Language Selection

English French German Italian Portuguese Spanish

LWN Kernel Articles: 4.20/5.0 Merge, Jiri Kosina, Arnd Bergmann and Greg Kroah-Hartman

Filed under
Linux
  • 4.20/5.0 Merge window part 1

    Linus Torvalds has returned as the keeper of the mainline kernel repository, and the merge window for the next release which, depending on his mood, could be called either 4.20 or 5.0, is well underway. As of this writing, 5,735 non-merge changesets have been pulled for this release; experience suggests that we are thus at roughly the halfway point.

  • Improving the handling of embargoed hardware-security bugs

    Jiri Kosina kicked off a session on hardware vulnerabilities at the 2018 Kernel Maintainers Summit by noting that there are few complaints about how the kernel community deals with security issues in general. That does not hold for Meltdown and Spectre which, he said, had been "completely mishandled". The subsequent handling of the L1TF vulnerability suggests that some lessons have been learned, but there is still plenty of room for improvement in how hardware vulnerabilities are handled in general.

    There are a number of reasons why the handling of Meltdown and Spectre went bad, he said, starting with the fact that the hardware vendors simply did not know how to do it right. They didn't think that the normal security contact (security@kernel.org) could be used, since there was no non-disclosure agreement (NDA) in place there. Perhaps what is needed is the creation of such an agreement or, as was discussed in September, a "gentleman's agreement" that would serve the same role.

  • Removing support for old hardware from the kernel

    The kernel supports a wide range of hardware. Or, at least, the kernel contains drivers for a lot of hardware, but the hardware for which many of those drivers was written is old and, perhaps, no longer in actual use. Some of those drivers would certainly no longer work even if the hardware could be found. These drivers provide no value, but they are still an ongoing maintenance burden; it would be better to simply remove them from the kernel. But identifying which drivers can go is not as easy as one might think. Arnd Bergmann led an inconclusive session on this topic at the 2018 Kernel Maintainers Summit.

    Bergmann started by noting (to applause) that he recently removed support for eight processor architectures from the kernel. It was, he said, a lot of work to track down the right people to talk to before removing that code. In almost every case, the outgoing architectures were replaced — by their creators — by Arm-based systems. There probably are not any more architectures that can go anytime soon; Thomas Gleixner's suggestion that x86 should be next failed to win the support of the group.

  • The proper use of EXPORT_SYMBOL_GPL()

    The kernel, in theory, puts strict limits on which functions and data structures are available to loadable kernel modules; only those that have been explicitly exported with EXPORT_SYMBOL() or EXPORT_SYMBOL_GPL() are accessible. In the case of EXPORT_SYMBOL_GPL(), only modules that declare a GPL-compatible license will be able to see the symbol. There have been questions about when EXPORT_SYMBOL_GPL() should be used for almost as long as it has existed. The latest attempt to answer those questions was a session run by Greg Kroah-Hartman at the 2018 Kernel Maintainers Summit; that session offered little in the way of general guidance, but it did address one specific case.

More in Tux Machines

Events: Linux Plumbers, SUSE in Germany and LibreOffice Paris HackFest

  • Linux Plumbers Earlybird Registration Quota Reached, Regular Registration Opens 30 June
    A few days ago we added more capacity to the earlybird registration quota, but that too has now filled up, so your next opportunity to register for Plumbers will be Regular Registration on 30 June … or alternatively the call for presentations to the refereed track is still open and accepted talks will get a free pass.
  • Gartner IT Infrastructure, Operations and Cloud Strategies Conference Frankfurt 2019
    In a week’s time, team SUSE will be heading to Frankfurt, Germany for this year’s Gartner IT Infrastructure, Operations and Cloud Strategies Conference. Hundreds of attendees from all around Europe will be paying Kap Europa Congress Centre in Frankfurt a visit – to network, speak to exhibitors, pick up valuable nuggets of information from the Gartner analysts, attend sessions to learn more about the latest happenings in IT infrastructure and operations and enjoy all that the beautiful city of Frankfurt has to offer.
  • LibreOffice Paris HackFest
    The LibreOffice Paris HackFest 2019 will take place on the weekend of July 5th-6th, at le 137, which is at 137 Boulevard Magenta, Paris 10e, France. The event is sponsored by INNO3, hosting the hackfest in their building, and The Document Foundation, providing reimbursement for travels and accommodations. LibreOffice Paris HackFest will start on Friday at 10AM. During the day there will be an informal meeting of the French community, to discuss local activities, while developers and other volunteers will hack the LibreOffice code. The venue will be available until 2AM. On Saturday the venue will open at 10AM, to allow people to continue working, and share hackfest results. The event will officially end at 8PM, but on Sunday there will be a city tour.

Security: GNU/Linux in Space (After Windows Viruses), Fingerprint Pseudo-Security, Mainframe Security and Slackware Updates

  • Space: New cybercrime battlefield? [Ed: Space has already dumped Microsoft Windows and moved to GNU/Linux (Debian) for security reasons. The famous incident has just been mentioned here.]
    In the same vein, is it believable for a virus to infect a space station orbiting at a distance of over 330 km above the earth? It shocked astronauts on board to find their Windows XP-based laptops on the International Space Station (ISS) infected with a virus called W32.Gammima in 2008. Gammima.AG worm is a malware that gathers and transmits sensitive gaming data to an attacker. Investigations later revealed that unsuspecting Russian cosmonauts had inadvertently carried infected USB storage devices aboard the station spreading computer viruses to the connected computers. The damage by the malware to the computer systems of the ISS is unknown to date.
  • OnePlus 7 Pro Fingerprint Scanner Hacked By Classic Hacking Technique
    OnePlus has recently launched its much-awaited OnePlus 7 Pro which is considered as one of the best smartphones of 2019 by many. Packing the latest Snapdragon processor, triple camera setup, UFS 3.0 and a 30W Warp Charging, the smartphone is a complete package but how safe is it? Speaking of safety, a YouTuber has managed to hack the in-display fingerprint scanner of OnePlus 7 Pro within a few minutes. Going by the name Max Tech, this YouTuber deployed the classic print molding hacking technique to get past the fingerprint reader. If you have bought the smartphone or you’re a potential buyer then I must tell you that OnePlus 7 Pro is not the first device to be hacked by this technique.
  • Just how secure are mainframes?
    The days of mainframe security by obscurity are long gone. Everyone – especially hackers – knows that there are lots of valuable data sitting on mainframes. So, how aware are mainframe-using organizations about what it takes to secure all the components of a mainframe environment? Key Resources Inc has announced the findings from a new study conducted by Forrester Consulting carried out in February 2019. The survey questioned 225 IT management and security decision makers in North America.
  • [Slackware] April ?19 release of OpenJDK 8
    Early May I was confined to my bed, immobilized on my side and under medication, after I had incurred a second back hernia in four months’ time. And so I missed the announcement on the OpenJDK mailing list about the new icedtea-3.12.0. Why again is that important? Well, the IcedTea framework is a software harness to compile OpenJDK with ease. Andrew Hughes (aka GNU/Andrew) who is the release manager still did not update his blog with this announcment, but nevertheless:  the new Java8 that we will get is OpenJDK 8u212_b04. This release syncs the OpenJDK support in IcedTea to the official April 2019 security fixes for Java. I built Slackware packages for Java 8 Update 212 so that you do not have to succumb to the official Oracle binaries which are compiled on God-knows what OS.

today's howtos and programming

KDE: Krita Interview, KDE Developer Documentation and KDE Craft Packager

  • Krita Interview with Anna Hannon
    I opted for trying Linux Mint, and tested Krita as my Photoshop replacement. Love at first sight! I currently run Manjaro KDE and it continues to be my only painting software (even on my Microsoft surface).
  • KDE Developer Documentation Update: Far from the Endgame
    It has been nearly three months since I embarked on an adventure in the land known as dev docs. And while the set period for that work is coming to a close, the truth is that the journey has really only just begun. Just like the pioneers of old, the first important step is to get to survey the land and map it for future adventurers. The KDE community’s developer documentation isn’t exactly new territory but, through the years, it has grown from a garden to a huge forest with only a brave few doing the work to keep things from getting out of hand. They could use a helping hand.
  • KDE Craft Packager on macOS
    In Craft, to create a package, we can use craft --package after the compiling and the installing of a library or an application with given blueprint name. On macOS, MacDMGPackager is the packager used by Craft. The MacDylibBundleris used in MacDMGPackager to handle the dependencies. In this article, I’ll give a brief introduction of the two classes and the improvement which I’ve done for my GSoC project.