In a message to the Linux Kernel Mailing List yesterday, founding developer Linus Torvalds warned the world not to use the 5.12-rc1 kernel in its public git tree.
Hey peeps – some of you may have noticed that in my public git tree, the “v5.12-rc1” tag has been magically renamed to “v5.12-rc1-dontuse”. It’s still the same object, it still says “v5.12-rc1” internally and it’s still signed by me, but the user-visible name of the tag has changed.
It turns out that when Linus Torvalds marks a code
dontuse, he really means it – the problem with this 5.12 release candidate broke the handling of swapfiles in a very unpleasant way. Specifically, the updated code would lose the correct offset pointing to the beginning of the swap file. Again, in Torvalds’ own words, “swap still happened, but it happened to the wrong part of the filesystem, with the obvious catastrophic end results.”
If your imagination is insufficient, this means that when the kernel swapped the contents of memory to disk, the data would end up on random parts of the same disk and partition the swapfile…not as files, mind you, but as waste spewed directly to raw sectors on the disk. This means that not only data in existing files will be overwritten, but also rather large chunks of metadata whose corruption would likely render the entire file system unreadable and unusable.
Torvalds points out that if you didn’t use swap at all, this problem wouldn’t bite you. And if you use swap partitions instead of swap files, you would be unaffected in the same way. Unfortunately, he then reminds us that while he knows a lot about the kernel, he’s not necessarily all that familiar with all the plumbing that a normal end user does:
And, as far as I know, all normal distributions set things up with swap partitions, not files, because frankly, swapfiles tend to be slower and have several other complexity issues.
A lot distributions still swap partitions instead of files by default. But Ubuntu, arguably the most widely used Linux distribution in the world, has been installing swap files by default for over four years. If you’re an Ubuntu user (or a user of an Ubuntu-derived distro, like Mint), you probably have a swapfile and this bug would probably destroy your entire root filesystem.
However, Torvalds’ warning goes beyond what individual users could do with a release candidate kernel. It is even more important that kernel developers do not base their own work on that release and possibly a terribly annoying bug further forward.
I want to make sure no one starts new topic branches with that 5.12-rc1 tag. I know a few developers tend to say “Ok, rc1 is out, I’ve put all my development work in this merge box, I’ll now fast forward to rc1 and use that as a base for the next release”. Don’t do it this time. It may work perfectly for you because you have the common partition configuration, but it could become a terrible foundation for someone else who could end up cutting into that area.
This also leads to one of my own rather frequent warnings to other Linux users: don’t jump blindly into cowboy code that hasn’t been tested enough. Candidates for Linux kernel releases are: usual very, very solid, and it’s tempting to dive into new features as early as possible, but doing so can have very, very ugly consequences. And many of those consequences could have been avoided by waiting for the code to go into production at all.