LWN.net

The5.13.9,5.10.57,5.4.139,4.19.202,4.14.243,4.9.279, and4.4.279stable kernel updates have been released. Each contains a small set ofimportant fixes. Users of 4.4 should note that 4.4.280is already in the review process; it is due on August 10.

The memfd_secret() system call has, in one form or another, beencovered here since February 2020. In thebeginning, it was a flag to memfd_create(),but its functionality was later moved to a separate system call. Therehave been many changes during this feature's development, but its corepurpose remains the same: allow a user-space process to create a range of memory that isinaccessible to anybody else — kernel included. That memory can be used tostore cryptographic keys or any other data that must not be exposed toothers. This new system call was finally merged for the upcoming 5.14release; what follows is a look at the form this call will take in themainline kernel.

Security updates have been issued by Debian (tomcat8), Mageia (bluez, exiv2, fetchmail, libsndfile, nodejs, php-pear, python-pillow, and rabbitmq-server), openSUSE (apache-commons-compress, balsa, djvulibre, mariadb, mysql-connector-java, nodejs8, opera, and spice-vdagent), Red Hat (ruby:2.7), SUSE (apache-commons-compress, djvulibre, java-11-openjdk, libsndfile, mariadb, nodejs8, and spice-vdagent), and Ubuntu (docker.io).

The Android12 beta release first appeared in May of this year. As is almostobligatory, this release features "the biggest design change inAndroid's history"; what's an Android release without requiringusers to relearn everything? That historical event was not meant toinclude one change that many beta testers are noticing, though: a kernelregression that breaks a significant number of apps. This problem has justbeen fixed, but it makes a good example of why preventing regressions canbe so hard and how the kernel project responds to them when they do happen.

Security updates have been issued by Debian (jetty9 and openexr), openSUSE (mariadb and virtualbox), Red Hat (go-toolset-1.15 and go-toolset-1.15-golang), SUSE (djvulibre and mariadb), and Ubuntu (opencryptoki).

The LWN.net Weekly Edition for August 5, 2021 is available.

The GPSD project provides adaemon for communicating with various GPS devices in order to retrieve thelocation information that those sensors provide. But the GPS satellitesalso provide highly accurate time information that GPSD canextract for use by Network TimeProtocol (NTP) servers. A bug in the GPSD code will cause time togo backward in October, though, which may well cause some havoc if affected NTPservers donot get an update before then.

Stable kernels 5.13.8, 5.10.56, 5.4.138, 4.19.201, 4.14.242, 4.9.278, and 4.4.278 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (asterisk, libpam-tacplus, and wordpress), Fedora (buildah and podman), openSUSE (thunderbird and webkit2gtk3), Oracle (kernel and varnish:6), SUSE (kernel, kvm, and webkit2gtk3), and Ubuntu (libdbi-perl and php-pear).

Over on the Google Security Blog, Kees Cook describes his vision for approaches to assuring kernel security in a more collaborative way. He sees a number of areas where companies could work together to make it easier for everyone to use recent kernels rather than redundantly backporting fixes to older kernel versions. It will take more engineers working on things like testing and its infrastructure, security tool development, toolchain improvements for security, and boosting the number of kernel maintainers:

Neovim 0.5, the fifth major version of the Neovimeditor, which descends from the venerable vieditor by way of Vim, wasreleasedon July 2. This release is the culmination of almost two years of work,and it comes with some major features that aim to modernize the editingexperience significantly. Highlights include native support for the LanguageServer Protocol (LSP), which enables advanced editing features for a wide variety oflanguages, improvements toits Lua APIs for configuration and plugins, and better syntax highlightingusing Tree-sitter. Overall, the 0.5 release is a solid upgrade for the editor; the improvements shouldplease the existing fan base and potentially draw in new users and contributorsto the project.

Security updates have been issued by Arch Linux (chromium, nodejs, nodejs-lts-erbium, and nodejs-lts-fermium), Debian (pyxdg, shiro, and vlc), openSUSE (qemu), Oracle (lasso), Red Hat (glibc, lasso, rh-php73-php, rh-varnish6-varnish, and varnish:6), Scientific Linux (lasso), SUSE (dbus-1, lasso, python-Pillow, and qemu), and Ubuntu (exiv2, gnutls28, and qpdf).

On his blog, Colin Watson has a lengthy reflection on moving the code for Ubuntu's Launchpad software-collaboration web application from Python 2 to Python 3. He looks at some of the problem areas for upgrading, both in general and for Launchpad specifically, some pain points that were encountered, lessons learned, and the nine known regressions that reached the Launchpad production code during the process.

The kernel-development community is a busy place, with thousands of emailsflying by every day and many different projects under development at anygiven time. Much of that work ends up inspiring articles at LWN, but there is no way to evercover all of it, or even all of the most interesting parts. What followsis a first attempt at what may become a semi-regular LWN feature: a quick lookat some of the work that your editor is tracking that may or may not showup as the topic of a full article in the future. The first set of topicsincludes memory folios, task isolation, and a lightweight threadingframework from Google.

Version 2.34 of the GNU C library has been released. Significant changesinclude the folding of libpthread, libdl, libutil, and libanl into the mainlibrary, support for 64-bit (year-2038 safe) times on 32-bit systems,support for the close_range() system call, a handful of securityfixes, and many other changes.

Stable kernels 5.13.7, 5.10.55, 5.4.137, and 4.19.200 have been released. As usual, thereare important fixes and users should upgrade.

Security updates have been issued by Arch Linux (389-ds-base, consul, containerd, geckodriver, powerdns, vivaldi, webkit2gtk, and wpewebkit), Debian (aspell, condor, libsndfile, linuxptp, and lrzip), and Fedora (bluez, buildah, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, kernel, kernel-tools, mbedtls, mingw-exiv2, mingw-python-pillow, mrxvt, python-pillow, python2-pillow, redis, and seamonkey).

The 5.14-rc4 kernel prepatch is out fortesting. "Nothing to see here, entirely normal rc4".

The C programming language is famously prone to memory-safety problemsthat lead to buffer overflows and a seemingly endless stream of securityvulnerabilities. But, even in C, it is possible to improve thesituation in many cases. One of those is the memcpy() family offunctions, which are used to efficiently copy or overwrite blocks ofmemory; with a bit of help from the compiler, those functions can beprevented from writing past the end of thedestination object they are passed. Enforcing that condition in the kernelis harder than one might expect, though, as thismassive patch set from Kees Cook shows.

Security updates have been issued by Debian (libsndfile and openjdk-11), Fedora (php-pear and seamonkey), openSUSE (fastjar and php7), SUSE (php72, qemu, and sqlite3), and Ubuntu (libsndfile, php-pear, and qpdf).

The change in copyright-assignment policy proposed in June for the GNU C Library projecthas nowbeen adopted:

On its blog, the Free Software Foundation (FSF) hasannounceda call for white papers about GitHubCopilot and the questions surroundingit. The FSF will pay $500 for papers that it publishes because they"help elucidate the problem":

Filesystem developers tend to disagree with each other about many things,but they are nearly unanimous in their dislike for the truncate()system call, which chops data off the end of a file. Implementingtruncate() tends to be full of traps for the unwary — the kind oftraps that can lead to lost data. But it turns out that a similaroperation, called "hole punching", may be worse. This operation has beensubject to difficult-to-hit but real race conditions in many filesystemsfor years; thispatch set from Jan Kara may finally be at a point where it can fill thehole in hole punching.

Security updates have been issued by Debian (webkit2gtk), Fedora (ruby and webkit2gtk3), Mageia (aspell and varnish), openSUSE (git), SUSE (ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema and git), and Ubuntu (libsndfile, mariadb-10.3, and webkit2gtk).

The LWN.net Weekly Edition for July 29, 2021 is available.

Backlogs in bug triage, code review, and other elements of the developmentprocess are nothing new for free-software projects; there is clearly a lotmore interest in creating new features (and the bugs that go with them, ofcourse) than in taking on the less-satisfying bits. For a large projectlike CPython, though, the backlog can seriously impede progress—potentiallychasing off contributors whose work falls through the cracks. In orderto address that, the Python Software Foundation (PSF) hasraised some funds to hireŁukasz Langa as the CPython "Developer-in-Residence". Langa will beworking to help clear the backlog, while also looking into other areas ofinterest to the PSF and the Pythonsteering council.

Stable kernels 5.13.6, 5.10.54, 5.4.136, 4.19.199, 4.14.241, 4.9.277, and 4.4.277 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Fedora (golang), Mageia (curl, filezilla, jdom/jdom2, netty, pdfbox, perl-Mojolicious, perl-Net-CIDR-Lite, perl-Net-Netmask, python-urllib3, python3, quassel, transfig, and virtualbox), openSUSE (umoci), Red Hat (rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon and rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and SUSE (firefox, glibc, libsndfile, linuxptp, qemu, and umoci).

The annual Linux Plumbers Conference (LPC) is a gathering of a relativelysmall subset of the developers working on the low-level (plumbing) detailsof Linux systems. It covers topics from below the kernel through the user-spacecomponents that underlie the interfaces and applications that most Linuxusers interact with. This year's event will be heldvirtually September 20‑24; it is shaping up to be anothergreat edition of one of the premier open-registration Linux technical conferences on thecalendar.

Security updates have been issued by Debian (drupal7), Fedora (linux-firmware), openSUSE (qemu), Oracle (kernel and thunderbird), Red Hat (thunderbird), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird), SUSE (dbus-1, libvirt, linuxptp, qemu, and slurm), and Ubuntu (aspell and mysql-5.7, mysql-8.0).

One of the fundamental invariants of computing is that, regardless of howmuch memory is installed in a system, it is never enough. This isespecially true of systems with tight performance constraints, where everypage of memory is allocated and in use, making it difficult to findmore when it is badly needed. One way to make more memoryavailable is to kill one or more processes, freeing their resources forother users. But that often does not work as quickly or reliably as userswould like. In an attempt to improve the situation, Suren Baghdasaryan hasproposedthe addition of a system call named process_mrelease().

Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).

The third 5.14 kernel prepatch is out fortesting.

The5.13.5,5.10.53, and5.4.135stable kernels have been released; each contains another set of importantfixes.

After a long pause, the K-9 Android mail client project has released version5.800. "The user interface has been redesigned. Some of you willlove it, some will hate it. You’re welcome and we're sorry." There arealso a number of improvements to make background operation work better oncurrent Android systems.

The DAMON patch set was first covered herein early 2020; this work, now in its34th revision, enables the efficient collection of information aboutmemory-usage patterns on Linux systems. That data can then be used toinfluence the kernel's memory-management subsystem; one possible way to dothat is to more aggressively reclaim memory that is not being used. Tothat end, DAMON author SeongJae Park is proposing aDAMON-based mechanism to perform user-controllable proactive reclaim.

Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libpano13, linux-hardened, linux-lts, linux-zen, nvidia-utils, opera, systemd, and virtualbox), CentOS (java-11-openjdk and kernel), Debian (lemonldap-ng), Fedora (curl and podman), Gentoo (icedtea-web and velocity), openSUSE (bluez, go1.15, go1.16, kernel, thunderbird, transfig, and wireshark), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and kernel-container), SUSE (bluez, curl, kernel, qemu, thunderbird, transfig, and wireshark), and Ubuntu (curl).

Disagreements over which patches should find their way into stable updatesare not new — or uncommon. So when the topic came up again recently, therewas little reason to expect anything but more of the same. And, for themost part, that is what ensued but, in this exchange, we were also able tosee the core issue that drives these discussions. There are, in theend, two fundamentally different views of what the stable tree should be.

Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and systemd), openSUSE (caribou, chromium, curl, and qemu), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and systemd), Slackware (curl), SUSE (curl, kernel, linuxptp, python-pip, and qemu), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).

The LWN.net Weekly Edition for July 22, 2021 is available.

A local root hole in the Linux kernel, called Sequoia, was disclosedby Qualys on July 20. A full system compromise is possible untilthe kernel is patched (or mitigations that may not be fully effective are applied). Atits core, the vulnerability relies on a path through the kernel where64-bit size_t values are "converted" to signed integers, which effectivelyresults in an overflow. The flaw was reported to Red Hat on June 9,along with a localsystemddenial-of-service vulnerability, leading to a kernel crash, found at the same time.Systems with untrusted local users need updates for both problems applied as soon asthey are available—out ofan abundance of caution, other systems likely should be updated as well.

Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc, java-1.8.0-openjdk, java-11-openjdk, kernel, kernel-rt, kpatch-patch, libldb, perl, RHV-H, rpm, shim and fwupd, and systemd), Slackware (kernel), SUSE (caribou, containerd, crmsh, curl, dbus-1, kernel, qemu, and systemd), and Ubuntu (binutils, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-lts-xenial, linux-kvm, linux-oracle, linux-raspi, linux-raspi2-5.3, linux-oem-5.10, nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-460, nvidia-graphics-drivers-460-server, nvidia-graphics-drivers-470, and systemd).

Alyssa Rosenzweig goesinto the details of the reverse-engineering of the Mali "Valhall" GPUinstruction set.

There is a lot of buzz around the Rust programming language thesedays—which strikes some folks as irritating, ridiculous, or both. But theidea of a low-level language that can replace C, with fewer built-in security pitfalls, isattractive for any number of projects. Recently, the Tor Project announced the Arti project as acomplete Rust rewrite of Tor's core protocols, which provideinternet privacy and anonymity. In addition, Tor announced that Arti received a grantto support its development over the next year or so.

The Stockfish project, whichdistributes a chess engine under GPLv3, has announcedthe filing of a GPL-enforcement lawsuit against ChessBase, which has been(and evidently still is) distributing proprietary versions of the Stockfishcode.

The5.13.4,5.12.19,5.10.52,5.4.134,4.19.198,4.14.240,4.9.276, and4.4.276stable updates have all been released. These are relatively large updatesonce again, and they include the fix for the just-disclosed local root vulnerability. Note that the5.12.x series ends with the 5.12.19 release.

Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd).

Commit 8cae8cd89f05went into the mainline kernel repository on July 19; it puts a limiton the size of buffers allocated in the seq_file mechanism and mentions "intoverflow pitfalls". For more information, look to thisQualys advisory describing the vulnerability:

The lowly file descriptor is one of the fundamental objects in Linuxsystems. A file descriptor, which is a simple integer value, can refer to anopen file — or to a network connection, a running process, a loaded BPFprogram, or a namespace. Over the years, the use of file descriptors to refer to transient objectshas grown to the point that it can be difficult to justify an API thatuses anything else. Interestingly, though, the io_uring subsystem looks as if it is movingtoward its own number space separate from file descriptors.

As an example of what a "real" device driver in Rust would look like,Wedson Almeida Filho has posteda translation of the PL061 GPIO driver alongside the original. Forease of reading, the resulting HTML has been reformatted a bit and placedbelow; viewing in a wide window is recommended.