Language Selection

English French German Italian Portuguese Spanish

Kernel: LWN Coverage (No Longer Paywalled) and Initial HDMI 2.0 Support With Nouveau Slated For The Next Linux Kernel

Filed under
Linux
  • Revenge of the modems

    Back in the halcyon days of the previous century, those with a technical inclination often became overly acquainted with modems—not just the strange sounds they made when connecting, but the AT commands that were used to control them. While the AT command set is still in use (notably for GSM networks), it is generally hidden these days. But some security researchers have found that Android phones often make AT commands available via their USB ports, which is something that can potentially be exploited by rogue USB devices of various sorts.

    A paper [PDF] that was written by a long list of researchers (Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, and Kevin R. B. Butler) and presented at the 27th USENIX Security Symposium described the findings. A rather large number of Android firmware builds were scanned for the presence of AT commands and many were found to have them. That's not entirely surprising since the baseband processors used to communicate with the mobile network often use AT commands for configuration. But it turns out that Android vendors have also added their own custom AT commands that can have a variety of potentially harmful effects—making those available over USB is even more problematic.

    They started by searching through 2018 separate Android binary images (it is not clear how that number came about, perhaps it is simply coincidental) from 11 different vendors. They extracted and decompressed the various pieces inside the images and then searched those files for AT command strings. That process led to a database of 3500 AT commands, which can be seen at the web site for ATtention Spanned—the name given to the vulnerabilities.

  • XFS, LSM, and low-level management APIs

    The Linux Security Module (LSM) subsystem allows security modules to hook into many low-level operations within the kernel; modules can use those hooks to examine each requested operation and decide whether it should be allowed to proceed or not. In theory, just about every low-level operation is covered by an LSM hook; in practice, there are some gaps. A discussion regarding one of those gaps — low-level ioctl() operations on XFS filesystems — has revealed a thorny problem and a significant difference of opinion on what the correct solution is.

    In late September Tong Zhang pointed out that xfs_file_ioctl(), the 300-line function that dispatches the various ioctl() operations that can be performed on an XFS filesystem, was making a call to vfs_readlink() without first consulting the security_inode_readlink() LSM hook. As a result, a user with the privilege to invoke that operation (CAP_SYS_ADMIN) could read the value of a symbolic link within the filesystem, even if the security policy in place would otherwise forbid it. Zhang suggested that a call to the LSM hook should be added to address this problem.

  • Initial HDMI 2.0 Support With Nouveau Slated For The Next Linux Kernel

    Days after Nouveau DRM maintainer Ben Skeggs began staging changes for this open-source NVIDIA driver ahead of the next kernel cycle, this evening Ben Skeggs submitted the DRM-Next pull request to queue this work for the Linux 4.20/5.0 kernel cycle.

    As covered in that previous article, there isn't a whole lot on the Nouveau kernel driver front at this time. Skeggs summed up these open-source NVIDIA driver changes as: "Just initial HDMI 2.0 support, and a bunch of other cleanups."

  • Device-to-device memory-transfer offload with P2PDMA

    One of the most common tasks carried out by device drivers is setting up DMA operations for data transfers between main memory and the device. Often, data read into memory from one device will be immediately written, unchanged, to another device. Common examples include carrying the image between the camera and screen on a mobile phone, or downloading files to be saved on a disk. Those transfers have an impact on the CPU even if it does not use the data directly, due to higher memory use and effects like cache trashing. There are cases where it is possible to avoid usage of the system memory completely, though. A patch set (posted by Logan Gunthorpe with contributions by Christoph Hellwig and Steve Wise) has been in the works for some time that addresses this case for PCI devices using peer-to-peer (P2P) transfers, with a focus on offering an offload option for the NVMe fabrics target subsystem.

More in Tux Machines

Slax is a Nifty Linux Distribution That Works from USB

Slax is a portable Linux distribution that runs from USB, it aims to create a modular, modern and lightweight Linux distribution which can be carried anywhere in a USB stick. It’s also Debian-based, which allows you as a user to access tons of packages provided by Debian using the apt command. Slax 9.6 was released last November. So we downloaded the latest release and tried it, our experience with it was great so far, see our review below for a detailed tour in Slax. Read more

Sparky 5.6

There are new live/install iso images of SparkyLinux 5.6 “Nibiru” available to download. This it the 4th and the last this year iso image update of the rolling line, which is based on Debian testing “Buster”. Read more

Games: Black Mesa, Overland, Jupiter Hell, Geneshift, Warhammer 40,000 and More

  • The Black Mesa team have pushed out a new Linux beta
    Black Mesa, the fan-made recreation of Half-Life has a fresh brew available for Linux gamers that should make it a better experience.
  • Preview: Overland, the squad-based survival strategy game is to release in full next year
    Overland, a stylish strategy game where every single step counts is due for a full release next year and it's looking good. It's been quite some time since we talked about it, as we previously highlighted way back in 2016. Since then, it's obviously had a lot of spit and polish.
  • Preview: Jupiter Hell, the modern roguelike and spiritual successor to DRL (Doom the roguelike)
    Jupiter Hell is a roguelike I'm following with great excitement, it's serving a the spiritual successor to DRL (previously DoomRL, now called DRL since ZeniMax flexed their legal muscles) and it's looking good. After a rather successful Kickstarter, where they managed to get over £70K in funding it's coming along rather nicely.
  • You can grab Geneshift completely free to keep for the next 48 hours
    Geneshift, the GTA-inspired Battle Royale that also has an extra purchased for a campaign mode and more is currently free for 48 hours.
  • The Tyranids are coming to Warhammer 40,000: Gladius in January
    While Warhammer 40,000: Gladius is a pretty good strategy game, it did feel somewhat limited. Things are about to get hectic, prepare your defences for the Tyranids. Tyranids will be released in the form of a DLC that will be available in January next year as a playable race. The developers say they will be "radically different" to play as due to their gameplay mechanics, although they haven't yet gone into detail on what exactly is different.
  • Warhammer 40,000: Mechanicus to 'soft launch' on Linux before the holidays
    A developer from Bulwark Studios has detailed their plans to get Warhammer 40,000: Mechanicus onto Linux and it sounds good. After releasing for Windows in November, they've pushed out a few patches to improve various aspects of the game. It seems like they've done well with it, since it's sat at a "Very Positive" user rating with over one thousand users giving their thoughts. For the Linux release, they're going to put up an opt-in beta version "before the Christmas holiday" with an aim to release in full once the holiday period is over. See their post here on Steam for more info.
  • Verdant Skies, a casual 'life simulation game' has added Linux support
    Inspired by a love for games like Harvest Moon, Verdant Skies from Howling Moon Software is what they're calling a 'life simulation game'. Along with a recent update to the game on Friday, December 14th they also added a Linux version of the game.
  • The Rocket League winter event is live, new GamingOnLinux tournaments details!
    Frosty Fest is now live in Rocket League, giving you a chance to earn Snowflakes as you play online to redeem special winter-themed items. As always, it's completely free. The in-game currency cannot be purchased and can only be earned simply by playing the game in online matches. It's just a fun little event for players to earn some fun customisation items.
  • The Long Dark has a huge update to revamp the first two episodes, has Unity issues on NVIDIA
    The Long Dark, the survival game pitting you against the harsh environment and wildlife has a big free update out. As they've been talking about for a while, this update is the overhauled versions of Episodes One and Two. With a third episode due at some unspecified time.

Solve a puzzle at the Linux command line with nudoku

Welcome back to another installment in our 24-day-long Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is. We’re figuring that out as we go, but generally, it could be a game, or any simple diversion that helps you have fun at the terminal. Some of you will have seen various selections from our calendar before, but we hope there’s at least one new thing for everyone. Read more