mechanisms such as mac80211, cfg80211, nl80211, the netlink API, AF_NETLINK, and the WPA supplicant. The actual porting work followed the approach of prior porting efforts like the Linux USB and TCP/IP subsystems. All Linux kernel threads are executed by a single user-level thread that cooperatively schedules each kernel thread as a light-weight execution context. Compared to the prior porting efforts, the driver environment for the WiFi stack is far more complex. About 8,500 lines of environment code had to be provided to bring the 215,000 lines of WiFi stack to life. However, almost no original code had to be changed, which will make future updates relatively easy.

From its very beginning, Genode was designed to manage resources via a trading mechanism. For example, when a client component connects to a server component, it can provide a part of its own memory budget to the server. This way, the server does not need to perform allocations from its own resources on behalf of its client, which mitigates the risk for denial-of-service attacks driven by malicious clients. This scheme works well for memory but it had not been employed for CPU time, yet. The reason was the lack of the scheduling facilities offered by the kernels supported by Genode. However, with their custom kernel called "base-hw", the Genode developers were finally able to pursue this idea. The outcome of this line of work is featured in the new release.

Besides the WiFi stack and the new scheduler, Genode 14.11 comes with an upgrade of VirtualBox to version 4.3.16 that can be executed directly on the NOVA microhypervisor, a new dynamic linker, added GUI components, and networking support for the Raspberry Pi. The full story behind all those topics is covered by the release documentation.