Linux Kernel Crisis Luckily Averted In Time
This YouTube video discusses a security regression introduced into the Linux kernel by a patch from a Microsoft developer, Mike Rappaport. Key points include:
-
The incident: A patch set aimed at improving the handling of read-only executable (ROX) memory on x86_64 systems introduced a regression breaking hibernation functionality and potentially compromising Control Flow Integrity (CFI) mechanisms like CET (Control Flow Enforcement Technology) and Shadow Stack.
-
The developer: While initially submitted when Rappaport was at IBM, the problematic patch (version 6) was introduced after he joined Microsoft. This highlights the potential for even established companies to contribute flawed code.
-
The review process failure: The patch, despite its flaws, went through several iterations and was reviewed by a Samsung employee, but the significant regression wasn’t caught before it almost made it into a production release. This underscores problems in the Linux kernel’s code review and testing processes.
-
The detection and fix: Intel and AMD engineers discovered the regression during testing. The problem ultimately stemmed from incorrect handling of writable memory addresses, not the core ROX memory management. A simple fix – disabling the problematic feature for x86_64 – was implemented.
-
The broader implication: The incident highlights the inherent challenges in maintaining a large, collaborative open-source project like the Linux kernel, where thorough testing and review are crucial but not always guaranteed. Even with multiple companies contributing, significant regressions can still slip through. The video concludes by noting that such occurrences are common in kernel development.