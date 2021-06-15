Kernel: LWN Articles, New in Linux, Fedora Tests Latest, and Google Breaks 'Linux'
Spectre revisits BPF
It has been well over three years now since the Spectre hardware vulnerabilities were disclosed, but Spectre is truly a gift that keeps on giving. Writing correct and secure code is hard enough when the hardware behaves in predictable ways; the problem gets far worse when processors can do random and crazy things. For an illustration of the challenges involved, one need look no further than the BPF vulnerability described in this advisory, which was fixed in the 5.13-rc7 release.
Attacks on Spectre vulnerabilities generally rely on convincing the processor to execute, in a speculative mode, a sequence of operations that cannot happen in real execution. A classic example is an out-of-range array reference, even though the code performs a proper bounds check. The erroneous access will be backed out once the processor figures out that it mispredicted the result of the bounds check, but the speculative access will leave traces in the memory caches that can be used to exfiltrate data.
The BPF virtual machine has always been an area of special concern when it comes to defending against speculative-execution attacks. Most such attacks rely on finding a fragment of kernel code that can be made to do surprising things when the CPU is executing speculatively; kernel developers duly have made a concerted effort to eliminate such fragments. But BPF exists to enable the loading of code from user space that runs within the kernel context; that allows attackers to craft their own code fragments and avoid the tedious task of combing through the kernel code.
Much work has been done in the BPF community to frustrate those attackers. For example, array indexes are ANDed with a bitmask so that they cannot reach outside of the array even speculatively, regardless of what value they may contain. But it can be hard to anticipate every case where the processor may do something surprising.
Suppressing SIGBUS signals
The mmap() system call creates a mapping for a range of virtual addresses; it has a long list of options controlling just how that mapping should work. Ming Lin is proposing the addition of yet another option, called MAP_NOSIGBUS, which changes the kernel's response when a process accesses an unmapped address. What this option does is relatively easy to understand; why it is useful takes a bit more explanation.
Normally, when a process performs an operation involving memory, it expects the desired data to be read from or written to the requested location. Sometimes, though, things can go wrong, resulting in the delivery of a fatal (by default) signal to the process. A "segmentation violation" (SIGSEGV) signal is generated in response to an attempt to access a valid memory address in a way that is contrary to its protection — writing to read-only memory, for example. Attempting to access an address that is invalid, instead, results in a "bus error" (SIGBUS). Bus errors can be provoked in a number of ways, including using an improperly aligned address or an address that is not mapped at all. If a process uses mmap() to create a mapping that extends beyond the end of the backing file, attempts to access the pages past the end of the file will result in SIGBUS signals.
If, however, a memory range has been mapped with the proposed MAP_NOSIGBUS flag, SIGBUS signals will no longer be generated in response to an invalid address that lies within the mapped area. Instead, the guilty process will get a new page filled with zeroes. If the mapped area is backed up by a file on disk, the new page will not be added to that file. To a first approximation, the new option simply makes SIGBUS signals go away, with the process never even knowing that it had tried to access an invalid address.
Some 5.13 development statistics
As expected, the 5.13 development cycle turned out to be a busy one, with 16,030 non-merge changesets being pulled into the mainline over a period of nine weeks. The 5.13 release happened on June 27, meaning that it must be time for our traditional look at the provenance of the code that was merged for this kernel.
In terms of changeset counts, 5.13 was not the busiest development cycle ever; that record still belongs to 5.8, with 16,306 changesets merged; indeed, 5.10 (16,174) was also busier. But 5.13 did set a record by including the work of 2,062 developers — the first time more than 2,000 developers have participated in a single release cycle. Of those developers, 329 contributed their first patch to the kernel in this cycle, a number that just matches the previous record set by 4.12.
Fedora Magazine: Contribute to Fedora Linux Kernel 5.13 Test Week
The kernel team is working on final integration for kernel 5.13. This version was recently released and will arrive soon in Fedora. As a result, the Fedora kernel and QA teams have organized a test week from Sunday, July 11, 2021 through Sunday, July 18, 2021. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.
ACPI CPPC CPUFreq Will Try Frequency Invariance Again For Linux 5.14 - Phoronix
Frequency invariance support for the ACPI CPPC CPUFreq driver originally landed in Linux 5.13 but was reverted late in the cycle due to problems (possible kernel oops) while now that's been cleaned up and is trying again for Linux 5.14 with this functionality striving for more accurate load tracking.
Linux frequency invariance support has been a hot topic with various drivers / kernel code seeing adaptations by different vendors. Fundamentally the frequency invariance is about addressing the issue of tasks appearing larger if the CPU is running slower so the frequency invariance takes into account the current frequency (or performance state) relative to the maximum possible frequency (or maximum performance state). What's new for Linux 5.14 (after being dropped in 5.13) is the ACPI CPPC (Collaborative Processor Performance Control) CPUFreq driver now having frequency invariance support.
Google pauses Chrome OS update, breaks Linux container
Last week, Google rolled out an incremental update to Chrome OS 91 and it didn’t take long for numerous users to start reporting a serious bug that was crippling the CPU and a number of Chromebooks. The bug report, now triaged, has been updated from priority 3 to priority 1 which is the second-highest level that can be given to a but. Priority 0 is normally reserved for bugs that expose serious security issues or completely bork system functionalities. While the bug has been acknowledged by Google and its developers, it is still unclear as to what is causing the issue or how far out we are from a fix.
F2FS Brings Compression Improvements To Linux 5.14 - Phoronix
The Flash-Friendly File-System (F2FS) continues seeing new features and improvements to this file-system that is increasingly used by Android devices and other flash/SSD-focused systems.
F2FS for this new kernel has a compress_cache feature to improve random read performance. The compress_cache mount option allows using the address space of an inner inode to cache the compressed block to improve the cache hit ratio for random reads.
Also on the compression front is allowing compression for mmap files. This is part of the F2FS developers continuing to make optimizations with Android in mind.
