CPU security issues required the longest Linux kernel development cycle since 2011, as Linus Torvalds releases Linux 4.15
Linus Torvalds released the first new Linux kernel of 2018 on Jan. 28, after the longest development cycle for a new Linux kernel in seven years.
During the release Linux Kernel release cycle, Torvalds typically issues a release candidate once a week, with most cycles including six to eight release candidates.
There were nine release candidates for the Linux 4.15 kernel, which makes it the longest cycle since Linux 3.1 was released in 2011. The Linux 3.1 kernel was delayed in part due to the 2011 hack of the kernel.org development server.
As it turns out, the Linux 4.15 kernel release delay was also due to security related issues.
Among the highlights of the new Linux 4.15 kernel is the core reason for the kernel’s delay, namely the Meltdown and Spectre CPU flaws, that first became public on Jan. 3. Linux developers had been quietly working since at least November 2017 on dealing with the Meltdown issue in particular through an effort known as Page Table Isolation (PTI).
“This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle,” Torvalds wrote in his release announcement. “The extra two weeks were obviously mainly due to that whole timing issue.”
The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs while Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors. The issues also impact Microsoft Windows, which has had multiple stability issues related to the patch. On Jan. 28, Microsoft issued an emergency out-of-band Windows update that disables the patch for the CVE-2017-5715 (Spectre) issue due to stability issues that were triggering data loss and system reboots.
The Spectre issue is being mitigated in Linux 4.15 with the retpoline code that was originally developed by Google. Reptoline helps to avoid kernel-to-user data leaks, by restricting speculative indirect branches in CPU processes.
Torvalds also noted that there is still more work to be done to further protect users against the Meltdown and Spectre vulnerabilities. That said, he emphasized that Linux 4.15 is about more than just patches for CPU vulnerabilities.
“While Spectre/Meltdown has obviously been the big news this release cycle, it’s worth noting that we obviously had all the *normal* updates going on too,”Torvalds wrote. “The work everywhere else didn’t just magically stop, even if some developers have been distracted by CPU issues.”
Among the new features that have landed in Linux 4.15 are a set of capabilities to support expanded security capabilities in Intel and AMD CPUs. On AMD, Linux now supports the AMD Secure Encrypted Virtualization (SEV) capability.
“SEV enables running encrypted virtual machines (VMs) in which the code and data of the guest VM are secured so that a decrypted version is available only within the VM itself,” the code commit for the feature states.
On Intel CPUs, Linux now supports a feature called User Mode Instruction Prevention (UMIP) that is intended to help limit the risk of privilege escalation. Ricardo Neri, Linux software engineer at Intel explained in his Linux kernel commit messagethat UMIP is a security feature present in new Intel Processors.
“If enabled, it prevents the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0,” Neri wrote. “If these instructions were executed while in CPL > 0, user space applications could have access to system-wide settings such as the global and local descriptor tables, the segment selectors to the current task state and the local descriptor table. Hiding these system resources reduces the tools available to craft privilege escalation attacks.”
Originally published on eWeek