LWN.net

The seventh edition of the Power Management and Schedulingin the Linux Kernel Summit (known as "OSPM") took place on March 18-20,2025. Topics discussed on the third (and final) day include proxyexecution, energy-aware scheduling, the deadline scheduler, and anevaluation of the kernel's EEVDF scheduler.

Mozilla has decided to throw inthe towel on Pocket, a social-bookmarkingservice that it acquired in 2017. This has left many users scramblingfor a replacement for Pocket before its shutdown in July. One possibleoption is wallabag, aself-hostable, MIT-licensed project for saving web content for laterreading. It can import saved data from services like Pocket, sharecontent on the web, export to various formats, and more. Even better,it puts users in control of their data long-term.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, brltty, brotli, ca-certificates-mozilla, dnsdist, glibc, grub2, kernel, libsoup, libsoup2, libxml2, open-vm-tools, perl, postgresql13, postgresql15, postgresql16, postgresql17, python-cryptography, python-httpcore, python-h11, python311, runc, s390-tools, slurm, slurm_20_11, slurm_22_05, slurm_23_02, slurm_24_11, tomcat, and webkit2gtk3), and Ubuntu (linux-aws).

As of this writing, 5,546 non-merge changesets have been pulled into the mainlinekernel repository for the 6.16 release. This is a bit less than half of thetotal commits for 6.15, so the merge window is well on its way. Read on for oursummary of the first half of the 6.16 merge window.

As the end of the 1990s approached, a lot of kernel-development effort wasgoing into improving support for 32-bit systemswith shockingly large amounts of memory installed. This being the 1990s,having more than 1GB of memory in such a system was deemed to be shocking.Many of the compromises made to support such inconceivably large systemshave remained in the kernel to this day. One of those compromises -bounce buffering of I/O requests in the block layer - has finally beeneased out for the 6.16 release, more than a quarter-century after itsintroduction.

The SUSE Security Team has published a detailedreport about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium(ISC).

The 6.14.9 and 6.12.31 stable kernels have been released.Each contains an unusually large number of important fixes all over thekernel tree.

Security updates have been issued by AlmaLinux (kernel and kernel-rt), Debian (firefox-esr, libvpx, net-tools, php-twig, python-tornado, setuptools, varnish, webpy, yelp, and yelp-xsl), Fedora (xen), Mageia (cimg and ghostscript), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, thunderbird, and unbound), Red Hat (firefox, mingw-freetype and spice-client-win, pcs, and varnish:6), Slackware (curl and mozilla), SUSE (apparmor, containerd, dnsdist, go1.23-openssl, go1.24, gstreamer-plugins-bad, ImageMagick, jetty-minimal, python-tornado, python313-setuptools, s390-tools, thunderbird, tomcat10, ucode-intel, and wxWidgets-3_2), and Ubuntu (ffmpeg, krb5, libsoup3, libsoup2.4, linux-aws-5.4, linux-aws-fips, linux-fips, linux-oracle-6.8, net-tools, and python-setuptools, setuptools).

Inside this week's LWN.net Weekly Edition:

The GNU C Library(glibc) is the core C library for most Linux distributions, so it is a crucial part of the open-source ecosystem-and an attractivetarget for any attackers looking to carry out supply-chainattacks. With that being the case, securing the project'sinfrastructure using industry best practices and improving thesecurity of its development practices are a frequent topic among glibcdevelopers. A recent discussion suggests that improvements are nothappening as quickly as some would like.

Mahe Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,and John Fastabend have run into in their work onTetragon (Apache-licensed BPF-based security monitoring software)at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The sessionprompted discussion about the feasibility of letting BPF programssend data over the network, as well as potential new kfuncs to let BPF firewallssend TCP reset packets. Tardy presented several possible ways that these couldbe accomplished.

Canonical's Launchpadsoftware-collaboration platform that is used for Ubuntu developmentwill be shutting down its hosted mailing lists atthe end of October. The announcementrecommends Discourse or Launchpad Answers asalternatives. Ubuntu's mailinglists are unaffected by the change.

The increasing sophistication of attackers has organizationsrealizing that perimeter-based security models are inadequate. Manyare planning to transition their internal networks to a zero-trustarchitecture. This requires every communication on the network tobe encrypted, authenticated, and authorized. This can be achieved inapplications and services by using modern communicationprotocols. However, the world still depends on Domain Name System(DNS) services where encryption, while possible, is far from being theindustry standard. To address this we, as part of a working group atRed Hat, worked on fully integrating encrypted DNS for Linuxsystems-not only while the system is running but also during theinstallation and boot process, including support for a customcertificate chain in the initial ramdisk. This integration is nowavailable in CentOSStream9, 10, and the upcomingFedora43 release.

Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free and kernel), Arch Linux (bind and varnish), Debian (glibc and syslog-ng), Fedora (microcode_ctl, mozilla-ublock-origin, nodejs20, and nodejs22), Mageia (firefox, nss, rootcerts, open-vm-tools, sqlite3, and thunderbird), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, nodejs:22, php, php:8.2, php:8.3, python-tornado, redis, and redis:7), Red Hat (libsoup, pcs, and python-tornado), Slackware (mozilla), SUSE (bind, dnsdist, elemental-operator, govulncheck-vulndb, gstreamer-plugins-bad, jetty-annotations, jq, libnss_slurm2, libyelp0, mariadb, nvidia-open-driver-G06-signed, prometheus-blackbox_exporter, python-h11, python-httpcore, python-setuptools, python312, python39-setuptools, screen, sqlite3, umoci, and webkit2gtk3), and Ubuntu (cifs-utils, glibc, linux-aws, linux-intel-iotg-5.15, linux-nvidia-tegra-igx, linux-raspi, linux-aws-fips, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-raspi-5.4, and net-tools).

Version10 of the AlmaLinux OS distribution has been released.

Srinivas Narayana led a remote session about extendingAgni to prove the correctness ofthe BPF verifier's handling of different execution paths as part of the Linux Storage,Filesystem, Memory Management, and BPF Summit. The problem of ensuring thecorrectness of path explorationis much more difficult than the problem ofensuring the correctness of arithmetic operations(which wasthe subject of the previous session), however. Narayana's plan totackle the problem makes use of a mixture of specialized techniques - and mayneed some assistance from the BPF developers to make it feasible at all.

Cory Doctorow wears many hats:digital activist, science-fiction author, journalist, and more. He hasalso written many books, both fiction and non-fiction, runs the Pluralistic blog, is a visitingprofessor, and is an advisor to the ElectronicFrontier Foundation (EFF); his Chokepoint Capitalismco-author, Rebecca Giblin, gave a 2023 keynotein Australia that we covered. Doctorow gave a rousing keynote onthe state of the "enshitternet"-today's internet-to kickoff the recently held PyCon US2025 in Pittsburgh, Pennsylvania.

Version25.05 of the NixOS distribution has been released. Changes includesupport for the COSMIC desktop environment (reviewed here in August), GNOME48, a6.12 kernel, and many new modules; see therelease notes for details. (Thanks to Pavel Roskin).

Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free, libsoup, and python-tornado), Debian (libavif and pgbouncer), Red Hat (gstreamer1-plugins-bad-free, mingw-freetype and spice-client-win, and webkit2gtk3), SUSE (firefox, govulncheck-vulndb, and python310-setuptools), and Ubuntu (flask, intel-microcode, openjdk-17-crac, tika, and Tomcat).

The 6.14 kernel development cycle only brought in 11,003 non-mergechangesets, making it the slowest cycle since 4.0, which was released in2015. The 6.15 kernel, instead, brought in 14,612 changesets, making itthe busiest release since 6.7, released at the beginning of 2024. Thekernel development process, in other words, is back up to full speed. The6.15release happened on May25, so the time has come for theobligatory look at where the changes in this release came from.

Security updates have been issued by AlmaLinux (389-ds-base, ghostscript, grafana, kernel, and osbuild-composer), Debian (intel-microcode, kernel, libphp-adodb, and openssl), Fedora (dotnet8.0, ghostscript, iputils, nbdkit, open-vm-tools, thunderbird, and vyper), Mageia (chromium-browser-stable, glibc, iputils, microcode, nodejs, and zsync), Oracle (.NET 8.0, .NET 9.0, 389-ds-base, avahi, buildah, compat-openssl11, expat, firefox, ghostscript, gimp, git, grafana, gvisor-tap-vsock, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:20, osbuild-composer, podman, skopeo, thunderbird, vim, webkit2gtk3, xdg-utils, xterm, and yelp), Red Hat (kernel, kernel-rt, libsoup, libsoup3, python-tornado, and ruby), Slackware (ffmpeg), SUSE (audiofile, firefox, glibc, govulncheck-vulndb, grafana, kernel, kind, kubo, libecpg6, postgresql13, postgresql14, python-Django, python-setuptools, python-tornado6, python311-Flask, python311-tornado6, python313, python36-setuptools, thunderbird, transfig, and xen), and Ubuntu (glib2.0, linux-bluefield, linux-ibm, linux-raspi, and openjdk-21-crac).

Linus has released the 6.15 kernel, asexpected.

The seventh edition of the Power Management and Schedulingin the Linux Kernel Summit (known as "OSPM") took place on March 18-20,2025. Topics discussed on the second day include improvements to devicesuspend and resume, the status and future of sched_ext, the scx_lavdscheduler, improving the efficiency of load balancing, and hierarchicalconstant bandwidth server scheduling.

The BPF verifier is an increasingly complex and security-critical piece of code.When the kinds of people who are apt to work on BPF see a situation like that,they naturally question whether it's possible to use formal verification toensure that the implementation of the code in question is correct. SantoshNagarakatte led the first of two extra-long sessions in the BPF trackof the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summitabout his team's work formally verifying the BPF verifier with acustom tool calledAgni.

Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3).

Mozilla has announcedthat it is shutting down Pocket, a bookmarking service acquired by Mozillain 2017, this coming July. "Pocket has helped millions save articlesand discover stories worth reading. But the way people use the web hasevolved, so we're channeling our resources into projects that better matchtheir browsing habits and online needs."

Our recent article on Home Assistantobserved that the project emphasizes installations using its own Linuxdistribution or within containers. The project has now made that emphasisrather stronger with thisannouncement of the deprecation of the "core" and "supervised"installation modes, which allowed Home Assistant to be installed as anordinary application on a Linux system.

The Fedora Council has ruled on the Fedora Engineering SteeringCouncil's (FESCo) decision last year to revoke Peter Robinson'sprovenpackager status. In a statementpublished to the fedora-devel-announce mailing list, the council hasannounced that it has overturned FESCo's decision:

Testing filesystems is a frequent topic atthe Linux Storage, Filesystem,Memory Management, and BPF Summit (LSFMM+BPF); the 2025 edition was noexception. Boris Burkov led a filesystem-track session to discussstress-testing filesystems-and running those tests for lengthy periods. Hereviewed what he has been doing when testing filesystems and wanted togather ideas for what could be done to catch more bugs before thefilesystems hit production.

Greg Kroah-Hartman has announced the release of the 6.14.8, 6.12.30, 6.6.92, 6.1.140, and 5.15.184 stable kernels. As usual, eachcontains a long list of important fixes throughout the kernel tree.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4, postgresql-17, and Tomcat).

Inside this week's LWN.net Weekly Edition:

Shawn Webb has published a statusreport on work to provide basic support in FreeBSD for userland componentswritten in Rust.

In late March, version 78.0.1 of Setuptools - an importantPython packaging tool - was released. It was scarcely half an hour beforethe first bugreport came in, and it quickly became clear that the change was farmore disruptive than anticipated. Within only about five hours 78.0.2 waspublished to roll back the change, and multiple discussions werestarted about how to limit the damage caused by future breakingchanges. Nevertheless, many users still felt the response wasinadequate. Some previous Setuptools releases have also caused problems on a smaller but still notable scale, and hopefully the developers will be more cautious going forward. But there are also lessons here for the developers of Python package installers, ordinary Python developers and end users, and even Linux distribution maintainers.

Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, perl-Mojolicious, thunderbird, yelp, and yelp-xsl), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk with Extended Lifecycle Support, java-21-ibm-semeru-certified-jdk, java-21-openjdk, kernel, libxslt, ruby, ruby:3.1, ruby:3.3, unbound, and webkit2gtk3), SUSE (glib2, grub2, kernel, libwebp, openssh, and s390-tools), and Ubuntu (linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime, linux-azure, linux-azure-5.15, linux-nvidia-tegra, linux-azure, linux-azure-6.8, linux-oem-6.8, linux-azure, linux-kvm, linux-azure-fips, linux-azure-nvidia, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, mariadb-10.6, and postgresql-12, postgresql-14, postgresql-16).

Ihor Solodrai has been working on the BPF subsystem's continuous-integration(CI) testing for the last six months. At the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, he remotely sharedan update on his work, and solicited feedback on how the tests could be furtherimproved. Much of the work he's done has been specific to the BPF subsystem, butsome is more generic and could potentially be of use to other subsystems. Healso shared some general lessons learned from working on the BPF CI tests.

Despite careful planning and months of warning, Debian developer MoZhou has acknowledged that the project needs more time to grapple withthe questions around AI models and the Debian Free Software Guidelines(DFSG). For now, he has withdrawn his proposed General Resolution (GR)that would have required the original training data for AI models tobe released in order to be considered DFSG-compliant-though thedebates on the topic continue.

Red Hat has announcedthe release of Red Hat Enterprise Linux (RHEL) 10. A blog postaccompanying the release provides details on some of the more notablefeatures, such as encrypted DNS, a developer preview of RHEL10for RISC-V,and imagemode for RHEL using bootc.

Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips).

Roland Shoemaker has published a blog post about arecent security audit of the cryptography packages shipped as part ofthe Go standard library. The audit, performed by the Trail of Bits security firm,uncovered one low-severity vulnerability in the legacy Go+BoringCryptointegration, as well as a handful of informational findings.

The seventh edition of the Power Management and Schedulingin the Linux Kernel (known as "OSPM") Summit took place on March 18-20,2025. It was organized by Juri Lelli, Frauke Jager, Tommaso Cucinotta, andLorenzo Pieralisi, and was hosted by Linutronix at Alte Fabrik,Uhldingen-Muhlhofen, Germany. The event was sponsored by Linutronix, Arm,and the Scuola Superiore Sant'Anna in Pisa.

Security updates have been issued by Debian (dropbear, firefox-esr, intel-microcode, net-tools, openafs, thunderbird, and xrdp), Fedora (chromium, micropython, syslog-ng, webkitgtk, and xen), Mageia (dropbear and openssh), Oracle (.NET 9.0, kernel, libjpeg-turbo, and yelp and yelp-xsl), Red Hat (compat-openssl11, git-lfs, grafana, kernel, and osbuild and osbuild-composer), Slackware (mozilla), SUSE (cargo-c, gimp, iputils-20240905, kernel, libraw, microcode_ctl, openssh, pnpm, python311-cramjam, python311-httptools, python311-jwcrypto, python311-loguru, python311-mechanize, python311-nltk, python311-oauthlib, python311-py7zr, python311-pycapnp, python311-pyspnego, python311-pywayland, python311-suds, python311-treq, python311-ujson, python311-waitress, ruby3.4-rubygem-actionmailer, ruby3.4-rubygem-actiontext, ruby3.4-rubygem-activerecord, ruby3.4-rubygem-activestorage, ruby3.4-rubygem-fluentd, ruby3.4-rubygem-globalid, ruby3.4-rubygem-jquery-rails, ruby3.4-rubygem-kramdown, ruby3.4-rubygem-loofah, ruby3.4-rubygem-multi_xml, ruby3.4-rubygem-puma, ruby3.4-rubygem-rails, ruby3.4-rubygem-rails-html-sanitizer, ruby3.4-rubygem-sprockets, ruby3.4-rubygem-web-console, ruby3.4-rubygem-websocket-extensions, ucode-intel-20250512, and valkey), and Ubuntu (dotnet8, dotnet9, linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-oracle, linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, and linux-xilinx-zynqmp).

The 6.15-rc7 kernel prepatch is out fortesting. "So while I wish we hadn't had some of the excitement of lastweek, on the whole it all still looks pretty solid, and unless somethingstrange happens I'll do the final 6.15 release next weekend."

The6.14.7,6.12.29,6.6.91,6.1.139, and5.15.183stable kernel updates have been released; each contains another set ofimportant fixes.

The first article in this series providedan overview of Home Assistant,its community, and its capabilities. It was deliberately short ondescriptions of interesting things that can be done with Home Assistant,though - the reasons why one might actually want to use this program. Inthis closing article, we'll look at how Home Assistant was used to solvesome real problems.

The Asahi Linuxproject, which supports Linux on Apple Silicon Macs, has published aprogress report ahead of the 6.15 kernel's release.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, kernel, kernel-rt, redis:6, and yelp and yelp-xsl), Debian (chromium), Red Hat (compat-openssl11, kernel, and thunderbird), and SUSE (nbdkit, open-vm-tools, and rustup).

The Electronic Frontier Foundation has posted a somewhat belated memorialfor John Young, the founder of Cryptome.

To commemorate the tenth anniversary of the 1.0 releaseof the Rust language,version1.87.0 was announced live today at the 10 Years of Rustcelebration in Utrecht, Netherlands. Notable changesinclude the addition of anonymous pipes to the standard library andthe ability for inline assembly (asm!) to jump to labeledblocks within Rust code.

Leon Romanovsky began his session at the 2025 Linux Storage, Filesystem,Memory Management, and BPF Summit (LSFMM+BPF) by explaining that the improved DMA-mapping API that he has beenworking on is a group effort. He, Chaitanya Kulkarni, Christoph Hellwig,Jason Gunthorpe, and others are proposing to modernize the API and to"make it more suitable for current kernels". He told the assembledstorage and filesystem developers that the progress on the proposal hasstalled, but that it was the basis for further work in various areas, so hehoped to find a way to move forward with it.