Linux 3.17 has been released on Sun, 5 Oct

Summary: This release adds support for USB device sharing over IP, support for Xbox One controllers, support for Apple's thunderbolt, a new sealing API that restricts operations on shared memory file descriptors that allows easier shared memory programming for developers, support for page fault tracing in perf trace, support for only using signed kernels in kexec, a getrandom() syscall for more secure random number generation, and graphic "render nodes" are no longer experimental. There are also new drivers and many other small improvements.

1. Prominent features

1.1. USB device sharing over IP

USB/IP is a project that provides a general USB device sharing system over IP network. To share USB devices between computers with their full functionality, USB/IP encapsulates "USB I/O messages" into TCP/IP payloads and transmits them between computer. Original USB device drivers and applications can be also used for remote USB devices without any modification of them. A computer can use remote USB devices as if they were directly attached.

This project has been for a while in the "staging" area, and it's now considered stable enough for prime consumption. Userspace tools can be found at tools/usb/usbip

Code: commit, commit

Project: http://usbip.sourceforge.net

1.2. 'File sealing' eases handling of shared memory

When various processes communicate with each other via shared memory, they have to be careful and synchronize, because the shared memory can be modified by others at any time, or shrink and grow the buffer. This makes IPC via shared memory fragile, forces servers to do extra checks, encourages making local copies of shared memory and makes zero-copy operations impossible if the source of shared memory is not trusted.

This release includes the concept of "file sealing". Files from shmfs can be "sealed" through fcntl(2) different flags that restrict determinate behaviours: shrinking the file, growing, writing to it or setting new seals.

Sealing allows sharing shmfs files without any trust-relationship. This is enforced by rejecting seal modifications if you don't own an exclusive reference to the given file. So if a process owns a file-descriptor, it can be sure that no-one besides him can modify the seals on the given file. This allows mapping shared files from untrusted parties without the fear of the file getting truncated or modified by an attacker.

This has some useful uses. For example, a graphic server (e.g. Wayland) may want to reject any file descriptors that don't have the SEAL_SHRINK seal set. That way, any memory-mappings are guaranteed to stay accessible (while at the same time allowing to grow the buffer). Another example would be a general purpose IPC mechanism such as D-Bus. With sealing, zero-copy can be easily done by sharing a file-descriptor that has SEAL_SHRINK | SEAL_GROW | SEAL_WRITE seals set. This way, the source can store sensible data in the file, seal the file and then pass it to the destination. The destination verifies these seals are set and then can parse the message in-line, or even do safe multicasts of the message and allow all receivers parse the same zero-copy file without affecting each other.

Recommended LWN article: Sealed files

Recommended blog article: memfd_create(2)

Code and preliminary API documentation: commit, commit

1.3. Graphic "render nodes" feature enabled by default

"Render nodes" is a feature merged in Linux 3.12. It allows to create different device nodes for the GPU and the display, thus allowing applications to use the GPU for off-screen rendering by talking directly to the DRM device node.

This feature had been considered experimental for a while and could only be enabled with the "drm.rnodes=1" module parameter. In this release, render nodes have been enabled by default.

For more details about render nodes, see this blog

Code: commit

1.4. Improved power management features enabled for more Radeon GPUs

Dynamic power management (dpm) has been re-enabled by default on Cayman and BTC devices.

Also, a new module parameter (radeon.bapm=1) has been added to enable bidirectional application power management (bapm) on APUs where it's disabled by default due to stability issues.

Code: commit, commit, commit

1.5. Thunderbolt support

Thunderbolt is a hardware interface that combines PCI Express and Displayport into one serial signal alongside a DC connection for electric power, transmitted over one cable. Up to six peripherals may be supported by one connector through various topologies. Co-developed by Intel and Apple, it's mostly used in Apple devices.

Code: commit

1.6. Support for Xbox One controllers

This release adds support for Xbox One controllers.

Code: (commit)

1.7. More secure generation of random numbers with the getrandom() syscall

Linux systems usually get their random numbers from /dev/[u]random. This interface, however, is vulnerable to file descriptor exhaustion attacks, where the attacker consumes all available file descriptors, and is inconvenient for containers. The getrandom(2) syscall, analogous to OpenBSD's getentropy(2), solves that problems.

Recommended LWN article: A system call for random numbers: getrandom()

Code: commit

1.8. Support for page fault tracing in perf trace

This release adds page fault tracing support to 'perf trace'. Using -F/--pf option user can specify whether he wants minor, major or all pagefault events to be traced. Output example: