The famfsfilesystem is meant to provide a shared-memory filesystem for large datasets that are accessed for computations by multiple systems. It wasdeveloped by John Groves, who led a combined filesystem andmemory-management session atthe 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF) to discuss it. The session was afollow-up to the famfs session at last year'ssummit, but it was also meant to discuss whether the kernel's direct-access (DAX)mechanism, which is used by famfs, could be replaced in the filesystemby using other kernel features.
Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).
Version2025.5 of the Home Assistant home automation system has been released.With this release, the project is celebrating twomillion activeinstallations. Changes include improvements to the backup system, Z-WaveLong Range support, a number of new integrations, and more.
Anton Protopopov led a short discussion at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit about amount of memory usedby hash tables in BPF programs. He thinks that the current memory layout isinefficient, and wants to split the structure that holds table entries into twovariants for different kinds of maps. When that proposal proveduncontroversial, he also took the chance to talk about a bug in BPF's callinstruction.
The Debian project has the concept of essentialpackages, which provide the bare minimum functionality consideredabsolutely necessary (or "essential") for a system tofunction. Packages tagged as essential, and the packages that arerequired by the set of essential packages, are always installed aspart of a Debian system. However, Debian's packaging rules do notrequire developers to explicitly declare dependencies on that set ofpackages (the essential set) but they can simply rely on the fact that thosewill always be present. That means that changing the essential set, asthe project may wish to do occasionally, is more complicated than itshould be. This came to light recently when a Debian developer askedwhat might be required to remove mawk to slim downthe project's container images.
Version1.0.0 of Mission Center, a system-monitoring application, has beenreleased. Notable changes in this release include the addition ofSMART data for SATA and NVMe devices, display of per-processnetwork usage, as well as a redesigned Apps Page that providesmore information about applications and processes. Mission Center'sbackend application for obtaining system data has been renamed fromthe Gatherer to Magpie, and isnow available as a standalone executable and libraries that can beused by other applications.
Linux systems can have large filesystems; trying to keep up with thestream offanotify filesystem-monitoring notifications for them can be a struggle.Fanotify is one of a few ways to monitor accesses to filesystems provided by the kernel.Song Liu led a discussionon how to improve in-kernel filtering of fanotify events to a jointsession of the filesystem and BPF tracks at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit. He wants to combine the best parts of a fewdifferent approaches to efficiently filter filesystem events.
In a combined filesystem and memory-management session at the 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF), Joanne Koong led a discussion onimproving the writeback performance for the Filesystem inUserspace (FUSE) layer. Writeback is how data that is written to thefilesystem is actually flushed to the disk; it is the process of writingdirty pages from the page cache to storage. The current FUSEimplementation allocates unmovable memory, then copies the dirty data to itbefore initiating writeback, which is slow; Koong wanted to change thatbehavior. Since the session, she has posted apatch set that has been appliedby FUSE maintainer Miklos Szeredi.
Security updates have been issued by Fedora (chromium and kappanhang), Red Hat (osbuild-composer and thunderbird), SUSE (chromedriver), and Ubuntu (c-ares, corosync, mysql-8.0, mysql-8.4, openjdk-17, openjdk-21, openjdk-24, openjdk-8, and openjdk-lts).
AUTOSEL is a tool that is used to find kernel patches that should beconsidered for backporting into the stable releases. Sasha Levin has announced a new and completelyrewritten version of AUTOSEL for those who would like to play with it.
The disclosure of the Spectreclass of hardware vulnerabilities created a lot of pain for kerneldevelopers (and many others). That pain was especially acutely felt in theBPF community. While an attacker might have to painfully search the kernelcode base for exploitable code, an attacker using BPF can simply write andload their own speculation gadgets, which is a much more efficient way ofoperating. The BPF community reacted by, among other things, disallowingthe loading of programs that may include speculation gadgets. LuisGerhorst would like to change that situation with this patchseries that takes a more direct approach to the problem.
The 6.12.27 and 6.1.137 stable kernels have been released tofix build problems in their predecessors. Only those who are havingbuild troubles with 6.12.26 or 6.1.136 need to upgrade.
Security updates have been issued by Debian (ansible, containerd, and vips), Fedora (chromium, java-17-openjdk, nodejs-bash-language-server, nodejs-pnpm, ntpd-rs, redis, rust-hickory-proto, thunderbird, and valkey), Mageia (apache-mod_auth_openidc, fcgi, graphicsmagick, kernel-linus, pam, poppler, and tomcat), Red Hat (firefox, libsoup, nodejs:20, redis:6, rsync, webkit2gtk3, xmlrpc-c, and yelp), and SUSE (audiofile, ffmpeg, firefox, libsoup-2_4-1, libsoup-3_0-0, libva, libxml2, and thunderbird).
Linus has released 6.15-rc5 for testing."So it all feels like things are just continuing to go well thisrelease. Let's hope I didn't jinx it by saying so."
At the 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF) Kanchan Joshi and Keith Busch led acombined storage and filesystem session on data placement, which concernshow the data on a storage device is actually written. In a discussionthat hearkened back to previous summits, the idea is to give hints to enterprise-classSSDs to help them make better choices on where the data should go; hintingwas most recently discussed at the summit in 2023. If SSDs cangroup data with similar lifetimes together, it can lead to longer life forthe devices, but there is a need to work out the details.
Security updates have been issued by Debian (chromium, nodejs, openjdk-17, and thunderbird), Fedora (firefox, golang-github-nvidia-container-toolkit, and thunderbird), Mageia (kernel), Oracle (ghostscript, glibc, kernel, libxslt, php:8.1, and thunderbird), SUSE (cmctl, firefox-esr, govulncheck-vulndb, java-21-openjdk, libxml2, poppler, python-h11, and redis), and Ubuntu (docker.io, ghostscript, linux-xilinx-zynqmp, and micropython).
The6.14.5,6.12.26,6.6.89,6.1.136,5.15.181,5.10.237, and5.4.293stable kernel updates have all been released; each contains another set ofimportant fixes.
After a somewhat tumultuous switch to theServer Side Public License (SSPL) in March 2024, Redis has backtrackedand is now offering Redis under theAffero GPLv3 (AGPLv3) starting with Redis8, CEO Rowan Trollopeannounced. The change back to an open-source license was led by Redis creator Salvatore"antirez" Sanfillipo, who also contributed the new Vector Sets feature forthe release. He said:
The out-of-memory (OOM) killer has long been a scary and controversial partof the Linux kernel. It is summoned from some dark place when the systemas a whole (or, more recently, any given control group) is running so lowon memory that further allocations are not possible; its job is to kill offprocesses until a sufficient amount of memory has been freed. RomanGushchin has found a way to make the OOM killer even scarier: adding theability to loadcustom OOM killers in BPF.
Security updates have been issued by Debian (expat, fig2dev, firefox-esr, golang-github-gorilla-csrf, jinja2, libxml2, nagvis, qemu, request-tracker4, request-tracker5, u-boot, and vips), Fedora (firefox, giflib, and thunderbird), Mageia (imagemagick), Red Hat (thunderbird), SUSE (amber-cli, libjxl, and redis), and Ubuntu (h2o, poppler, and postgresql-10).
Lance Albertson writesthat the Oregon State University Open Source Lab, the home of manyprominent free-software projects over the years, has run into financialtrouble:
Many eyebrows were raised recently when three vulnerabilities were announcedthat allegedly impact GNUMailman 2.1,since many folks assumed that it was no longer being supported. That'snot quite the case. Even though version3 ofthe GNU Mailman mailing-list manager has been availablesince2015, and version2 was declared (mostly) end of life(EOL) in2020, there are still plenty of users and projects stillusing version2.1.x. There is, as it turns out, a big difference betweenmostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-managementplatform, still maintains a port ofMailman2.1.x to Python3 for its customers and wasquick to respond to reports of vulnerabilities. However, thecompany and upstream Mailman project dispute that the CVEs arevalid.
Modern compilers perform a lot of optimizations, which can complicate debugging.Song Liu and Thierry Treyer spoke about a potential improvement toBPF Type Format (BTF) debugging information that could partially combat thatproblem at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit.They want to add information on selectively inlined functions to BTF in order tobetter support tracing tools.Treyer participated remotely.
The Free Software Foundation has announcedthe completion of the review of its board of directors; the processresulted in the reconfirmation of all five sitting board members.
Just over six months ago, The Economist described the US economy as "the envy of theworld". That headline would be unlikely to appear now. The economicboom referenced in that article feels like a distant memory, markets arefalling, and uncertainty is at an all-time high. Like everybody else, LWNis affected by the current turbulence in the political and economicspheres; we expect to get through this period, but there will be somechallenges.
Security updates have been issued by Debian (glibc and libraw), Fedora (digikam, icecat, mingw-LibRaw, perl, perl-Devel-Cover, and perl-PAR-Packer), Red Hat (ghostscript, kernel, and kernel-rt), Slackware (mozilla), SUSE (augeas, firefox, and java-11-openjdk), and Ubuntu (binutils, libxml2, and nodejs).
The LWN.net fediverse (Mastodon) feed has moved; we are now known as @LWN@lwn.net. The migration magic hasshifted many of our followers over automatically but, if you follow thatstream, you might want to make sure that you have shifted to the newsource.
Version1.8.0of the Meson build system hasbeen released. Notable changes in this release include the ability torun rustdoc for Rust projects, support for the c2y and gnu2ycompiler options, and a new argument (android_exe_type) thatmakes it possible to use the same meson.build file forAndroid and non-Android systems.
Version138.0 of the Firefox web browser has been released. Changes includesome profile-management improvements, the ability to get weather-relatedsuggestions in the address bar (US only), and some security fixes.
The kernel's CPU scheduler has to balance a wide range of objectives. Thetasks in the system must be scheduled fairly, with latency for any giventask kept within bounds. All of the CPUs in the system should be kept busyif there is enough work to do, but unneeded CPUs should be shut down toreduce power consumption. A task should also run on the CPU that is mostlikely to have cached the memory that task is using. This patchseries from Chen Yu aims to improve how the scheduler handles cachelocality for multi-threaded processes.
Security updates have been issued by AlmaLinux (glibc, php:8.1, and thunderbird), Debian (libreoffice), Fedora (caddy), Mageia (chromium-browser-stable), Red Hat (php:8.1), SUSE (glow), and Ubuntu (kicad, linux-aws-5.15, linux-azure-nvidia, linux-gcp-5.15, mistral, python-mistral-lib, tomcat8, and trafficserver).
Version 3.25.0 of the Valgrinddynamic-analysis tool has been released. It has lots of new features,including initial support for RISC-V on Linux, handling zstd-compresseddebug sections, integration of the Linux TestProject test suite, support for lots more Linux system calls, and more.It also has plenty of bug fixes, of course.
The Open Source Initiative (OSI) has quietly published"takeaways" from its internal retrospective on the recent boardof directors election as an updateto the March blogpost that announced the new members of the board. The election wascontroversial, in part, due to poor communication and OSI changing theelection rules and disqualifying several candidates after the electionfinished. LWN coveredthe election and results in March. The update commits to improvementsin communication and candidate selection:
Martin Lau gave a talk in the BPF track of the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit about a performance problemplaguing the networking subsystem, and some potential ways to fix it. He works onBPF programs that need to store socket-local data; amid other improvements tothe networking and BPF subsystems, retrieving that data has become a noticeablebottleneck for his use case. His proposed fix prompted a good deal of discussionabout how the data should be laid out.
Security updates have been issued by AlmaLinux (thunderbird), Debian (distro-info-data, imagemagick, kernel, libsoup2.4, and poppler), Fedora (chromium, java-1.8.0-openjdk, java-1.8.0-openjdk-portable, java-17-openjdk, java-17-openjdk-portable, java-latest-openjdk, pgadmin4, thunderbird, and xz), Mageia (haproxy and libxml2), Oracle (bluez, firefox, gnutls, libtasn1, libxslt, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), Red Hat (delve and golang, glibc, mod_auth_openidc, mod_auth_openidc:2.3, and thunderbird), SUSE (augeas, chromedriver, cifs-utils, govulncheck-vulndb, java-11-openjdk, java-21-openjdk, kyverno, libraw, opentofu, runc, subfinder, and valkey), and Ubuntu (jupyter-notebook and libxml2).
The 6.15-rc4 kernel prepatch is out fortesting. "So let's see if this rc ends up avoiding any silly issues -things certainly look pretty normal, and there were no hurried last-minutechanges this week due to system upgrades".
The Debian project is discussing a General Resolution (GR) thatwould, if approved, clarify that AI models must include training datato be compliant with the DebianFree Software Guidelines (DFSG) and be distributed by Debian asfree software. While GR discussions are sometimes contentious, thediscussion around the proposal from Debian developer MoZhou hasbeen anything but-there seems to beconsensus that AI models are not DFSG-compliant if they lack trainingdata. There are, however, some questions about the exact language andquestions about the impact the GR will have on existing packages inthe Debian archive.
Version 15.1 of the GNUCompiler Collection has been released. Changes include implementing theC23 dialect by default, a number of new C++26 features, experimentalsupport for unsigned integers in Fortran, a new COBOL front end, andmore. See the GCC15changes page for details.
LWN.net