Kernel: x86/x86_64 Speculation Vulnerability, LWN, and NitroKey U2F
Linux + GCC/Clang Patches Coming For Straight-Line Speculation Mitigation On x86/x86_64 - Phoronix
Disclosed last year by Arm was their processors affected by a straight-line speculation vulnerability. In this case the processor could speculatively execute instructions linearly in memory past an unconditional change in control flow. There has been talk about possible straight-line speculation on x86/x86_64 but without any action while now GCC and LLVM/Clang compiler developers along with Linux kernel developers are preparing such mitigation support.
Last year LLVM added mitigations around Arm's straight-line speculation vulnerability as did GCC added SLS mitigation support for Arm. Those opt-in compiler options can be used when building important software like the kernel.
A disagreement over get_mm_exe_file()
Differences of opinion over which kernel symbols should be exported to loadable modules have been anything but uncommon over the years. Often, these disagreements relate to which kernel capabilities should be available to proprietary modules. Sometimes, though, it hinges on the disagreements over the best way to solve a problem. The recent discussion around the removal of an export for a core kernel function is a case in point.
Loadable modules, of course, are chunks of kernel code that are loaded into the core kernel after the system boots. Most modules are device drivers, but a surprising amount of kernel functionality can be built in modular form. While code that is built into the kernel can use any symbol that is accessible via the usual C scoping rules, loadable modules are rather more constrained; they can only use symbols that have been explicitly exported to them. In theory, the exported-symbol interface is tightly regulated; in practice, tens of thousands of symbols have been exported over the years without a lot of oversight. That said, the community still sees occasional disagreements when a module developer wants to use a symbol that core-kernel developers do not wish to export.
Nitrokey FIDO U2F Support Coming With Linux 5.16 - Phoronix
If you happen to have a Nitrokey FIDO U2F as a two-factor authentication key, proper Linux support is about to land. While at launch it mentioned working out-of-the-box across all major browsers and platforms -- including Linux -- a change is needed to the kernel that's now on the way for the 5.16 cycle.
Due to a different firmware on the NitroKey U2F and that shifting around some of the commands, the Linux kernel's hid-u2fzero driver had to be adapted to better deal with different hardware/firmware revisions. With this patch now in HID's for-next ahead of Linux 5.16, the less than 50 lines of code changed should get the NitroKey U2F working nicely under Linux.
