LWN.net

Since the beginning, Linux has mapped the kernel's memory into the addressspace of every running process. There are solid performance reasons fordoing this, and the processor's memory-management unit can ordinarily betrusted to prevent user space from accessing that memory. More recently,though, some more subtle security issues related to this mapping have cometo light, leading to the rapid development of a new patch set that ends thislongstanding practice for the x86 architecture.

Firefox 57 has been released. From the releasenotes: "Brace yourself for an all-new Firefox. It’s fast. Reallyfast. It’s over twice as fast as Firefox from 6 months ago, built on acompletely overhauled core engine with brand new technology from ouradvanced research group, and graced with a clean, modern interface. Todayis the first of several releases we’re calling Firefox Quantum, alldesigned to get to the things you love and the stuff you need faster thanever before. Experience the difference on desktops running Windows, macOS,and Linux; on Android, speed improvements are landing as well, and bothAndroid and iOS have a new look and feel. To learn more about FirefoxQuantum, visit the Mozilla Blog."

On October 30, 2017, a groupof Czech researchers from Masaryk University presented the ROCA paperat the ACM CCS Conference, which earnedthe Real-World ImpactAward. We briefly mentioned ROCA whenit was first reported but haven't dug into details of the vulnerability yet. Because of itsfar-ranging impact, it seems important to review the vulnerability inlight of the new results published recently.

Security updates have been issued by Arch Linux (konversation), Debian (graphicsmagick and konversation), Fedora (git-annex, ImageMagick, kernel, and libgcrypt), Oracle (kernel), Red Hat (httpd), SUSE (firefox, nss), and Ubuntu (perl and postgresql-9.3, postgresql-9.5, postgresql-9.6).

The Fedora 27release is now available. "The Workstation edition of Fedora 27 features GNOME 3.26. In the new release, both the Display and Network configuration panels have been updated, along with the overall Settings panel appearance improvement. The system search now shows more results at once, including the system actions.GNOME 3.26 also features color emoji support, folder sharing in Boxes, andnumerous improvements in the Builder IDE tool."

The Netconf 2017,Part 2 and Netdev 2.2 conferences wererecently held in Seoul, South Korea. Netconf is an invitation-onlygathering of kernel networking developers, while Netdev is an open conference for the Linuxnetworking community. Attendees have put together reportsfrom all five days (two for Netconf and three for Netdev) that LWN ishappy to publish for them.

Red Hat has announceda version of its RHEL 7.4 distribution for the ARM64 architecture."Red Hat took a pragmatic approach to Arm servers by helping to driveopen standards and develop communities of customers, partners and a broadecosystem. Our goal was to develop a single operating platform acrossmultiple 64-bit ARMv8-A server-class SoCs from various suppliers whileusing the same sources to build user functionality and consistent featureset that enables customers to deploy across a range of serverimplementations while maintaining application compatibility." Moreinformation about what works at this point can be found in the release notes.

Security updates have been issued by Debian (graphicsmagick, imagemagick, mupdf, postgresql-common, ruby2.3, and wordpress), Fedora (tomcat), Gentoo (cacti, chromium, eGroupWare, hostapd, imagemagick, libXfont2, lxc, mariadb, vde, wget, and xorg-server), Mageia (flash-player-plugin and libjpeg), openSUSE (ansible, ImageMagick, java-1_8_0-openjdk, krb5, redis, shadow, virtualbox, and webkit2gtk3), Red Hat (rh-eclipse46-jackson-databind and rh-eclipse47-jackson-databind), SUSE (java-1_8_0-openjdk, mysql, openssl, and storm, storm-kit), and Ubuntu (perl).

The 4.14 kernel has been released after aten-week development cycle.Some of the most prominent features in this release includethe ORC unwinder for more reliabletracebacks and live patching,the long-awaited thread mode for controlgroups,support for AMD's secure memoryencryption,five-level page table support,a new zero-copy networking feature,the heterogeneous memory managementsubsystem,and more.See the Kernel Newbies 4.14page for more information.In the end, nearly 13,500 changesets were merged for 4.14, which is slatedto be the next long-term-support kernel.For the maintainers out there, it's worth noting Linus's warning that the4.15 merge window might be rather shorter than usual due to the USThanksgiving Holiday.

Kernel developers have worried for years that tracepoints could lead toapplications depending on obscure implementation details; the consequentneed to preserve existing behavior to avoid causing regressions could endup impeding future development. A recent report shows that theseccomp() system call is also more prone to regressions than usersmay expect — but kernel developers are unlikely to cause these regressionsand, indeed, have little ability to prevent them. Programs usingseccomp() will have an inherently higher risk of breaking whensoftware is updated.

Security updates have been issued by Arch Linux (lib32-openssl, libextractor, postgresql, and postgresql-old-upgrade), Debian (bchunk, postgresql-9.4, postgresql-9.6, postgresql-common, roundcube, and tomcat7), Gentoo (libxml2), SUSE (kvm, openssl1, and qemu), and Ubuntu (postgresql-common).

The Linux block layer provides an upstream interface to filesystems andblock-special devices allowing them to access a multitude of storagebackends in a uniform manner. It also provides downstream interfaces to devicedrivers and driver-support frameworks that allow those drivers andframeworks to receive requests in a manner most suitable to each. Somedrivers do not benefit from preliminary handling and just use the thin "biolayer" that we met previously. Otherdrivers benefitfrom some preprocessing that might detect batches of consecutive requests,may reorder requests based on various criteria, and which presents therequests as one or more well-defined streams. To service these drivers,there exists a section of the block layer that I refer to as the requestlayer.Subscribers can read on below for guest author Neil Brown's article thatwill appear in next week's edition.

Security updates have been issued by Debian (libpam4j, libreoffice, openssl, and ruby-yajl), Fedora (ansible), Mageia (openssl), SUSE (kernel), and Ubuntu (bind9).

Apple has let itbe known that the CUPS printing system will, as of version 2.3,switch from GPLv2 to the Apache License. This change is possible becauseApple requires that contributors sign acontributor agreement [PDF] giving joint ownership of any copyrights toApple.

The LWN.net Weekly Edition for November 9, 2017 is available.

The Free Software Foundation Europe (FSFE) has released thenext version of its REUSE practices,designed to make computers understand software copyrights and licenses."The REUSE practices help software developers make simple additions to license headers which make it easier for a computer to determine what license applies to the various parts of a programs source code. By following the REUSE practices, software developers can ensure their intent to license software under a particular license is understood and more readily adhered to."

The LiMux (or Limux)initiative in Munich has been heralded as an example of both the good andbad in moving a public administration away from proprietary systems. FreeSoftware Foundation Europe (FSFE) President Matthias Kirschner reviewed thehistory of the initiative—and its recent apparent downfall—in a talk atOpen Source Summit Europe in Prague. He also looked at the broaderimplications of the project as well as asking some questions thatfree-software advocates should consider moving forward.

Security updates have been issued by Arch Linux (chromium, libzip, and openssl), Debian (chromium-browser, otrs2, slurm-llnl, and tomcat7), Fedora (kernel, libgcrypt, nodejs, php, poppler, qemu, rpm, and wget), openSUSE (chromium), Red Hat (chromium-browser and rhvm-appliance), SUSE (krb5 and qemu), and Ubuntu (openjdk-8).

USBGuard is asecurity framework for the authorization of USB devices that can be pluggedinto a Linux system. For users who want to protect a system from maliciousUSB devices or unauthorized use of USB ports on a machine, this program gives a number of fine-grained policy options for specifyinghow USB devices can interact with a host system. It is a tool similar tousbauth, which also provides an interface to create access-control policies for theUSB ports. Although kernelauthorization for USB devices already exists, programs like USBGuard makeit easy to craft policies using those mechanisms.

The 2017 Maintainers Summit, the first event of its type, managed to cover awide range of topics in a single half-day. This article, which concludesLWN's coverage of this event, picks up a fewrelatively short topics that were discussed toward the end of the session.These include a new initiative to add SPDX license tags to the kernel, theperils of cross-subsystem development, and an evaluation of the summititself.

The4.13.12,4.9.61,4.4.97,and 3.18.80 stable kernel updates areavailable. As usual, each contains a long list of important fixes andupdates.

A traditional Kernel-Summit agenda item was a slot where Linus Torvalds hadthe opportunity to discuss the aspects of the development community that hewas (or, more often, was not) happy with. In 2017, this discussion movedto the smaller Maintainers Summit. Torvalds is mostly content with the state of thecommunity, it seems, but the group still found plenty of process-related things to talk about.

Security updates have been issued by Debian (apr, apr-util, chromium-browser, libpam4j, and mupdf), Fedora (community-mysql and modulemd), Mageia (git), openSUSE (libsass, libwpd, qemu, sssd, and SuSEfirewall2), Red Hat (Red Hat JBoss Enterprise Application Platform and Red Hat JBoss Enterprise Application Platform 7.0), SUSE (qemu), and Ubuntu (openssl).

Android has been a great boon to the kernel community, having brought agreat deal of growth in both the user and the development communities. ButAndroid has also been a problem in that devices running it ship withkernels containing large amounts (often millions of lines) of out-of-treecode. That fragments the development community and makes it impossible torun mainline kernels on this hardware. The problematic side of Android wasdiscussed at the 2017 Maintainer Summit; the picture that resulted issurprisingly optimistic.

Enlightenment DR 0.22.0 has been released. Thisversion of the desktop shell features improved Wayland support,improvements to new gadget infrastructure, a sudo/ssh askpass utility gui,tiling policy improvements, and integrated per-window volume controls,along with a switch to the Meson build system.

Laurent Pinchart ran a session at the 2017 Embedded Linux Conference Europeentitled "Bash the kernel maintainers"; the idea was to get feedback fromdevelopers on their experience working with the kernel community. A fewdays later, the Maintainers Summit held a free-flowing discussion on theissues that were brought up in that session. Some changes may result fromthis discussion, but it also showed how hard it can be to change how kernelsubsystem maintainers work.

The Software Freedom Law Center (SFLC) has responded to a recent blog post from the Software Freedom Conservancy (SFC) regarding the SFC's trademark. SFLC has asked the US Patent and Trademark Office (PTO) to cancel the SFC trademark due to a likelihood of confusion between the two marks; SFC posted about the action on its blog. Now, SFLC is telling its side of the story: "At the end of September, SFLC notified the US Patent and Trademark Office that we have an actual confusion problem caused by the trademark 'Software Freedom Conservancy,' which is confusingly similar to our own pre-existing trademark. US trademark law is all about preventing confusion among sources and suppliers of goods and services in the market. Trademark law acts to provide remedies against situations that create likelihood of, as well as actual, confusion. When you are a trademark holder, if a recent mark junior to yours causes likelihood of or actual confusion, you have a right to inform the PTO that the mark has issued in error, because that’s not supposed to happen. This act of notifying the PTO of a subsequently-issued mark that is causing actual confusion is called a petition to cancel the trademark. That’s not some more aggressive choice that the holder has made; it is not an attack, let alone a 'bizarre' attack, on anybody. That’s the name of the process by which the trademark holder gets the most basic value of the trademark, which is the right to abate confusion caused by the PTO itself."

The 2017Realtime Summit (RT-Summit) was hosted by the Czech Technical University onSaturday, October 21 in Prague, just before the Embedded LinuxConference. It was attended by more than 50 individuals with backgrounds ranging fromacademic to industrial, and some local students daring enough to spend a day with thatgroup. Guest author Mathieu Poirier provides summaries of some of thetalks from the summit.

Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libmupdf, mupdf, mupdf-gl, mupdf-tools, and zathura-pdf-mupdf), CentOS (liblouis), Debian (graphicsmagick, imagemagick, irssi, openssl, openssl1.0, redis, and wordpress), Mageia (lucene, poppler, and x11-server), SUSE (libwpd and webkit2gtk3), and Ubuntu (liblouis).

The tracking of kernel regressions was discussed at the 2017 Kernel Summit; the topicmade a second appearance at the first-ever Maintainers Summit two dayslater. This session was partly a repeat of what came before for thebenefit of those (including Linus Torvalds) who weren't at the firstdiscussion, but some new ground was covered as well.

The 4.14-rc8 kernel prepatch is out fortesting. "But to actually have decided that we don't need an rc8 this release,it would have had to be really totally quiet, and it wasn't. Nothinglooks scary, but we did have a few reverts in here still, and I'lljust feel happier giving 4.14 another final week... and I really hope that _will_ be the final week, and we don't findanything new scary." Along with the various fixes, this prepatchalso adds SPDX license tags to a lot of kernel source files.

Willy Tarreau reflectson his experience maintaining the 3.10 long-term kernel on the occasionof the release of the final update, 3.10.108."First, there's no such notion of 'important fixes'. Even seriousvendors employing several kernel developers got caught missing someapparently unimportant fixes and remaining vulnerable for more than twoyears after LTS was fixed. So you can imagine the level of quality you mayexpect from a $60 WiFi router vendor claiming to apply the samepractices... The reality is that a bug is a bug, and until it's exploitedit's not considered a vulnerability."

The GitLab open-source (and open-core) project hosting site has announced that it is moving away from its Contributor License Agreement (CLA) to a Developers Certificate of Origin (DCO), which is what is used by the Linux kernel, for example, to cover contributions made to its code base. "A Contributor License Agreement (CLA) is the industry standard for open source contributions to other projects, but it's unpopular with developers, who don't want to enter into legal terms and are put off by having to review a lengthy contract and potentially give up some of their rights. Contributors find the agreement unnecessarily restrictive, and it's deterring developers of open source projects from using GitLab. We were approached by Debian developers to consider dropping the CLA, and that's what we're doing." LWN looked at some of the background of this issue back in June.

The Software Freedom Conservancy (SFC) blog reveals a recent action taken by the Software Freedom Law Center (SFLC) to try to cancel the trademark for SFC. On September 22, SFLC filed a complaint with the US Patent and Trademark Office asking that the trademark be canceled because there is a likelihood of confusion between the trademarks:"Registrant's SOFTWARE FREEDOM CONSERVANCY Mark is confusingly similar toPetitioner's SOFTWARE FREEDOM LAW CENTER Mark." On November 2, SFC filed a response that lists the defenses it plans to use. From the blog post: "We are surprised and sad that our former attorneys, who kindly helped our organization start in our earliest days and later excitedly endorsed us when we moved from a volunteer organization to a staffed one, would seek to invalidate our trademark. Conservancy and SFLC are very different organizations and sometimes publicly disagree about detailed policy issues. Yet, both non-profits are charities organized to promote the public's interest. Thus, we are especially disappointed that SFLC would waste the precious resources of both organizations in this frivolous action."

Security updates have been issued by Debian (bchunk and openjdk-8), Fedora (kernel and seamonkey), Mageia (ansible, sdl2, sdl2_image, mingw, and tomcat), Oracle (kernel and liblouis), Red Hat (liblouis and samba), Scientific Linux (liblouis), Slackware (mariadb and openssl), and SUSE (ceph, kernel, and qemu).

Shuah Khan is the maintainer of the kernel's self-test subsystem. At the2017 Kernel Summit, she presented an update on the recent developments inkernel testing and led a related discussion. Much work has happened aroundself-testing in the kernel, but there remains a lot to be done.

The 4.13.11, 4.9.60, 4.4.96, and 3.18.79 stable kernels have been released byGreg Kroah-Hartman. There are, as usual, important fixes throughout thetree in these updates and users of those kernel series should upgrade.

Security updates have been issued by Debian (thunderbird), Fedora (glusterfs, gnome-shell, java-1.8.0-openjdk, lucene, openvpn, poppler, and xen), openSUSE (xen), and Ubuntu (libreoffice and samba).

The LWN.net Weekly Edition for November 2, 2017 is available.

On the Ubuntu Insights blog, Canonical has announced that it has joined the GNOME Foundation advisory board. "We hope to share the results of our many years of user research, testing plus the needs of our large and diverse user base to help map out the best way for the entire GNOME ecosystem to benefit from our membership.The GNOME community have been very welcoming to Ubuntu, and we are already seeing the fruits of their labour in 17.10. Night Light, Captive Portal detection, the new Control Center, and a host of new features are now available to Ubuntu Desktop users by default by way of the GNOME desktop.We look forward to working closely with the GNOME Foundation, and to many years of happy collaboration."

Much software that uses the Linux kernel does so at comparativearms-length: when it needs the kernel, perhaps for a read or write, itperforms a system call, then (at least from its point of view) continuesoperation later, with whatever the kernel chooses to give it in reply. Somesoftware, however, gets pretty intimately involved with the kernel as partof its normal operation, for example by using eBPF for low-level packetprocessing. Suricata is such a program; Eric Leblondspoke about it at Kernel Recipes 2017 in a talk entitled "eBPF and XDPseen from the eyes of a meerkat".

Security updates have been issued by Debian (graphicsmagick, libdatetime-timezone-perl, openjpeg2, thunderbird, and tzdata), Fedora (curl, glusterfs, java-1.8.0-openjdk, lame, lucene, SDL2, systemd, and xen), Red Hat (python-django), and Ubuntu (linux-lts-trusty and quagga).

When a kernel developer wants to communicate a message to user space, be itfor debugging or to report a serious problem with the system, the venerableprintk() function is usually the tool of choice. But, as SteveRostedt (accompanied by Petr Mladek and Sergey Senozhatsky) noted during abrief session at the 2017 Kernel Summit, printk() has not aged well. In particular, it can affect theperformance of the system as a whole; the roots of that problem and apossible solution were discussed, but a real solution will have to wait forthe appearance of the code.

On his blog, Sebastian Kügler sets out a roadmap for Plasma Mobile, which is a project that "aims to become a complete and open software system for mobile devices". There is already a prototype version available, the next step is the "feature phone" milestone (which will be followed by the "basic smartphone" and "featured smartphone" milestones). "The feature phone milestone is what we’re working on right now. This involves taking the prototype and fixing all the basic things to turn it into something usable. Usable doesn’t mean 'usable for everyone', but it should at least be workable for a subset of people that only rely on basic features — 'simple' things.Core features should work flawlessly once this milestone is achieved. With core features, we’re thinking along the lines of making phone calls, using the address book, manage hardware functions such as network connectivity, volume, screen, time, language, etc.. Aside from these very core things for a phone, we want to provide decent integration with a webbrowser (or provide our own), app store integration likely using store.kde.org, so you can get apps on and off the device, taking photos, recording videos and watching these media. Finally, we want to settle for an SDK which allows third party developers to build apps to run on Plasma Mobile devices.Getting this to work is no small feat, but it allows us to receive real-world feedback and provide a stable base for third-party products. It makes Plasma Mobile a viable target for future product development."

The kernel development community has run for some years without anybodytracking regressions; that changed one year ago when Thorsten Leemhuisstepped up to the task. Two conversations were held on the topic at the2017 Kernel and Maintainers summits in Prague; this article covers thefirst of those, held during the open Kernel-Summit track.

Security updates have been issued by Debian (libav, quagga, wordpress, and wpa), Mageia (exiv2, irssi, opensc_etc, procmail, rpm, and wget), SUSE (kernel), and Ubuntu (kernel, linux, linux-raspi2, linux-gcp, linux-hwe, and linux-lts-xenial).

Some technologies find their way into the kernel almost immediately; othersneed to go through multiple iterations over a number of years first.Restartable sequences, a mechanism for lockless concurrency control in user space, fallinto the latter category. At the 2017 Kernel Summit, Mathieu Desnoyersdiscussed yet another implementation of this concept — but this one may notbe the last word either.

The annual GStreamerconference took place October 21-22 in Prague, (unofficially)co-located with the EmbeddedLinux Conference Europe. The GStreamer project is alibrary for connecting media elements such as sources, encoders and decoders, filters,streaming endpoints, and output sinks of all sorts into a fullycustomizable pipeline. It offers cross-platform support, a large set ofplugins, modernstreaming and codec formats, and hardware acceleration as some of its features. Kickingoff this year's conference was Tim-Philipp Müller with his report on thelast 12 months of development and what we can look forward to next.

Security updates have been issued by Arch Linux (apr, apr-util, chromium, and wget), CentOS (tomcat and tomcat6), Debian (curl, git-annex, golang, shadowsocks-libev, and wget), Fedora (libextractor and sssd), Gentoo (apache, asterisk, jython, oracle-jdk-bin, and xorg-server), openSUSE (chromium, curl, gcc48, GraphicsMagick, hostapd, kernel, libjpeg-turbo, libvirt, mysql-community-server, openvpn, SDL2, tcpdump, and wget), Oracle (tomcat and tomcat6), Red Hat (chromium-browser, tomcat, and tomcat6), Scientific Linux (tomcat and tomcat6), Slackware (php and wget), SUSE (firefox, mozilla-nss, kernel, wget, and xen), and Ubuntu (mysql-5.5, poppler, and wget).

The 4.14-rc7 kernel prepatch is out fortesting. "Still, considering the issues we've had, I likely will doan rc8 unless this upcoming week ends up being _so_ quiet that there's nopoint. Which while unlikely would be lovely..."