Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2024-03-29 04:15
A recent talk on kernel maintainership
LWN editor Jonathan Corbet was asked to give a brief talk about kernelmaintainership at the recently concluded LinuxFoundation Member Summit. That talk was recorded and has now been made availableon YouTube. There is little in it that will be news to regular LWNreaders, but it may be instructive to folks who are less well versed in howkernel development works.
Garrett: Why ACPI?
Matthew Garrett explainswhy ACPI exists and why it is not as bad a thing as some think.
Security updates for Wednesday
Security updates have been issued by Debian (h2o, open-vm-tools, pmix, and zookeeper), Gentoo (GitPython), Oracle (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), Red Hat (samba), SUSE (container-suseconnect, libsndfile, and slurm), and Ubuntu (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-laptop, linux-nvidia-6.2, linux-oem-6.1, linux-raspi, open-vm-tools, and xorg-server).
[$] Rust code review and netdev
A fast-moving patch set-seemingly the norm for Linux networkingdevelopment-seeks to add some Rust abstractions for physical layer(PHY) drivers. Lots of review has been done, and the patch set has been reworkedfrequently in response to those comments. Unfortunately, the Rust-for-Linux developers arehaving trouble keeping up with that pace. There is, it would appear, something of a disconnect between the two communities'development practices.
Incus 0.2 released
Version0.2 of Incus, an LXD fork, has been released. "This versionincorporates most changes that went into LXD 5.19 as well as introduce afew additional features and improvements." Changes include NVMEstorage support, support for migrating clustered environments from LXD, andmore.
Security updates for Tuesday
Security updates have been issued by Debian (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), Fedora (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), Gentoo (ConnMan, libxslt, and Salt), Mageia (chromium-browser-stable), Red Hat (firefox, libguestfs-winsupport, and thunderbird), SUSE (clamav, gcc13, gstreamer-plugins-bad, icu73_2, java-17-openjdk, nodejs10, poppler, python-Werkzeug, redis, thunderbird, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (kernel, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-iot, linux-raspi, linux-raspi-5.4, and mysql-8.0).
Bjarne Stroustrup’s Plan for Bringing Safety to C++ (The New Stack)
The New Stack coversa conference talk by Bjarne Stroustrup on turning C++ into a saferlanguage.
[$] Some 6.6 development statistics
The 6.6 kernel was released,right on schedule, on October29. This development cycle saw theaddition of 14,069 non-merge changesets from 1,978 developers - fairlytypical numbers for recent releases. The time has come for LWN'straditional look at where the changes in this release came from, along witha look at the longer development "supercycle" that (probably) ends with6.6.
Security updates for Monday
Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).
The 6.6 kernel has been released
Linus has released the 6.6 kernel. "Sothis last week has been pretty calm, and I have absolutely no excuses todelay the v6.6 release any more, so here it is."Headline features in 6.6 include the earliesteligible virtual deadline first (EEVDF) CPU scheduler, a number ofenhancements (quota support, user extended attributes, direct I/O) to thetmpfs filesystem, the fchmodat2()system call, initial support for building akernel without buffer-head support, the kmalloc() randomness patches, user-space shadow stacks for Intel CPUs, andquite a bit more. See the LWN merge window summaries (part1, part2) and the KernelNewbies 6.6 page formore information.
[$] Deferred scheduling for user-space critical sections
User-space developers working with highly threaded applications would oftenlike to be able to use spinlocks to protect shared data structures fromconcurrent access. There is a fundamental problem with user-spacespinlocks, though: there is no way to prevent a thread from beingpreempted. Various ways of working around this problem have been explored,but thispatch from Steven Rostedt questions the premise on which much of thatwork is based: what if it were possible to prevent preemption, for ashort period at least?
Removing syscall() from OpenBSD
For a view into the OpenBSD approach to security, see this message fromTheo de Raadt, where he describes a plan to remove the syscall() system call(which allows the invocation of any available system call by providing itsnumber) from the kernel. The purpose, of course, is to make it harder foran attacker to invoke an arbitrary system call, even if they are able torun some code on the target system.
Security updates for Friday
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk).
[$] Better string handling for the kernel
The C programming language is replete with features that seemed like a goodidea at the time (and perhaps even were good ideas then) that have not agedwell. Most would likely agree that string handling, and the use ofNUL-terminated strings, is one of those. Kernel developers have, foryears, tried to improve the handling of strings in an attempt to slow theflow of bugs and vulnerabilities that result from mistakes in that area.Now there is an early discussion on the idea of moving away fromNUL-terminated strings in much of the kernel.
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland).
[$] LWN.net Weekly Edition for October 26, 2023
The LWN.net Weekly Edition for October 26, 2023 is available.
[$] Weighted interleaving for memory tiering
The kernel has, for many years, had the ability to control how memoryallocation is performed in systems with multiple NUMA nodes. Morerecently, NUMA nodes have also been pressed into service to representdifferent classes of memory; those nodes are now organized into tiersaccording to their performance characteristics. While memory-allocationpolicies can control the placement of pages at the NUMA-node level, thekernel provides no way to connect those policies with memory tiers. Thispatch series from Gregory Price aims to change this situation byallowing allocations to be placed across tiers in a weighted manner.
The path toward a no-GIL Python
The Python Steering Council has posted adetailed plan for the addition of "free-threaded" (no globalinterpreter lock) support into the Python mainline. It will not be a shortprocess and does not have a guaranteed successful outcome.
Seven stable kernel updates
The6.5.9,6.1.60,5.15.137,5.10.199,5.4.259,4.19.297, and4.14.328stable kernels have all been released; each contains another set ofimportant fixes.
Security updates for Wednesday
Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).
[$] Home Assistant: ten years of privacy-focused home automation
Many home-automation devices come with their own mobile app or cloudservice. However, using multiple apps or services isinconvenient, so it's (purposely) tempting to only buy devices from the samevendor, but this can lead to lock-in. One project that letsusers manage home-automation devices from various vendors without lock-inis Home Assistant. Over itsten-year existence, it has developed into a user-friendly home-automationplatform that caters to both technically inclined and less tech-savvypeople.
Firefox 119.0 released
Version119.0 of the Firefox browser has been released. The list of changesincludes improvements to FirefoxView, some PDF-editing improvements, better cookie protection, encryptedclient hello support, and more.
Security updates for Tuesday
Security updates have been issued by Debian (ceph and dbus), Fedora (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), Mageia (libcue), Oracle (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), Red Hat (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), SUSE (fwupdate, gcc13, icu73_2, netty, netty-tcnative, and xen), and Ubuntu (aom, ffmpeg, libvpx, libxpm, linux-aws, linux-gcp-5.4, php7.0, php7.2, ring, and sofia-sip).
2023 Linux Foundation TAB election call for nominees
The 2023 election for members of the Linux Foundation Technical AdvisoryBoard will be held during the upcoming LinuxPlumbers Conference. The callfor nominees has been posted.
[$] Hyphens, minus, and dashes in Debian man pages
It is probably fair to say that most Linux users spend little time thinkingabout the troff typesetting program, despite that application'sgroundbreaking role in computing history. Troff (along with nroff) isstill with us, though, even if they are called groff these days, and everynow and then they make their presence known. A recent groff change createda bit of a tempest within the Debian community, and has effectively beenreverted there. It all comes down to the question of what, exactly, is thecharacter used to mark command-line options on Unix systems?
Security updates for Monday
Security updates have been issued by Debian (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), Fedora (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), Mageia (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), Oracle (nghttp2), Slackware (LibRaw), and SUSE (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools).
Kernel prepatch 6.6-rc7
Linus has released 6.6-rc7 for testing.
[$] mseal() and what comes after
Jeff Xu recently proposedthe addition of a new system call, named mseal(), that would allowapplications to prevent modifications to selected memory mappings. Itwould enable the hardening of user-space applications against certain typesof attacks; some other operating systems have this type of feature already.There is support for adding this type of mechanism to the Linux kernel aswell, but it has become clear that mseal() will not land in themainline in anything resembling its current form. Instead, it has becomean example of how not to do kernel development at a number of levels.
Security updates for Friday
Security updates have been issued by Debian (linux-5.10 and webkit2gtk), Fedora (matrix-synapse and trafficserver), Mageia (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), Oracle (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), Red Hat (php, php:8.0, tomcat, and varnish), Slackware (httpd), SUSE (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and Ubuntu (dotnet6, dotnet7, dotnet8, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-intel-iotg, linux-oem-6.1, linux-raspi, and mutt).
Three stable kernel updates
The6.5.8,6.1.59, and5.15.136stable kernel updates have been released; each contains another set ofimportant fixes.
[$] Toward safer GNU C Library tunable handling
When considering the interface provided by the GNU C Library (glibc),thoughts naturally turn to the programming interface as specified by POSIX,along with numerous extensions added over the years. But glibc alsoprovides a "tunables" interface to control how the library operates; ratherthan being managed by a C API, tunables are set with theGLIBC_TUNABLES environmentvariable. Glibc tunables have been a part of a few security problemsinvolving setuid binaries, most recently the "LooneyTunables" bug disclosed at the beginning of October. The glibcdevelopers are now considering significant changes to tunable handling inthe hope of avoiding such problems in the future.
Security updates for Thursday
Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).
[$] LWN.net Weekly Edition for October 19, 2023
The LWN.net Weekly Edition for October 19, 2023 is available.
[$] Defining open hardware
Open-source hardware (or open hardware) refers to hardware that isdeveloped in a manner similar to open-source software. There's a widelyaccepted definition of open-source hardware, but it is probably not as wellknown as its open-source-software counterpart. In addition, there is a popularcertification program that hardware makers can use to indicate which oftheir devices meets that criteria. But there are some vendors that areshowing more enthusiasm than others in participating in the process-or inproducing open hardware at all.
The GNOME Foundation's new executive director
The GNOME Foundation has announcedthe hiring of Holly Million as its new executive director.
Security updates for Wednesday
Security updates have been issued by Debian (slurm-wlm), Fedora (icecat and python-configobj), Oracle (dotnet6.0, kernel-container, nginx, nginx:1.20, nginx:1.22, and python3.9), Red Hat (bind9.16, curl, dotnet6.0, kernel-rt, kpatch-patch, nghttp2, nodejs, python-reportlab, and virt:rhel), Slackware (util), SUSE (buildah, conmon, erlang, glibc, kernel, nghttp2, opensc, python-urllib3, samba, slurm, and suse-module-tools), and Ubuntu (frr, linux-azure, and pmix).
[$] Improving C-library scalability with restartable sequences
The Linux kernel has supported restartablesequences (sometimes referred to as "RSEQ") since 2018, but it remainsa bit of a niche feature, mostly useful to performance-oriented developerswho do not mind writing assembly code. According to Mathieu Desnoyers, the developerbehind the kernel's implementation of restartable sequences, this featurecan be applicable to a much wider range of performance-sensitive code withproper library support. He came to the 2023 GNU Tools Cauldron topresent the case for use of restartable sequences within the GNU C Library(glibc).
Security updates for Tuesday
Security updates have been issued by Debian (axis, nghttp2, node-babel7, and tomcat9), Fedora (curl and ghostscript), Oracle (bind, kernel-container, mariadb:10.5, and python3.11), Red Hat (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), SUSE (kernel, libcue, libxml2, python-Django, and python-gevent), and Ubuntu (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba).
OpenBSD 7.4 released
OpenBSD 7.4 is out. Changes include a new kqueue1() system callthat allows close-on-exec behavior, support for better arm64 control-flowintegrity, support for TCP segmentation offloading, and much more.
[$] The 2023 Image-Based Linux Summit
Following up from last year's first Image-BasedLinux Summit), a second meeting was held in Berlin on September 12th,2023, the day before All Systems Go!2023, at the Microsoft office. The goal of these summits is to findcommon ground among stakeholders from various engineering groups around thetopic of image-based Linux distributions, communicate progress, and attemptto build a strategy to tackle shared problems together. The organizers -Luca Boccassi, Lennart Poettering, and Christian Brauner - welcomedparticipants from the UAPI Group,which draws developers from a long list of companies with an interest inthis area, and spent the full day discussing a variety of topics. Fullminutes have been published on the UAPI Group's web site.
Security updates for Monday
Security updates have been issued by Debian (batik, poppler, and tomcat9), Fedora (chromium, composer, curl, emacs, ghostscript, libwebp, libXpm, netatalk, nghttp2, python-asgiref, python-django, and webkitgtk), Mageia (curl and libX11), Oracle (bind, busybox, firefox, and kernel), Red Hat (curl, dotnet6.0, dotnet7.0, and nginx), SUSE (chromium, cni, cni-plugins, grub2, netatalk, opensc, opera, and wireshark), and Ubuntu (iperf3).
Kernel prepatch 6.6-rc6
The 6.6-rc6 kernel prepatch is out fortesting. "So the previous week has been pretty calm, and a lot of thediscussion has been about future changes as so often happens late in therelease cycle."
Stable kernel 6.1.58 released
The 6.1.58 stable kernel update has beenreleased; it consists mostly of a handful of reverts in the NFS subsystem.
[$] Recent improvements in GCC diagnostics
The primary job of a compiler is to translate source code into a binaryform that can be run by a computer. Increasingly, though, developers wantmore from their tools, compilers included. Since the compiler mustunderstand the code it is being asked to translate, it is in a goodposition to provide information about how that code will execute - andwhere things might go wrong. At the 2023 GNU Tools Cauldron,David Malcolm talked about recent work to improve the diagnostic outputfrom the GCC compiler.
Ubuntu 23.10 released
Version23.10 of the Ubuntu distribution is out. Changes include support forhardware-backed full-disk encryption, tighter control over user namespaces,a new App Center application, and more.
OpenWrt 23.05.0 released
Version23.05.0 of the OpenWrt distribution has been released: "OpenWrt23.05 supports over 1790 devices. Support for over 200 new devices wasadded in addition to the device support by OpenWrt 22.03". Along withnew device support, this release features a switch to the mbedtlscryptographic library, the ability to include utilities written in Rust, anupdated toolchain, and more.
Security updates for Friday
Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).
Civil Infrastructure Platform to maintain 6.1 for 10 years
The Civil Infrastructure Platform project has announcedthat it will be maintaining the 6.1 kernel for a minimum of ten years pastits initial release (and, thus, through 2032).
[$] Finer-grained BPF tokens
Programs running in the BPF machine can, depending on how they areattached, perform a number of privileged operations; the ability to loadand run those programs, thus, must be a privileged operation in its ownright. Almost since the beginning of the extended-BPF era, developers havestruggled to find a way to allow users to run the programs they needwithout giving away more privilege than is necessary. Earlier this year,the idea of a BPF token ran into someopposition from security-oriented developers. Andrii Nakryiko has sincereturned with anupdated patch set that significantly increases the granularity of theprivileges that can be conferred with a BPF token.
Security updates for Thursday
Security updates have been issued by Debian (libcue, org-mode, python3.7, and samba), Fedora (libcue, oneVPL, oneVPL-intel-gpu, and xen), Mageia (glibc), Oracle (glibc, kernel, libssh2, libvpx, nodejs, and python-reportlab), Slackware (libcaca), SUSE (gsl, ImageMagick, kernel, opensc, python-urllib3, qemu, rage-encryption, samba, and xen), and Ubuntu (curl and samba).
...567891011121314...