Security updates have been issued by Debian (dnsmasq, libmediainfo, and mariadb-10.1), Fedora (dotnet5.0, moodle, and radare2), Mageia (kernel and kernel-linus), Oracle (python27:2.7, python36:3.6, and python38:3.8), Red Hat (pki-core:10.6), and Ubuntu (privoxy).
The kernel's memory-management subsystem is built upon many concepts, oneof which is called "copy on write", or "COW".The idea behind COW is conceptually simple, but itsdetails are tricky and its past is troublesome. Any change to itsimplementation can have unexpected consequences and cause subtle breakagefor existing workloads. So it is somewhat surprising that last year we sawtwo major changes the kernel's COW code; less surprising is the fact that,both times, these changes had unexpected consequences and broke things. Some of the resulting problems are still not fixedtoday, almost ten months after the first change, while the original reasonfor the changes — a security vulnerability — is also not fully fixed. Readon for a description of COW, the vulnerability, and the initial fix; theconcluding article in the series will describe the complications that arosethereafter.
At the LibrePlanet conferenceover the weekend, Richard Stallman announced that he has returned to theFree Software Foundation's board of directors. Video of the announcement isavailable, but there is little information beyond that.
The fourth 5.12 kernel prepatch is out fortesting. "So I'll just tempt the fates and say that everything lookspretty normal and this release seems to look good despite the rc1hiccup."
The Free Software Foundation has announcedthe recipients of its 2021 Free Software Awards. Alyssa Rosenzweigreceived the award for outstanding new free-software contributor,the CiviCRM project won the award for social benefit, and Bradley Kuhnreceived the award for the advancement of free software.
Last week's installment in this series on lockless patterns took a first lookat the compare-and-swap (CAS) operation. CAS is a powerful tool that canbe used to implement a number of lockless primitives. The next step is tolook at other atomic read-modify-write operations that canbe implemented on top of compare-and-swap.
Followers of the linux-next integration tree may have noticed a significantaddition: initial support for writing device drivers in the Rust language.There is some documentation in Documentation/rust,while the code itself is in the rusttop-level directory. Appearance in linux-next generally implies readinessfor the upcoming merge window, but it is not clear if that is the casehere; this code has not seen a lot of wider review yet. It is, regardless,an important step toward the ability to write drivers in a safer language.
Security updates have been issued by CentOS (kernel and pki-core), Debian (shibboleth-sp, shibboleth-sp2, and squid3), openSUSE (libmysofa and privoxy), Oracle (bind), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).
Memory management generally works at the level of pages, which typicallycontain 4,096 bytes but may be larger. The kernel, though, has extendedthe concept of pages to include compound pages, which are groups ofcontiguous single pages. That, in turn, has made the definition ofwhat a "page" is a bit fuzzy. Matthew Wilcox has been working since lastyear on a concept called "page folios" which is meant to bring the pictureback into focus; whether the memory-management community will accept itremains unclear, though.
Security updates have been issued by Debian (velocity-tools), Fedora (switchboard-plug-bluetooth), Mageia (discover, flatpak, and xmlgraphics-commons), openSUSE (chromium and python), Oracle (kernel, kernel-container, and pki-core), Red Hat (openvswitch2.11 and ovn2.11, python-django, qemu-kvm-rhev, and rubygem-em-http-request), and SUSE (crmsh, openssl1, and php53).
A number of different attacks against Linux systems rely on brute-forcetechniques using the fork()system call, so a new Linux security module (LSM), called "Brute", has been created todetect and thwart such attacks.Repeated fork() calls can be used for various types ofattacks, such as exploiting the StackClash vulnerability or Heartbleed-style flaws.Version 6 of the Brute patch set was recentlypostedand looks like it might be heading toward the mainline.
Stable kernels 5.11.7, 5.10.24, 5.4.106, 4.19.181, 4.14.226, 4.9.262, and 4.4.262 have been released. There areimportant fixes throughout the tree and users should upgrade.
Open-source projects have many non-technical needs as they grow. But,running a FOSS non-profit organization for supporting these projects is alot of work, as anyone involved in such an organization will attest. Thesedays, some software platforms, such as LFX from the Linux Foundationand Open Collective, are indevelopment to provide important services, such as crowdfunding, toprojects and other organizations. These platforms have the potential toimprove both the quality and range of services available to projects.
Security updates have been issued by Debian (shadow, tor, and velocity), Fedora (gsoap, qt5-qtsvg, and switchboard-plug-bluetooth), Mageia (batik, chromium-browser-stable, glibc, ksh, and microcode), openSUSE (389-ds, connman, freeradius-server, froxlor, openssl-1_0_0, openssl-1_1, postgresql12, and python-markdown2), Red Hat (bind, curl, kernel, nss and nss-softokn, perl, python, and tomcat), Scientific Linux (ipa, kernel, and pki-core), SUSE (glib2 and velocity), and Ubuntu (containerd).
Christian Schaller looksforward to the Fedora 34 release with a detailed write-up of thedesktop-oriented changes. "The big ticket item we have wanted toclose off on was Wayland, because while Wayland has been production readyfor most of us for a while, there was still some cases it didn’t cover aswell as X.org. The biggest of this was of course the lack of acceleratedXWayland support with the binary NVidia driver."
There is a newmailing-list server running under the auspices of kernel.org that ismeant, over time, to address the problems that have been plaguingvger.kernel.org in recent times.
It is probably fair to say that most Linux developers never end up using chroot()in an application. This system call puts the calling process into a newview of the filesystem, with the passed-in directory as the rootdirectory. It can be used to isolate a process from the bulk of thefilesystem, though its security benefits are somewhat limited. Callingchroot() is a privileged operation but, if Mickaël Salaün has hisway with this patchset, that will not be true for much longer, in some situations atleast.
The third 5.12 kernel prepatch is out fortesting. "So rc3 is pretty big this time around, but that's entirelyartificial, and due to how I released rc2 early. So I'm not going to readanything more into this, 5.12 still seems to actually be on the smallerside overall."
In the first part of this series, I showed you the theory behindconcurrent memory models and how that theory can be applied tosimple loads and stores. However, loads and stores alone are nota practical tool for the building of higher-level synchronization primitivessuch as spinlocks, mutexes, and condition variables.Even though it is possible to synchronize two threads using thefull memory-barrier pattern that was introduced last week (Dekker'salgorithm), modern processors provide a way that iseasier, more generic, and faster—yes, all three of them—thecompare-and-swap operation.
The Asahi Linux project, which is working to build a distribution forM1-based Apple systems, has published aprogress report for January and February. "Apple Silicon Macsboot in a completely different way from PCs. The way they work is more akinto embedded platforms (like Android phones, or, of course, iOS devices),but with quite a few bespoke mechanisms thrown in. However, Apple has takena few steps to make this boot process feel closer to that of an Intel Mac,so there has been a lot of confusion around how things actually work. Forexample, did you know that Apple Silicon Macs cannot boot from externalstorage at all, in the traditional sense? Or that the bootloader on AppleSilicon Macs cannot show a graphical user interface at all, and that the“Boot Picker” is in fact a full-screen macOS app, not part of thebootloader?"
The5.11.6,5.10.23,5.4.105,4.19.180,4.14.225,4.9.261, and4.4.261 stable kernels have all beenreleased, one day earlier than might have been expected. Each contains yetanother set of important fixes.
Many developers use SSH to access their systems, so it is not surprisingthat SSH servers are widely attacked. During the FOSDEM 2021 conference,Sanja Bonic and Janos Pasztor reported on their experiment using containers as a way to easily createSSH honeypots — fake servers that allow administrators to observe the actions ofattackers without risking a production system. Theconversational-style talk walked the audience through the process ofsetting up an SSH server to play the role of the honeypot, showed whatSSH attacks look like, and gave a number of suggestions on how toimprove the security of SSH servers.
A potentially nasty vulnerability in the Gitdistributed revision-control system was disclosed on March 9. There are enoughqualifiers in the description of the vulnerability that it may appear to befairly narrowly focused—and it is. That may make it less worrisome, butit is not entirely clear. As with most vulnerabilities, it all depends on howthe software is being used and the environment in which it is running.
Exceptions inPython are a mechanism used to report errors (of an exceptional variety); programs can be and are written to expect and handlecertain types of exceptions using try and except. Butexceptions were originally meant to report a single error event and, thesedays, things are a tad more complicated than that. A recent PythonEnhancement Proposal (PEP) targets adding exception groups, as well as newsyntax to catch and handle the groups.
Security updates have been issued by Debian (kernel and privoxy), Fedora (libtpms, privoxy, and x11vnc), openSUSE (chromium), Red Hat (.NET 5.0, .NET Core, .NET Core 2.1, .NET Core 3.1, dotnet, and dotnet3.1), SUSE (git, kernel, openssl-1_1, and wpa_supplicant), and Ubuntu (git and openssh).
The Linux Foundation has announceda project called sigstore; its purpose isto protect against supply-chain attacks by signing (and verifying) releaseartifacts. "Very few open source projects cryptographically signsoftware release artifacts. This is largely due to the challenges softwaremaintainers face on key management, key compromise / revocation and thedistribution of public keys and artifact digests. In turn, users are leftto seek out which keys to trust and learn steps needed to validatesigning. Further problems exist in how digests and public keys aredistributed, often stored on websites susceptible to hacks or a README filesituated on a public git repository. sigstore seeks to solve these issuesby utilization of short lived ephemeral keys with a trust root leveragedfrom an open and auditable public transparency logs."
Several new versions of the Git source-code management system have beenreleased; they fix a vulnerability that could allow a hostile remoterepository to execute code locally during a clone operation. Only users with case-insensitive filesystems are affected, reducingthe set of possible targets considerably, but an update still seems like agood idea.
Linaro Ltd has announced the first GNU Toolchain integration build. "Every six months, Arm releases the official GNU Toolchain release for Arm architectures for the purpose of production. Linaro will bridge the gap between the official releases by delivering monthly integration builds which offer users a snapshot of the upstream build. Although not supported, having access to these builds will allow developers to test features from a pre-built binary as soon as it lands upstream. The builds will also enable companies to check their BSP (Board Support Package) release will work with newer toolchains without having to wait for an official release."
Security updates have been issued by Fedora (firefox, kernel, kernel-headers, kernel-tools, libebml, and wpa_supplicant), openSUSE (mbedtls), Oracle (kernel, kernel-container, and screen), Red Hat (curl, kernel, kernel-rt, kpatch-patch, nss-softokn, python, and virt:rhel and virt-devel:rhel), Scientific Linux (screen), SUSE (389-ds, crmsh, openldap2, openssl-1_0_0, and wpa_supplicant), and Ubuntu (glib2.0, gnome-autoar, golang-1.10, golang-1.14, and libzstd).
The -rc kernels released by Linus Torvalds exist for a reason: after 10,000or so changes flow into the kernel over a two-week merge window, there willsurely be some bugs in need of squashing. The -rc kernels provide anopportunity for wider testing after all those patches have beenintegrated. Most of the time, -rc kernels (even the initial -rc1 releases)are surprisingly safe to run. Occasionally, though, something goes wrong,giving early testers reason to reconsider their life choices. The 5.12-rc1kernel, as it turns out, was one of those.
Security updates have been issued by Debian (activemq, libcaca, libupnp, mqtt-client, and xcftools), Fedora (ceph, mupdf, nagios, python-PyMuPDF, and zathura-pdf-mupdf), Mageia (cups, kernel, pngcheck, and python-pygments), openSUSE (bind, chromium, gnome-autoar, kernel, mbedtls, nodejs8, and thunderbird), and Red Hat (nodejs:10, nodejs:12, nodejs:14, screen, and virt:8.2 and virt-devel:8.2).
The NGI POINTER organization, whichis funded by the European Commission, has put out its second open callfor providing development/research funding; the first open callwas in April 2020. This time around, the organization is looking forindividuals or projects that are working on "changing the Internetand Web with European Values at its core". The goal is to"support promising bottom-up projects that are able to build, on topof state-of-the-art research, scalable protocols and tools to assist in thepractical transition or migration to new or updated technologies, whilstkeeping European Values at the core". Those interested may want tolook at some of the previously fundedprojects; more information can also be foundin the WorkProgramme [PDF].
Linus has released 5.12-rc2 a little soonerthan would normally be expected due to theproblems with 5.12-rc1. "Other than that it all looks prettynormal".
The first two articles in this series introduced four ways to order memoryaccesses: load-acquire and store-release operations in the first installment, read andwrite memory barriers in the second. The series continueswith an exploration of full memory barriers, why they are more expensive,and how they are used in the kernel.
Security updates have been issued by Fedora (389-ds-base, dogtag-pki, dpdk, freeipa, isync, openvswitch, pki-core, and screen), Mageia (bind, chromium-browser-stable, gnome-autoar, jasper, openldap, openssl and compat-openssl10, screen, webkit2, and xpdf), Oracle (grub2), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, nodejs:10, and nodejs:12), SUSE (freeradius-server), and Ubuntu (wpa).
Over the last couple of years, a lot of development effort has gone intotwo kernel subsystems:BPF andio_uring. The BPF virtual machine allowsprograms from user space to be safely run within the context of the kernel,while io_uring addresses the longstanding problem of running system callsasynchronously. As the two subsystems expand, it was inevitable that thetwo would eventually meet; the first encounter happened in mid-Februarywith this patchset from Pavel Begunkov adding the ability to run BPF programs fromwithin io_uring.
Linus Torvalds has sent out a note telling people not to install the recent5.12-rc1 development kernel; this is especially true for anybody runningwith swap files. "But I want everybody to be aware of because _if_it bites you, it bites you hard, and you can end up with a filesystem thatis essentially overwritten by random swap data. This is what we in theindustry call 'double ungood'." Additionally, he is askingmaintainers to not start branches from 5.12-rc1 to avoid future situations wherepeople land in the buggy code while bisecting problems.
Greg Kroah-Hartman has released the 5.11.3,5.10.20, 5.4.102, 4.19.178, 4.14.223, 4.9.259, and 4.4.259 stable kernels. These are generallyenormous updates, with important changes throughout the kernel tree; usersshould upgrade.
Security updates have been issued by Fedora (389-ds-base, dogtag-pki, freeipa, isync, pki-core, and screen), Mageia (firefox, kernel, kernel-linus, libtiff, nonfree-firmware, and thunderbird), Red Hat (bind and java-1.8.0-ibm), Scientific Linux (grub2), and SUSE (kernel-firmware, openldap2, postgresql12, and python-cryptography).
LWN.net