LWN.net

The Firefox86.0 release is out. New features this time include picture-in-picturevideo and "totalcookie protection", which appears to be a way to allow third-partycookies while preserving some privacy.

Security updates have been issued by Arch Linux (connman, firejail, kernel, python-django, roundcubemail, and wpa_supplicant), Fedora (gdk-pixbuf2 and gdk-pixbuf2-xlib), openSUSE (python3 and tomcat), Scientific Linux (xterm), SUSE (postgresql12 and postgresql13), and Ubuntu (gdk-pixbuf, openldap, python-django, and qemu).

The beginning of the 5.12 merge window was delayed as the result of severeweather in the US Pacific Northwest. Once Linus Torvalds got going, though, hewasted little time; as of this writing, just over 8,600 non-mergechangesets have been pulled into the mainline repository for the 5.12release — over a period of about two days. As one might imagine, that workcontains a long list of significant changes.

Matthew Garrett recently posted apatch set enabling hibernation on systems that are running in the UEFIsecure-boot lockdown mode. This blog entry getsinto the details of how it all works. "When we encrypt material withthe TPM, we can ask it to record the PCR state. This is given back to us asmetadata accompanying the encrypted secret. Along with the metadata is anadditional signature created by the TPM, which can be used to prove thatthe metadata is both legitimate and associated with this specific encrypteddata. In our case, that means we know what the value of PCR 23 was when weencrypted the key. That means that if we simply extend PCR 23 with a knownvalue in-kernel before encrypting our key, we can look at the value of PCR23 in the metadata. If it matches, the key was encrypted by the kernel -userland can create its own key, but it has no way to extend PCR 23 to theappropriate value first. We now know that the key was generated by thekernel."

Version 19 ofthe Kodi "entertainment center" application is out with a long list of newfeatures.For audio and music lovers, there are significant improvements across theboard to metadata handling: library improvements, new tags, new displays,improvements to how Kodi handles release dates, album durations, multi-discsets, and more. There's a new, Matrix-inspired visualisation, there areimprovements to display when fetching files from a web server, and severalchanges to how audio decoder addons can pass information through to theKodi player.For video, most of the changes are more technical, and may depend on yourhardware: AV1 software decoding, HLG HDR and static HDR10 playback onWindows 10, static HDR10 and dynamic Dolby Vision HDR support on Android,and more OpenGL bicubic scalers.

Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).

Lockless algorithms are of interest for the Linux kernel when traditionallocking primitives either cannot be used or are not performant enough.For this reason they come up every now and then on LWN; one of the lastmentions, which prompted me to write this article series, was last July.Topics that arise even more frequently are read-copy-update (RCU — thesearticles from 2007 are still highly relevant), reference counting, andways of wrapping lockless primitives into higher-level,more easily understood APIs. These articles will delve into the conceptsbehind lockless algorithms and how they are used in the kernel.

Security updates have been issued by Debian (bind9, libbsd, openssl1.0, php-horde-text-filter, qemu, and unrar-free), Fedora (kiwix-desktop and libntlm), Mageia (coturn, mediawiki, privoxy, and veracrypt), openSUSE (buildah, libcontainers-common, podman), Oracle (kernel, nss, and perl), Red Hat (xterm), SUSE (java-1_7_1-ibm, php74, python-urllib3, and qemu), and Ubuntu (libjackson-json-java and shiro).

The copy_file_range()system call looks like a relatively straightforward feature; it allowsuser space to ask the kernel to copy a range of data from one file toanother, hopefully applying some optimizations along the way. In truth,this call has never been as generic as it seems, though some changes madeduring 5.3 helped in that regard. When the developers of the Go languageran into problems with copy_file_range(), there ensued a lengthydiscussion on how this system call should work and whether the kernel needsto do more to make it useful.

Security updates have been issued by Debian (mumble, openssl, php7.3, and webkit2gtk), openSUSE (jasper, php7, and screen), SUSE (bind, php7, and php72), and Ubuntu (bind9, openssl, openssl1.0, and webkit2gtk).

The Google Security Blog carries anannouncement of a heightened effort to reimplement security-criticalsoftware in memory-safe languages. "The new Rust-based HTTP and TLSbackends for curl and now this new TLS library for Apache httpd are animportant starting point in this overall effort. These codebases sit at thegateway to the internet and their security is critical in the protection ofdata for millions of users worldwide."

The LWN.net Weekly Edition for February 18, 2021 is available.

The venerable locatefile-finding utility has long been available for Linux systems, though itsorigins are in the BSD world. It is a generally useful tool, but does havea cost beyond just the disk space it occupies in the filesystem; there is aperiodic daemon program (updatedb)that runs to keep the file-name database up to date. As a recentdebian-devel discussion shows, though, people have differing ideas ofjust how important the tool is—and whether it should be part of the default installation of Debian.

The5.10.17 and5.4.99stable kernel updates have been released; they both contain another set ofimportant fixes.

Security updates have been issued by Debian (openssl and ruby-mechanize), Fedora (chromium, jasper, roundcubemail, spice-vdagent, and webkit2gtk3), openSUSE (python-bottle), Oracle (dotnet, kernel, and kernel-container), Red Hat (redhat-ds:11, RHDM, and RHPAM), SUSE (jasper, kernel, and screen), and Ubuntu (thunderbird and wpa).

Version 1.16 of the Golanguage is available. New features include an "embed" package, Apple Arm64support, use of modules by default, and build-performance improvements; seethe release notes for details.

On February 4, millions of browser tabs weresuddenly terminated. Not everyone was surprised; the dozen people who spent the lastfour months waiting for this tragedy to occur watched in relief as thefirst in a rapid stream of GitHubcomments began pouring in. The Great Suspender, a Chrome extension that suspended inactive tabs,with around two-million users, had been forcibly uninstalled because it containedmalware. This was a serious problem for users, in part due to the difficulty inrecovering the lost tabs, but the extension's malevolence had beenpainfully obvious to anyone who cared to investigate it.

Those of us who are watching the mainline kernel repository may have beenwondering why it appears that no pull requests for the 5.12 merge windowhave yet been acted upon. The problem, it seems, is power outages causedby the severe winter weather in the US Pacific northwest. Until that getsresolved, which could take a few days, the 5.12 merge window is likely toremain on hold.

Security updates have been issued by Debian (spip), Mageia (chromium-browser, kernel, kernel-linus, and trojita), openSUSE (mumble and opera), Red Hat (container-tools:rhel8, java-1.8.0-ibm, kernel, kernel-rt, net-snmp, nodejs:10, nodejs:12, nodejs:14, nss, perl, python, and rh-nodejs10-nodejs), and SUSE (jasper, python-bottle, and python-urllib3).

The 5.11 kernel was released on February 14 — the most romanticsort of Valentine's day gift one could hope for. This kernel saw themerging of 14,340 changesets from 1,912 developers; it is certainlynot the busiest development cycle we have seen recently, but it still saw alot of activity. Read on for our traditional look at where the code mergedfor 5.11 came from.

Security updates have been issued by Debian (busybox, linux-4.19, openvswitch, subversion, unbound1.9, and xterm), Fedora (audacity, community-mysql, kernel, libzypp, mysql-connector-odbc, python-django, python3.10, and zypper), openSUSE (librepo, openvswitch, subversion, and wpa_supplicant), Red Hat (subversion:1.10), SUSE (kernel, openvswitch, perl-File-Path, and wpa_supplicant), and Ubuntu (postgresql-12).

Linus has released the 5.11 kernel, asexpected. "I know it's Valentine's Day here in theUS - maybe give this release a good testing before you go back andplay with development kernels. All right? Because I'm sure your SOwill understand."Headline features in 5.11 includeIntel SGX support,a new system-call interception mechanism,the seccomp() constant-actionbitmap optimization,the internal kmap_local() API,the epoll_pwait2() system call,and much more.See the LWN merge-window articles(part 1,part 2) and the (under development) KernelNewbies 5.11 page formore information.

The5.10.16,5.4.98,and 4.19.176stable kernel updates have been released; each contains another set ofimportant fixes.

A briefpost on the Gentoo site is in memory of Kent "kent\n" Frederic."Kent was an active member of the Gentoo community for many years. He tirelessly managed Gentoo’s Perl support, and was active in the Rust project as well as in many other corners. We all remember him as an enthusiastic, bright person, with lots of eye for detail and constant willingness to help out and improve things. On behalf of the world-wide Gentoo community, our heartfelt condolences go out to his family and friends."

Seen from outside, the internals of the Linux kernel appear to be stable,especially in subsystems like the memory-management subsystem. However,from time to time, developers need to replace an internalinterface to solve a longstanding problem. One suchissue is contention on the lock used to protect essentialmemory-management structures, including the page tables and virtual memory areas(VMAs). Liam Howlett and Matthew Wilcox have been developing a newdata structure, called a "maple tree", to replace the data structurescurrently used for VMAs. This potentially big change in internal kernelstructures has been recently postedfor a review in a massive patch set.

Security updates have been issued by Arch Linux (ansible, chromium, cups, docker, firefox, gitlab, glibc, helm, lib32-glibc, minio, nextcloud, opendoas, opera, php, php7, privoxy, python-django, python-jinja, python2-jinja, thunderbird, vivaldi, and wireshark-cli), Fedora (jasper, linux-firmware, php, python-cryptography, spice-vdagent, subversion, and thunderbird), Mageia (gssproxy and phpldapadmin), openSUSE (chromium, containerd, docker, docker-runc,, librepo, nextcloud, and privoxy), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, kernel, openvswitch, and wpa_supplicant), and Ubuntu (wpa).

Given the large set of system calls implemented by the Linux kernel, itwould not be surprising for most people to be unfamiliar with a few ofthem. Not everybody needs to know the details ofsetresgid(),modify_ldt(),orlookup_dcookie(),after all. But even developers who have a wide understanding of the Linuxsystem-call set may be surprised by kcmp(),which is not enabled by default in the kernel build. It would seem,though, that the word has gotten out, leading to an effort to makekcmp() more widely available.

Security updates have been issued by Debian (firejail and netty), Fedora (java-1.8.0-openjdk, java-11-openjdk, rubygem-mechanize, and xpdf), Mageia (gstreamer1.0-plugins-bad, nethack, and perl-Email-MIME and perl-Email-MIME-ContentType), openSUSE (firejail, java-11-openjdk, python, and rclone), Red Hat (dotnet, dotnet3.1, dotnet5.0, and rh-nodejs12-nodejs), SUSE (firefox, kernel, python, python36, and subversion), and Ubuntu (gnome-autoar, junit4, openvswitch, postsrsd, and sqlite3).

Version1.50.0 of the Rust language has been released. "For thisrelease, we have improved array indexing, expanded safe access to unionfields, and added to the standard library."

The LWN.net Weekly Edition for February 11, 2021 is available.

There is always a certain amount of tension between the goals of thoseusing older, less-popular architectures and the goals of projects targetingmore mainstream users and systems. In many ways, our community has beenspoiled by the number of architectures supported by GCC, but a lot of newsoftware is not being written in C—and existing software is migrating awayfrom it. The Rust language isoften the choice these days for both new and existing code bases, but it isbuilt with LLVM, which supports fewer architectures than GCCsupports—and Linux runs on. So the question that arises is how much these older, non-Rustyarchitectures should be able to hold back future development; the answer,in several places now, has been "not much".

The world wide web is truly a wondrous invention, but it is not withoutflaws. There are massive privacy woes that stem from its standards andimplementation; it is also so fiendishly complex that few can truly grokall of its expanse. That complexity affords enormous flexibility, for goodor ill.Those who are looking for a simpler way to exchangeinformation—or hearken back to web prehistory—may find the Gemini project worth a look.

Security updates have been issued by Debian (connman, firejail, libzstd, slirp, and xcftools), Fedora (chromium, jackson-databind, and privoxy), openSUSE (chromium), Oracle (kernel and kernel-container), Slackware (dnsmasq), SUSE (java-11-openjdk, kernel, and python), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oem-5.6, linux-oracle, linux-raspi, linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3, openjdk-8, openjdk-lts, and snapd).

The latest set of stable kernel updates is5.10.15,5.4.97,4.19.175,4.14.221,4.9.257, and4.4.257.Each contains another set of important fixes.

Google Open Source has announcedthe 2021 edition of Season ofDocs. "In 2021, the Season of Docs program will continue tosupport better documentation in open source and provide opportunities forskilled technical writers to gain open source experience. In addition,building on what we’ve learned from the successful 2019 and 2020 projects,we’re expanding our focus to include learning about effective metrics forevaluating open source documentation." Open source organizations mayapply to take part in Season of Docs until March 26.

Daniel Jordan looks atktest on the Oracle Linux blog. "Where ktest is especiallyuseful, though, is in its ability to do these things for each patch in aseries, thereby freeing you from a significant amount of tedium. For yourchosen configs, the series will be cleanly bisectable and won't triggerupstream build bots with easily avoided errors and warningsmid-series. (Those bots are nice for less common configs though.) Codereviewers' moods improve too because each patch will stand alone with allthe necessary code."

The Python steering council has, after some discussion, accepted thecontroversial proposal to add apattern-matching primitive to the language."We acknowledge thatPattern Matching is an extensive change to Python and that reachingconsensus across the entire community is close to impossible. Differentpeople have reservations or concerns around different aspects of thesemantics and the syntax (as does the Steering Council). In spite of this,after much deliberation, reviewing all conversations around these PEPs, aswell as competing proposals and existing poll results, and after severalin-person discussions with the PEP authors, we are confident that PatternMatching as specified in PEP 634, et al, will be a great addition to thePython language."

Security updates have been issued by CentOS (flatpak), Debian (connman, golang-1.11, and openjpeg2), Fedora (pngcheck), Mageia (php, phppgadmin, and wpa_supplicant), openSUSE (privoxy), Oracle (flatpak and kernel), Red Hat (qemu-kvm-rhev), SUSE (kernel, python-urllib3, and python3), and Ubuntu (firefox).

Kees Cook catchesup with the security-related changes in the 5.8 kernel release."With this in place, Jump-Oriented Programming (JOP, where codegadgets are chained together with jumps and calls) is no longer availableto the attacker. An attacker’s code must make direct function calls. Thisbasically reduces the 'usable' code available to an attacker from everyword in the kernel text to only function entries (or jump targets). This isa 'low granularity' forward-edge Control Flow Integrity (CFI) feature,which is important (since it greatly reduces the potential targets that canbe used in an attack) and cheap (implemented in hardware). It’s a goodfirst step to strong CFI, but (as we’ve seen with things like CFG) it isn’tusually strong enough to stop a motivated attacker."

The newly formed Rust Foundation has announcedits existence. "Today, on behalf of the Rust Core team, I’mexcited to announce the Rust Foundation, a new independent non-profitorganization to steward the Rust programming language and ecosystem, with aunique focus on supporting the set of maintainers that govern and developthe project. The Rust Foundation will hold its first board meetingtomorrow, February 9th, at 4pm CT. The board of directors is composed of 5directors from our Founding member companies, AWS, Huawei, Google,Microsoft, and Mozilla, as well as 5 directors from project leadership, 2representing the Core Team, as well as 3 project areas: Reliability,Quality, and Collaboration." Mozilla has transferred its trademarksand domains for Rust over to the foundation.

The kernel's CFS bandwidth controller is an effective way of controllingjust how much CPU time is available to each control group. It can keepprocesses from consuming too much CPU time and ensure that adequate time isavailable for all processes that need it. That said, it's not entirelysurprising that the bandwidth controller is not perfect for every workload out there. Thispatch set from Huaixin Chang aims to make it work better for bursty,latency-sensitive workloads.

Stable kernels 5.10.14, 5.4.96, 4.19.174, and 4.14.220 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (chromium, gdisk, intel-microcode, privoxy, and wireshark), Fedora (mingw-binutils, mingw-jasper, mingw-SDL2, php, python-pygments, python3.10, wireshark, wpa_supplicant, and zeromq), Mageia (gdisk and tomcat), openSUSE (chromium, cups, kernel, nextcloud, openvswitch, RT kernel, and rubygem-nokogiri), SUSE (nutch-core), and Ubuntu (openldap, php-pear, and qemu).

The 5.11-rc7 kernel prepatch is out fortesting. "Anyway, this is hopefully the last rc for this release, unless somesurprise comes along and makes a travesty of our carefully laid plans.It happens.Nothing hugely scary stands out, with the biggest single part of thepatch being some new self-tests. In fact, about a quarter of the patchis documentation and selftests."

Greg Kroah-Hartman has released the 4.9.256and 4.4.256 in order to try to figure outif there are any user-space problems caused by the overflow of the minor version number for thosestable-kernel series. "With this release, KERNEL_VERSION(4, 9, 256) is the same as KERNEL_VERSION(4, 10, 0).Nothing in the kernel build itself breaks with this change, but given that thisis a userspace visible change, and some crazy tools (like glibc and gcc) havelogic that checks the kernel version for different reasons, I wanted to do thisrelease as an 'empty' release to ensure that everything still worksproperly." Those who could be affected would be well-advised totest this change immediately as he plans another 4.9 release in aweek's time.

As has often been pointed out, the stable-kernel releases are meant to bestable; that means they should be even more averse to ABI breaks thanmainline releases, if that is possible. This may be a hard promise to keepfor the next set of stable kernels, though, for the most mundane ofreasons: nobody thought that there would be more than 255 minor updates toany given kernel release.

Security updates have been issued by Fedora (java-11-openjdk, kernel, and monitorix), Mageia (mutt, nodejs, and nodejs-ini), Oracle (flatpak, glibc, and kernel), Red Hat (rh-nodejs14-nodejs), Scientific Linux (flatpak), and Ubuntu (flatpak and minidlna).

Of all the system calls in the Unix tradition, few are as maligned as ioctl().But ioctl() exists for a reason — for many reasons, in truth — andcannot be expected to go away anytime soon. It is thus unsurprising thatthere is interest in providing ioctl()-like functionality in theio_uring subsystem. A recent RFC patch setfrom Jens Axboe shows the form that this feature might take in theio_uring context.

Security updates have been issued by CentOS (glibc, linux-firmware, perl, and qemu-kvm), Debian (dnsmasq), Fedora (netpbm), Mageia (firefox, messagelib, python and python3, ruby-nokogiri, and thunderbird), Oracle (kernel, perl, and qemu-kvm), Red Hat (flatpak), and SUSE (openvswitch and python-urllib3).

The LWN.net Weekly Edition for February 4, 2021 is available.