Linus Torvalds ponders limits of automation as kernel release delayed
Spectre-related weakness has made an eighth release candidate necessary
Linux kernel development boss Linus Torvalds's prediction that Linux 5.17 would be released this week "unless something surprising comes up" has come to pass. Not in the good way.
One surprise was CVE-2021-26401: AMD's Spectre v2 mitigation in the kernel was found to be potentially inadequate on certain systems – it was exploitable, allowing sensitive data to leak – requiring a switch in the default mitigation.
Separately, AMD this month acknowledged security bug CVE-2021-26341 in a bunch of its Ryzen and Epyc processors, and a few other parts, as detailed here on its official website and here in depth by Pawel Wieczorkiewicz of Grsecurity. This is another Spectre-style flaw involving "unconditional direct branches, which may potentially result in data leakage," according to AMD, which has issued guidance to developers on how to protect code from snooping.
Torvalds said the patches that arrived for the kernel ahead of the March deadline "were mostly fine," and the AMD Spectre v2 weakness "was not one of the 'big disaster' hw speculation things." But an embargo on public disclosure of the AMD patch meant that automated testing found "a (small) flurry of fixes for the fixes."
"None of this was really surprising, but I naïvely thought I'd be able to do the final release this weekend anyway," Torvalds wrote. The penguin emperor nonetheless pondered sending version 5.17 out the door regardless but decided "we also really don't have any reason _not_ to give it another week with all the proper automated testing."
- Linus Torvalds 'starting to get worried' as Linux kernel 5.17 rc6 lands
- For first time in nearly 17 years, stable Linux kernel version has over 999 commits – but not everyone heard about it
- Technology can sometimes go from east to west: Ubuntu DDE 21.10 remix ships in 22.01
- But why that VPN? How WireGuard made it into Linux
Torvalds also wants developers to get their hands dirty.
"Anyway, let's not keep the testing _just_ to automation," he suggested in his weekly kernel progress update. "The more the merrier, and real-life loads are always more interesting than what the automation farms do. So please do give this last rc a quick try," he added.
Release candidate 8 also includes what Torvalds described as "a couple of mislaid patches that had been on the regression list."
The signs are therefore very good for a March 20 debut for version 5.17 of the kernel, which lays the groundwork for Intel's Raptor Lake processors among many other enhancements. The Register keenly awaits version 5.18, as that's the version expected to reveal more the software-defined silicon tech that Intel has teased but declined to explain. ®
- Asahi Linux
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Linux Foundation
- Palo Alto Networks
- Trusted Platform Module
- Zero trust