LWN.net

New compiler releases often bring with them new warnings; those warningsare usually welcome, since they help developers find problems before theyturn into nasty bugs. Adapting to new warnings can also create disruptionin the development process, though, especially when an important developerupgrades to a new compiler at an unfortunate time. This is just thescenario that played out with the 6.15-rc3kernel release and the implementation of-Wunterminated-string-initialization in GCC15.

Sometimes worms have a tendency to multiply once their can is opened.James Bottomley recently encountered that situation; he led a session inthe filesystem track at the 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF) to discuss filesystem behavior withrespect to suspending and resuming the system. As he noted in his topicproposal, he came at the problem because he needed a way toresynchronize the contents of efivarfsafter a system resume and thought there should be an API available to use.But, as the resulting thread shows, the filesystem freeze and thaw code hadnever been used by the system-wide suspend and resume code. Due to ascheduling mixup, though, several of us missed Bottomley's session,including Luis Chamberlain who has been working on hooking those two piecesup; what follows is largely from a second session that Chamberlain led,with some background information from the topic-proposal discussion and anemail exchange with Bottomley.

Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl).

Inside this week's LWN.net Weekly Edition:

The Fedora Project is looking for solutions to an interestingproblem with its image-based editions and spins, such as the Atomic Desktopsor CoreOS, that arecreated with rpm-ostree or bootc. If a package thatis part of a image-based version has a user or group createddynamically on installation, and it owns files installed on thesystem, the system may be subject to user ID (UID) and group ID (GID) "drift"on updates. This "UID/GID drift" may come about when a new image withupdates is generated, and therefore files may have the wrongownership. This can have side-effects ranging from mildly inconvenient toserious. No solutions have been adopted just yet, but there are a fewideas on how to deal with the problem.

The NLnet Foundation has announcedthe projects that have received funding from its October callfor grant proposals from the NextGeneration Internet (NGI) Zero Commons Fund.

In the filesystem track at the 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF), Amir Goldstein wanted to resumediscussinga feature that he had briefly introduced at the end of a 2023 summit session: filesystem "writebarriers". The idea is to have an operation that would wait for anyin-flight write()system calls, but not block any new write() calls as biggerhammers, such as freezing the filesystem,would do. His prototype implementation is used by a hierarchicalstorage management (HSM) system to create a crash-consistentchange log, but there may be other use cases to consider. He wantedto discuss implementation options and the possibility of providing anAPI for user-space applications.

Security updates have been issued by AlmaLinux (bluez, expat, and postgresql:12), Fedora (chromium, golang, LibRaw, moodle, openiked, ruby, and trafficserver), Red Hat (bluez, expat, gnutls, libtasn1, libxslt, mod_auth_openidc, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), and Ubuntu (linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime, linux-azure, linux-azure-6.11, linux-gcp-6.8, and matrix-synapse).

The Linux kernel can be configured so thatkernel modules must be signed orotherwise authenticated to be loadedinto the kernel. Some BPF developers want that to be an option for BPF programsas well - after all, if those are going to run as part of the kernel,they should be subject to the same code-signing requirements. Blaise Boscaccyand Cong Wang presented two different visions for how BPF code signing couldwork at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit.

The UserspaceI/O (UIO) subsystem was first added to the kernel byHans J. Koch for the 2.6.32 release in 2007. Its purpose is to facilitatethe writing of drivers (mostly) in user space; to that end, it providesaccess to a number of resources that user-space code normally cannot touch.One piece that is missing, though, is DMA addresses. A proposal tofill that gap from Bastien Curutchet is running into some opposition,though.

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, kernel, libxslt, mod_auth_openidc:2.3, and webkit2gtk3), Fedora (c-ares, giflib, jupyterlab, perl, perl-Devel-Cover, perl-PAR-Packer, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, ruby, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data, rust-icu_properties, rust-icu_properties_data, rust-icu_provider, rust-icu_provider_macros, rust-idna, rust-idna_adapter, rust-litemap, rust-ron, rust-sequoia-openpgp, rust-sequoia-openpgp1, rust-tinystr, rust-url, rust-utf16_iter, rust-version-ranges, rust-write16, rust-writeable, rust-zerovec, rust-zip, thunderbird, and uv), SUSE (erlang, erlang26, and govulncheck-vulndb), and Ubuntu (mosquitto).

Anton Protopopov kicked off the BPF track onthe second day of the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit with a discussion about permittingindirect calls in BPF. He also spoke about his continuing work onstatic keys, a topic which is related because the implementation of indirectjumps and static keys in the verifier use some of the same mechanisms fortracking indirect control-flow.Although some design work remains to be done, it may soon bepossible to make indirect calls in BPF without any extra work compared to normalC.

The Fedora Project's RISC-Vspecial-interest group (SIG) has announcedthe availability of FedoraLinux42 images for supportedRISC-V boards, as well as QEMUand container images. The SIG is working toward making RISC-V aprimary architecture for Fedora, and has made significant progress inthe past year.

The Python Steering Councilaccepted PEP 750("Template Strings") on April 10. LWNcovered the discussion around the proposal, including thesubstantial revisions to the idea that were needed for itto be accepted. Template strings (t-strings) are a new kind of string that producesstructured data instead of a raw string, allowing library authors to build their own customtemplate-handling logic.Since the approval happened before the cutoff for new features (May 6),support for template strings will be included in Python 3.14, scheduled for October 2025.

Ask a Linux enthusiast who created the Linux kernel, and odds are they will haveno trouble naming Linus Torvalds-but many would be stumped if asked what thefirst Linux distribution was, and who created it. Some might guess Slackware, or its predecessor, Softlanding LinuxSystem (SLS); both were arguably more influential but arrived just a bitlater. The first honest-to-goodness distribution with a proper installer was MCCInterimLinux,created by Owen LeBlanc, released publicly in early1992. I recentlyreached out to LeBlanc to learn more about his work on the distribution, whathe has been doing since, and his thoughts on Linux in2025.

Security updates have been issued by Debian (erlang, fig2dev, shadow, wget, and zabbix), Fedora (chromium, jupyterlab, llama-cpp, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data, rust-icu_properties, rust-icu_properties_data, rust-icu_provider, rust-icu_provider_macros, rust-idna, rust-idna_adapter, rust-litemap, rust-ron, rust-sequoia-openpgp, rust-sequoia-openpgp1, rust-tinystr, rust-url, rust-utf16_iter, rust-version-ranges, rust-write16, rust-writeable, rust-zerovec, rust-zip, uv, and webkitgtk), Slackware (libxml2 and zsh), SUSE (argocd-cli, chromium, coredns, ffmpeg-6, and firefox), and Ubuntu (imagemagick).

The 6.15-rc3 kernel prepatch is out fortesting. "There's absolutely nothing of huge note here as far as I cantell. Just a fair number of small fixes all over the place".

The6.14.3,6.13.12, and6.12.24 stable kernel updates have beenreleased; each contains another set of important fixes. Note that the6.13.x series ends with 6.13.12.

The New Stack looksat EU OS, an attempt to create a desktop system for the European publicsector.

The final session in the memory-management track of the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit was a brief, last-minuteaddition run by Kalesh Singh. The kernel's readahead mechanism isgenerally good for performance; it ensures that data is present by the timean application gets around to asking for it. Sometimes, though, readaheadcan go a little too far.

Adding tracepoints to some kernel subsystems has been controversial-ordisallowed-due to concerns about the user-spaceABI that they might create. The virtual filesystem (VFS) layer haslong been one of the subsystems that has not allowed any tracepoints, butthat may be changing. At the 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF), Ted Ts'o led a discussion aboutwhether the ABI concerns are outweighed by the utility of tracepoints forthe VFS.

Security updates have been issued by Debian (graphicsmagick and libapache2-mod-auth-openidc), Fedora (giflib, mod_auth_openidc, mysql8.0, perl, perl-Devel-Cover, perl-PAR-Packer, perl-String-Compare-ConstantTime, rust-openssl, rust-openssl-sys, trunk, and workrave), Mageia (chromium-browser-stable and rust), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreoffice, and webkit2gtk3), Red Hat (gvisor-tap-vsock), SUSE (containerd, docker, docker-stable, forgejo, GraphicsMagick, libmozjs-115-0, perl-32bit, poppler, subfinder, and thunderbird), and Ubuntu (erlang and ruby2.3, ruby2.5).

Version25.04 ("Plucky Puffin") of the Ubuntu Linux distribution has beenreleased. This release includes Linux 6.14, GNOME 48, APT 3.0, and introduces aArm64desktop ISO to install Ubuntu Desktop on Arm64 systems. This is aninterim release, with support through January2026. See the releasenotes for a detailed list of new features and changes.

Version14.5 of the TorBrowser has been released. Notable features in this releaseinclude the addition of Connection Assist for the Android version ofthe Tor Browser, and language support for Belarusian, Bulgarian, andPortuguese for all versions of the browser.

The kernel's memory controller works within the control-group mechanism toenforce memory-usage limits on groups of processes. This component hasoften had performance problems, so there is continual interest inoptimizing it. Shakeel Butt led a session during the memory-managementtrack of the 2025 Linux Storage, Filesystem, Memory-Management, and BPFSummit to look at the current state of the memory controller and what canbe done to reduce its overhead.

Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3).

Inside this week's LWN.net Weekly Edition:

Debian's Advanced Package Tool (APT) is the suite of utilities that handle packagemanagement on Debian and Debian-derived operating systems. APT recently received amajor upgrade to 3.0 just in time for inclusion in Debian13("trixie"), which is planned for release sometime in 2025. The version bump iswarranted; the latest APT has user-interface improvements, switches to Sequoia to verify packagesignatures, and includes solver3-a new solver that is designed to improvehow it evaluates and resolves package dependencies.

GNOME contributor Michael Catanzaro has written a blogpost about a noteworthy vulnerability in GNOME's help browser, Yelp.

Allowing directories to be modified in parallel was the topic of JeffLayton's filesystem-track session at the 2025 Linux Storage, Filesystem,Memory Management, and BPF Summit (LSFMM+BPF). There are certain usecases, including for the NFS and Lustre filesystems, as mentioned in a patch setreferenced in the topicproposal, where contention in creating multiple files in a directory iscausing noticeable performance problems. In some testing, Layton has foundthat the inode read-write semaphore (i_rwsem) for the directory isserializing operations; he wanted to discuss alternatives.

The BPF verifier is not magic; it cannot solve thehalting problem. Therefore,it has to err on the side of assuming that a program will run too long if itcannot prove that the program will not.The ultimate check on the size of a BPF program is theone-million-instruction limit - the verifier will refuse to process more thanone-million instructions, no matter what a BPF program does. Alexei Starovoitov gavea talk at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit about that limit,why correctly written BPF programs shouldn't hit it, and how to make the userexperience of large BPF programs better in the future.

Sergiu Gatlan reportsthat the US government has extended funding for the CommonVulnerabilities and Exposures (CVE) program, following yesterday's reports that fundingwould run out as of April16.

As a system runs, its memory becomes fragmented; it does not take longbefore the allocation of large, physically contiguous memory ranges becomesdifficult or impossible. The contiguous memoryallocator (CMA) is a kernel subsystem that attempts to address thisproblem, but it has never worked as well as some would like. Two sessionsin the memory-management track at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit looked at how CMA can be improved; thefirst looked at providing guaranteed allocations, while the secondaddressed some inefficiencies in CMA.

Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs).

In the first filesystem-track session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), virtualfilesystem (VFS) layer co-maintainer Christian Brauner had a few differenttopics he wanted to talk about. Issues on the agendaincluded iterating through anonymous mount namespaces, a needed featurefor ID-mapped mounts, the perennial unprivileged mounts topic, potentiallyusing hazard pointers for file reference counting, and Rust bindings. Hedid not expect to get through all of them in the 30 minutes allotted, butthe session did move along pretty quickly to at leastintroduce them to the assembled filesystem developers.

Security Week is one of several outlets reportingthat the funding for the CVE program at MITRE disappears as ofApril16.

Version25.0 ("Zetar") of the Arch-based Manjaro Linuxdistribution is now available. This release includes Linux kernel 6.12,GNOME48, KDE6.3, Xfce4.18, and more.

The Fedora Project has announcedthe release of Fedora Linux42, with "what's new" articles for FedoraWorkstationand FedoraKDEPlasmaDesktop. Thereis also a last-minute warning about the live media for the release:

Fedora Linux42 has been released with manyincremental improvements and updates. In this development cycle, the KDEPlasmaDesktophas finally gotten a promotion from a spin to anedition, the new web-baseduser interface for the Anaconda installer makes its debut, and theWayland-ification of Fedora continues apace. In all it is a solidrelease with lots of polish.

It is common, on NUMA systems, to try to allocate all memory on the localnode, since it will be the fastest. That is not the only possible policy,though; another is weighted interleaving,which seeks to distribute allocations across memory controllers to maximizethe bandwidth utilization on each. Configuring such policies can bechallenging, though. At the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, Joshua Hahn ran a session in thememory-management track about how that configuration might be automated.

Security updates have been issued by AlmaLinux (glibc), Red Hat (kernel and kernel-rt), Slackware (perl), SUSE (haproxy, kernel, and webkit2gtk3), and Ubuntu (cimg, perl, protobuf, and webkit2gtk).

Version3.0 of the Pintaimage editor has been released. The most notable change in thisrelease is that Pinta has been ported to GTK4.0 and libadwaita. Italso includes a number of improvements, new effects, and bug fixes.

BPF is, famously, not part of the kernel's promises of user-space stability. Newkernels can and do break existing BPF programs; the BPF developers try tofix unintentional regressions as they happen, but the whole thing can be something of a bumpyride for users trying to deploy BPF programs across multiple kernel versions.Shung-Hsi Yu and Daniel Xu had two different approaches to fixing the problemthat they presented at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit.

Andrew Morton, the lead maintainer for the kernel's memory-managementsubsystem, tends to be quiet during the Linux Storage, Filesystem,Memory-Management, and BPF Summit, preferring to let the developers workthings out on their own. That changes, though, when he leads thetraditional development-process session in the memory-management track. Atthe 2025 gathering, this discussion covered a number of ways in which theprocess could be improved, but did not unearth any significant problems.

Security updates have been issued by Debian (glib2.0, jinja2, kernel, mediawiki, perl, subversion, twitter-bootstrap3, twitter-bootstrap4, and wpa), Fedora (c-ares, chromium, condor, corosync, cri-tools1.29, exim, firefox, matrix-synapse, nextcloud, openvpn, perl-Data-Entropy, suricata, upx, varnish, webkitgtk, yarnpkg, and zabbix), Mageia (giflib, gnupg2, graphicsmagick, and poppler), Oracle (delve and golang, go-toolset:ol8, grub2, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (chromium, fontforge-20230101, govulncheck-vulndb, kernel, liblzma5-32bit, pgadmin4, python311-Django, and python311-PyJWT), and Ubuntu (graphicsmagick).

Linus has released 6.15-rc2 for testing."Nothing particularly stands out to me, but it's early in the releaseyet, so let's see how it goes."

Knowing how frequently accessed a page of memory is (its "hotness") is akey input to many memory-management heuristics. Jonathan Cameron, in amemory-management track at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, pointed out that the number of sourcesof that kind of data is growing over time. He wanted to explore thequestions of what commonality exists between data from those sources, andwhether it makes sense to aggregate them all somehow.

Eduard Zingerman presented a daring proposal that "makes sense if you thinkabout it a bit" at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit. He wants to inlineperformance-sensitive kernel functionsinto the BPF programs that call them. Hisprototype does not yet address all of the design problems inherent in that idea,but it did spark a lengthy discussion about the feasibility of his proposal.

Security updates have been issued by AlmaLinux (delve and golang and go-toolset:rhel8), Debian (webkit2gtk), Fedora (openvpn, thunderbird, uboot-tools, and zabbix), SUSE (expat, fontforge, govulncheck-vulndb, and kernel), and Ubuntu (haproxy and libsoup2.4, libsoup3).

Building on the discussion in the two previous sessions on untorn (oratomic) writes, for buffered I/O and for XFS using direct I/O, Ojaswin Mujooremotely led asession on support for the feature on ext4. That took place in the combined storage andfilesystem track at the2025 Linux Storage, Filesystem, Memory Management, and BPF Summit. Part ofthe support for the feature is already in the upstream kernel, with morecoming. But there are still some challenges that Mujoo wanted to discuss.