The 4.13 kernel is out

[Posted September 3, 2017 by corbet]

Linus has released the 4.13 kernel, right on schedule. Headline features in this release include kernel hardening via structure layout randomization, native TLS protocol support, better huge-page swapping, improved handling of writeback errors, better asynchronous I/O support, better power management via next-interrupt prediction, the elimination of the DocBook toolchain for formatted documentation, and more. There is one other change that is called out explicitly in the announcement: "The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for 'stop using SMB1' or similar), the default cifs mount now defaults to a rather more modern SMB 3.0."

(Log in to post comments)

The 4.13 kernel is out

Posted Sep 4, 2017 10:04 UTC (Mon) by joib (subscriber, #8541) [Link]

> The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for 'stop using SMB1' or similar), the default cifs mount now defaults to a rather more modern SMB 3.0.

How does this interact with Samba and the CIFS Unix Extensions? I thought the equivalent for SMB2/3 was still a work in progress?

The 4.13 kernel is out

Posted Sep 4, 2017 14:10 UTC (Mon) by jlayton (subscriber, #31672) [Link]

Unix extensions are still a WIP on SMB2/3. The good news is that they aren't needed as much as they were with SMB1. A lot of the core protocol already maps reasonably well to POSIX semantics. It's not perfect by any stretch of the imagination, but it's good enough for most purposes.

The 4.13 kernel is out

Posted Sep 5, 2017 0:17 UTC (Tue) by ledow (guest, #11753) [Link]

Does it matter? SMB 1 is broken and inherently insecure, so it's a bad default.

If people need it, they can change it back. If you're reliant on such extension working, you'll test and/or change the default and suffer the consequences.

Meanwhile, people who just have a Linux PC that they mount a network drive / NAS device / their laptop files from the network on aren't exposing themselves to serious compromise.

Bad default, but be careful if you stop anybody's pig from dancing

Posted Sep 5, 2017 14:04 UTC (Tue) by tialaramex (subscriber, #21167) [Link]

There is a balance here, because of Dancing Pigs a large proportion of people whose device ceases to work because of security will label that as "Your thing is broken" not "Hooray for protecting me". It makes no sense for Linux to deliberately put up a fence where the equivalent Windows systems just shrug "Eh, who needs security when you can have compatibility?". However it looks as though Microsoft is moving in the same direction, there's no need for us to be _worse_ than them about security holes they're responsible for.

There's a "First Mover" penalty which is why the Web Browser Vendors sometimes behave like a cabal - if they all make your pig stop dancing at roughly the same time, you might shake your fists and blame the cabal, but at least you won't switch to the least secure option just because it keeps your pig dancing. This avoids the Powers That Be looking at the situation and deciding by fiat that there won't be any more security fixes, all pigs must be permitted to continue dancing even if it hairlips the governor.

There's also "Last change gets the blame" at work. In many cases the reason an organisation (or home) needs SMB1 is some obsolete third party device they've become dependent on. But they bought that years ago, and humans have learned to blame the new thing, for completely rational reasons, so even though the _right_ fix might be to replace that 10 year old printer or WiFi router, the actual fix may be to return the shiny new secure Linux appliance and get the insecure alternative instead.

Bad default, but be careful if you stop anybody's pig from dancing

Posted Sep 8, 2017 15:05 UTC (Fri) by NightMonkey (subscriber, #23051) [Link]

I think you and I might be supporting the same users? It's like you are writing entries in my diary. Especially the last paragraph.

The 4.13 kernel is out

Posted Sep 5, 2017 10:04 UTC (Tue) by claudio (guest, #118397) [Link]

I would also add that on Linux 4.13 SCHED_DEADLINE switched from the CBS to the GRUB algorithm, allowing to reclaim CPU bandwidth unused by other blocked deadline tasks.

The 4.13 kernel is out

Posted Sep 6, 2017 7:18 UTC (Wed) by jani (subscriber, #74547) [Link]

So long, DocBook! I'm somewhat surprised by your swift departure, I was expecting you to linger a bit longer. I don't think I'll shed a tear for you, though.

The 4.13 kernel is out

Posted Sep 8, 2017 15:07 UTC (Fri) by NightMonkey (subscriber, #23051) [Link]

Is there some sort of replacement for DocBook? Not that I used its output much, but I do like options in reading the kernel code and commentary.

DocBook replacement

Posted Sep 8, 2017 15:11 UTC (Fri) by corbet (editor, #1) [Link]

See this article for details, along with various other updates that can be found here.