Linux Weekly News

There is a newly disclosed set of vulnerabilities in Intel processors that have been given the name Downfall attacks.

Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.

A series of patches has landed in the mainline kernel, including one for gather data sampling mitigation and one to disable the AVX extension on CPUs where microcode mitigation is not available. "This is a *big* hammer. It is known to break buggy userspace that uses incomplete, buggy AVX enumeration."

Not to be left out, AMD processors suffer from a return-stack overflow vulnerability, again exploitable via speculative execution; this patch, also just merged, describes the problem and its mitigation.

Security updates have been issued by Debian (libhtmlcleaner-java and thunderbird), Red Hat (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), Scientific Linux (thunderbird), SUSE (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and Ubuntu (firefox).

The Linux Containers project has announced the addition of Incus, which is a fork of LXD 5.16 started by Aleksa Sarai. Incus was created in response to Canonical's removal of LXD from Linux Containers. After some discussion with Aleksa and a fair bit of encouragement from our community, we have made the decision to take Incus under the umbrella of Linux Containers and will commit to it the infrastructure which was previously made available to LXD.

The goal of Incus is to provide a fully community led alternative to Canonical's LXD as well as providing an opportunity to correct some mistakes that were made during LXD's development which couldn't be corrected without breaking backward compatibility.

In addition to Aleksa, the initial set of maintainers for Incus will include Christian Brauner, Serge Hallyn, Stéphane Graber and Tycho Andersen, effectively including the entire team that once created LXD.

Sourceware, the development home for the GNU toolchain and more, is about to celebrate its 25th anniversary and is looking forward to the next 25 years:

That is why in the last couple of years we have started to diversify our hardware partners, setup new services using containers and isolated VMs, investigated secure supply chain issues, added redundant mirrors, created a non-profit home, collected funds, invested in open communication, open office hours and introduced community oversight by a Sourceware Project Leadership Committee with the help from the Software Freedom Conservancy.

Return-oriented programming (ROP) has, for some years now, been a valuable tool for those who would subvert a system's security. It is thus not surprising that a lot of effort has gone into thwarting ROP attacks, which depend on corrupting the call stack with a carefully chosen set of return addresses, at both the hardware and software levels. One result of this work is shadow stacks, which can detect corruption of the call stack, allowing the operating system to react accordingly. The 64-bit Arm implementation of shadow stacks is called "guarded control stack" (GCS); patches implementing support for this feature are currently under discussion.

Security updates have been issued by Debian (burp, chromium, ghostscript, openimageio, pdfcrack, python-werkzeug, thunderbird, and webkit2gtk), Fedora (amanda, libopenmpt, llhttp, samba, seamonkey, and xen), Red Hat (thunderbird), Slackware (mozilla and samba), and SUSE (perl-Net-Netmask, python-Django1, trytond, and virtualbox).

Linus has released 6.5-rc5 for testing. "Things continue to look pretty normal. Not a huge number of commits, and most of the ones here are tiny".

Faith Ekstrand announces on the Collabora blog that NVK, an open-source Vulkan driver for NVIDIA GPUs, will be included in the Mesa 23.3 release.

Merging into mesa/main is certainly a big milestone but NVK is nowhere near finished. It will take a long time before we get the bugs worked out and get a full feature set with reasonable performance. What it does mean is that we're pretty confident in the core of the driver and that we have a good base to build on going forward.

The necessary kernel support is planned for the 6.6 release; this blog post from David Airlie describes the work being done on that side.

Bram Moolenaar, the creator of the vim editor, passed away on August 3. "Bram dedicated a large part of his life to VIM and he was very proud of the VIM community that you are all part of." He will be missed.

The big kernel lock (BKL) is a distant memory now but, for years, it was one of the more intractable problems faced by the kernel development community. The end of the BKL does not mean that the kernel is without problematic locks, however. In recent times, some attention has been paid to the software-interrupt (or "bottom half") lock, which can create latency problems, especially on realtime systems. Frederic Weisbecker is taking a new tack in his campaign to cut this lock down to size, with an approach based on how the BKL was eventually removed.

Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

The kernel community has never had a smooth relationship with the purveyors of proprietary kernel modules. Developers tend to strongly dislike those modules, which cannot be debugged or fixed by anybody other than their creator, and many see them as a violation of the kernel's license and their copyrights on the code. Nonetheless, proprietary modules are tolerated, within bounds. A recent patch from Christoph Hellwig suggests that those bounds are about to be tightened slightly, in a somewhat surprising way.

The 6.4.8, 6.1.43, and 5.15.124 stable kernels have been released. As usual, they contain important fixes throughout the kernel tree.

Security updates have been issued by Debian (linux-5.10), Red Hat (.NET 6.0 and iperf3), Slackware (openssl), SUSE (kernel, mariadb, poppler, and python-Django), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, maradns, openjdk-20, and vim).

The LWN.net Weekly Edition for August 3, 2023 is available.

The Python global interpreter lock (GIL) has long been a barrier to increasing the performance of programs by using multiple threads—the GIL serializes access to the interpreter's virtual machine such that only one thread can be executing Python code at any given time. There are other mechanisms to provide concurrency for the language, but the specter of the GIL—and its reality as well—have often been cited as a major negative for Python. Back in October 2021, Sam Gross introduced a proof-of-concept, no-GIL version of the language. It was met with a lot of excitement at the time, but seemed to languish to a certain extent for more than a year; now, the Python Steering Council has announced its intent to accept the no-GIL feature. It will still be some time before it lands in a released Python version—and there is the possibility that it all has to be rolled back at some point—but there are several companies backing the effort, which gives it all a good chance to succeed.

Google's Project Zero has spent some time studying the Arm memory tagging extension (MTE), support for which was merged into the 5.10 kernel, and posted the results:

Despite its limitations, MTE is still by far the most promising path forward for improving C/C++ software security in 2023. The ability of MTE to detect memory corruption exploitation at the first dangerous access provides a significant improvement in diagnostic and potential security effectiveness.

There is a separate section on weaknesses in the current kernel implementation of MTE support.

The Asahi Linux project, which is working to create a Linux distribution for Apple hardware, has announced that its new "flagship" distribution will be based on Fedora Linux.

Working directly with upstream means not only can we integrate more closely with the core distribution, but we can also get issues in other packages fixed quickly and smoothly. This is particularly important for platforms like desktop ARM64, where we still run into random app and package bugs quite often. ARM64 desktop Linux has been a niche platform (until now!), and with much less testing comes a higher propensity for bugs, so it’s very important that we can address these issues quickly. Fedora already has a very solid, fully supported ARM64 port with a large userbase in the server/headless segment, so it is an excellent base to build upon and help improve the state of desktop Linux on ARM64 for everyone.

There is a version for "adventurous users" to play with now, with an official release expected by the end of the month.

Security updates have been issued by Debian (bouncycastle), Fedora (firefox), Red Hat (cjose, curl, iperf3, kernel, kernel-rt, kpatch-patch, libeconf, libxml2, mod_auth_openidc:2.3, openssh, and python-requests), SUSE (firefox, jtidy, libredwg, openssl, salt, SUSE Manager Client Tools, and SUSE Manager Salt Bundle), and Ubuntu (firefox).

Kernel testing is a perennial topic at Linux-related conferences and the KernelCI project is one of the larger testing players. It does its own testing but also coordinates with various other testing systems and aggregates their results. At the 2023 Embedded Open Source Summit (EOSS), KernelCI developer Nikolai Kondrashov gave a presentation on the testing framework, its database, and how others can get involved in the project. He also had some thoughts on where KernelCI is falling short of its goals and potential, along with some ideas of ways to improve it.