LWN.net

PCI Express hotplug has been supported in Linux for fourteen years. Thecode, which is aging, is currently undergoing a transformation to fit theneeds of contemporary applications such as hot-swappable flash drives indata centers and power-manageable Thunderbolt controllers in laptops. Timefor a roundup.

Nadav Amit decided to dig into why some small kernel functions were notbeing inlined by GCC; the result is a detailedinvestigation into how these things can go wrong. "Ignoring theassembly shenanigans that this code uses, we can see that in practice itgenerates a single ud2 instruction. However, the compiler considers thiscode to be 'big' and consequently oftentimes does not inline functions thatuse WARN() or similar functions.The reason turns to be the newline characters (marked as '\n' above). Thekernel compiler, GCC, is unaware to the code size that will be generated bythe inline assembly. It therefore tries to estimate its size based onnewline characters and statement separators (';' on x86)."

Security updates have been issued by Debian (adplug, git, php-horde, php-horde-core, and php-horde-kronolith), Fedora (firefox, liblouis, libmad, mediawiki, opensc, php-horde-horde, php-horde-Horde-Core, php-horde-kronolith, and rust), Gentoo (imagemagick, openssh, and sox), openSUSE (ghostscript, gitolite, java-1_8_0-openjdk, kernel, php5, php7, python, thunderbird, tomcat, and unzip), Red Hat (firefox and rh-haproxy18-haproxy), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, qpdf, soundtouch, and texlive).

The 4.19-rc7 kernel prepatch is out."Given the current rate of change, and looking at thetravel/conference schedule happening this month, it seems like we will behaving a -rc8 just to be sure 4.19 is solid as well as not having to be inthe middle of a merge window during a conference week."

The release of 4.19-rc6 onSeptember 30 is an indication that the 4.19 development cycle isheading toward its conclusion. Naturally, that means it's time to have alook at where the contributions for this cycle came from. The upheavalscurrently playing out in the kernel community do not show at this level, but there aresome new faces to be seen in the top contributors this time around.

It would be reasonable to expect doing nothing to be an easy, simple task for a kernel, but it isn't. At Kernel Recipes 2018, Rafael Wysocki discussed what CPUs do when they don't have anything to do, how the kernel handles this, problems inherent in the current strategy, and how his recent rework of the kernel's idle loop has improved power consumption on systems that aren't doing anything.

The 2018 GNU Tools Cauldron was held in early September; videos of the talks fromthat event are now available. There is a wide range of discussionscovering various aspects of the toolchain, including GCC, GDB, glibc, and more.

Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick).

Microsoft has announced that it has joined the LOT Network, which is an organization set up to help thwart patent trolls by licensing any member's patents to all members if they end up in the hands of a troll. "What does all of this mean for you if you’re a software developer or in the technology business? It means that Microsoft is taking another step to help stop patents from being asserted against you by companies running aggressive monetization campaigns. It also means that Microsoft is aligning with other industry leaders on this topic and committing to do more in the future to address IP risk. By joining the LOT network, we are committing to license our patents for free to other members if we ever transfer them to companies in the business of asserting patents. This pledge has immediate value to the nearly 300 members of the LOT community today, which covers approximately 1.35 million patents."

Greg Kroah-Hartman has announced the release of the 4.18.12, 4.14.74, and 4.9.131 stable kernels. As usual, theycontain important fixes throughout the tree; users of those kernel seriesshould upgrade.

System calls like openat() have access to the entire filesystem —or, at least, that part of the filesystem that exists in the current mountnamespace and which the caller has thepermission to access. There are times, though, when it is desirable toreduce that access, usually for reasons of security; that has proved to beespecially true in many container use cases. A new patchset from Aleksa Sarai has revived an old idea: provide a set ofAT_ flags that can be used to control the scope of a givenpathname lookup operation.

Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2).

The LWN.net Weekly Edition for October 4, 2018 is available.

At the 2018 X.Org DevelopersConference (XDC) in A Coruña, Spain, Daniel Stone gave an update on thestatus of freedesktop.org,which serves multiple projects as a hosting site for code, mailing lists,specifications, and more. As its name would imply, it started out with a focus on freedesktops and cross-desktop interoperability, but it lost that focus—alongwith its focus in general—along the way. He recapped the journey of fd.o (as it is often known) and unveiledsome idea of where it may be headed in the future.

Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk).

Back in the halcyon days of the previous century, those with a technicalinclination often became overly acquainted with modems—not just the strange sounds theymade when connecting, but the ATcommands that were used to control them. While the AT command set isstill in use (notably for GSM networks), it is generallyhidden these days. But some security researchers have found that Android phonesoften make AT commands available via their USB ports, which is somethingthat can potentially be exploited by rogue USB devices of various sorts.

One of the most common tasks carried out by device drivers is settingup DMA operations for data transfers between main memory and the device. Often,data read into memory from one device will be immediately written, unchanged,to another device. Common examples include carrying the image between thecamera and screen on a mobile phone, or downloading files to be saved on adisk. Those transfers have an impact on the CPU even if it does not use thedata directly, due to higher memory use and effects likecache trashing. There are cases where it is possible to avoid usage of thesystem memory completely, though. A patch set (posted by Logan Gunthorpe withcontributions by Christoph Hellwig and Steve Wise)has been in the works for some time that addresses this case for PCIdevices using peer-to-peer (P2P) transfers, with a focus on offering anoffload option for the NVMe fabrics target subsystem.

The Linux Security Module (LSM) subsystem allows securitymodules to hook into many low-level operations within the kernel; modulescan use those hooks to examine each requested operation and decide whetherit should be allowed to proceed or not. In theory, just about everylow-level operation is covered by an LSM hook; in practice, there are somegaps. A discussion regarding one of those gaps — low-levelioctl() operations on XFS filesystems — has revealed a thornyproblem and a significant difference of opinion on what the correctsolution is.

Security updates have been issued by Arch Linux (lib32-libxml2, libxml2, mosquitto, and ntp), Debian (kernel and strongswan), Fedora (firefox), openSUSE (zsh), Oracle (kernel), Red Hat (ceph-iscsi-cli), SUSE (openssl-1_0_0), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, and strongswan).

Version1.0 of the Stratis storage-management system (covered here in May) has been released."After two years of development, Stratis 1.0 has stabilized itson-disk metadata format and command-line interface, and is ready for morewidespread testing and evaluation by potential users." See the FAQ for moreinformation.

Security updates have been issued by Arch Linux (mediawiki), CentOS (389-ds-base, firefox, flatpak, kernel, mod_perl, nss, spice and spice-gtk, and spice-gtk and spice-server), Debian (389-ds-base, ghostscript, mosquitto, and python3.5), Fedora (ca-certificates, firefox, glusterfs, kernel-headers, kernel-tools, libxkbcommon, udisks2, and zchunk), Mageia (firefox), openSUSE (gd, gnutls, mgetty, openssl, and yast2-smt), Oracle (firefox and kernel), Scientific Linux (firefox), SUSE (libX11 and openssl-1_1), and Ubuntu (bind9 and ghostscript).

The 4.19-rc6 kernel prepatch is out."As always, please go test and report any problems. It all 'justworks' on my systems, and I have not heard of any major outstanding issuesas of this point in time."

The stable-kernel machine continues to crank out updates:4.18.11,4.14.73,4.9.130, and4.4.159 are now available with another setof important fixes.

One of the key aspects of hardening the user-space side of an operatingsystem is to provide mechanisms for restricting which parts of thefilesystem hierarchy a given process can access. Linux has a number ofmechanisms of varying capability and complexity for this purpose, but otherkernels have taken a different approach. Over the last few months, OpenBSDhas inaugurated a new system call named unveil() for thistype of hardening that differs significantly from the mechanisms found inLinux.

Nuitka is a compilerfor the Python 2.7 and 3.7 languages; version 0.6.0 isnow available. "This release adds massive improvements for optimization and a couple of bug fixes.It also indicates reaching the mile stone of doing actual type inference,even if only very limited." At this point, the claim is that allPython language features have been implemented, so the focus is shiftingtoward optimization.

Security updates have been issued by Debian (libxml2 and python2.7), Fedora (hylafax+, lcms2, libbson, moodle, mozilla-noscript, visualboyadvance-m, and yum-utils), openSUSE (dom4j and php7), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), SUSE (gnutls, kernel, openssl, smt, smt, yast2-smt, xorg-x11-libX11, and yast2-smt), and Ubuntu (mutt).

Security updates have been issued by Debian (asterisk, otrs2, and strongswan), Fedora (kernel-headers, moodle, ntp, visualboyadvance-m, and yaml-cpp), Mageia (rsyslog), openSUSE (ant, libzypp, zypper, shadow, and tiff), Oracle (389-ds-base, flatpak, kernel, nss, and openssl), Red Hat (rh-perl524-mod_perl and rh-perl526-mod_perl), Scientific Linux (389-ds-base, flatpak, kernel, and nss), SUSE (firefox, gd, glibc, kernel, mgetty, php7, and wireshark), and Ubuntu (udisks2).

The BBC talkedwith Linus Torvalds about recent events. "Will everybody behappy? No. People who don't like my blunt behaviour even when I'm not beingactively nasty about it will just see that as 'look, nothing changed'. I'mtrying to get rid of my outbursts, and be more polite about things, buttechnically wrong is still technically wrong, and I won't start acceptingbad code just to make people feel better about themselves."

The LWN.net Weekly Edition for September 27, 2018 is available.

The kernel address sanitizer (KASAN) is akernel debugging tool meant to catch incorrect use of kernel pointers. Itis an effective tool, if the number of KASAN-based bug reports showing upon the mailing lists is any indication. The downside of KASAN is asignificant increase in the amount of memory used by a running system. Thesoftware-tag-basedmode proposed by Andrey Konovalov has the potential to address thatproblem, but it brings some limitations of its own.

For anybody who has been concerned by the talk from a few outsiders aboutrevoking GPL licensing, thisnew section in the Software Freedom Conservancy's copyleft guide isworth a read.Thus, anyone downstream of the contributor (which is anyone using thecontributor’s code), has an irrevocable license from the contributor. Acontributor may claim to revoke their grant, and subsequently sue forcopyright infringement, but a court would likely find the revocation wasineffective and the downstream user had a valid license defense to a claimof infringement.Nevertheless, for purposes of argument, we will assume that for some reasonthe GPLv2 is not enforceable against the contributor, or that theirrevocable license can be revoked. In that case, the application ofpromissory estoppel will likely mean that the contributor still cannotenforce their copyright against downstream users.

The dust has begun to settle after the abrupt decisions by Linus Torvaldsto take a break from kernel maintainership and to adopt a code of conductfor the community as a whole. Unsurprisingly, the development community,most of which was not consulted prior to the adoption of this code, has alot of questions about it and a number of concerns. While many of theanswers to those questions will be a while in coming, a few things arebeginning to come into focus.

Jann Horn describesCVE-2018-17182, a locally exploitable memory-management bug in thekernel, in great detail. "Fundamentally, this bug can be triggeredby any process that can run for a sufficiently long time to overflow thereference counter (about an hour if MAP_FIXED is usable) and has theability to use mmap()/munmap() (to manage memory mappings) and clone() (tocreate a thread). These syscalls do not require any privileges, and theyare often permitted even in seccomp-sandboxed contexts, such as the Chromerenderer sandbox (mmap, munmap, clone), the sandbox of the main gVisor hostcomponent, and Docker's seccomp policy."

When last we looked at the WireGuard VPN code and its progresstoward mainline inclusion, said progress was impeded by disagreements aboutthe new "Zinc"cryptographic library that is added by the WireGuard patches. Since thatAugust look, several more versions of WireGuard and Zinc have been posted; it would seem that Zinc is gettingcloser to being accepted. Once that happens, the networking developers arepoised to review that portion of the code, which likely will leadto WireGuard in the kernel some time in the next development cycle or two.

Stable kernels 4.18.10, 4.14.72, 4.9.129, 4.4.158, and 3.18.123 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (python2.7 and python3.4), openSUSE (php5-smarty3), Oracle (389-ds-base, flatpak, kernel, and nss), Red Hat (389-ds-base, chromium-browser, flatpak, kernel, kernel-alt, kernel-rt, nss, and qemu-kvm-ma), and SUSE (ant, dom4j, kernel, and wireshark).

Security updates have been issued by Arch Linux (strongswan and zsh), Debian (dom4j and polarssl), openSUSE (apache2, gd, gnutls, GraphicsMagick, nodejs8, php7, and shadow), Oracle (mod_perl), Red Hat (mod_perl), Scientific Linux (mod_perl), SUSE (ant, gd, gnutls, java-1_8_0-ibm, libXcursor, mgetty, pam_pkcs11, php7, python-paramiko, shadow, and tiff), and Ubuntu (strongswan).

<p>I recently took a deep dive into web site archival for friends whowere worried about losing control over the hosting of their workonline in the face of poor system administration or hostileremoval.This makes web site archival an essential instrument in thetoolbox of any system administrator.As it turns out, some sites are much harder to archive thanothers. This article goes through the process of archiving traditionalweb sites and shows how it falls short when confronted with the latestfashions in the single-page applications that are bloating the modern web.<p>Subscribers can read on for a look at web archiving by guest author Antoine Beaupré.

Security updates have been issued by Arch Linux (bitcoin-daemon and bitcoin-qt), Debian (firefox-esr, hylafax, libarchive-zip-perl, mediawiki, okular, openafs, strongswan, and texlive-bin), Fedora (gitolite3, kernel-headers, and lcms2), Mageia (dropbear, kernel, lcms2, libcgroup, libextratcor, mailman, mpg123, okular, php, soundtouch, unixODBC, webkit2, and xml-security-c), openSUSE (aubio, bouncycastle, chromium, ffmpeg-4, firefox, gdm, GraphicsMagick, hylafax+, ImageMagick, jhead, liblouis, nemo-extensions, nextcloud, nodejs6, obs-service-refresh_patches, okular, openslp, pango, phpMyAdmin, python-Django, python-Django1, and seamonkey), Oracle (spice and spice-gtk), Slackware (firefox and kernel), and SUSE (ant, apache2, gnutls, libzypp, zypper, nodejs6, nodejs8, and xorg-x11-libs).

The 4.19-rc5 kernel prepatch has beenreleased by Greg Kroah-Hartman. "As almost everyone knows, it's beenan 'interesting' week from a social point-of-view. But from the technicalside, -rc5 looks totally normal."

The kernel's namespace abstraction allowsdifferent groups of processes to have different views of the system. Thisfeature is most often used with containers; it allows each container tohave its own view of the set of running processes, the network environment,the filesystem hierarchy, and more. One aspect of the system that remainsuniversal, though, is the concept of the system time. The recently postedtimenamespace patch set (from Dmitry Safonov with a lot of work by AndreiVagin) seeks to change that.

The Ubuntu blog has announced the release of version 1.0.0 of the Mir display server. "Whether for building a device or for writing a shell for the desktop, Mir can give you a graphics stack that is fast, light, and secure. The Mir graphical stack works across different graphics platforms and driver models and is easy to integrate into your kiosk, digital signage, or purpose built graphical solution. It was first conceived over 6 years ago as part of an initiative by Canonical to unify the graphical environment across all devices, including desktop, TV, and mobile devices and continues to be developed with new features and modern standards."

Security updates have been issued by Debian (hylafax, sympa, and texlive-bin), Fedora (curl and gitolite3), Mageia (bouncycastle, ghostscript, and libx11), openSUSE (webkit2gtk3), Oracle (spice and spice-gtk and spice-gtk and spice-server), Red Hat (rubygem-smart_proxy_dynflow, spice and spice-gtk, and spice-gtk and spice-server), Scientific Linux (spice and spice-gtk and spice-gtk and spice-server), and SUSE (ImageMagick, kernel, liblouis, openslp, and python-paramiko).

Security updates have been issued by Debian (glusterfs, php5, reportbug, and suricata), openSUSE (chromium and exempi), Red Hat (openstack-rabbitmq-container), SUSE (couchdb, crowbar, crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui, gdm, OpenStack, pango, and webkit2gtk3), and Ubuntu (bind9, lcms, lcms2, and lcms2).

A story in The New Yorker magazine may help explain some of the timing of the recent upheavals in kernel-land. Longtime followers of kernel development will find the article to be a mixed bag—over the top in spots, fairly accurate elsewhere. "Torvalds’s decision to step aside came after The New Yorker asked him a series of questions about his conduct for a story on complaints about his abusive behavior discouraging women from working as Linux-kernel programmers. In a response to The New Yorker, Torvalds said, 'I am very proud of the Linux code that I invented and the impact it has had on the world. I am not, however, always proud of my inability to communicate well with others—this is a lifelong struggle for me. To anyone whose feelings I have hurt, I am deeply sorry.'"

The LWN.net Weekly Edition for September 20, 2018 is available.

Stable kernels 4.18.9, 4.14.71, 4.9.128, and 4.4.157 have been released. They all containthe usual set of important fixes and users should upgrade.

Android's ProjectTreble is meant as a way to reduce the fragmentation in the Androidecosystem. It also makes porting Android 8 ("Oreo"—the first versionto mandate Treble) more difficult, according to Fedor Tcymbal. Hedescribed the project and what it means for silicon and device vendors in atalk atOpenSource Summit North America 2018 in Vancouver, Canada.

Facebook runs a lot of programs and it tries to pack as many as it can ontoeach machine. That means running close to—and sometimes beyond—theresource limits on any given machine. How the system reacts when, for example,memory is exhausted, makes a big difference in Facebook getting its workdone. Tejun Heo came to 2018 Open Source Summit North America to describe the resource controlwork that has been done by the team he works on at Facebook.

Security updates have been issued by Debian (chromium-browser and libapache2-mod-perl2), Oracle (kernel), and Ubuntu (ghostscript, glib2.0, and php5).