All posts by corbet

[$] Strict memcpy() bounds checking for the kernel

Post Syndicated from corbet original

The C programming language is famously prone to memory-safety problems
that lead to buffer overflows and a seemingly endless stream of security
vulnerabilities. But, even in C, it is possible to improve the
situation in many cases. One of those is the memcpy() family of
functions, which are used to efficiently copy or overwrite blocks of
memory; with a bit of help from the compiler, those functions can be
prevented from writing past the end of the
destination object they are passed. Enforcing that condition in the kernel
is harder than one might expect, though, as this
massive patch set
from Kees Cook shows.

The GNU C Library copyright-assignment policy changes

Post Syndicated from corbet original

The change in copyright-assignment policy proposed in June for the GNU C Library project
has now
been adopted

The changes to accept patches with or without FSF copyright
assignment will be effective after August 2nd, and will apply to
all open branches. Code shared with other GNU packages via Gnulib
will continue to require assignment to the FSF.

The library will continue to be licensed under the GNU Lesser Public
License v2.1 or later.

[$] Hole punching races against page-cache filling

Post Syndicated from corbet original

Filesystem developers tend to disagree with each other about many things,
but they are nearly unanimous in their dislike for the truncate()
system call, which chops data off the end of a file. Implementing
truncate() tends to be full of traps for the unwary — the kind of
traps that can lead to lost data. But it turns out that a similar
operation, called “hole punching”, may be worse. This operation has been
subject to difficult-to-hit but real race conditions in many filesystems
for years; this
patch set from Jan Kara
may finally be at a point where it can fill the
hole in hole punching.

[$] Hastening process cleanup with process_mrelease()

Post Syndicated from corbet original

One of the fundamental invariants of computing is that, regardless of how
much memory is installed in a system, it is never enough. This is
especially true of systems with tight performance constraints, where every
page of memory is allocated and in use, making it difficult to find
more when it is badly needed. One way to make more memory
available is to kill one or more processes, freeing their resources for
other users. But that often does not work as quickly or reliably as users
would like. In an attempt to improve the situation, Suren Baghdasaryan has
the addition of a system call named process_mrelease().

[$] Using DAMON for proactive reclaim

Post Syndicated from corbet original

The DAMON patch set was first covered here
in early 2020; this work, now in its
34th revision
, enables the efficient collection of information about
memory-usage patterns on Linux systems. That data can then be used to
influence the kernel’s memory-management subsystem; one possible way to do
that is to more aggressively reclaim memory that is not being used. To
that end, DAMON author SeongJae Park is proposing a
DAMON-based mechanism
to perform user-controllable proactive reclaim.

[$] The core of the -stable debate

Post Syndicated from corbet original

Disagreements over which patches should find their way into stable updates
are not new — or uncommon. So when the topic came up again recently, there
was little reason to expect anything but more of the same. And, for the
most part, that is what ensued but, in this exchange, we were also able to
see the core issue that drives these discussions. There are, in the
end, two fundamentally different views of what the stable tree should be.

Rosenzweig: Reverse-engineering the Mali G78

Post Syndicated from corbet original

Alyssa Rosenzweig goes
into the details
of the reverse-engineering of the Mali “Valhall” GPU
instruction set.

Valhall linearizes Bifrost, removing the Very Long Instruction Word
mechanisms of its predecessors. Valhall replaces the compiler’s
static scheduling with hardware dynamic scheduling, trading
additional control hardware for higher average performance. That
means padding with “no operation” instructions is no longer
required, which may decrease code size, promising better
instruction cache use.

A document describing the instruction set has been released, along with an
assembler and disassembler.

Stockfish sues ChessBase

Post Syndicated from corbet original

The Stockfish project, which
distributes a chess engine under GPLv3, has announced
the filing of a GPL-enforcement lawsuit against ChessBase, which has been
(and evidently still is) distributing proprietary versions of the Stockfish

In the past four months, we, supported by a certified copyright and
media law attorney in Germany, went through a long process to
enforce our license. Even though we had our first successes,
leading to a recall of the Fat Fritz 2 DVD and the termination of
the sales of Houdini 6, we were unable to finalize our dispute out
of court. Due to Chessbase’s repeated license violations, leading
developers of Stockfish have terminated their GPL license with
ChessBase permanently. However, ChessBase is ignoring the fact that
they no longer have the right to distribute Stockfish, modified or
unmodified, as part of their products.

A local root kernel vulnerability

Post Syndicated from corbet original

Commit 8cae8cd89f05
went into the mainline kernel repository on July 19; it puts a limit
on the size of
buffers allocated in the seq_file mechanism and mentions “int
overflow pitfalls
“. For more information, look to this
Qualys advisory
describing the vulnerability:

We discovered a size_t-to-int conversion vulnerability in the Linux
kernel’s filesystem layer: by creating, mounting, and deleting a
deep directory structure whose total path length exceeds 1GB, an
unprivileged local attacker can write the 10-byte string
“//deleted” to an offset of exactly -2GB-10B below the beginning of
a vmalloc()ated kernel buffer.

It may not sound like much, but they claim to have written exploits for a
number of Ubuntu, Debian, and Fedora distributions. Updates from
distributors are already flowing, and this patch has been fast-tracked into
today’s stable kernel updates as well.

[$] Descriptorless files for io_uring

Post Syndicated from corbet original

The lowly file descriptor is one of the fundamental objects in Linux
systems. A file descriptor, which is a simple integer value, can refer to an
open file — or to a network connection, a running process, a loaded BPF
program, or a namespace.
Over the years, the use of file descriptors to refer to transient objects
has grown to the point that it can be difficult to justify an API that
uses anything else. Interestingly, though, the io_uring subsystem looks as if it is moving
toward its own number space separate from file descriptors.

Kernel prepatch 5.14-rc2

Post Syndicated from corbet original

The 5.14-rc2 kernel prepatch is out for
testing. Linus says:

At least in pure number of commits, this is the biggest rc2 we’ve
had during the 5.x cycle. Whether that is meaningful or not, who
knows – it might be just random timing effects, or it might
indicate that this release is not going to be one of those nice and
calm ones. We’ll just have to wait and see.

In total, 421 non-merge changesets were pulled into the mainline between
-rc1 and -rc2.

[$] NUMA policy and memory types

Post Syndicated from corbet original

Non-uniform memory access (NUMA) systems have an architecture that attaches
memory to “nodes” within the system. CPUs, too, belong to nodes; memory
that is attached to the same node as a CPU will be faster to access (from
that CPU) than memory on other nodes. This aspect of performance has
important implications for programs running on NUMA systems, and the kernel
offers a number of ways for user space to optimize their behavior. The NUMA
abstraction is now being extended, though, and that is driving a need for
new ways of influencing memory allocation; the multi-preference
memory policy
patch set is an attempt to meet that need.