Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2025-08-08 09:30
[$] On the use of LLM assistants for kernel development
By some appearances, at least, the kernel community has been relativelyinsulated from the onslaught of AI-driven software-development tools.There has not been a flood of vibe-coded memory-management patches - yet.But kernel development is, in the end, software development, and thesetools threaten to change many aspects of how software development is done.In a world where companies are actively pushing their developers to usethese tools, it is not surprising that the topic is increasingly prominentin kernel circles as well. There are currently a number of ongoingdiscussions about how tools based on large language models (LLMs) fit intothe kernel-development community.
Rust 1.89 released
The release of Rust 1.89 has beenannounced. Changes this time includesupport for inferring the length of certain arrays, lint messages suggesting how to clarify potentially confusing uses of lifetime elision in function signatures, and improvements to the C ABI. Thefull changelog is also available.
Security updates for Thursday
Security updates have been issued by AlmaLinux (glibc, kernel, libxml2, python-requests, and python-setuptools), Debian (chromium), Fedora (chromium, firefox, gdk-pixbuf2, iputils, libsoup3, libssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, and poppler), Gentoo (Composer and Spreadsheet-ParseExcel), Oracle (glibc, kernel, libxml2, python-setuptools, sqlite, and virt:rhel and virt-devel:rhel), Red Hat (libxml2), SUSE (grub2, libarchive, libgcrypt, and python311), and Ubuntu (cifs-utils and poppler).
[$] LWN.net Weekly Edition for August 7, 2025
Inside this week's LWN.net Weekly Edition:
Native NVIDIA support for AlmaLinux OS 9 and 10
The AlmaLinux project has announcedthe availability of packages to enable native NVIDIA driver support,including CUDA and Secure Boot, for AlmaLinux9 and 10.
Almeida: a brief introduction on how GPU drivers work
Daniel Almeida continueshis look at graphics drivers on the Collabora blog.
[$] Don't fear the TPM
There is a great deal of misunderstanding, and some misinformation, about theTrustedPlatform Module (TPM); to combat this, Debian developer JonathanMcDowell would like to clear the air and help users understand what itis good for, as well as what it's not. At DebConf25 in Brest, France,he delivered atalk about TPMs that explained what they are, why people might beinterested in using them, and how users might do so on a Debiansystem.
Tuba v0.10.0 released
Version0.10.0 of the Tubafediverse client has been released. Notable changes in this releaseinclude a new post composer, an in-app web browser, search history,and many other refinements. See this thread formore details and highlights.
A kbuild and kconfig maintainer change
For eight years, Masahiro Yamada has been the sole maintainer of thekernel's build and configuration systems - two complex pieces ofinfrastructure that many people interact with, but few truly understand.Yamada has just steppeddown from that position. Maintenance of the build system will be takenup by Nathan Chancellor and Nicolas Schier (in the "odd fixes" capacity),while the configuration system is now entirely unmaintained.Thanks are due to Yamada for all that work, and to Chancellor and Schierfor stepping up. Hopefully a way will be found to better support theseimportant subsystems in the near future.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi).
Proxmox Virtual Environment 9.0 released
Proxmox Virtual Environment 9.0, based on Debian13("trixie"), has been released. Notablenew features include snapshots for thick-provisioned LVM sharedstorage, affinity rules for high availability (HA) clusters, and amodernized mobile web interface for managing Proxmox systems. See thereleasenotes and knownissues for more details about the release.
[$] Improving control over transparent huge page use
The use of huge pages can significantly increase the performance of manyworkloads by reducing both memory-management overhead in the kernel andpressure on the system's translation lookaside buffer (TLB). The additionof transparent huge pages (THP) for the 2.6.38 kernel release in 2011caused the kernel to allocate huge pages automatically to make theirbenefits available to all workloads without any effort needed on theuser-space side. But it turns out that use of huge pages can make someworkloads slower as the result of internal memory fragmentation, so the THPfeature is often disabled. Two patch sets aimed at better targeting theuse of transparent huge pages are currently working their way through thereview process.
The 2025 Maintainers Summit call for topics
The call for topics forthe 2025 Maintainers Summit has been posted. The Summit, to be held inTokyo on December10, will involve around 30 developers gathered todiscuss development-process issues for the kernel. Anybody who isinterested in attending is encouraged to post a nomination along with thetopic they would like to discuss. Nominations and topics are best sentbefore September10.The call for topics for the Kernel Summit, which runs as a Linux Plumbers Conference track, is alsoout.
[$] Python performance myths and fairy tales
Antonio Cuni, whois a longtime Python performance engineer and PyPy developer, gave a presentation at EuroPython2025 about "Myths and fairy tales around Python performance" onthe first day of the conference in Prague. As might be guessed from thetitle, he thinks that much of the conventional wisdom about Pythonperformance is misleading at best. With lots of examples, he showed wherethe real problems that he sees lie. He has come to the conclusion that memorymanagement will ultimately limit what can be done about Python performance,but he has anearly-stage project called SPy thatmight be a way toward a super-fast Python.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (python-requests), Fedora (mingw-libxslt), Red Hat (gdk-pixbuf2, jq, kernel, mod_security, ncurses, nodejs:22, opentelemetry-collector, python-setuptools, python3-setuptools, python3.12-setuptools, qt5-qt3d, redis, redis:6, redis:7, sqlite, and unbound), SUSE (apache2, cairo, chromium, djvulibre, govulncheck-vulndb, grub2, java-11-openjdk, java-17-openjdk, liblua5_5-5, nvidia-open-driver-G06-signed, python, python310, python314, python39, redis, sqlite3, and systemd), and Ubuntu (apport, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-azure, and linux-oracle).
[$] Debian grapples with offensive packages, again
A pair of packages containing fortune "cookies" that weredeemed offensive have been removed from the upcoming Debian13("trixie") release. This has, of course, led to a lengthy discussionand debate about what does, or does not, belong in thedistribution. It may also lead to a general resolution (GR) to decidewhether Debian's codeof conduct (CoC) applies to the contents of packages.
Security updates for Monday
Security updates have been issued by AlmaLinux (java-21-openjdk, kernel, libxml2, and lz4), Debian (exempi, ruby-graphql, and sope), Fedora (binutils, chromium, gdk-pixbuf2, libsoup3, poppler, and reposurgeon), Mageia (glib2.0 and wxgtk), Oracle (jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base and libxml2), Red Hat (kernel, pandoc, pcs, qemu-kvm, redis, and rsync), SUSE (chromedriver, coreutils, cosign, docker, gdk-pixbuf-devel, glib2, gnutls, grub2, gstreamer-plugins-base, helm, ignition, java-21-openjdk, jbigkit, jq, kernel, kubernetes1.28, kwctl, libxml2, nvidia-open-driver-G06-signed, opensc, pam-config, protobuf, python310, tgt, and valkey), and Ubuntu (linux-iot).
[$] The NNCPNET email network
Running a modern mail server is acomplicated business. In part, thiscomplication is caused by the series of incrementally developed practicesdesigned to combat the huge flood of spam that dominates modern emailcommunication. An unfortunate side effect is that it prevents people fromrunning their own mail servers, concentrating people on a few big providers.NNCPNET is a suite of software written by John Goerzen based on thenode-to-node copy (NNCP)protocol that aims to make running one's own mail servers as easy as it oncewas. While the default configurations communicates only with otherNNCPNET servers, there is a public relay that connects the system to the broaderinternet mail ecosystem.
More malware uploaded to Arch Linux AUR (Linuxiac)
Linuxiac reportsthat another malicious package has been uploaded to the Arch UserRepository (AUR). This time around the package wasgoogle-chrome-stable, which installed a remote-access trojan along with Google Chrome.
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8).
Three more stable kernel updates
Greg Kroah-Hartman has released the6.15.9,6.12.41, and6.6.101 stable kernels.
[$] A look at the SilverBullet note-taking application
SilverBullet is a MIT-licensed note-taking application, designed to run as aself-hosted web server. Started in 2022, the project is approachingits 2.0 release, making this a good time to explore the features it offers.SilverBullet stores notes as plainMarkdown files, and provides aLuascripting API to customize the application's appearance and behavior.
Garrett: Secure boot certificate rollover is real but probably won't hurt you
Matthew Garrett has posted a detailed followup toour recent article on the comingexpiration of Microsoft's Secure Boot signing key.
[$] 6.17 Merge window, part 1
As of this writing, just over 4,000 non-merge changesets have been pulledinto the mainline repository during the 6.17 merge window. When he announcedthe merge-window opening, Linus Torvalds let it be known that, due to abusy personal schedule, he was likely to pull changes more quickly thanusual this time around; that has been borne out to some extent. Changesmerged so far are focused on core-kernel and filesystem work; read on forthe details.
Security updates for Thursday
Security updates have been issued by AlmaLinux (firefox, java-21-openjdk, kernel, thunderbird, and unbound), Debian (chromium and systemd), Fedora (libtiff), Oracle (java-21-openjdk, libtpms, nodejs:22, redis:7, thunderbird, and unbound), Red Hat (firefox, redis, and thunderbird), SUSE (apache2, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, java-11-openjdk, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestf, libarchive, nvidia-open-driver-G06-signed, redis, and rmt-server), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-hwe-6.14, linux-oem-6.14, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-fips, linux-intel-iot-realtime, linux-realtime, linux-oracle, linux-oracle-6.8, linux-realtime, and sqlite3).
[$] LWN.net Weekly Edition for July 31, 2025
Inside this week's LWN.net Weekly Edition:
We need a European Sovereign Tech Fund (GitHub blog)
GitHub director of developer policy, Felix Reda, has publisheda blog post about a GitHub-commissioned study by Open Forum Europe, Fraunhofer ISI andthe European UniversityInstitute. The study finds, not surprisingly, "a profoundmismatch between the importance of open source maintenance and thepublic attention it receives"; it calls for a European sovereigntech fund (STF) modeled after Germany's Sovereign Tech Agency.
[$] Extending run-time verification for the kernel
There are a lot of things people expect the Linux kernel to do correctly. Someof these are checked by testing or static analysis; a few are ensured byrun-time verification: checking a live property of a running Linux system. Forexample, the scheduler has a handful of different correctness properties thatcan bechecked in this way.Nam Cao posted apatch series that aims to extend the kinds of properties that the kernel'srun-timeverification system can check, by adding support forlinear temporal logic (LTL). The patch set has seen eleven revisions since thefirst version in March2025, and recently made it into the linux-nexttree, from where it seems likely to reach the mainline kernel soon.
[$] On becoming a Python contributor
In the first keynote atEuroPython 2025 in Prague,Savannah Bailey described her path to becoming a CPython core developer inNovember 2024. She started down that path a few years earlier and hertalk was meant to inspire others-not to slavishly follow hers,but to create their own. In the talk, entitled "You don't have to be a compiler engineerto work on Python", she had lots of ideas for those whomight be thinking about contributing and are wondering how to do so.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4, and perl).
HeliumOS 10 released
The HeliumOS project has announcedthe release of HeliumOS10. It is relatively new image-based ("atomic")desktop distribution based on packages from CentOSStream andAlmaLinux, with a goal of providing 10 years ofsupport. HeliumOS10 uses the KDE Plasma Desktop, Zsh as itsdefault shell, and Btrfs as its default filesystem.
[$] A proxy-execution baby step
Priority inversion comes about when a low-priority task holds a resourcethat is also needed by a high-priority task, preventing the latter fromrunning. This problem is made much worse if the low-priority task isunable to gain access to the CPU and, as a result, cannot complete its workand free the resources it holds. Proxy execution is a potential solutionto this problem, but it is a complex solution that has been underdevelopment for several years; LWN first lookedat it in 2020. The 6.17 kernel is likely to contain an important stepforward for this long-running project.
GNU C Library 2.42 released
Version 2.42 of the GNUC Library has been released. Changes include the addition of a number ofnew math functions, support for arbitrary baud rates in thetermios.h interface, support for SFrame-based stack tracing(described in this article), support formemory guard pages, and a handful ofsecurity fixes.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (freerdp, git-lfs, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, icu, ipa, iputils, krb5, libvpx, nodejs:22, osbuild-composer, perl, python-tornado, qt6-qtbase, sqlite, unbound, valkey, wireshark, and yggdrasil), Debian (libfastjson and php8.2), Fedora (glibc), Oracle (firefox, icu, perl, and unbound), Red Hat (389-ds-base, glib2, icu, libtpms, redis:6, redis:7, and yelp), SUSE (boost, forgejo-longterm, java-11-openj9, java-17-openj9, java-1_8_0-openj9, kernel, nginx, and salt), and Ubuntu (linux-xilinx-zynqmp, openjdk-8, openjdk-lts, poppler, and sqlite3).
Help for OpenPrinting needed
Till Kamppeter, co-founder and lead of the OpenPrinting project, hasput out a call for sponsors after being laid off by Canonical:
[$] Some 6.16 development statistics
The 6.16 development cycle was another busy one, with 14,639 non-mergechangesets pulled into the mainline - just 18commits short of thetotal for 6.15. The 6.16 release happenedon July27, as expected. Also as expected, LWN has put together itstraditional look at where the code for this release came from.
[$] Smaller Fedora quality team proposes cuts
Fedora's qualityteam is looking to reduce the scope of test coverage and changethe project's release criteria to drop some features from the list ofrelease blockers. This is, in part, an exercise in getting rid ofcriteria, such as booting from optical media, that are less relevant. It is also a necessity, since the Red Hat team focusing on Fedoraquality assurance (QA) is only half the size it was a year ago.
Security updates for Monday
Security updates have been issued by Debian (audiofile, libcaca, libetpan, libxml2, php7.4, snapcast, and thunderbird), Fedora (glibc, iputils, mingw-binutils, and thunderbird), Red Hat (kernel, kernel-rt, mod_auth_openidc, and mod_auth_openidc:2.3), SUSE (afterburn, apache2, atop, chromedriver, chromium, cloud-init, deepin-feature-enable, firefox, firefox-esr, grafana, grype-db, gstreamer-plugins-bad, javamail, jupyter-jupyterlab-templates, jupyter-nbdime, konsole, libetebase, libxmp, minio-client-20250721T052808Z, MozillaFirefox, MozillaFirefox-branding-SLE, opera, pdns-recursor, perl-Authen-SASL, polkit, python-Django, python3-pycares, python311-starlette, rpi-imager, ruby3.4-rubygem-thor, spdlog, thunderbird, varnish, viewvc, and xtrabackup), and Ubuntu (openjdk-21-crac).
LWN is back
The good folks at Linode still have not managed to fix whatever broke intheir data center, so we are running on an emergency backup server. Thingsseem to be working, but the occasional glitch is to be expected. Pleaseaccept our apologies for the extended downtime!Update: we're back on the regular production server, and all seemsstable now.
The 6.16 kernel is out
Linus has released the 6.16 kernel:
[$] Rethinking the Linux cloud stack for confidential VMs
There is an inherent limit to the privacy of the publiccloud. While Linux can isolate virtual machines (VMs) from each other,nothing in the system's memory is ultimately out of reach for the host cloudprovider. To accommodate the most privacy-conscious clients, confidentialcomputing protects the memory of guests, even fromhypervisors. But the Linux cloud stack needs to be rethought in order to hostconfidential VMs, juggling two goals that are often at odds: performanceand security.
Security updates for Friday
Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24).
Wayback 0.1 released
Version0.1 of the Waybackproject has been released:
Four new stable kernels
The 6.15.8, 6.12.40, 6.6.100, and 6.1.147 stable kernels have been released.Each contains important fixes throughout the kernel tree, as usual.
[$] Graphene OS: a security-enhanced Android build
People tend to put a lot of trust into their phones. Those devices haveaccess to no end of sensitive data about our lives - our movements,finances, communications, and more - so phones belonging to even relativelylow-profile people can be high-value targets. Android devices run freesoftware, at least at some levels, so it should be possible to ensure thatthey are working in their owners' interests. Off-the-shelf Androidinstallations tend to fall short of that goal. The GrapheneOS Android rebuild is an attemptto improve on that situation.
Security updates for Thursday
Security updates have been issued by Debian (chromium, firefox-esr, and mediawiki), Fedora (firefox), Oracle (git, kernel, redis, and sudo), Red Hat (aardvark-dns, firefox, kernel, and thunderbird), Slackware (httpd), SUSE (php7, php8, and salt), and Ubuntu (linux-raspi-realtime and ruby-rack).
[$] LWN.net Weekly Edition for July 24, 2025
Inside this week's LWN.net Weekly Edition:
Discovering and recovering from PostgreSQL corruption on Matrix.org
Richard van der Hoff, a member of the team that runs the Matrix.org homeserver,has writtena detailed blog post about diagnosing and fixing a problem where Matrix roomswould simply stop working:
[$] Understanding Debian's security processes
Providing security updates for a Linux distribution, such asDebian, involves a lot of work behind the scenes-and requiresmuch more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France,Samuel Henrique walked through the process of providing securityupdates to users; he discussed how Debian learns about securityvulnerabilities, decides on the best response, and the process ofsending out updates to keep its users safe. He also provided guidanceon how others could get involved.
An update on Home Assistant's Android app
The Home Assistant project has publishedan update on improvements in its Android app, and plans for upcoming releases:
12345678910...