LWN.net

James Bottomley began his talk at the 2019 Linux Storage, Filesystem, andMemory-Management Summit (LSFMM) by noting that the main opposition to his ideaswas not present at the summit, which was likely to mean the ideas got a mucheasier reception than they would have otherwise. In particular, PeterZijlstra and Ingo Molnar expressed some strong reservations to the workthat Bottomley's colleague Mike Rapoport postedrecently; none of those three were in attendance at LSFMM. The idea is touse address spaces to reduce the attack surface available to virtualmachines (VMs) and containers such that kernel bugs of various sorts haveless reach on multi-tenant systems.

The Android system is designed to provide a responsive user experience onsystems that, in a relative sense at least, have limited amounts ofCPU and memory. Doing so requires a number of techniques, includingregular use of a low-memory process killer, that are not seen elsewhere. In amemory-management-track session at the 2019 Linux Storage, Filesystem, andMemory-Management Summit, Suren Baghdasaryan covered a number of issuesrelated to how Android ensures that interactive processes have enoughmemory to get their jobs done.

"People think that memory encryption sounds really cool; it will make mysystem more secure so I want it". At least, that is how Dave Hansencharacterized the situation at the beginning of a session on the topicduring the memory-management track at the 2019 Linux Storage, Filesystem,and Memory-Management Summit. This session, also led by Kirill Shutemov,covered a number of aspects of the memory-encryption problem on Intelprocessors and beyond. One clear outcome of the discussion was also raisedby Hansen at the beginning: users of memory encryption need to think hardabout where that extra security is actually coming from.

The splice()system call is, at its core, a write operation; it attempts to implementzero-copy I/O by moving pages from a pipe to a file. At the 2019 LinuxStorage, Filesystem, and Memory-Management Summit, Miklos Szeredi describeda nascent idea for rsplice() — a "reverse splice" system call.There were not a lot of definitive outcomes from this discussion, but onething was clear: rsplice() needs a much better description (andsome code posted) before the development community can begin to form anopinion on it.

Security updates have been issued by Fedora (libmediainfo, php-horde-horde, and php-horde-turba), SUSE (hostinfo, supportutils, libjpeg-turbo, and openssl), and Ubuntu (dovecot, libpng1.6, and memcached).

The 2019 version of the Linux Storage, Filesystem, and Memory-ManagementSummit opened with a plenary talk by Brendan Gregg on observing the stateof Linux systems using BPF. It is, he said, an exciting time; theBPF-based "superpowers" being added to the kernel are growing in capability andmaturity. It is now possible to ask many questions about what is happeningin a production Linux system without the need for kernel modifications oreven basic debugging information.

Fedora Magazine has announced therelease of Fedora 30. "Fedora Editions are targeted outputs geared toward specific “showcase” uses. Since we first started using this concept in the Fedora 21 release, the needs of the community have continued to evolve. As part of Fedora 30, we’re combining cloud and server into the Fedora Server edition. We’re bringing in Fedora CoreOS to replace Fedora Atomic Host as our container-focused deliverable in the Fedora 30 timeframe — stay tuned for that. The Fedora Workstation edition continues to focus on delivering the latest in open source desktop tools.Of course, we produce more than just the editions. Fedora Spins and Labs target a variety of audiences and use cases, including the Internet of Things. And, we haven’t forgotten our alternate architectures, ARM AArch64, Power, and S390x."

Security updates have been issued by CentOS (kernel, openwsman, and ovmf), Debian (gst-plugins-base1.0 and libvirt), Fedora (libX11, poppler, python-urllib3, samba, and wpewebkit), openSUSE (GraphicsMagick), SUSE (atftp, glibc, libssh2_org, and wpa_supplicant), and Ubuntu (wavpack).

Determining the license that any given package uses can be difficult, but it isessential in order to properly comply with that license and, thus, thedeveloper's wishes. There is an enormous amount of "open source" software available these days thatis not clearly licensed, which is where the ClearlyDefined project comesin. The project is collecting a curated list of packages,source location, and license information; some of that collection can beautomated, but ClearlyDefined is targeting the community to providecuration in the form of cleanups and additions.

The Apache Software Foundation (ASF) and GitHub have announced [ASF,GitHub]that all ASF projects using Git have moved to GitHub and the ASF Git service hasbeen decommissioned. (Thanks to Paul Wise)Update: ASF has anotherannouncement with more details. An older git service was decommissioned,but ASF projects are still available on https://gitbox.apache.org/. "Asstated above, our GitHub integration is an augmentation of our existingservice. It is available to all committers on git-based projects to makeuse of, should they so wish. All new git repositories will automatically beavailable on both GitHub and Gitbox." (Thanks to Lars Francke)

Security updates have been issued by Arch Linux (chromium, libpng, and openssh), Debian (checkstyle, evolution, gst-plugins-base0.10, gst-plugins-base1.0, imagemagick, libpng1.6, monit, and systemd), Fedora (aria2, php-symfony, php-symfony3, php-symfony4, and python-jinja2), openSUSE (ceph, libssh2_org, libvirt, php7, python3, samba, wget, and xerces-c), Red Hat (rh-python35-python), Slackware (bind), SUSE (libssh2_org), and Ubuntu (evince, gst-plugins-base0.10, gst-plugins-base1.0, and mysql-5.7).

Linus has released the 5.1-rc7 kernelprepatch for testing. "But it's all pretty tiny. Plus about 30% ofthe patches are marked for stable, so on the whole it really does feel like5.1 is on target for a regular release next weekend."

The5.0.10,4.19.37,4.14.114,4.9.171,4.4.179, and3.18.139stable kernel updates have all been released; each contains a moderatelylarge set of important fixes.

Adrian Ratiu continues his series on eBPF with part 3, which looks at various ways to write and build eBPF programs. It starts by looking at using "restricted C" with the LLVM eBPF compiler, moves into looking at the BPF Compiler Collection (BCC), then bpftrace, and finally the IOVisor cloud-based eBPF tools."Not everyone has kernel sources at hand, especially in production, and it's also a bad idea in general to tie eBPF-based tools to a specific kernel source revision. Designing and implementing the interactions between eBPF program's backends, frontends, loaders and data structures can be very complex, error-prone and time consuming, especially in C which is considered a dangerous low-level [language]. In addition to these risks developers are also in a constant danger of re-inventing the wheel for common problems, with endless design variations and implementations. To alleviate all these pains is why the BCC project exists: it provides an easy-to-use framework for writing, loading and running eBPF programs, by writing simple python or lua scripts in addition to the 'restricted C' as exemplified above."

The recently discovered vulnerability inThunderbolt has restarted discussions about protecting the kernelagainst untrusted, hotpluggable hardware. That vulnerability, known as Thunderclap, allows a hostile externaldevice to exploit Input-OutputMemory Management Unit (IOMMU) mapping limitations and access systemmemory it was not intended to. Thunderclap can be exploited byUSB-C-connected devices; while we have seen USB attacks in the past, thisvulnerability is different in that PCI devices, often considered astrusted, can be a source of attacks too. One way of stopping those attackswould be to make sure that the IOMMU is used correctly and restricts the deviceto accessing the memory that was allocated for it. Lu Baolu has postedan implementation of that approach in the form of bounce buffers foruntrusted devices.

Security updates have been issued by Debian (gpac and mercurial), Fedora (kernel-headers and kernel-tools), openSUSE (GraphicsMagick, kauth, lxc, lxcfs, python, qemu, and xmltooling), SUSE (freeradius-server, ImageMagick, libvirt, samba, and wireshark), and Ubuntu (bind9).

Over at Opensource.com, Jason Brock tries out Linux graphics tools, with an eye toward their ability to replace the proprietary tools he uses on a day-to-day basis. Overall, the tools held their own for a variety of tasks (e.g. logo and ad design, publication layout), though the lack of a certain type of tool brought the overall grade down to a B+: "The lack of available wireframing and prototyping applications really brought down the average, but I'd still call it a successful exercise. As I mentioned at the beginning, design is a craft and it relies on collaboration. All of the tools I looked at—Inkscape, LibreDraw, GIMP, and Scribus—can run just as well on Windows or MacOS as they do on any Linux distribution. The ability to create robust artwork and share editable files with stakeholders and colleagues on the platform of their choice means that a serious argument could be made that these tools are even more versatile than their proprietary counterparts."

The release of the 5.1-rc6 kernel prepatchon April 21 indicates that the 5.1 development cycle is getting closeto its conclusion. So naturally the time has come to put together somestatistics describing where the changes merged for 5.1 came from. It is,for the most part, a fairly typical development cycle.

Security updates have been issued by Debian (putty and systemd), Fedora (kernel, kernel-headers, and kernel-tools), Gentoo (ming and qemu), openSUSE (openexr and slurm), SUSE (ImageMagick, jasper, ntfs-3g_ntfsprogs, openssh, and webkit2gtk3), and Ubuntu (php5 and tcpflow).

The LWN.net Weekly Edition for April 25, 2019 is available.

An April Fools joke that went sour seems to be at least the proximate causefor a rather large upheaval in the Devuan community.For much of April 1 (or March 31 depending on time zone), theDevuan web site looked like it had been taken over by attackers, which was worrisome to many, but it was all a prank.The joke wasclever, way over the top, unprofessional, or some combination of those,depending on who is describing it, but the incident and the threads on the devuan-dev mailinglist have led to rancor, resignations, calls for resignations, and more.

The Mozilla Blog introducesMozilla's 2019 InternetHealth Report. "In the Report’s three spotlight articles, weunpack three big issues: One examines the needfor better machine decision making — that is, asking questions likeWho designs the algorithms? and What data do they feed on?and Who is being discriminated against? Another examines ways to rethinkthe ad economy, so surveillance and addiction are no longer designnecessities. The third spotlight article examinesthe rise of smart cities, and how local governments can integrate techin a way that serves the public good, not commercial interests."

In his keynote at the 2019 Legal andLicensing Workshop (LLW), longtime workshop participant Andrew Wilson looked at the past, but he went much further back than, say, the history of freesoftware—or even computers. His talk looked at technological liberty inthe context of classical liberal philosophic thinking. He mapped some ofthat thinking to the world of free and open-source software (FOSS) and tosome other areas where our liberties are under attack.

Security updates have been issued by Arch Linux (dovecot, flashplugin, ghostscript, and jenkins), Fedora (glpi, hostapd, python-urllib3, and znc), openSUSE (apache2, audiofile, libqt5-qtvirtualkeyboard, php5, and SDL2), Scientific Linux (kernel), SUSE (curl and dovecot23), and Ubuntu (advancecomp and freeradius).

The problem of "sustainability" for open-source software is a common topic ofconversation in our community these days. We covered a talk by Bradley Kuhn onsustainability a month ago. Another longtime community member, Luis Villa,gave his take on the problem of making open-source projects sustainable atthe 2019 Legal and Licensing Workshop (LLW) in Barcelona. Villa is one of theco-founders of Tidelift, which is acompany dedicated to helping close the gap so that the maintainers ofopen-source projects get paid in order to continue their work.

Security updates have been issued by CentOS (java-1.7.0-openjdk), Debian (ghostscript and wget), Gentoo (apache, glib, opendkim, and sqlite), Red Hat (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), Scientific Linux (java-1.7.0-openjdk), and SUSE (php72).

Intel's "Software GuardExtensions" (SGX) feature allows the creation of encrypted "enclaves" that cannot be accessed from the rest of the system.Normal code can call into an enclave, but only code running inside theenclave itself can access the data stored there. SGX is pitched as a wayof protecting data from a hostile kernel; for example, an encryption keystored in an enclave should be secure even if the system as a whole is compromised.Support for SGX has been under development for over three years; LWN covered it in 2016. But, as can be seen fromthe response to thelatest revision of the SGX patch set, all that work has still notanswered an important question: what protects the kernel against a hostileenclave?

Here's an article on the V8 blogdescribing the work that was done to mitigate Spectre vulnerabilities inthe V8 JavaScript engine. "Our research reached the conclusion that,in principle, untrusted code can read a process’s entire address spaceusing Spectre and side channels. Software mitigations reduce theeffectiveness of many potential gadgets, but are not efficient orcomprehensive. The only effective mitigation is to move sensitive data outof the process’s address space."

The Erlang community mourns theloss of Joe Armstrong, known as the father of Erlang. "He was part of the Erlang landscape, always interested in what people had to say. His passion and enjoyment about the craft, even in his 60s, was still high up at levels I don't even know I ever had or will ever have, and I have to say I am envious of him for that. I don't know what it will be like to have this community without him around. He was humble. He was approachable. He was excited. He was creative. His legacy is not just in code, but in the communities in which he instantly became a central part. He will be missed."

Security updates have been issued by CentOS (java-1.8.0-openjdk and java-11-openjdk), Debian (clamav, debian-security-support, and drupal7), Fedora (egl-wayland, elementary-camera, elementary-code, elementary-terminal, ephemeral, geocode-glib, gnome-characters, gnome-shell-extension-gsconnect, group-service, libmodulemd, libxmlb, mate-user-admin, mesa, meson, mpris-scrobbler, reportd, switchboard-plug-display, switchboard-plug-pantheon-shell, wingpanel, and wireshark), openSUSE (blueman and glibc), and Red Hat (java-1.7.0-openjdk).

Fermilab has maintained Scientific Linux, a derivative of Red HatEnterprise Linux, for many years. That era is coming to an end, though:"Toward that end, we will deploy CentOS 8 in our scientific computingenvironments rather than develop Scientific Linux 8. We will collaboratewith CERN and other labs to help make CentOS an even better platform forhigh-energy physics computing." Maintenance of the SL6 and SL7distributions will continue as scheduled.

The election for the Debian project leader has concluded; the leader forthe next year will be Sam Hartman. See this page for thedetails of the vote.

The 5.1-rc6 kernel prepatch is out fortesting. "It's Easter Sunday here, but I don't let little thingslike random major religious holidays interrupt my kernel developmentworkflow. The occasional scuba trip? Sure. But everybody sitting aroundeating traditional foods? No. You have to have priorities."

The5.0.9,4.19.36,4.14.113, and4.9.170stable kernel updates have all been released. These moderately largeupdates contain yet another set of important fixes.

Like all Unix-like systems, Linux implements the traditional protectionbits controlling who can access files in a filesystem (and what accessthey have). Fewer users, perhaps, are aware of a set of additionalpermission bits hidden away behind the chattrand lsattrcommands. Among other things, these bits can make a file append-only,mark a file to be excluded from backups, cause a file's data to be automaticallyoverwritten on deletion, or make a file immutable. The implementation ofmany of these features is incomplete at best, so perhaps it's notsurprising that immutable files can still be changed in certainlimited circumstances. Darrick Wong has posted apatch set changing this behavior, implementing a user-visiblebehavioral change that he describes as "an extraordinary way todestroy everything".

Security updates have been issued by Fedora (atomic-reactor and osbs-client), openSUSE (libqt5-qtbase, lxc, tar, wget, and xmltooling), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (php5), and Ubuntu (znc).

As has been recently discussed here,developers for the filesystem and memory-management subsystems have beengrappling for years with the problems posed by the get_user_pages()mechanism. This function maps memory into the kernel's address space fordirect access by the kernel or peripheral devices, but that kind of accesscan create confusion in the filesystem layers, which may not be expectingthat memory to be written to at any given time. A new patchset from Jérôme Glisse tries to chip away at a piece of the problem,but a complete solution is not yet in view.

Ubuntu 19.04, code named "Disco Dingo", has been released, along with the following flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu."The Ubuntu kernel has been updated to the 5.0 based Linux kernel,our default toolchain has moved to gcc 8.3 with glibc 2.29, and we'vealso updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support.Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance,smoother startup animations, quicker icon load times and reduced CPU+GPUload. Fractional scaling for HiDPI screens is now available in Xorgand Wayland.Ubuntu Server 19.04 integrates recent innovations from key openinfrastructure projects like OpenStack Stein, Kubernetes, and Ceph withadvanced life-cycle management for multi-cloud and on-prem operations,from bare metal, VMware and OpenStack to every major public cloud." More information can be found in the release notes.

OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem:"This release contains mitigation for a weakness in the scp(1) tooland protocol (CVE-2019-6111): when copying files from a remote systemto a local directory, scp(1) did not verify that the filenames thatthe server sent matched those requested by the client. This couldallow a hostile server to create or clobber unexpected local fileswith attacker-controlled content.This release adds client-side checking that the filenames sent fromthe server match the command-line request,The scp protocol is outdated, inflexible and not readily fixed. Werecommend the use of more modern protocols like sftp and rsync forfile transfer instead."

Security updates have been issued by CentOS (polkit), Gentoo (dovecot, libseccomp, and patch), openSUSE (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), Red Hat (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), Scientific Linux (java-1.8.0-openjdk), Slackware (libpng), SUSE (python, python3, sqlite3, and xerces-c), and Ubuntu (ntfs-3g).

The LWN.net Weekly Edition for April 18, 2019 is available.

<p>One of the more lively sessions that was held at the 2019 Legal andLicensing Workshop (LLW) was Heather Meeker's talk onopen-source business models and alternative licensing. As a lawyer inprivate practice, Meeker worked ona number of the alternative licenses that were drafted andpresented over the last year or so. But she is also part of a venturecapital (VC) firm that is exclusively investing in companies focused onopen source, so shehas experience in thinking about what kinds of models actually work forthose types of businesses.

Stable kernels 5.0.8, 4.19.35, 4.14.112, and 4.9.169 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by CentOS (mod_auth_mellon), Debian (ghostscript and ruby2.3), openSUSE (dovecot22, gnuplot, and openwsman), Scientific Linux (mod_auth_mellon), SUSE (krb5, openexr, python3, and wget), and Ubuntu (firefox and openjdk-lts).

The inability to determine the contents of container images is a topicthat annoys Dirk Hohndel. At lastyear's Legal and Licensing Workshop (LLW), he gave a presentation that highlighted the problem andsome work he had been doing to combat it. At this year's LLW, he updatedattendees on the progress that has been made and where he hopes things willgo from here.

Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk).

The 5.1-rc5 announcement mentioned"changes all over" and highlighted a number of the areas thathad been touched. One thing that was not mentioned there was theaddition of four patches fixing a security-related issue in the corememory-management subsystem. The vulnerability is sufficiently difficultto exploit that almost nobody should feel the need to rush out a kernelupdate, but it is still interesting to look at as a demonstration of howthings can go wrong.

Adrian Ratiu is posting a series of articles on the Collabora blog digginginto the kernel's eBPF subsystem. The first two parts are available now:anintroduction and alook at the virtual machine. "eBPF is a RISC register machinewith a total of 11 64-bit registers, a program counter and a 512 bytefixed-size stack. 9 registers are general purpouse read-write, one is aread-only stack pointer and the program counter is implicit, i.e. we canonly jump to a certain offset from it. The VM registers are always 64-bitwide (even when running inside a 32-bit ARM processor kernel!) and support32-bit subregister addressing if the most significant 32 bits are zeroed -this will be very useful in part 4 when cross-compiling and running eBPFprograms on embedded devices."

Stable kernels 5.0.7, 4.19.34, 4.14.111, and 4.9.168 were actually released last week, butthe email wasn't sent. As usual they all contain important fixes and usersshould upgrade.

Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd).