Linux 4.14 arrives and Linus says it should have fewer 0-days
Which is nice as it's the next long-term release and gets Linux into the GPU game
Linus Torvalds has given the world version 4.14 of the Linux Kernel.
Torvalds announced the new release with his usual lack of fanfare, but with a couple of interesting nuggets of news.
He opened by saying “it is probably worth pointing out how the 0day robot has been getting even better (it was very useful before, but Fengguang has been working on making it even better, and reporting the problems it has found).” Said robot is an automated vulnerability-checker that scours kernel code for issues. With version 4.14 slated to be the next kernel version to receive Long Term Support, and that support now running for six years instead of two, a more secure release will be widely welcome.
Also in version 4.14 you'll find: Heterogeneous Memory Management, which will allow GPUs to access an application's memory space. The addition should make Linux a far better platform for GPU-intensive applications like machine learning; No kernel firmware in the tree, as the powers that be feel it doesn't belong there; Improvements from Red Hat to make Linux a better Hyper-V guest; Preparation for Intel's forthcoming Cannonlake processors; A vibrator driver. No. Not that sort of vibrator! This one's for the buzzer in Motorola's forthcoming Droid 4 phone;
Torvalds also points out that he added a “'leaking_addresses' perl script, which is actually under active development, but I put the first version in for 4.14 just so that people could see that initial state and start looking at the end result and perhaps ask themselves "should my code make these kernel addresses visible to user space.”
“The actual changes will hopefully start percolating into 4.15,” he added, “with one notable likely early change (which has been discussed extensively on the list) being to just hash any "%p" addresses by default. We used to have strict modes that just zeroed the address out, but that was actually counter-productive, in that often people use the address as a 'kernel object identity' for debugging (or fro cross-correlation - think network sockets), and so just clearing the pointer value makes those kinds of uses pointless. But using a secure hash allows for those kinds of identity uses, while not actually leaking the address itself.”
The Linux Lord also pointed out one last-minute change, namely “we had to revert the code that showed a good MHz value in /proc/cpuinfo even for the modern 'CPU picks frequency dynamically' case. It worked fine, but it was much too expensive on machines with tens or hundreds of CPU cores. There's a cunning plan, but it didn't make 4.14, so we'll get it working and then back-port.”
Torvalds has declared this release “painful” and urged kernel devs to get their pull releases for version 4.15 in sooner rather than latter. Stragglers will be told “tough luck, you were late to the merge window, and I felt more like being out in the sun than taking your second-week pull request.”
“Because it really would be lovely to have a smaller and calmer release for 4.15.” ®
Sponsored: Becoming a Pragmatic Security Leader