October 26, 2016

Linux 3.17 is Getting ready for the Year 2038

  • October 6, 2014
  • By Sean Michael Kerner

Barely two months after the Linux 3.16 kernel release and Linux 3.17 is now out.

The Linux 3.17 kernel is the fifth major kernel release so far in 2014 and among its features is a fix for a flaw that wouldn't actually impact Linux for another 24 years.

The Unix 2038 bug conceptually is somewhat similar to the Y2K (Year 2000) flaw that didn't get fixed on many systems until 1999. Linux developers aren't waiting until the year 2037 and don't seem to be interested in re-visting the whole Y2K bug fixing experience.

With Linux 3.17 there is at least one patch to fix the Year 2038 issue, though there is likely some additional work yet to be done in future releases as well.

"The non-scalar ktime_t implementation is basically a timespec which has to be changed to support dates past 2038 on 32bit systems," Linux developer John Stultz wrote in his comit. "his patch removes the non-scalar ktime_t implementation, forcing the scalar s64 nanosecond version on all architectures."

One of the more interesting new features added to Linux in the 3.17 kernel are memory fences.

"A fence can be attached to a buffer which is being filled or consumed by hw, to allow userspace to pass the buffer without waiting to another device," Linux kernel developer, wrote in his kernel commit. "For example, userspace can call page_flip ioctl to display the next frame of graphics after kicking the GPU but while the GPU is still rendering. "

From a security perspective, Linux 3.17 includes new file sealing protections to the kernel. Linux kernel developer David Herrmann explainedin a mailing list message that sealing a file restricts the set of allowed operations on the file in question.

Hermann explained that:

"Unlike existing techniques that provide similar protection, sealing allows file-sharing without any trust-relationship. This is enforced by rejecting seal modifications if you don't own an exclusive reference to the given file. So if you own a file-descriptor, you can be sure that no-one besides you can modify the seals on the given file. This allows mapping shared files from untrusted parties without the fear of the file getting truncated or modified by an attacker."

Sean Michael Kerner is a senior editor at LinuxPlanet and InternetNews.com. Follow him on Twitter @TechJournalist

Sitemap | Contact Us