LWN.net

Greg Kroah-Hartman has announced the release of the 4.18.15, 4.14.77, and 4.9.134 stable kernels. As usual, there areimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Arch Linux (chromium, libssh, and net-snmp), Debian (libssh and xen), Fedora (audiofile), openSUSE (axis, GraphicsMagick, ImageMagick, kernel, libssh, samba, and texlive), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk, rh-nodejs6-nodejs, and rh-nodejs8-nodejs), SUSE (binutils and fuse), and Ubuntu (paramiko).

The LWN.net Weekly Edition for October 18, 2018 is available.

Graphical applications are always pushing the limits of what the hardwarecan do and recent developments in the graphics world have caused Intel to rethink its3D graphics driver. In particular, the lower CPU overhead that the Vulkandriver on Intel hardware canprovide is becoming more attractive for OpenGL as well. At the 2018 X.Org Developers Conference KennethGraunke talked about an experimental re-architecting of the i965 driver using Gallium3D—adevelopment that came as something of a surprise to many, including him.

ABC News has thestory on why YouTube went down; it's a good example of just how robustthe Internet is (or isn't) anymore. "An Internet expert explained that Sunday's problems arose when a Pakistani telecommunications company accidentally identified itself to Internet computers as the world's fastest route to YouTube. But instead of serving up videos of skateboarding dogs, it sent the traffic into oblivion.On Friday, the Pakistan Telecommunication Authority ordered 70 Internet service providers to block access to YouTube.com, because of anti-Islamic movies on the video-sharing site, which is owned by Google."

Trusted Computing has not had the bestreputation over the years — Richard Stallman dubbing it "TreacherousComputing" probably hasn't helped — though those fears of taking awayusers' control of their computers have not proven to be founded, at least yet.But the TrustedPlatform Module, or TPM, inside your computer can do more than justpotentially enable lockdown. In our second report from Kernel Recipes 2018, we look at a talk from James Bottomley about how the TPM works,how to talk to it, and how he's using it to improve his key handling.

Security updates have been issued by CentOS (tomcat), Debian (asterisk, graphicsmagick, and libpdfbox-java), openSUSE (apache2 and git), Oracle (tomcat), Red Hat (kernel and Satellite 6.4), Slackware (libssh), SUSE (binutils, ImageMagick, and libssh), and Ubuntu (clamav, libssh, moin, and paramiko).

The free-software community was built on email, a distributed technologythat allows people worldwide to communicate regardless of their particularsoftware environment. While email remains at the core of many projects'workflow, others are increasingly trying to move away from it. A couple ofrecent examples show what is driving this move and where it may be headed.

The Bro network security monitoring project has announceda name change to "Zeek". "On the Leadership Team of the Bro Project,we heard clear concerns from the Bro community that the name 'Bro' hastaken on strongly negative connotations, such as 'Bro culture'. These senda sharp, anti-inclusive - and wholly unintended and undesirable - messageto those who might use Bro. The problems were significant enough thatduring BroCon community sessions, several people have mentioned substantialdifficulties in getting their upper management to even consider usingopen-source software with such a seemingly ill-chosen, off-puttingname."

The Software Freedom Law Center has announcedthe availability of awhitepaper [PDF] about automotive software and copyleft, written byMark Shuttleworth and Eben Moglen. At its core, it's an advertisement forUbuntu and Snap, but it does look at some of the issues involved.The fine grain of interface access rights provided by the snapdgovernance agent can thus provide further isolation and security when itis running user-modified code, guaranteed under the snap packagingparadigm to cause no other program code to be modified, to break, or toperform differently because of the presence of the user-modifiedprogram. Such a structure of modification permission can be operated by the OEM consistent with the requirements of GPLv3. The OEM can publish anauthenticated record of the installation permission issued, indexed by theVehicle Identification Number—without publishing the car owner’spersonal information—so that public and private parties can be assured thatno surreptitious modification of vehicle software occurs.

Security updates have been issued by CentOS (ghostscript and spamassassin), Debian (moin, spice, and tomcat8), Fedora (kernel-headers, kernel-tools, and libgit2), Oracle (ghostscript and tomcat), Red Hat (ghostscript and tomcat), Scientific Linux (ghostscript and tomcat), SUSE (git, kernel, python, and samba), and Ubuntu (net-snmp and thunderbird).

One of the more difficult aspects of the Spectre hardware vulnerability isfinding all of the locations in the code that might be exploitable. Thereare many locations that look vulnerable that aren't, and others that areexploitable without being obvious. It has long been clear that finding allof the exploitable spots is a long-term task, and keeping new ones frombeing introduced will not be easy. But there may be a simple technique thatcan block a large subset of the possible exploits with a minimal cost.

Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests).

As expected, the 4.19 development cycle has gone to 4.19-rc8. "Please go and test andensure that all works well for you. Hopefully this should be the last -rcrelease."

The4.18.14,4.14.76,4.9.133,4.4.161, and3.18.124stable kernels have all been released; each contains another pile ofimportant fixes and updates.

Block I/O performance can be one of the determining factors for theperformance of a system as a whole, especially on systems with slowerdrives. The need to optimize I/O patterns has led to the development of along series of I/O schedulers over the years; one of the most recent ofthose is BFQ, which was merged during the4.12 development cycle. BFQ incorporates an impressive set of heuristicsdesigned to improve interactive performance, but it has, thus far, seenrelatively little uptake in deployed systems. An attempt to make BFQ thedefault I/O scheduler for some types of storage devices has raised someinteresting questions, though, on how such decisions should be made.

Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).

Beyond just encrypting messages, and thus providing secrecy, the OpenPGPstandard also enables digitally signing messages to authenticatethe sender. Email applications and plugins usually verify thesesignatures automatically and will show whether an email contains a validsignature. However, with a surprisingly simple attack, it's often possibleto fool users by faking — or spoofing — the indication of a valid signature usingHTML email.

Here's aLinux Journal article from one of the creators of the Tutanotaencrypted email client. "That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS.Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising."

Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

The LWN.net Weekly Edition for October 11, 2018 is available.

The Android Developers Blog describesthe control-flow integrity work that is shipping on the Pixel 3handset. "LLVM's CFI implementation adds a check before eachindirect branch to confirm that the target address points to a validfunction with a correct signature. This prevents an indirect branch fromjumping to an arbitrary code location and even limits the functions thatcan be called. As C compilers do not enforce similar restrictions onindirect branches, there were several CFI violations due to function typedeclaration mismatches even in the core kernel that we have addressed inour CFI patch sets for kernels 4.9 and 4.14."

At the 2018 X.Org DevelopersConference, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU forQEMU. He looked at the project's history along with what hashappened with it over the last year or so. As is usual in a status updatetalk, he finished with some thoughts about future plans for virgl. For thelast year, Tournier has been working on virgl for Collabora.

Microsoft has announcedthat it has joined the Open Invention Network (OIN). "We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs."

Stable kernels 4.18.13, 4.14.75, 4.9.132, and 4.4.160 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

Continuous integration (CI) has become increasingly prevalent in open-sourceprojects over the last few years. Intel has been active in building CIsystems for graphics, both for the kernelside and for the Mesa-baseduser-space side of the equation. Mark Janes and Clayton Craft gave apresentation on Intel's Mesa CI system at the 2018 X.Org Developers Conference (XDC), which was held in A Coruña, Spain in late September. The Mesa CI system is one of the earliest successful CI initiatives in opensource that he knows of, Janes said. It is a core component of Mesa development,especially at Intel.

Brendan Gregg introducesthe bpftrace tracing tool. "bpftrace was created as an evenhigher-level front end for custom ad-hoc tracing, and can serve a similarrole as DTrace. We've been adding bpftrace features as we need them, notjust because DTrace had them. I can think of over a dozen things thatDTrace can do that bpftrace currently cannot, including custom aggregationprinting, shell arguments, translators, sizeof(), speculative tracing, andforced panics."

Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon).

PCI Express hotplug has been supported in Linux for fourteen years. Thecode, which is aging, is currently undergoing a transformation to fit theneeds of contemporary applications such as hot-swappable flash drives indata centers and power-manageable Thunderbolt controllers in laptops. Timefor a roundup.

Nadav Amit decided to dig into why some small kernel functions were notbeing inlined by GCC; the result is a detailedinvestigation into how these things can go wrong. "Ignoring theassembly shenanigans that this code uses, we can see that in practice itgenerates a single ud2 instruction. However, the compiler considers thiscode to be 'big' and consequently oftentimes does not inline functions thatuse WARN() or similar functions.The reason turns to be the newline characters (marked as '\n' above). Thekernel compiler, GCC, is unaware to the code size that will be generated bythe inline assembly. It therefore tries to estimate its size based onnewline characters and statement separators (';' on x86)."

Security updates have been issued by Debian (adplug, git, php-horde, php-horde-core, and php-horde-kronolith), Fedora (firefox, liblouis, libmad, mediawiki, opensc, php-horde-horde, php-horde-Horde-Core, php-horde-kronolith, and rust), Gentoo (imagemagick, openssh, and sox), openSUSE (ghostscript, gitolite, java-1_8_0-openjdk, kernel, php5, php7, python, thunderbird, tomcat, and unzip), Red Hat (firefox and rh-haproxy18-haproxy), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, qpdf, soundtouch, and texlive).

The 4.19-rc7 kernel prepatch is out."Given the current rate of change, and looking at thetravel/conference schedule happening this month, it seems like we will behaving a -rc8 just to be sure 4.19 is solid as well as not having to be inthe middle of a merge window during a conference week."

The release of 4.19-rc6 onSeptember 30 is an indication that the 4.19 development cycle isheading toward its conclusion. Naturally, that means it's time to have alook at where the contributions for this cycle came from. The upheavalscurrently playing out in the kernel community do not show at this level, but there aresome new faces to be seen in the top contributors this time around.

It would be reasonable to expect doing nothing to be an easy, simple task for a kernel, but it isn't. At Kernel Recipes 2018, Rafael Wysocki discussed what CPUs do when they don't have anything to do, how the kernel handles this, problems inherent in the current strategy, and how his recent rework of the kernel's idle loop has improved power consumption on systems that aren't doing anything.

The 2018 GNU Tools Cauldron was held in early September; videos of the talks fromthat event are now available. There is a wide range of discussionscovering various aspects of the toolchain, including GCC, GDB, glibc, and more.

Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick).

Microsoft has announced that it has joined the LOT Network, which is an organization set up to help thwart patent trolls by licensing any member's patents to all members if they end up in the hands of a troll. "What does all of this mean for you if you’re a software developer or in the technology business? It means that Microsoft is taking another step to help stop patents from being asserted against you by companies running aggressive monetization campaigns. It also means that Microsoft is aligning with other industry leaders on this topic and committing to do more in the future to address IP risk. By joining the LOT network, we are committing to license our patents for free to other members if we ever transfer them to companies in the business of asserting patents. This pledge has immediate value to the nearly 300 members of the LOT community today, which covers approximately 1.35 million patents."

Greg Kroah-Hartman has announced the release of the 4.18.12, 4.14.74, and 4.9.131 stable kernels. As usual, theycontain important fixes throughout the tree; users of those kernel seriesshould upgrade.

System calls like openat() have access to the entire filesystem —or, at least, that part of the filesystem that exists in the current mountnamespace and which the caller has thepermission to access. There are times, though, when it is desirable toreduce that access, usually for reasons of security; that has proved to beespecially true in many container use cases. A new patchset from Aleksa Sarai has revived an old idea: provide a set ofAT_ flags that can be used to control the scope of a givenpathname lookup operation.

Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2).

The LWN.net Weekly Edition for October 4, 2018 is available.

At the 2018 X.Org DevelopersConference (XDC) in A Coruña, Spain, Daniel Stone gave an update on thestatus of freedesktop.org,which serves multiple projects as a hosting site for code, mailing lists,specifications, and more. As its name would imply, it started out with a focus on freedesktops and cross-desktop interoperability, but it lost that focus—alongwith its focus in general—along the way. He recapped the journey of fd.o (as it is often known) and unveiledsome idea of where it may be headed in the future.

Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk).

Back in the halcyon days of the previous century, those with a technicalinclination often became overly acquainted with modems—not just the strange sounds theymade when connecting, but the ATcommands that were used to control them. While the AT command set isstill in use (notably for GSM networks), it is generallyhidden these days. But some security researchers have found that Android phonesoften make AT commands available via their USB ports, which is somethingthat can potentially be exploited by rogue USB devices of various sorts.

One of the most common tasks carried out by device drivers is settingup DMA operations for data transfers between main memory and the device. Often,data read into memory from one device will be immediately written, unchanged,to another device. Common examples include carrying the image between thecamera and screen on a mobile phone, or downloading files to be saved on adisk. Those transfers have an impact on the CPU even if it does not use thedata directly, due to higher memory use and effects likecache trashing. There are cases where it is possible to avoid usage of thesystem memory completely, though. A patch set (posted by Logan Gunthorpe withcontributions by Christoph Hellwig and Steve Wise)has been in the works for some time that addresses this case for PCIdevices using peer-to-peer (P2P) transfers, with a focus on offering anoffload option for the NVMe fabrics target subsystem.

The Linux Security Module (LSM) subsystem allows securitymodules to hook into many low-level operations within the kernel; modulescan use those hooks to examine each requested operation and decide whetherit should be allowed to proceed or not. In theory, just about everylow-level operation is covered by an LSM hook; in practice, there are somegaps. A discussion regarding one of those gaps — low-levelioctl() operations on XFS filesystems — has revealed a thornyproblem and a significant difference of opinion on what the correctsolution is.

Security updates have been issued by Arch Linux (lib32-libxml2, libxml2, mosquitto, and ntp), Debian (kernel and strongswan), Fedora (firefox), openSUSE (zsh), Oracle (kernel), Red Hat (ceph-iscsi-cli), SUSE (openssl-1_0_0), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, and strongswan).

Version1.0 of the Stratis storage-management system (covered here in May) has been released."After two years of development, Stratis 1.0 has stabilized itson-disk metadata format and command-line interface, and is ready for morewidespread testing and evaluation by potential users." See the FAQ for moreinformation.

Security updates have been issued by Arch Linux (mediawiki), CentOS (389-ds-base, firefox, flatpak, kernel, mod_perl, nss, spice and spice-gtk, and spice-gtk and spice-server), Debian (389-ds-base, ghostscript, mosquitto, and python3.5), Fedora (ca-certificates, firefox, glusterfs, kernel-headers, kernel-tools, libxkbcommon, udisks2, and zchunk), Mageia (firefox), openSUSE (gd, gnutls, mgetty, openssl, and yast2-smt), Oracle (firefox and kernel), Scientific Linux (firefox), SUSE (libX11 and openssl-1_1), and Ubuntu (bind9 and ghostscript).