SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Linux 4.13

By Linus Torvalds

September 6, 2017

So last week was actually somewhat eventful, but not enough to push me to delay 4.13.

Most of the changes since rc7 are actually networking fixes, the bulk of them to various drivers. With apologies to the authors of said patches, they don't look all that interesting (which is definitely exactly what you want just before a release). Details in the appended shortlog.

Note that the shortlog below is obviously only since rc7 - the _full_ 4.13 log is much too big to post and nobody sane would read it. So if you're interested in all the rest of it, get the git tree and limit the logs to the files you are interested in if you crave details.

No, the excitement was largely in the mmu notification layer, where we had a fairly last-minute regression and some discussion about the problem. Lots of kudos to JĂrĂme Glisse for jumping on it, and implementing the fix.

What's nice to see is that the regression pointed out a nasty and not very well documented (or thought out) part of the mmu notifiers, and the fix not only fixed the problem, but did so by cleaning up and documenting what the right behavior should be, and furthermore did so by getting rid of the problematic notifier and actually removing almost two hundred lines in the process.

I love seeing those kinds of fixes. Better, smaller, code.

The other excitement this week was purely personal, consisting of seven hours of pure agony due to a kidney stone. I'm all good, but it sure _felt_ a lot longer than seven hours, and I don't even want to imagine what it is for people that have had the experience drag out for longer. Ugh.

Anyway, on to actual 4.13 issues.

While we've had lots of changes all over (4.13 was not particularly big, but even a "solidly average" release is not exactly small), one very _small_ change merits some extra attention, because it's one of those very rare changes where we change behavior due to security issues, and where people may need to be aware of that behavior change when upgrading.

This time it's not really a kernel security issue, but a generic protocol security issue.

The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for "stop using SMB1" or similar), the default cifs mount now defaults to a rather more modern SMB 3.0.

Now, because you shouldn't have been using SMB1 anyway, this shouldn't affect anybody. But guess what? It almost certainly does affect some people, because they blithely continued using SMB1 without really thinking about it.

And you certainly _can_ continue to use SMB1, but due to the default change, now you need to be *aware* of it. You may need to add an explicit "vers=1.0" to your mount options in /etc/fstab or similar if you *really* want SMB1.

But if the new default of 3.0 doesn't work (because you still use a pterodactyl as a windshield wiper), before you go all the way back to the bad old days and use that "vers=1.0", you might want to try "vers=2.1". Because let's face it, SMB1 is just bad, bad, bad.

Anyway, most people won't notice at all. And the ones that do notice can check their current situation (just look at the output of "mount" and see if you have any cifs things there), and you really should update from the default even if you are *not* upgrading kernels.

Ok, enough about that. It was literally a two-liner change top defaults - out of the million or so lines of the full 4.13 patch changing real code.

Go get the new kernel,

Linus

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement