All posts by corbet

[$] A RDRAND followup

Post Syndicated from corbet original https://lwn.net/Articles/963281/

In a recent episode, “Pitchforks for RDSEED“,
we learned that there was some uncertainty around whether hardware-based
random-number generators on x86 CPUs could fail. Since the consequences of
failure in some situations (confidential-computing applications in
particular) can be catastrophic, there was some concern about this prospect
and what to do about it. Since then, the situation has come a bit more
into focus, and there would appear to be an agreed-upon plan for changes to
be made to the kernel.

Kernel prepatch 6.8-rc6

Post Syndicated from corbet original https://lwn.net/Articles/963589/

Linus has released 6.8-rc6 for testing.

Last week I said that I was hoping things would calm down a bit.
Technically things did calm down a bit, and rc6 is smaller than rc5
was. But not by a huge amount, and honestly, while there’s nothing
really alarming here, there’s more here than I would really like at
this point in the release.

So this may end up being one of those releases that get an
rc8. We’ll see.

[$] When ELF notes reveal too much

Post Syndicated from corbet original https://lwn.net/Articles/962782/

The Linux kernel uses a number of hardening techniques to try to protect
itself against compromise; one of those is kernel address-space layout
randomization (KASLR). But randomization is of little benefit if the
kernel spills the beans on where its code has ended up. As it happens, the
kernel has been doing exactly that — since 2007, in a behavior that
predates the addition of KASLR. Some changes are in the
works to close that hole, but it is illustrative of just how hard some
secrets are to keep.

Security updates for Wednesday

Post Syndicated from corbet original https://lwn.net/Articles/963035/

Security updates have been issued by CentOS (linux-firmware and python-reportlab), Debian (unbound), Fedora (freeglut and syncthing), Red Hat (edk2, go-toolset:rhel8, java-1.8.0-ibm, kernel, kernel-rt, mysql:8.0, oniguruma, and python-pillow), Slackware (libuv and mozilla), SUSE (abseil-cpp, grpc, opencensus-proto, protobuf, python- abseil, python-grpcio, re2, bind, dpdk, firefox, hdf5, libssh, libssh2_org, libxml2, mozilla-nss, openssl-1_1, openvswitch, postgresql12, postgresql13, postgresql14, postgresql15, postgresql16, python-aiohttp, python-time-machine, python-pycryptodomex, runc, and webkit2gtk3), and Ubuntu (kernel, libspf2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, and linux, linux-aws, linux-kvm, linux-lts-xenial).

The “KeyTrap” DNS vulnerability

Post Syndicated from corbet original https://lwn.net/Articles/962924/

DNS resolvers (those that handle DNSSEC, at least) are almost uniformly
vulnerable to an exploit
that has been named “KeyTrap”. In short, the right type of packet can
send a DNS system into something close to an infinite loop, taking it out
of service indefinitely.

With just a single DNS packet, hackers could paralyze all common
DNS implementations and public DNS providers. Exploiting this
attack would have serious consequences for any application that
uses the internet, including the unavailability of technologies
such as web browsers, email and instant messaging. This devastating
effect prompted major DNS vendors to call KeyTrap “The worst attack
on DNS ever discovered”

Some more information and pointers to updates can be found on the
CVE-2023-50387 page; some distributors have been faster to get updates
out than others.

(Thanks to Dave Täht).

Righi: Writing a scheduler for Linux in Rust that runs in user-space

Post Syndicated from corbet original https://lwn.net/Articles/962897/

Andrea Righi has started
a blog series on writing a user-space CPU scheduler with the BPF-based
extensible scheduler class:

.select_cpu() implements the logic to assign a target CPU to a task
that wants to run, typically you have to decide if you want to keep
the task on the same CPU or if it needs to be migrated to a
different one (for example if the current CPU is busy); if we can
find an idle CPU at this stage there’s no reason to call the
scheduler, the task can be immediately dispatched here.

Security updates for Tuesday

Post Syndicated from corbet original https://lwn.net/Articles/962881/

Security updates have been issued by Fedora (freeglut, hugin, libmodsecurity, qemu, rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git-absorb, rust-git-delta, rust-git2, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, and rust-vergen), Mageia (packages, radare2, ruby-rack, and wireshark), Oracle (.NET 8.0 and python-pillow), Red Hat (gimp:2.8, java-1.8.0-ibm, and kpatch-patch), SUSE (dpdk and opera), and Ubuntu (bind9, curl, linux-raspi, linux-raspi-5.4, node-ip, and tiff).

[$] Windows NT synchronization primitives for Linux

Post Syndicated from corbet original https://lwn.net/Articles/961884/

The futex
mechanism provided by the kernel allows for the creation of efficient and
flexible locking primitives in user space. Futexes work well for many
applications, but not all. One of the exceptions, it seems, is that
perennially difficult-to-support use case: Windows games. With
this
patch series, Elizabeth Figura seeks to provide the sort of locking
that those games need, by way of a special-purpose virtual device.

Rowley: What’s new in the Postgres 16 query planner / optimizer

Post Syndicated from corbet original https://lwn.net/Articles/961545/

David Rowley looks
deeply into the improvements coming to the query planner in
PostgreSQL 16.

For a long time now, PostgreSQL has been able to remove a LEFT JOIN
where no column from the left joined table was required in the
query and the join could not possibly duplicate any rows.

However, in versions prior to PostgreSQL 16, there was no support
for left join removals on partitioned tables. Why? Because the
proofs that the planner uses to determine if there’s any
possibility any inner-side row could duplicate any outer-side row
were not present for partitioned tables.

The PostgreSQL 16 query planner now allows the LEFT JOIN removal
optimization with partitioned tables.

Brennan: What’s Inside a Linux Kernel Core Dump

Post Syndicated from corbet original https://lwn.net/Articles/961414/

Stephen Brennan describes
kernel core dumps in excruciating detail.

Kernel core dumps are complex. They are not simply copies of system
memory; they contain plenty of extra metadata which is critical to
understanding their contents. And like any other type of data, the
design of the file formats can enable lots of flexibility and
power. However, due to the broad variety of tools out there, the
diversity of dump formats is overwhelming, and the lack of
documentation or specifications compounds the problem.

A new CEO for Mozilla

Post Syndicated from corbet original https://lwn.net/Articles/961359/

Mitchell Baker has announced
that she is stepping down from the role of Mozilla CEO, effective
immediately. Laura Chambers will be the new CEO “for the remainder of
the year“.

We’re at a critical juncture where public trust in institutions,
governments, and the fabric of the internet has reached
unprecedented lows. There’s a tectonic shift underway as everyone
battles to own the future of AI. It is Mozilla’s opportunity and
imperative to forge a better future. I’m excited about Laura’s
day-to-day involvement and the chance for Mozilla to achieve
more. Our power lies in the collective effort of people
contributing to something better and I’m eager for Mozilla to meet
the needs of this era more fully.

[$] Pitchforks for RDSEED

Post Syndicated from corbet original https://lwn.net/Articles/961121/

The generation of random (or, at least, unpredictable) numbers is key to
many security technologies. For this reason, the provision of random data
as a CPU feature has drawn a lot of attention over the years. A proper
hardware-based random-number generator can address the problems that make
randomness hard to obtain in some systems, but only if the manufacturer can
be trusted to not have compromised that generator in some way. A recent
discussion has brought to light a different problem, though: what happens
if a hardware random-number generator can be simply driven into exhaustion?

Glibc becomes a CVE Numbering Authority

Post Syndicated from corbet original https://lwn.net/Articles/961355/

The GNU C Library project has
been accepted as a CVE Numbering Authority (CNA), meaning that the
project is now in control of the CVE numbers assigned to its code.

As a CNA the glibc security team will be working to improve the
quality and response time of security advisories and mitigations.

Over the coming months, the glibc security team will define the
process for the CNA and establish best practices that can also be
used by the rest of the GNU Toolchain.

See this article for some background on
this change.

Please welcome Joe Brockmeier to LWN

Post Syndicated from corbet original https://lwn.net/Articles/961116/

At the beginning of November, we let it be
known that we were looking to hire a writer/editor to augment the LWN
team. In past attempts, we have found it difficult to attract writers who
could produce the kind of content that LWN readers expect. This time
around, as we have said before, was different; we had a number of
candidates who could have filled the bill and were forced to make some
difficult choices.

While “hire them all” was an attractive idea, it was not one that our
budget would support. We did conclude, however, that we could stretch to a
second hire. So we are pleased to announce that the opportunity to bring
Joe Brockmeier on board was too good to pass up — so we didn’t. You will
start to see his work return to LWN within the next few days.