Language Selection

English French German Italian Portuguese Spanish

Kernel: ABI, GNU C Library, Core Scheduling, Linux 5.4, Randomness, Kernel Concurrency Sanitizer (KCSAN)

Filed under
Linux
Google
Security
  • Monitoring the internal kernel ABI

    As part of the Distribution Kernels microconference at Linux Plumbers Conference 2019, Matthias Männich described how the Android project monitors changes to the internal kernel ABI. As Android kernels evolve, typically by adding features and bug fixes from more recent kernel versions, the project wants to ensure that the ABI remains the same so that out-of-tree modules will still function. While the talk was somewhat Android-specific, the techniques and tools used could be applied to other distributions with similar needs (e.g. enterprise distributions).

    Männich is on the Google Android kernel team, but is relatively new to the kernel; his background is in build systems and the like. He stressed that he is not talking about the user-space ABI of the kernel, but the ABI and API that the kernel exposes to modules. The idea is to have a stable ABI over the life of an Android kernel. He knows that other distributions have been doing this "for ages", but the Android kernel and build system are different so it made sense to look at other approaches to this problem.

  • System-call wrappers for glibc

    The GNU C Library has long had a reputation for being hostile to the addition of wrappers for new Linux system calls; that has resulted in many system calls being unsupported by the library for years. That situation is changing, though. During the Toolchain microconference at the 2019 Linux Plumbers Conference, Maciej Rozycki talked about glibc's new attitude toward system-call wrappers, but also served notice that there is still significant work to do for the addition of any new system call.
    Rozycki, who put together the talk with Dmitry Levin, is not the person doing most of this work. He was, instead, "delivering a message from Florian Weimer", who was unable to attend the event.

    For those who might appreciate a bit of background: applications running in user space do not call directly into the kernel; instead, they will call a wrapper function that knows how to invoke the system call of interest. If nothing else, the wrapper will place the system-call arguments in the right locations and do whatever is necessary to invoke a trap into kernel mode. In some cases, the interface implemented by the wrapper can be significantly different from what the kernel provides.

  • Many uses for Core scheduling

    Some new kernel features are welcomed by the kernel development community, while others are a rather harder sell. It is fair to say that core scheduling, which makes CPU scheduling harder by placing constraints on which processes may run simultaneously in a core, is of the latter variety. Core scheduling was the topic of (at least) three different sessions at the 2019 Linux Plumbers Conference. One of the most interesting outcomes, perhaps, is that there are use cases for this feature beyond protection from side-channel attacks.

  • 5.4 Merge window, part 1

    As of this writing, 9,632 non-merge changesets have been merged for the 5.4 kernel. This merge window is thus off to a strong start. There has been a wide range of changes merged across the kernel tree, including vast numbers of cleanups and fixes.

  • Following Buggy AMD RdRand, The Linux Kernel Will Begin Sanity Checking Randomness At Boot Time

    The Linux kernel will begin doing a basic sanity check of x86_64 CPUs with the RdRand instruction to see if it's at least returning "random looking" data otherwise warn the user at boot time. This stems from a recent issue where AMD's RdRand behavior with some hardware (particularly, buggy motherboards) could have borked RdRand issues.

  • Google Is Uncovering Hundreds Of Race Conditions Within The Linux Kernel

    One of the contributions Google is working on for the upstream Linux kernel is a new "sanitizer". Over the years Google has worked on AddressSanitizer for finding memory corruption bugs, UndefinedBehaviorSanitizer for undefined behavior within code, and other sanitizers. The Linux kernel has been exposed to this as well as other open-source projects while their newest sanitizer is KCSAN and focused as a Kernel Concurrency Sanitizer.

  • Kernel Concurrency Sanitizer (KCSAN)
    We would like to share a new data-race detector for the Linux kernel:
    Kernel Concurrency Sanitizer (KCSAN) --
    https://github.com/google/ktsan/wiki/KCSAN  (Details:
    https://github.com/google/ktsan/blob/kcsan/Documentation/dev-tools/kcsan.rst)
    
    To those of you who we mentioned at LPC that we're working on a
    watchpoint-based KTSAN inspired by DataCollider [1], this is it (we
    renamed it to KCSAN to avoid confusion with KTSAN).
    [1] http://usenix.org/legacy/events/osdi10/tech/full_papers/Erickson.pdf
    
    In the coming weeks we're planning to:
    * Set up a syzkaller instance.
    * Share the dashboard so that you can see the races that are found.
    * Attempt to send fixes for some races upstream (if you find that the
    kcsan-with-fixes branch contains an important fix, please feel free to
    point it out and we'll prioritize that).
    
    There are a few open questions:
    * The big one: most of the reported races are due to unmarked
    accesses; prioritization or pruning of races to focus initial efforts
    to fix races might be required. Comments on how best to proceed are
    welcome. We're aware that these are issues that have recently received
    attention in the context of the LKMM
    (https://lwn.net/Articles/793253/).
    * How/when to upstream KCSAN?
    
    Feel free to test and send feedback.
    
    Thanks,
    -- Marco
    

More in Tux Machines

Why You Should Be Using Linux

How many times have you been happily working away when, out of nowhere, Windows either forced a reboot to update, stopped responding, or completely crashed? With Linux, those events are a thing of the past. Because of the way Linux was designed, you (the user) have complete control over nearly everything. Say, for example, an application fails on you. Instead of that application taking the entire desktop along for the ride (an issue that often stumps even software development providers), you can log into what’s called a virtual console and force that crashed application closed via the command line. Yes, that does take a bit more skill than the average user possesses, but once you know how it’s done, it becomes second nature. The likelihood of that actually happening, however, is low. The few instances where this has happened to me was due to my using beta or “nightly” releases of software, which the average user wouldn’t be working with. Linux simply works and works with an almost unheard of reliability. Read more

Industrial-grade Linux OS gets Over-the-Air updates

Modern embedded systems need a reliable and secure way to deliver software updates remotely. Toradex aims to accomplish this by publishing critical operating system updates to customers with devices running TorizonCore, an easy-to-use industrial-grade Linux OS. The system will provide full control over which updates and when these updates are pushed to their devices by way of a web interface. Additionally, customers will be able to push their own updates to their devices using the same OTA system. Managing deployed devices is made easy by providing a high-level view of all devices and their current status. Grouping devices together into fleets is supported and makes managing updates for many devices easy. Every device publishes information up to the server which can prove useful for evaluating device health, inconsistencies in deployed devices, etc. Read more

SUSE/OpenSUSE Development Report

  • openSUSE Tumbleweed – Review of the week 2019/47

    Another week, in which openQA did block some of the snapshots – and some issues it was unfortunately not able to see. Anyway, during the week 2019/47 we have released three snapshot into the wild (1116, 1118 and 1119), containing those changes: Mesa 19.2.4: fixes critical rendering issues from earlier Mesa 19.2.3. As this rendering issue did not happen on all graphics adapters, openQA had no chance of spotting it Linux kernel 5.3.11 KDE Plasma 5.17.3 Subversion 1.13.0 binutils 2.33.1

  • YaST Team: Highlights of YaST Development Sprints 88 and 89

    A few weeks ago, we wrote about the new ItemSelector widget that is finding its way into YaST user interfaces. It turned out that just a simple on/off status is not enough in some cases, so we had to extend that concept. For example, software modules may have dependencies, and we want to show the difference between one that was explicitly selected by the user and one that was auto-selected because some other software module requires it. This kind of shook the foundations of the underlying classes; all of a sudden a bit is no longer just a bit, but it needs to be broken down into even smaller pieces. Well, we cheated; we now use integer values instead. Most of the class hierarchy still only uses 0 and 1, but the new YCustomStatusItemSelector also supports using higher numbers for application-defined purposes. For each possible status value, the application defines the name of the icon to be displayed (for graphical UIs like the Qt UI), the text equivalent (for text mode / the NCurses UI), and an optional nextStatus which tells the widget what status to cycle to when the user changes the status of an item with a mouse click or with the keyboard. A value of -1 lets the application handle this. So this is not a one-trick-pony that is useful only for that one use case (the software modules), but a generic tool that might find good uses in other places all over YaST as well.

KDE's Plasma Mobile Now Supports Phone Calls on the PinePhone Linux Smartphone

As we reported earlier this month, KDE Plasma Mobile is already running well on the PinePhone, but not all things are working properly, such as phone calls, which the Plasma Mobile team reports that they managed to add multiple patches to integrate telephony functions with the graphical UI. "Bhushan Shah submitted multiple patches in postmarketOS to integrate telephony functions with user interface. Using which PINE64 Pinephone can connect calls from user interface. Currently audio is a work in progress however, and we hope to have this resolved soon," said the Plasma Mobile team. Read more