Developer Resources
Board support packages
Foundry27 projects
Forums
Home
Developer Resources
Technical Articles

QNX Technical Articles

QNX® SDP 7.0 Security Update (Build ID 861): Release Notes

Date of this edition: March 18, 2020

Note: Changes to these notes since August 17, 2018 are highlighted below with this icon: New:

Target OS: This product is compatible with targets that are running QNX® Neutrino® 7.0.

Host OS: In order to install this product, you must have installed the QNX Software Development Platform 7.0 on one of the following development hosts:

  • Microsoft Windows 10 Pro 64-bit, Windows 8.1 Pro 64-bit, or Windows 7 Professional 64-bit
  • macOS version 10.10, 10.11, 10.12
  • Linux Red Hat Enterprise Linux 7 64-bit, Ubuntu Desktop 18.04 LTS 64-bit, or Ubuntu Desktop 16.04 LTS 64-bit, on x86_64 processors (QNX SDP 7 isn't supported on Linux on ARM processors)
Note:
  • To access the most up-to-date version of these release notes, go to the QNX Software Center, right-click on the package, choose Properties, and use the link provided.
  • Packages in the QNX Software Center include debugging information, unless the debugging information is very large, in which case it's in a separate package.

Contents...

Throughout this document, you may see reference numbers associated with particular issues, changes, etc. When corresponding with our Technical Support staff about a given issue, please quote the relevant reference number. You might also find the reference numbers useful for tracking issues as they become fixed.

See also the release notes for the following:

What's in this package?

This update includes the following packages:

  • com.qnx.sdp.host.win.x86_64 (7.0.797.S201805111924)
  • com.qnx.sdp.host.linux.x86_64 (7.0.797.S201805111924)
  • com.qnx.sdp.host.macosx.x86_64 (7.0.797.S201805111924)
  • com.qnx.sdp.target.microkernel.core (7.0.861.S201806201434)
  • com.qnx.sdp.target.microkernel.core.dbg (7.0.861.S201806201434)
  • com.qnx.sdp.target.microkernel.kdumper (7.0.861.S201806201434)
  • com.qnx.sdp.target.microkernel.kdumper.dbg (7.0.861.S201806201434)
  • com.qnx.sdp.target.hypervisor.kernel_module (2.0.861.S201806201434)

Fixed issues and new features

  • New: The version number of the kernel is now 7.0.2.
  • We've incorporated a workaround for the Meltdown exploit (CVE-2017-5754). For information about this exploit, see https://meltdownattack.com/; for instructions on using our workaround, see "Applying the workaround for Meltdown," below. (Ref# J2462783)
  • The compiler has some new command-line options for x86 and x86_64 only that allow some hardening against certain Spectre variants (CVE-2017-5715). For information about this exploit, see https://meltdownattack.com/; for information about the command-line options, see "GCC retpoline implementation," below. (Ref# J2531558, J2497775)
  • We've corrected the yval.h header file so that it doesn't redefine tolower() and hence cause compilation errors if you're using the Intel compiler. (Ref# J2354708)

Applying the workaround for Meltdown

Note: There are two parts to applying the workaround for Meltdown:
  • updating the QNX Neutrino microkernel by installing this update
  • installing a Board Support Package that's set up to use the workaround

Performance will be lower if you apply this workaround. For more information, contact your sales representative.

In order to apply the workaround for Meltdown, do the following:

  1. Apply this update, in order to update your version of the kernel.
  2. Get an updated version of the Board Support Package for your board. We've updated the following BSPs:
    Board Package Version
    Denverton SoC x86-64 (64-bit) com.qnx.bsp.x86_64_denverton_abl 7.0.15.E201805171010
    Gordon Ridge RMB (Apollo Lake) com.qnx.bsp.Intel_x86_64_APL_abl 7.0.27.E201805171014
    Generic x86-64 (64-bit) com.qnx.bsp.x86_64_generic 7.0.9.E201805171029
  3. Edit the startup options for your board to include the -E option:
    • Specify -E meltdown to apply the workaround.
    • Specify -E ~meltdown to not apply the workaround.

    The workaround isn't applied by default.

  4. Follow the instructions in the BSP to rebuild the OS image and install it on the board.

Future BSP releases will support enabling the workaround for Meltdown. If you require the workaround for your BSP, please contact us.

GCC retpoline implementation

GCC 5.4.0 for QNX Neutrino 7 now includes a backport of the retpoline patches introduced for GCC 7 to handle some cases of the SPECTRE vulnerabilities on 32- and 64-bit x86 architectures. These compiler switches control changes to the branch code generation to inhibit speculative execution of branches:

-mindirect-branch=choice
Convert indirect calls and jumps as specified by choice:
  • keep (the default) — leave indirect calls and jumps unmodified.
  • thunk — converts indirect calls and jumps to a call-and-return thunk.
  • thunk-inline — converts indirect calls and jumps to an inlined call-and-return thunk.
  • thunk-extern — converts indirect calls and jumps to an external call-and-return thunk provided in a separate object file.

You can control this behavior for a specific function by using the function attribute indirect_branch.

Note that -mcmodel=large is incompatible with -mindirect-branch=thunk and -mindirect-branch=thunk-extern since the thunk function may not be reachable in the large code model.

-mfunction-return=choice
Convert function returns as specified by choice:
  • keep (the default) — leave function returns unmodified.
  • thunk — converts function returns to a call-and-return thunk.
  • thunk-inline — converts function returns to an inlined call-and-return thunk.
  • thunk-extern — converts function returns to an external call-and-return thunk provided in a separate object file.

You can control this behavior for a specific function by using the function attribute function_return.

Note that -mcmodel=large is incompatible with -mfunction-return=thunk and -mfunction-return=thunk-extern since the thunk function may not be reachable in the large code model.

-mindirect-branch-register
Force indirect calls and jumps via register.

Experimental items

Caution: Experimental software is primarily provided for customers and the community to try out, and perhaps to get a glimpse of what might be in store for the future. For information about the use of experimental software, see the Commercial Software License Agreement (CSLA) or Partner Software License Agreement (PSLA) in the Licensing area of our website, http://www.qnx.com/legal/licensing/.

The experimental items in this release are:

  • QNX framework for integrity measurement (QFIM)
  • New: Trusted Platform Module (TPM)
    Note: The version of TPM that shipped with SDP 7.0 is deprecated and will be replaced with a different TPM service in a future release.

Known issues

  • New: The L memory configuration option for procnto is a superset of the l option. You can combine them, but they're processed in the order that you specify them, resulting in different combinations of locking and superlocking. The L~l combination is invalid because memory is superlocked but not locked; don't use it. (Ref# J2746113)
  • New: Specifying the ARM_SHMCTL_SO bit in the special argument to shm_ctl_special() should result in strongly ordered mappings but currently doesn't. (Ref# J2740401)

    Workaround: Also set ARM_SHMCTL_SH. Adding this bit results in strongly ordered mappings and doesn't remove functionality because non-cacheable mappings are always outer-shareable (i.e., you can't get a non-shareable non-cacheable mapping anyway).

  • New: In <time.h>, there's a macro named timespec2nsec(), which gets called instead of the C Library function with the same name and method signature. In this release, the macro implementation has unexpected behavior sometimes because it evaluates its argument twice. So, code that would be valid for calling the C function is not valid for calling the macro. (Ref# J2642295)

    Workaround: For the argument, avoid using code that may have a different meaning or become undefined when evaluated for the second time. An example would be using increment or decrement operators in an array index that references a timespec structure, as in the following statement:

    timespec2nsec((struct timespec*)attribList[i++]);
  • New: Some tc*() (terminal interface) functions are implemented as having cancellation points when according to POSIX, they must not or should not have them. This issue is being fixed in a newer version of QNX SDP.

    The terminal interface functions that incorrectly do have cancellation points include:

    • tcdrain()
    • tcgetsid()
    • tcsetsize()
    • tcgetsize()
    • tcinject()
    • tcischars()

    In the documentation, the safety table for each listed function has a No value in the Cancellation point column. This should be used as a guideline in writing programs that use these functions; they should not be used as cancellation points. (Ref# J2711220)

  • New: If you don't specify a leading slash in the name and you aren't in the root directory, posix_typed_mem_open() fails to open the typed memory object. (Ref# J1035253)

    Workaround: Start the name with a slash.

  • New: The definition of USHRT_MAX in <limits.h> is incorrect; it should be as follows: 
    #if __INT_BITS__-0 <= 16
#define USHRT_MAX   65535U       /*  maximum value of an unsigned short  */
#else
#define USHRT_MAX   65535      /*  maximum value of an unsigned short  */
#endif

    (Ref# J2753844, J2753845)

See also the release notes for the following:

Technical support

To obtain technical support for any QNX product, visit the Support area on our website (www.qnx.com). You'll find a wide range of support options, including community forums.

For questions about installing and using QNX SDP, see the Getting Started forum on our Foundry27 site, http://community.qnx.com. There are other forums for specific topics, including the QNX Neutrino RTOS, development tools, networking, Board Support Packages, and so on.