LWN.net

Core scheduling is a proposed modificationto the kernel's CPU scheduler that allows system administrators to controlwhich processes can be running simultaneously on the same processor core.It was originally proposed as a security mechanism, but other use cases have shown up over time aswell. At the 2020 PowerManagement and Scheduling in the Linux Kernel summit (OSPM), a group ofsome 50 developers gathered online to discuss the current state of the core-scheduling patches and what is needed to get them intothe mainline kernel.

Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3).

Go 1.15, the 16th major version of the Goprogramming language, is due out on August 1. It will be a release with fewer changes than usual, but many ofthe major changes are behind-the-scenes or in the tooling: for example,there is anew linker, which will speed up build times and reduce the size ofbinaries.In addition, there are performance improvements to the language's runtime,changes to the architectures supported, and some updates to the standard library. Overall, it should be a solidupgrade for the language.

Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt).

Shuveb Hussain has posted an extensiveintroduction to io_uring, complete with examples and a reference guide."Because of the shared ring buffers between the kernel and userspace, io_uring can be a zero-copy system. Copying bytes around becomesnecessary when there are system calls that transfer data between kernel anduser space are involved. But since the bulk of the communication inio_uring is via buffers shared between the kernel and user space, this hugeperformance overhead is completely avoided."

Normally, when a kernel developer shows up with a proposed option thatdoesn't do anything, a skeptical response can be expected. But there areexceptions. Mickaël Salaün is proposingthe addition of a new flag (O_MAYEXEC) for the openat2() system call that, by default, will change nothing. But it doesopen a path toward tighter security in some situations.

Stable kernels 5.6.12, 5.4.40, 4.19.122, 4.14.180, 4.9.223, and 4.4.223 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat (thunderbird), SUSE (firefox, squid, and thunderbird), and Ubuntu (mailman).

The 5.7-rc5 kernel prepatch is out fortesting. "We'll see what the next few weeks bring, but at least for now it allfeels normal, and like the 5.7 release is tracking well.So please keep testing, and if you haven't dared a 5.7 pre-releasekernel yet, we're well into the 'things look calm and safe to test'time."

The userfaultfd()system call is a bit of a strange beast; it allows user space to takeresponsibility for the handling of page faults, which is normally aquintessential kernel task. It is thus perhaps not surprising that it hasturned out to have some utility for those who would attack the kernel'ssecurity as well. A recent patchset from Daniel Colascione is small, but it makes a significant changethat can help block at least one sort of attack usinguserfaultfd().

Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox).

A loop device is a kernel abstraction that allows a file to be presented asif it were a physical block device. The typical use for a loop device is to mount afilesystem image stored in a file. Loop devices are global and shared betweenusers, which causes a number of problems for container workloads where theinstances are expected to be isolated from each other. Christian Braunerhas been working on this problem; he has posted a patchset solving it by adding a small virtual filesystem called loopfs.

The GCC project has announced therelease of GCC 10.1. "A year has lapsed away since the release of last majorGCC release, more than 33 years passed since the firstpublic GCC release and the GCC developers survivedrepository conversion from SVN to GIT earlier this year.Today, we are glad to announce another major GCC release, 10.1.This release makes great progress in the C++20 language support,both on the compiler and library sides, some C2X enhancements,various optimization enhancements and bug fixes, several newhardware enablement changes and enhancements to the compiler back-endsand many other changes. There is even a new experimentalstatic analysis pass." More information can be found in the release notes.

Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap).

The LWN.net Weekly Edition for May 7, 2020 is available.

The Emacs editor predatesLinux, and was once far more popular, but it has fallen into relative obscurity over the years.In a mega-thread on the emacs-devel mailing list, participants discussedvarious ideas for making Emacs more "attractive", in both aestheticand in "appealing to more users" senses of that term. Any improvementsto Emacs in that regard have numerous hurdles to overcome, however. Thereare technical questions and, naturally, licensing considerations, butthere is also the philosophical question of what it is, exactly, that stopsthe venerable text editor from being more popular.

Stable kernels 5.6.11, 5.4.39, 4.19.121, 4.14.179, 4.9.222, and 4.4.222 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper, openldap2, and python-Pillow), and Ubuntu (php7.4).

Firefox 76.0 has been released. This version features a number ofimprovements to password management, Picture-in-Picture allows a smallvideo window to follow you around as you work, and support for AudioWorklets has been added, allowing more complex audio processing. Thereleasenotes have more details.

Drew DeVault has just released a (mostly complete) book on the Wayland display-serverprotocol under the Creative Commons CC-SA license. "This bookwill help you establish a firm understanding of the concepts, design, andimplementation of Wayland, and equip you with the tools to build your ownWayland client and server applications. Over the course of your reading,we'll build a mental model of Wayland and establish the rationale that wentinto its design. Within these pages you should find many 'aha!' moments asthe intuitive design choices of Wayland become clear, which should help tokeep the pages turning." For those who would rather peruse (orcontribute to) the Markdown source, it's available here.

Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).

The end of April saw the posting of acomplex patch set called "Popcorn Linux distributed thread execution". It is the first appearance on thekernel mailing lists of an academic project (naturally called PopcornLinux) that has been underway since 2013 or so. This project has,among other goals, the objective of turning a tightly networked set ofcomputers into something that looks like a single system — a sort of NUMAmachine with even larger than usual inter-node costs. The posted code,which is a portion of the larger project, is focused on process migrationand memory sharing across machines. It is an interesting proof of concept,but one should not expect to see it merged in anything close to its currentform.

This year PHP turned 25 and, as with all things, the hope is that with age comeswisdom and maturity. Often derided as a great way to write bad (andinsecure) code, PHP is hard to ignore completely when it is used in nearlyeight out of tenwebsites. With PHP 7.4.5 released inApril, it's worthwhile to take a look at modern PHP, how it has evolved to address the criticisms of thepast, and what lies ahead in its future.

Version1.0 of the Inkscape drawing editor has been released. "One ofthe first things users will notice is a reorganized tool box, with a morelogical order. There are many new and improved Live Path Effect (LPE)features. The new searchable LPE selection dialog now features a verypolished interface, descriptions and even the possibility of markingfavorite LPEs. Performance improvements are most noticeable when editingnode-heavy objects, using the Objects dialog, and whengrouping/ungrouping."

Stable kernels 5.6.10, 5.4.38, 4.19.120, 4.14.178, 4.9.221, and 4.4.221 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).

The fourth 5.7 kernel prepatch is out fortesting."Anyway, it doesn't feel like there's anything worrisome going on, socome on in and test the waters."

The5.6.9 and5.4.37stable updates have been released with another set of important fixes.Note that the4.19.120,4.14.178,4.9.221, and4.4.221updates went into the review process at the same time as 5.6.9 and 5.4.37; they willprobably show up in the near future.

Normally, files exist in a filesystem to keep data contained within themseparated; seeing data exchanged directly between files is often a sign of filesystemcorruption. There are, however, use cases where it is desirable to be ableto perform a controlled swap of data between a pair of files. Darrick Wonghas recently posted apatch set implementing this feature for the XFS filesystem, but alsomaking it available in a general way.

The 2020 Python Language Summit was held virtually this year, over two days, via videoconference, with discussions via voice and chat. The summit is a yearly gathering for developers of CPython, other Python implementations, and related projects. As with last year, A. Jesse Jiryu Davis covered the summit; his writeups are being posted to the Python Software Foundation (PSF) blog. So far, all of the first day's session writeups are up, as well as two (of six) from the second day. Topics include "All strings become f-strings", "The path forward for typing", "A formal specification for the (C)Python virtual machine", and more.

Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).

Developers who are concerned about system integrity often put a fair amountof effort into ensuring that data stored on disk cannot be tampered withwithout being detected.Technologies like dm-verityand fs-verity are attempts to solve thisproblem, as is the recently covered integritypolicy enforcement security module. More Recently, Johannes Thumshirnhas posted a patchseries adding filesystem-level authentication to Btrfs; it promises toprovide integrity with a surprisingly small amount of code.

Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).

The LWN.net Weekly Edition for April 30, 2020 is available.

The second annual CopyleftConference was held on February 3 in Brussels; videos from the event have now been posted. "In his talk, Tony [Sebro] wonderswhether the community around copyleft, like those around eschatology and Afro-centric hip-hop, haslost it's center and how we might entice new stakeholders to reinvestin our shared values. His keynote is a great place to start with thisyear's videos."

A call for faster Fedora updates in response to security vulnerabilitieswas recently posted to the Fedora devel mailing list; it urgently advocatedchanges to the process so thatupdates, in general, and to the kernel and packages based on webbrowsers, in particular, are handled more expeditiously. While Fedoradevelopers are sympathetic to that, there is only so much the distribution can do as there are logistical and other hurdlesbetween Fedora and its users. It turns out that, to a great extent, Fedoracan already move quickly when it needs to.

Stable kernels 5.6.8, 5.4.36, and 4.19.119 have been released with important fixes. Users should upgrade.

Python's SimpleNamespace classprovides an easy way for a programmer to create an object to store valuesas attributes without creating their own (almost empty) class. While it isuseful (and used) in its present form, Raymond Hettinger thinks it couldbe better. He would like to see the hooks used by mappings(e.g. dictionaries) added to the class, so that attributes can be added andremoved using either x.a or x['a']. It would bringbenefits for JSON handling and more in the language.

The Trinity Desktop Environment (TDE) R14.0.8release is out. Trinity started out as a fork of KDE 3. "Ten years ago today, the Trinity Desktop Environment (TDE) saw the release of its first version (3.5.11). Lot of things have happened since that day but TDE has continued to grow and flourish throughout the years. Today the project is healthier than ever, with dedicated self-hosted servers, regular releases, modern collaboration tools and a vibrant community of users and enthusiasts."

Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, memcached, mod_auth_mellon, openssl, patch, php:7.2, pki-core:10.6 and pki-deps:10.6, python-pip, python-twisted-web, python27:2.7, python3, qt5, rsyslog, ruby, samba, sqlite, sudo, systemd, targetcli, tcpdump, unbound, unzip, wavpack, and zziplib), SUSE (samba, squid, and webkit2gtk3), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe,linux-kvm, linux-raspi2, linux-raspi2-5.3, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,linux-snapdragon, linux-gke-5.0, linux-oem-osp11, and samba).

Christian Schaller writesabout the desktop improvements found in Fedora 32 — and beyond."We spent a lot of time and energy over the last 6 years to get towhere we are now, putting in place a lot of the basic building blocksneeded to make Linux a great desktop operating system. And it feels greatthat just as we kick of the new line of Lenovo laptops running Fedora weare also entering a new phase of development where we can move beyondgetting our basic infrastructure in place, but we can really start takingadvantage of it to rapidly improve the experience we are providing evenmore. A good example is the Firefox work mentioned above, where we finallycould move on from ‘make it work with Wayland and PipeWire, to ‘lets takeadvantage of these new pieces to make Firefox on Linux better’."

Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c).

The Fedora32 distribution release is out, in workstation, server, and CoreOSvariants. "Following our 'First' foundation, we’ve updated keyprogramming language and system library packages, including GCC 10, Ruby2.7, and Python 3.8. Of course, with Python 2 past end-of-life, we’veremoved most Python 2 packages from Fedora. A legacy python27 package isprovided for developers and users who still need it. In Fedora Workstation,we’ve enabled the EarlyOOM service by default to improve the userexperience in low-memory situations."

For as long as operating systems have had kernels, there has been a need toextract information from data structures stored within those kernels. Overthe years, a wide range of approaches have been taken to make thatinformation available. In current times, it has become natural to reachfor BPF as the tool of choice for a variety of problems, and gettinginformation from kernel data structures is no exception. There are twopatches in circulation that take rather different approaches to using BPFto dump information from kernel data structures to user space.

Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, resource-agents, and webkit2gtk3), and Ubuntu (openexr).

The 5.7-rc3 kernel prepatch is out fortesting. "Again, that all looks very normal and very much 'nothingreally odd stands out'.In a world gone mad, the kernel looks almost boringly regular.Which is just how I like it."

Version 20.04 of the Kdenlive libre video editor has been released."The highlights include major speed improvements due to the Preview Scaling feature, New rating, tagging sorting and filtering of clips in the Project Bin for a great logging experience, Pitch shifting is now possible when using the speed effect, Multicam editing improvements and OpenTimelineIO support. Besides all the shiny new features, this version comes with fixes for 40 critical stability issues as well as a major revamp of the user experience. Kdenlive is now more reliable than ever before."

Keeping LWN going is a full-time job — indeed, it is multiple full-timejobs. We are currently hiring another writer to help us get thiswork done and to help expand our content range. If you have a deepunderstanding of the Linux and free-software communities and can writehigh-quality English, this is your chance to write for one of the mostengaged and challenging reader communities around; we would like to hearfrom you.

OpenSUSE Leap is acommunity distribution built on top of source packages from SUSE LinuxEnterprise (SLE). Recently, Gerald Pfeifer, chair of the openSUSE board, posted an announcement describing a proposalfrom SUSE to unify some packages between SLE andopenSUSE Leap. Here we analyze the proposal and the community'sreaction to it.

Fedora Magazine announcesthat Lenovo will start offering three laptop models with Fedora Workstationpreinstalled. "The Lenovo team has been working with folks at RedHat who work on Fedora desktop technologies to make sure that the upcomingFedora 32 Workstation is ready to go on their laptops. The best part aboutthis is that we’re not bending our rules for them. Lenovo is following ourexisting trademark guidelines and respects our open sourceprinciples. That’s right—these laptops ship with software exclusively fromthe official Fedora repos! When they ship, you’ll see Fedora 32Workstation. (Models which can benefit from the NVIDIA binary driver caninstall it in the normal way after the fact, by opting in to proprietarysoftware sources.)"