LWN.net

Over on the Red Hat Developer site, David Malcolm has an articleabout improvements in GCC 15, specifically focusing on the diagnosticinformation that the compiler emits. This includes ASCII art with a ""warning emoji to display the execution path when it detects a problem (likean infinite loop in one of his examples), better C++ template errors,machine-readable diagnostics using StaticAnalysis Results Interchange Format (SARIF), better messages regardingC23 compatibility since that is the default C version for GCC 15, and more.Since the changes are focused on messages, there is the inevitable color-scheme update as well:

ComputeExpress Link (CXL) memory is not like the ordinary RAM that one mightinstall into a computer; it can come and go at any time and is often notpresent when the kernel is booting. That complicates the management ofthis memory. During the memory-management track of the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit, Gregory Price ran a sessionon the challenges posed by CXL and how they might be addressed.

Greg Kroah-Hartman has announced the release of eight stable kernels: 6.14.2, 6.13.11, 6.12.23, 6.6.87, 6.1.134, 5.15.180, 5.10.236, and 5.4.292. These all contain a largeassortment of important kernel fixes throughout the tree.

The Data AccessMONitor (DAMON) subsystem provides access to detailed memory-managementstatistics, along with a set of tools for implementing policies based onthose statistics. An update on DAMON by its primary author, SeongJae Park,has been a fixture of the Linux Storage, Filesystem, Memory-Management, andBPF Summit for some years. The 2025 Summit was no exception; Park led twosessions on recent and future DAMON developments, and how DAMON mightevolve to facilitate a more access-aware memory-management subsystem in thefuture.

Security updates have been issued by AlmaLinux (tomcat and webkit2gtk3), Debian (chromium), Fedora (ghostscript), Mageia (atop, docker-containerd, and xz), Red Hat (go-toolset:rhel8), SUSE (apache2-mod_auth_openidc, apparmor, etcd, expat, firefox, kernel, libmozjs-128-0, and libpoppler-cpp2), and Ubuntu (dino-im, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, opensc, and poppler).

Inside this week's LWN.net Weekly Edition:

Tom Schuster, Frederik Braun, and Christoph Kerschbaumer havepublished an articleon the Firefox Security team's Attack & Defenseblog that explains recent work to harden Firefox's frontend code.

In a combined storage and filesystem track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit, JohnGarry continued the theme of "untorn" (or atomic) writes that started in the previous session. It was alsoan update on where things have gone for untorn writes since his session at last year's summit. Beyond that,he looked at some of the plans and challenges for the feature in the future.

Four candidates have stepped up to run in the 2025 Debian ProjectLeader (DPL) election. AndreasTille, who is in his first term as DPL, is running again. SruthiChandran, GianfrancoCostamagna, and Julian AndresKlode are the other candidates running for a chance to serve aterm as DPL. The campaigning phase ended on April5, and Debianmembers began voting on April6. Voting ends onApril19. This year, the campaign period has been lively andsometimes contentious, touching on problems with Debian teamdelegations and finances.

The 6.15 merge window saw the inclusion of a new type of lock for BPF programs:a resilient queued spinlock that Kumar Kartikeya Dwivedi has been working onfor some time. Eventually, he hopes to convert all of the spinlocks currentlyused in the BPF subsystem to his new lock.He gave a remote presentation about the design of the lock at the2025 Linux Storage, Filesystem,Memory-Management, and BPF summit.

Tiered-memory systems feature multiple types of memory with varyingperformance characteristics; on such systems, good performance depends onkeeping the most frequently used data in the fastest memory. Identifyingthat data and placing it properly is a challenge that has kept developersbusy for years. Bharata Rao, presenting remotely during amemory-management-track session at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, led a discussion on a potential solution he has recentlyposted; Raghavendra KT was also named on thesession proposal. It seems likely, based on the discussion, thatdevelopers working in this area will not run out of problems anytime soon.

The kernelsamepage merging (KSM) subsystem works by finding pages in memory withthe same contents, then replacing the duplicated copies with a single,shared copy. KSM can improve memory utilization in a system, but has someproblems as well. In two memory-management-track sessions at the 2025Linux Storage, Filesystem, Memory-Management, and BPF Summit, MathieuDesnoyers and Sourav Panda proposed improvements to KSM tomake it work better for specific use cases.

OpenSSH10.0 has been released. Support for the DSA signature algorithm,which was disabled by default beginning in 2015, has beenremoved. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256for key agreement by default, support for systemd-style socketactivation in Portable OpenSSH, and moving code for userauthentication from the sshd-session binary to the newssh-auth binary:

Security updates have been issued by Debian (lemonldap-ng, libbssolv-perl, and phpmyadmin), Fedora (augeas, mariadb10.11, and thunderbird), Oracle (gimp, libxslt, python3.11, python3.12, tomcat, and xorg-x11-server), Red Hat (expat, grafana, opentelemetry-collector, and webkit2gtk3), SUSE (azure-cli-core, doomsday, kernel, and poppler), and Ubuntu (dotnet8, dotnet9, erlang, and poppler).

Version3.5.0 of OpenSSL has been released. This release adds support forserver-side QUIC (RFC 9000), anew configuration option (no-tls-deprecated-ec) that disablessupport for TLS groups deprecated in RFC 8422, and more.

Version1.4 of FreeDOS has beenreleased. This is the first stable release since 2022, andincludes improvements to the Fdisk hard-disk-management program, andreliability updates for the mTCP set of TCP/IP applications forDOS.

Joplin is an open-sourcenote-taking application designed to handle taking many kinds of notes,whether it is managing code snippets, writing documentation, jottingdown lecture notes, or drafting a novel. Joplin has Markdown support,a plugin system for extensibility, and accepts multimedia content,allowing users to attach images, videos, and audio files to theirnotes. It can provide synchronization of content across devices usingend-to-end encryption, or users can opt to stick to local storageonly. Joplin even offers a command-lineversion for terminal-based usage. Joplin3.2, the most recent feature release, brought long-awaitedmulti-window support, multi-column layouts, enhanced accessibility,and theme detection.

Quite a bit of work has been done in recent years to allow the kernel tomake more use of large folios. That progress has not yet reached thehandling of text (executable code) areas, though. During thememory-management track of the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, Ryan Roberts ran a session on how thatsituation might be improved. It would be a relatively small and containedoperation, but can give a measurable performance improvement.

The kernel makes extensive use of per-CPU data as a way to avoid contentionbetween processors and improve scalability. Using the same technique inuser space is harder, though, since there is little control over which CPUa process may be running on at any given time. That hasn't stopped MathieuDesnoyers from trying, though; in the memory-management track of the 2025Linux Storage, Filesystem, Memory-Management, and BPF Summit, he presenteda proposal for how user-space per-CPU memory could work.

Security updates have been issued by AlmaLinux (gimp, libxslt, python3.11, python3.12, and tomcat), Debian (ghostscript and libnet-easytcp-perl), Fedora (openvpn, perl-Data-Entropy, and webkitgtk), Red Hat (python-jinja2), SUSE (giflib, pam, and xen), and Ubuntu (apache2, binutils, expat, fis-gtm, linux-azure, linux-azure-6.8, linux-nvidia-lowlatency, linux-azure, linux-azure-fde, linux-azure-5.15, linux-azure-fde-5.15, linux-azure-fips, linux-gcp-fips, linux-hwe-5.4, linux-nvidia, linux-nvidia-tegra-igx, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and vim).

Pahole (originally "Poke-a-hole") is a Swiss Army knife for exploring andediting debug information. Pahole is also currently involvedin the kernel's build process to rearrange the informationproduced by various compilers into a form useful to the BPF verifier, althoughthere are plans to render it unnecessary.Pahole maintainer Arnaldo Carvalho de Melo shared some statusupdates about the project at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF summit. Interested readers can find his slideshere.

ACM Queue looks atthe security problem in the light of a report on Multics security thatwas published in 1974.

The kernel's swap subsystem is complex and highly optimized - though notalways optimized for today's workloads. In three adjacent sessions duringthe memory-management track of the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, Kairui Song, Nhat Pham, and Usama Arifall talked about some of the problems that they are trying to solve in theLinux swap subsystem. In the first two cases, the solutions take the form ofan additional layer of indirection in the kernel's swap map; the third,which enables swap-in of large folios, may or may not be worthwhile in theend.

Linus Torvalds released 6.15-rc1 andclosed the 6.15 merge window on April6. By that time, 12,633non-merge changesets had found their way into his repository; that issubstantially more than were merged during the entire 6.14development cycle. Just under 6,000 of those changesets were merged afterthe first-half merge-window summary waswritten.

The 6.14.1, 6.13.10, 6.12.22, 6.6.86, and 6.1.133 stable kernels have all beenreleased. They contain a relatively small collection of important fixesacross the kernel tree.

Security updates have been issued by Debian (abseil, atop, jetty9, ruby-saml, tomcat10, trafficserver, xz-utils, and zfs-linux), Fedora (chromium, condor, containernetworking-plugins, cri-tools1.29, crosswords-puzzle-sets-xword-dl, exim, ghostscript, matrix-synapse, upx, varnish, and yarnpkg), Gentoo (XZ Utils), Mageia (augeas, corosync, nss & firefox, and thunderbird), Oracle (container-tools:ol8, firefox, freetype, and kernel), Red Hat (firefox), SUSE (chromium, gn, firefox-esr, go1.23-1.23.8, go1.24, go1.24-1.24.2, google-guest-agent, govulncheck-vulndb, gsl, python311-ecdsa, thunderbird, and webkit2gtk3), and Ubuntu (kamailio, libdbd-mysql-perl, linux-nvidia, linux-nvidia-6.8, and tomcat9).

Linus has released 6.15-rc1 and closed themerge window for this release. "As expected, this was one of the biggermerge windows, almost certainly just because we had some pent-updevelopment due to the previous releases being impacted by the holidayseason. That said, while it's bigger than normal, it's not some kind ofrecord-breaking thing.". In the end, 12.633 non-merge changesets werepulled into the mainline during this merge window.

A typical cloud-computing host will share some of its memory with eachguest that it runs. The host retains its access to that memory, though,meaning that it can readily dig through that memory in search of data thatthe guest would prefer to keep private. The guest_memfd subsystem removes (most of) thehost's access to guest memory, making the guest's data more secure. In thememory-management track of the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, David Hildenbrand ran a discussion onthe state and future of this feature.

Alistair Popple started his session at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit by proclaiming that ZONE_DEVICEis "the ugly stepchild" of the kernel's memory-management subsystem.Ugly or not, the ability to manage memory that is attached to a peripheraldevice rather than a CPU is increasingly important on current hardware.Popple hoped to cover some of the challenges with ZONE_DEVICE andfind ways to make the stepchild a bit more attractive, if not bring it intothe family entirely.

At last year'sLinux Storage, Filesystem,Memory-Management, and BPF Summit (LSFMM+BPF), there was a discussion about atomic writes that wasaccompanied by patches to support the feature in the block layer, and fordirect I/O on XFS. Thatwork was merged, but another piece of that discussion concerned adding thefeature for buffered I/O, in part because the PostgreSQL database currentlyhas to jump through hoops to ensure that its writes are not "torn"(partially written) when there is an error or crash. Luis Chamberlain leda combined storage and filesystem track at this year's summit to revisitthe idea of providing atomic (or untorn) writes for buffered I/O.

Yonghong Song brought a story about tracking down the cause of a strange verifier errormessage to the 2025 Linux Storage, Filesystem, Memory-Management, and BPFSummit. He then presented some possible ways to improve Clang's user experience foranyone running into the same class of error in the future. Toward the end of hisallotted time, he also discussed the problems with optimizations that change thesignature of functions - a problem that Jose Marchesi had also brought up inthe previous session.

Security updates have been issued by AlmaLinux (firefox), Debian (atop and thunderbird), Fedora (webkitgtk), Mageia (microcode), Oracle (expat), SUSE (apparmor, assimp-devel, aws-efs-utils, expat, firefox, ghostscript, go1.23, gotosocial, govulncheck-vulndb, GraphicsMagick, headscale, libmozjs-128-0, libsaml-devel, openvpn, perl-Data-Entropy, and xz), and Ubuntu (gnupg2, kernel, linux-azure-fips, linux-iot, openvpn, ruby-saml, and xz-utils).

Address-space isolation may well be, as Brendan Jackman said at thebeginning of his memory-management-track session at the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit, "some securitybullshit". But it also holds the potential to protect the kernel froma wide range of vulnerabilities, both known and unknown, while reducing theimpact of existing mitigations. Implementing address-space isolation withreasonable performance, though, is going to require some significantchanges. Jackman was there to get feedback from the memory-managementcommunity on how those changes should be implemented.

The kernel must often step through the page tables of one or more processesto carry out various operations. This "page-table walking" tends to beperformed by ad-hoc (duplicated) code all over the kernel. Oscar Salvadorused a memory-management-track session at the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit to talk about strategies tounify the kernel's page-table walking code just a little bit by makinghugetlb pages look more like ordinary pages.

Version1.86.0 of the Rust language has been released. Changes include supportfor trait upcasting, the ability to index multiple elements of HashMaps andslices mutably, and a number of stabilized APIs.

Security updates have been issued by AlmaLinux (expat), Debian (chromium, commons-vfs, firefox-esr, php-horde-editor, php-horde-imp, and thunderbird), Fedora (corosync, firefox, nextcloud, and suricata), Mageia (curl and upx), Oracle (emacs, fence-agents, freetype, kernel, libreoffice, libxml2, nginx:1.24, podman, python-jinja2, and tigervnc), Red Hat (firefox and python-jinja2), SUSE (assimp, ffmpeg-4, firefox, ghostscript, GraphicsMagick, libxslt, and tomcat), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-meta-raspi, linux-nvidia-tegra, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-hwe-5.15, and linux-realtime, linux-intel-iot-realtime).

Inside this week's LWN.net Weekly Edition:

Saying that calibre isebook-management software undersells the application by a fairmargin. Calibre is an open-source Swiss Army knife for ebooks that canbe used for everything from creating ebooks, converting ebooks fromobscure formats to modern formats like EPUB, to serving up an ebooklibrary over the web. The most recent major release, calibre8.0,brings a better text-to-speech engine, a tool for creating audiooverlays when authoring ebooks, support for profiles in the ebookviewer, and more.

Jose Marchesi and David Faust kicked off the BPF track at the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit with an extra-long session on whatthey have been doing to support compiling to BPF in GCC. Overall, the project is slowly workingtoward full support for BPF, with most of the self-tests now passing usingFaust's in-progress patches. However, the progress toward that goal has turned upa number of problems with how Clang supports BPF that needed to be discussed atlength to find a path forward for both projects.

Ryan Sipes has announcedefforts to expand Thunderbird's offerings with web services to"enhance the experience of using Thunderbird".

Outgoing Fedora Project Leader (FPL) Matthew Miller has announcedhis successor, Jef Spaleta.

Version2.0 of PorteuX, a distribution based on Slackware Linux, has beenreleased. This release adds the ability to test experimental Waylandsessions for the Cinnamon, LXQt, and Xfce desktops. PorteuX 2.0updates the Linux kernel to 6.14 and includes many package updates andbug fixes. Users have the choice of PorteuX stable or its rolling releasecalled current. See the install.txtfor instructions on installing PorteuX to disk.

The CPU's translation lookaside buffer (TLB) caches the results ofvirtual-address translations, significantly speeding memory accesses. TLBmisses are expensive, so a lot of thought goes into using the TLB asefficiently as possible. Reducing pressure on the TLB was the topic of Rikvan Riel's memory-management-track session at the 2025 Linux Storage,Filesystem, Memory-Management, and BPF Summit. Some approaches wereconsidered, but the session was short on firm conclusions.

For those of you who still have dedicated audio players: version 4.0 ofRockbox, a replacement firmware for many players, has been released.This release brings support for a number of new devices, updated codecs, anumber of user-interface improvements, some new games, and more. (LWN lastreviewed Rockbox in 2010 - and looked atthe ill-fated Android port that year aswell).

Security updates have been issued by Debian (firefox-esr, jetty9, openjpeg2, and tomcat9), Fedora (dokuwiki, firefox, php-kissifrot-php-ixr, php-phpseclib3, and rust-zincati), Red Hat (kernel and pki-core), Slackware (mozilla), SUSE (apparmor, atop, docker, docker-stable, firefox, govulncheck-vulndb, libmodsecurity3, openvpn, upx, and warewulf4), and Ubuntu (inspircd, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws, linux-aws-5.4, linux-aws-fips, linux-azure-6.8, linux-hwe-6.8, linux-raspi, linux-realtime, nginx, phpseclib, and vim).

The kernel's slab allocator is charged with providing small objects ondemand; its performance and reliability are crucial for the functioning ofthe system as a whole. At the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, two adjacent sessions in thememory-management track dug into current work on the slab allocator. Thefirst focused on the new sheaves feature, while the second discussed a setof allocation functions that are safe to call in any context.

From the LibreQoS site comes the sadnews that Dave Taht has passed away. Among many other things, he bearsa lot of credit for our networks functioning as well as they do. "We'reincredibly grateful to have Dave as our friend, mentor, and as someone whocontinuously inspired us - showing us that we could do better for eachother in the world, and leverage technology to make that happen. He will bedearly missed".Searching through LWN's archives will turn up many references to his workfixing WiFi, improving queue management, tackling bufferbloat, and more. Farewell,Dave, we hope the music is good wherever you are.(Thanks to Jon Masters for the heads-up).

As he has in some previous editions of the Linux Storage, Filesystem,Memory-Management, and BPF Summit (LSFMM+BPF), Fred Knight gave an updateon the status of various storage standards this year. In it, he looked atchanges to the NVM Express (NVMe)standards in some detail. He also updated attendees on the fairly smallchanges that have come to the SCSI (T10)and ATA (T13) standards over the last fewyears.

The kernel's kexecmechanism allows one kernel to directly boot a new one; it can bethought of as a sort of kernel equivalent to the execve()system call. Kexec has a number of uses, including booting a special kernelto perform dumps after a crash. Normally, one does not expect user-spaceprocesses to survive booting into a new kernel, but that has not stoppeddevelopers from trying to implement that ability. Mike Rapoport ran amemory-management-track session at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit to discuss one piece of that problem:enabling the contents of memory to persist across a kexec handover so thatthe new kernel can pick up where the old one left off.

Version137.0 of the Firefox browser has been released. Changes include therollout of tabgroups, a number of search-bar changes, and the ability to add signaturesto PDF files.