LWN.net

The pytest-mhproject is a plugin that provides a multi-host test framework for thepopular pytestunit-testing framework and test runner. Work on pytest-mhstarted in 2023 to solve a multitude of issues thatcropped up for developers and testers when testing the SSSD project, which is a client forenterprise identity management. I was not happy with the state oftesting of the SSSD project and wanted to create something that wouldincrease test readability, remove duplication, eliminate errors, andprovide multi-host testing capabilities, while having the flexibilityto build a new API around it. Finally, I also wanted something thatcan be used by anyone to test their projects as well.

Greg Kroah-Hartman has released another four stable kernels:6.13.4,6.12.16,6.6.79, and6.1.129. As usual, all users are advised to upgrade.

Security updates have been issued by AlmaLinux (bind, bind9.16, and mysql:8.0), Debian (chromium, djoser, libtasn1-6, and postgresql-13), Fedora (python3.12 and vim), Red Hat (libpq, postgresql, postgresql:13, postgresql:15, and postgresql:16), Slackware (ark), SUSE (brise, chromium, emacs, google-osconfig-agent, grafana, grub2, helm, kernel, openssh, openssl-1_1, ovmf, postgresql13, postgresql14, postgresql15, and postgresql17), and Ubuntu (gnutls28, libtasn1-6, openssl, python3.10, python3.12, python3.8, and webkit2gtk).

At the end of January we ran this articleon the discussions around a set of Rust bindings for the kernel'sDMA-mapping layer. Many pixels have been expended on the topic sinceacross the net, most recently in thissprawling email thread. Linus Torvalds has now madehis feelings known on the topic:

Version1.85.0 of the Rust language has been released. Changes in the releaseinclude support for async closures, some convenience iterators for tuples,and a number of stabilized APIs. The headline feature, though, is thatthis release stabilizes the Rust 2024edition, described as "the largest edition we have released".The 2024edition guide has a detailed listing of all the changes that wereincorporated this time around.

The maximum filesystem block size that the kernel can support has alwaysbeen limited by the host page size for Linux, even if the filesystems couldhandle larger block sizes. The large-block-size (LBS) patches that were mergedfor the 6.12kernel removed this limitation in XFS, thereby decouplingthe page size from the filesystem block size. XFS is the first filesystemto gain this support, with other filesystems likely to add LBS support inthe future. In addition, the LBS patches have been used to get the initial atomic-write support into XFS.

Atomic block writes, which have been discussed here afew times in the past, are block operations that either complete fully ordo not occur at all, ensuring data consistency and preventing partial (or"torn") writes. This means the disk will, at all times, contain either thecomplete new data from the atomic write operation or the complete old datafrom a previous write. It will never have a mix of both the old and the newdata, even if a power failure occurs during an ongoing atomic writeoperation. Atomic writes have been of interest to many Linux users,particularly database developers, as this feature can provide significantperformance improvements.

Security updates have been issued by Debian (mosquitto), Fedora (gnutls, kernel, libtasn1, microcode_ctl, openssh, python3.10, python3.11, and python3.9), Red Hat (bind, bind9.16, buildah, container-tools:rhel8, podman, and redis:6), Slackware (libxml2), SUSE (dcmtk, google-osconfig-agent, java-17-openj9, kubernetes1.30-apiserver, kubernetes1.31-apiserver, openssh, and ruby3.4-rubygem-grpc), and Ubuntu (linux, linux-lowlatency and linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime).

Inside this week's LWN.net Weekly Edition:

Mark Surman, president of the Mozilla Corporation, has announcedleadership updates for Mozilla. This includes a Mozilla LeadershipCouncil made up of executives from each Mozilla organization, and newboard chairs for the not-for-profit Mozilla Foundation, theMozilla Corporation, and Mozilla.ai. The announcement alsoindicates a desire to further "diversify" Mozilla's focus:

Steven Rostedt recently posteda patch set that could help improve the performance of certain user-spaceapplications by giving the scheduler more context about when they are safe tointerrupt. The patch set lets programs request a small grace windowbefore they can be interrupted so that they can relinquish any locks, decreasing theamount of time that other threads have to spend waiting. Rostedt sharedperformance numbers suggesting that the patch might cut the amount of time spentacquiring locks in half for some programs - although, since his test wasspecifically tuned for this case, real-world projects should expect a somewhatless dramatic improvement. The change received some pushback from schedulermaintainer Peter Zijlstra, who objected to the patch set's approach.

Version25.0.0 of the Mesa graphics library has been released. "The flashiest addition is probably the support for Vulkan 1.4 by Anv (Intel),Asahi (Apple), Lavapipe (software), NVK (NVIDIA), PanVK (Mali), RADV (AMD),and Turnip (Qualcomm).Users can expect the usual flurry of improvements across all drivers andcomponents."

Many of us enjoy uninterrupted access to mobile networks. However, inremote areas or during emergencies, that connectivity may not always beavailable. For such scenarios, Meshtastic offers a decentralizedwireless mesh network with open-source firmware that runs on affordable,low-power devices.At FOSDEM 2025, the Meshtasticproject was represented by one of its core developers, Thomas Gottgens, whogave a talk, "Meshtastic- off-grid communication for everyone", in the Radio developerroom (devroom).

The Fedora Project has announcedtwo milestones in its journey to supporting the RISC-V architecture: adedicated RISC-V Koji build system instance is live in the Fedora datacenter, and Fedora41-based images are now available for RISC-V. It is also possibleto run Fedora RISC-V images using QEMU for those without supportedhardware.

Debian Developer Thomas Lange has written a blog postin the attempt to help users find the right Debian image for theirsystems.

Security updates have been issued by AlmaLinux (gcc-toolset-14-gcc, nodejs:18, and nodejs:22), Fedora (bootc), Gentoo (OpenSSH), Oracle (doxygen, libxml2, mingw-glib2, and NetworkManager), Red Hat (bind, bind9.16, bind9.18, kernel, kernel-rt, mysql, and mysql:8.0), Slackware (openssh), SUSE (buildah, emacs, glibc, google-osconfig-agent, grub2, java-11-openj9, kernel, netty, netty-tcnative, openssh, openvswitch, podman, and ucode-intel), and Ubuntu (atril, libsndfile, libtasn1-6, openssh, python-virtualenv, and symfony).

Pi-hole v6 has been released. Thelatest version of the popular ad-blocking software sports a redesigneduser interface, has support for subscribing to allowlists, and bringsa new REST API and embedded web server. Its Docker/OCI image is nowbased on Alpine Linuxrather than Debian to reduce imagesize. See the announcement for guidance on upgrading existing Pi-holeinstallations.

The Reproducible-openSUSE project has announcedthat it has created a usable version of openSUSE with 100% reproduciblepackages.

Kernel developers have been working to convert various internal interfaces tousefolios; while this process has been progressing, there is still theoccasional regression introduced by the change. In December2024, it wasdiscovered that installing aFlatpak application could trigger a filesystem bug inthe kernel that would cause the software to read incorrect data from the disk.The problem was quickly fixed - only for an another problem caused by the foliorewrite to pop up in the same kernel subsystem. This was discovered by an ArchLinux user, who noticed that selecting files in a Flatpak application wascausing kernel crashes. Now both bugs are fixed, but there may be more bugs to find.

The 6.12.15 stable kernel update has beenfast-tracked to release. It seems that its predecessor contains aregression in the XFS filesystem that can lead to kernel crashes.

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).

It is a standard practice to use milestones to reflect on theachievements of a project, such as the anniversary of its firstrelease or first commit. Usually, these are observed at five andtenyear increments; the tenth anniversary of the 1.0 release, or 25years since from the first public announcement, etc. LennartPoettering, however, took a different approach at FOSDEM2025 with a keynotecommemorating 14 years of systemd,and a brief look ahead at his goals and systemd's challenges for the future.

Greg Kroah-Hartman has released three more stable kernels:6.13.3,6.12.14, and6.6.78.There was a bit of confusion that resulted in the patch forCVE 2025-21687getting applied twice - but that doesn't result in any problems for users of thekernel, just a bit of extra noise in the CVE database, so Kroah-Hartman hasdecided to leave the releases as-is instead of rushing another point release.

Security updates have been issued by AlmaLinux (container-tools:rhel8, gcc, libxml2, nodejs:18, and nodejs:20), Debian (freerdp2, golang-glog, trafficserver, and tryton-client), Fedora (chromium, krb5, libheif, microcode_ctl, nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and webkitgtk), Mageia (ffmpeg, golang, postgresql13 and postgresql15, and python-zipp), Oracle (container-tools:ol8, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, libxml2, and nodejs:20), Red Hat (gcc, idm:DL1, and ipa), SUSE (buildah, chromium, glibc, kernel, kernel-firmware-all-20250206, libecpg6, postgresql15, python, python3, python311, and ruby3.4-rubygem-rack), and Ubuntu (intel-microcode).

The 6.14-rc3 kernel prepatch is out fortesting; the announcement, for unknown reasons, went only to thelinux-btrfs list.

There are many challenges involved with running a web site like LWN. Someof them, such as finding the courage to write for people who know moreabout the subject matter than we do, simply come with the territory we havechosen. But others show up as an unwelcome surprise; the ongoing task offending off bots determined to scrape the entire Internet to (seemingly)feed into the insatiable meat grinder of AI training is certainly one ofthose. Readers have, at times, expressed curiosity about that fight andhow we are handling it; read on for a description of a modern-day plague.

Memcached is a memory-baseddata-caching daemon that has a long history. More than twenty years after its first publicrelease, Memcached strives to remain relevant in a vastly changedcomputing landscape, balancing new features with a commitment to the originalprinciples that separate it from newer alternatives like Redis and Hazelcast.

Security updates have been issued by AlmaLinux (doxygen, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, and libxml2), Debian (chromium, postgresql-13, and webkit2gtk), Fedora (krb5, openssl, and python3.13), Mageia (ark, ofono, and perl-Net-OAuth, perl-Crypt-URandom, perl-Module-Build), Oracle (firefox, gcc, gcc-toolset-14-gcc, kernel, openssl, tbb, and thunderbird), Red Hat (libxml2), SUSE (chromium, golang-github-prometheus-prometheus, grafana, kernel, kernel-firmware-ath10k-20250206, kernel-firmware-bnx2-20250206, kernel-firmware-brcm-20250206, kernel-firmware-chelsio-20250206, kernel-firmware-dpaa2-20250206, kernel-firmware-mwifiex-20250206, kernel-firmware-platform-20250206, kernel-firmware-realtek-20250206, kernel-firmware-serial-20250206, kernel-firmware-ueagle-20250206, libtasn1, python312, qemu, SUSE Manager Client Tools, SUSE Manager Client Tools MU 5.0.3, and ucode-intel-20250211), and Ubuntu (activemq and libsndfile).

The Asahi Linux project, which is working to support Linux on Applesilicon, has announced theresignation of Hector "marcan" Martin as its lead, and his replacement by aseven-person committee. "Today's news is bittersweet. We are gratefulto marcan for kicking off this project and tirelessly working on it thesepast years. Our community will miss him. Still, with your support, theproject has a bright future to come". Martin has explained his reasonsfor leaving at length in thisblog post.

The openSUSE project has announcedthat future installations of the Tumbleweed rolling distribution will useSELinux for mandatory access control rather than AppArmor. Existinginstallations will not be migrated, and AppArmor will continue to bemaintained for Tumbleweed. The openSUSE Leap15 distribution is not changing.

Huge pages can increase the performance of many programs, but they can alsohave unfortunate performance impacts of their own. Over the last fewyears, multi-size transparent huge pages (mTHPs) have increasingly beenseen as a happy medium that bring the benefits of huge pages at a lower cost.The system cannot benefit from mTHPs, though, if it does not create them;two developers have independently posted patches to enable the creation ofmTHPs in the background.

Security updates have been issued by AlmaLinux (doxygen and openssl), Debian (dcmtk and webkit2gtk), Fedora (chromium, clevis-pin-tpm2, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python3.10, python3.11, python3.14, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-openssl, rust-openssl-sys, rust-pore, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, and s390utils), Mageia (ffmpeg, php-tcpdf, python-tornado, and subversion), Red Hat (openssl and python-jinja2), SUSE (crun, glibc, kernel, libngtcp2-16, libtasn1, netty, ovmf, podman, python, and python3), and Ubuntu (ansible, digikam, linux-aws, linux-aws-5.15, linux-azure-6.8, and ruby2.7).

Inside this week's LWN.net Weekly Edition:

The Codeberg development forge hasrecently been subject to sustained attacks resulting in, among otherthings, abusive email being sent to the site's users. The organization hasnow put up adescription and a defiant response:

While large language models and the expensive hardware they require are allthe rage now, other areas of artificial intelligence work within much moreconstrained hardware environments. At FOSDEM2025, Jon Nordby presentedhis open-source machine-learning inference engine for microcontrollers,named emlearn. The projectalso boasts bindings for MicroPython,thus making machine-learning applications even more accessible.

Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl).

Most Linux systems depend on a suite of core utilities that the GNU Project started development ondecades ago and are, of course, written in C. At FOSDEM2025, Sylvestre Ledrumade the case in hismain stage talk that modern systems require safer, moremaintainable tools. Over the past few years, Ledru has led the chargeof rewriting the GNUCore Utilities (coreutils) in Rust, as the MIT-licensed uutils project. The goal is tooffer what he said are more secure, and more performant drop-inreplacements for the tools Linux users depend on. At FOSDEM, Ledruannounced that the uutils project is setting its sights evenhigher.

High-performance networking is a highly tuned activity; the amount of timeavailable to deal with each packet may be measured in nanoseconds, so caremust be taken to avoid anything that might slow the process down.Recently, there has been a fair amount of attention given to a patch setmerged for 6.13 that, it is claimed, can improve processing efficiency(and, thus, power savings)in data centers by as much as 30%. The change itself, contributed by JoeDamato and Martin Karsten, is a relatively small tweak to existingoptimization techniques; it shows just how much care is needed to optimizea high-bandwidth server.

Version 6.3 ofthe Plasma desktop has been released.

The 6.6.77 stable kernel update has beenreleased; it contains a single fix for a User Mode Linux build problem.

Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).

Miguel Ojeda gavea keynote atFOSDEM2025 about the history of theRust-for-Linuxproject, and the current attitude of people in the kernel community toward theexperiment. Unlike hisusual talks, this talk didn't focus so much on the currentstate of the project, but rather on discussing historyand predictions for the future. He ended up presenting quotes from more than 30people involved in kernel development about what they thought of the project andexpected going forward.

Version1.4.0 of Arti, the Tor Project's next-generationTor client written in Rust, has been released. Notable improvements inthis release include a new RPCinterface, and preparatory work toward service-side onion servicedenial-of-service resistance. The release is dedicated to the memory of Jeremy Bobbio,better known by many as "Lunar". For full details on the release, seethe changelog.

Miguel Ojeda has announcedthe posting of anew document describing policies around the use of Rust in the Linuxkernel.

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, s390utils, stalld, and vaultwarden), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk, libtasn1, mariadb, nodejs, qtbase5 & qtbase6, rootcerts, nss & firefox, thunderbird, and xrdp), Red Hat (buildah, doxygen, podman, and thunderbird), Slackware (gnutls and openssl), SUSE (bind, chromedriver, crypto-policies, krb5, firefox, flannel, go1.22, go1.23, go1.23-1.23.6-1.1, go1.24-1.24rc3-1.1, openssl-1_1, openssl-3, python311-cryptography-vectors, python311-numba, python39, rsync, tomcat, and trivy), and Ubuntu (openrefine and rsync).

The second 6.14 kernel prepatch is out fortesting.

The6.13.2,6.12.13, and6.6.76stable kernels have been released; each contains another set of importantfixes.

The BPF verifier is charged with thechallenging task of ensuring that a BPF program is safe for the kernel torun before that program is loaded. Among many other concerns, the verifiermust ensure that any kfuncs (kernel functions that have been exported toBPF programs) are called with the correct parameters and from the rightcontext. The "context" part of that enforcement is showing its age in waysthat are hurting performance; Juntong Deng has been working oninfrastructure to provide finer-grained control over when a kfunc can becalled.

Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

Jonathan Bryce has announced two open community meetings to hearinput on the topic of the OpenInfraFoundation migrating to the Linux Foundation. Brycewrote that the OpenInfra board has carefully evaluated its options,and sees joining the Linux Foundation as the best way forward.Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6)nonprofit. According to the FAQ,OpenInfra "is in great health, financially and otherwise" witha growth in membership of about 15% in the last year. However, itsneeds in 2025 are different than when it was founded as the OpenStackFoundation in 2012.