The C programming language is famously prone to memory-safety problems
that lead to buffer overflows and a seemingly endless stream of security
vulnerabilities. But, even in C, it is possible to improve the
situation in many cases. One of those is the memcpy() family of
functions, which are used to efficiently copy or overwrite blocks of
memory; with a bit of help from the compiler, those functions can be
prevented from writing past the end of the
destination object they are passed. Enforcing that condition in the kernel
is harder than one might expect, though, as this
massive patch set from Kees Cook shows.
The changes to accept patches with or without FSF copyright
assignment will be effective after August 2nd, and will apply to
all open branches. Code shared with other GNU packages via Gnulib
will continue to require assignment to the FSF.
The library will continue to be licensed under the GNU Lesser Public
License v2.1 or later.
Filesystem developers tend to disagree with each other about many things,
but they are nearly unanimous in their dislike for the truncate()
system call, which chops data off the end of a file. Implementing truncate() tends to be full of traps for the unwary — the kind of
traps that can lead to lost data. But it turns out that a similar
operation, called “hole punching”, may be worse. This operation has been
subject to difficult-to-hit but real race conditions in many filesystems
for years; this
patch set from Jan Kara may finally be at a point where it can fill the
hole in hole punching.
One of the fundamental invariants of computing is that, regardless of how
much memory is installed in a system, it is never enough. This is
especially true of systems with tight performance constraints, where every
page of memory is allocated and in use, making it difficult to find
more when it is badly needed. One way to make more memory
available is to kill one or more processes, freeing their resources for
other users. But that often does not work as quickly or reliably as users
would like. In an attempt to improve the situation, Suren Baghdasaryan has proposed
the addition of a system call named process_mrelease().
Here we are, a week later. After a relatively big rc2, things seem
to have calmed down and rc3 looks pretty normal. Most of the fixes
here are small, and the diffstat looks largely flat. And there’s
not an undue amount of stuff.
After a long pause, the K-9 Android mail client project has released version
5.800. “The user interface has been redesigned. Some of you will
love it, some will hate it. You’re welcome and sorry.” There are
also a number of improvements to make background operation work better on
current Android systems.
The DAMON patch set was first covered here
in early 2020; this work, now in its
34th revision, enables the efficient collection of information about
memory-usage patterns on Linux systems. That data can then be used to
influence the kernel’s memory-management subsystem; one possible way to do
that is to more aggressively reclaim memory that is not being used. To
that end, DAMON author SeongJae Park is proposing a
DAMON-based mechanism to perform user-controllable proactive reclaim.
Disagreements over which patches should find their way into stable updates
are not new — or uncommon. So when the topic came up again recently, there
was little reason to expect anything but more of the same. And, for the
most part, that is what ensued but, in this exchange, we were also able to
see the core issue that drives these discussions. There are, in the
end, two fundamentally different views of what the stable tree should be.
Alyssa Rosenzweig goes
into the details of the reverse-engineering of the Mali “Valhall” GPU
instruction set.
Valhall linearizes Bifrost, removing the Very Long Instruction Word
mechanisms of its predecessors. Valhall replaces the compiler’s
static scheduling with hardware dynamic scheduling, trading
additional control hardware for higher average performance. That
means padding with “no operation” instructions is no longer
required, which may decrease code size, promising better
instruction cache use.
A document describing the instruction set has been released, along with an
assembler and disassembler.
The Stockfish project, which
distributes a chess engine under GPLv3, has announced
the filing of a GPL-enforcement lawsuit against ChessBase, which has been
(and evidently still is) distributing proprietary versions of the Stockfish
code.
In the past four months, we, supported by a certified copyright and
media law attorney in Germany, went through a long process to
enforce our license. Even though we had our first successes,
leading to a recall of the Fat Fritz 2 DVD and the termination of
the sales of Houdini 6, we were unable to finalize our dispute out
of court. Due to Chessbase’s repeated license violations, leading
developers of Stockfish have terminated their GPL license with
ChessBase permanently. However, ChessBase is ignoring the fact that
they no longer have the right to distribute Stockfish, modified or
unmodified, as part of their products.
Commit 8cae8cd89f05
went into the mainline kernel repository on July 19; it puts a limit
on the size of
buffers allocated in the seq_file mechanism and mentions “int
overflow pitfalls“. For more information, look to this
Qualys advisory describing the vulnerability:
We discovered a size_t-to-int conversion vulnerability in the Linux
kernel’s filesystem layer: by creating, mounting, and deleting a
deep directory structure whose total path length exceeds 1GB, an
unprivileged local attacker can write the 10-byte string
“//deleted” to an offset of exactly -2GB-10B below the beginning of
a vmalloc()ated kernel buffer.
It may not sound like much, but they claim to have written exploits for a
number of Ubuntu, Debian, and Fedora distributions. Updates from
distributors are already flowing, and this patch has been fast-tracked into
today’s stable kernel updates as well.
The lowly file descriptor is one of the fundamental objects in Linux
systems. A file descriptor, which is a simple integer value, can refer to an
open file — or to a network connection, a running process, a loaded BPF
program, or a namespace.
Over the years, the use of file descriptors to refer to transient objects
has grown to the point that it can be difficult to justify an API that
uses anything else. Interestingly, though, the io_uring subsystem looks as if it is moving
toward its own number space separate from file descriptors.
As an example of what a “real” device driver in Rust would look like,
Wedson Almeida Filho has posted
a translation of the PL061 GPIO driver alongside the original. For
ease of reading, the resulting HTML has been reformatted a bit and placed
below; viewing in a wide window is recommended.
The 5.14-rc2 kernel prepatch is out for
testing. Linus says:
At least in pure number of commits, this is the biggest rc2 we’ve
had during the 5.x cycle. Whether that is meaningful or not, who
knows – it might be just random timing effects, or it might
indicate that this release is not going to be one of those nice and
calm ones. We’ll just have to wait and see.
In total, 421 non-merge changesets were pulled into the mainline between
-rc1 and -rc2.
Non-uniform memory access (NUMA) systems have an architecture that attaches
memory to “nodes” within the system. CPUs, too, belong to nodes; memory
that is attached to the same node as a CPU will be faster to access (from
that CPU) than memory on other nodes. This aspect of performance has
important implications for programs running on NUMA systems, and the kernel
offers a number of ways for user space to optimize their behavior. The NUMA
abstraction is now being extended, though, and that is driving a need for
new ways of influencing memory allocation; the multi-preference
memory policy patch set is an attempt to meet that need.
The collective thoughts of the interwebz
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.