lwn.net

The LWN.net Weekly Edition for December 20, 2018 is available.

The December 20 LWN.net Weekly Edition is the final one for the year; as usual, we will be taking the last week of the year off for a brief rest. LWN, which is about to conclude its 21st year of publication, has had the time to build up some traditions, one of which is a year-end retrospective that evaluates the predictions we made back in January. As usual, some of those predictions aged rather better than others; read on for our report card.

Stable kernel 4.19.11 has been released with some important fixes; users should upgrade.

A year-old bug in Kubernetes was the topic of a talk given by Michelle Au and Jan Šafránek at KubeCon + CloudNativeCon North America, which was held mid-December in Seattle. In the talk, they looked at the details of the bug and the response from the Kubernetes product security team (PST). While the bug was fairly straightforward, it was surprisingly hard to fix. The whole process also provided experience that will help improve vulnerability handling in the future.

Security updates have been issued by CentOS (ghostscript), Fedora (ansible and wireshark), openSUSE (go1.11, pdns, and pdns-recursor), Oracle (firefox), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), and SUSE (crash, libqt5-qtbase, perl, and qemu).

Back in late October, when we looked in on the Python governance question, which came about due to the resignation of Guido van Rossum, things seemed to be mostly set for a vote in late November. There were six Python Enhancement Proposals (PEPs) under consideration that would be ranked by voters in a two-week period ending December 1; instant-runoff voting would be used to determine the winner. In the interim, though, much of that changed; the voting period, winner-determination mechanism, and number of PEPs under consideration are all different. But the voting concluded on December 16 and a winner has been declared; PEP 8016 ("The Steering Council Model"), which was added to the mix in early November, came out on top.

HardenedBSD has released version 12 of its security-enhanced fork of FreeBSD. Improvements in this release include Non-Cross-DSO Control-Flow Integrity (CFI) for applications on amd64 and arm64; jailed bhyve; per-jail toggles for unprivileged process debugging; Spectre v2 mitigation with retpoline applied to the entirety of base and ports; Symmetric Multi-Threading (SMT) disabled by default; and more.

Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf).

Greg Kroah-Hartman has released stable kernel 4.4.168. As usual, there are important fixes and users should upgrade.

Gustavo Padovan notes an important milestone in Linux graphics development: "The dream finally came true in 2018 with the release of the Google Pixel 3, the first Android phone running with the mainline graphics stack. A feat that was deemed impossible 10 years ago is now a reality thanks to a lot of hard work from the entire community."

Stable kernel 3.18.130 has been released with important fixes; users should upgrade.

Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump).

Linus has released 4.20-rc7, saying: "The plan remains the same: if everything continues normally, I'll release 4.20 just before christmas, and then just have a more leisurely merge window than normal."

On the stable side, 4.19.10, 4.14.89, and 4.9.146 are out with a new set of important fixes.

Indirect function calls — calls to a function whose address is stored in a pointer variable — have never been blindingly fast, but the Spectre hardware vulnerabilities have made things far worse. The indirect branch predictor used to speed up indirect calls in the CPU can no longer be used, and performance has suffered accordingly. The "retpoline" mechanism was a brilliant hack that proved faster than the hardware-based solutions that were tried at the beginning. While retpolines took a lot of the pain out of Spectre mitigation, experience over the last year has made it clear that they still hurt. It is thus not surprising that developers have been looking for alternatives to retpolines; several of them have shown up on the kernel lists recently.

Security updates have been issued by CentOS (ghostscript, git, java-1.7.0-openjdk, java-11-openjdk, kernel, NetworkManager, python-paramiko, ruby, sos-collector, thunderbird, and xorg-x11-server), Debian (gcc-4.9), and SUSE (amanda, ntfs-3g_ntfsprogs, and tiff).

The Linux kernel is generally seen as a poor fit for safety-critical systems; it was never designed to provide realtime response guarantees or to be certifiable for such uses. But the systems that can be used in such settings lack the features needed to support complex applications. This problem is often solved by deploying a mix of computers running different operating systems. But what if you want to support a mixture of tasks, some safety-critical and some not, on the same system? At a talk given at LinuxLab 2018, Claudio Scordino described an effort to support this type of mixed-criticality system.

Greg Kroah-Hartman has released stable kernels 4.19.9, 4.14.88, 4.9.145, 4.4.167, and 3.18.129. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git).

The LWN.net Weekly Edition for December 13, 2018 is available.

In the RDMA microconference of the 2018 Linux Plumbers Conference (LPC), John Hubbard, Dan Williams, and Matthew Wilcox led a discussion on the problems surrounding get_user_pages() (and friends) and the interaction with DMA. It is not the first time the topic has come up, there was also a discussion about it at the Linux Storage, Filesystem, and Memory-Management Summit back in April. In a nutshell, the problem is that multiple parts of the kernel think they have responsibility for the same chunk of memory, but they do not coordinate their activities; as might be guessed, mayhem can sometimes ensue.