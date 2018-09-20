LWN Kernel Coverage (Now Outside Paywall)
-
Software-tag-based KASAN
The kernel address sanitizer (KASAN) is a kernel debugging tool meant to catch incorrect use of kernel pointers. It is an effective tool, if the number of KASAN-based bug reports showing up on the mailing lists is any indication. The downside of KASAN is a significant increase in the amount of memory used by a running system. The software-tag-based mode proposed by Andrey Konovalov has the potential to address that problem, but it brings some limitations of its own.
KASAN works by allocating a shadow memory map to describe the addressability of the kernel's virtual address space. Each byte in the shadow map corresponds to eight bytes of address space and indicates how many of those eight bytes (if any) are currently accessible to the kernel. When the kernel allocates or frees a range of memory, the shadow map is updated accordingly. Using some instrumentation inserted by the compiler, KASAN checks each kernel pointer dereference against the shadow map to ensure that the kernel is meant to be accessing the pointed-to memory. If the shadow map indicates a problem, an error is raised.
It is an effective technique and, thanks to the support from the compiler, the run-time CPU overhead is tolerable in many settings. But the shadow map requires a great deal of memory, and that does affect the usability of KASAN in the real world, especially when it is used on memory-constrained systems. This overhead is particularly painful for users who would like to run KASAN on production systems as an additional security measure.
-
Time namespaces
The kernel's namespace abstraction allows different groups of processes to have different views of the system. This feature is most often used with containers; it allows each container to have its own view of the set of running processes, the network environment, the filesystem hierarchy, and more. One aspect of the system that remains universal, though, is the concept of the system time. The recently posted time namespace patch set (from Dmitry Safonov with a lot of work by Andrei Vagin) seeks to change that.
Creating a virtualized view of the system time is not a new concept; Jeff Dike posted an implementation back in 2006 to support his user-mode Linux project. Those patches were not merged at the time but, since then, the use of containers has taken off and the interest has increased. One might view time as a universal concept, but there are use cases for a per-container notion of time; they can be as simple as testing software at different points in time. The driving force behind this patch set, though, is likely to be problems associated with the checkpointing of processes and migrating them between physical hosts. When a process is restarted, it should have a consistent view of time, and that may require applying some adjustments at restart time.
The implementation is straightforward enough. Each time namespace contains a set of offsets to be added to the system's notion of the current time. The kernel maintains a number of clocks with different characteristics (documented here), each of which can have a different offset. Some of these clocks, such as CLOCK_MONOTONIC, have an undefined start point that will vary from one running system to the next, so they will need their own offsets to maintain consistent behavior for a container that has been migrated. System calls that adjust the system time will, when called outside of the root time namespace, adjust the namespace-specific offsets instead.
-
Progress on Zinc (thus WireGuard)
When last we looked at the WireGuard VPN code and its progress toward mainline inclusion, said progress was impeded by disagreements about the new "Zinc" cryptographic library that is added by the WireGuard patches. Since that August look, several more versions of WireGuard and Zinc have been posted; it would seem that Zinc is getting closer to being accepted. Once that happens, the networking developers are poised to review that portion of the code, which likely will lead to WireGuard in the kernel some time in the next development cycle or two.
Jason Donenfeld posted Zinc v3 as part of an updated WireGuard posting on September 10. Of the versions he has posted since our article (up to v6 as of this writing), v3 has gotten most of the comments. One of the main complaints about Zinc is that it creates a new crypto API in the kernel without really addressing why the existing one would not work for WireGuard.
-
The kernel's code of conduct, one week later
The dust has begun to settle after the abrupt decisions by Linus Torvalds to take a break from kernel maintainership and to adopt a code of conduct for the community as a whole. Unsurprisingly, the development community, most of which was not consulted prior to the adoption of this code, has a lot of questions about it and a number of concerns. While many of the answers to those questions will be a while in coming, a few things are beginning to come into focus.
It is worth starting with one important point that last week's article failed to mention: the new code of conduct is not actually new to the community as a whole. In particular, the DRM (graphics) subsystem adopted the freedesktop.org code of conduct in April 2017. This code, like the code for the kernel as a whole, is derived from the Contributor Covenant text. There have not been any problems of note arising from the use of this code in that subsystem to date. Your editor has been told that the DRM community's successful use of this code was a direct contributor to Torvalds's choice of this particular code as a starting point for the kernel.
-
- Login or register to post comments
- Printer-friendly version
- 980 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
OSS: RMS on Commons Clause, Customer Conversations Changing in Era of Open Source, Sourcegraph Liberated
Why TENS is the secure bootable Linux you need
Before you get too excited, TENS isn't a pen-testing distro for admins to use to harden their network. TENS is a live desktop Linux distribution that gives the user a level of security they would not have with a standard desktop. That means it's great to use in places where network security is questionable, or when you need to submit sensitive data, and you don't trust a standard desktop operating system. In other words, anytime you need to use a network for the transmission of sensitive data, TENS Linux could easily be a top choice for users.
Security: ClamAV, Phishing Attack on Azure Blob Storage, Fingbox/Ubuntu
today's howtos
Recent comments
1 day 5 hours ago
1 day 19 hours ago
1 day 19 hours ago
1 day 23 hours ago
2 days 1 hour ago
2 days 15 hours ago
2 days 15 hours ago
2 days 16 hours ago
2 days 16 hours ago
3 days 13 hours ago