LWN.net

The LWN.net Weekly Edition for June 20, 2024 is available.

Philip Hazel was 51 when he began the Exim message transfer agent (MTA)project in 1995, whichled to the Perl-Compatible RegularExpressions (PCRE) project in 1998. At 80,he's maintained PCRE, and its successor PCRE2, for more than 27years. For those doing the math, that's a year longer than LWN hasbeen in publication. Exim maintenance was handed off around the timeof his retirement in 2007. Now, he is ready to hand off PCRE2 as well,if a successor can be found.

Version1.28 of the MATE Desktophas been released.

Version 1.11.0 of Libgcrypt, a general-purpose library ofcryptographic building blocks, has been released by the GnuPG project:

Andrii Nakryiko led a session atthe 2024Linux Storage,Filesystem, Memory Management, and BPF Summit givinga look into the APIs for capturing stack tracesusing BPF, and how the APIs could be made more useful. BPF programs can capture thecurrent stack trace of a running process, including the portion in the kernelduring execution of a system call, which can be useful for diagnosingperformance problems, among other things. But there are substantial problems withthe existing API.

It has been four months since GregKroah-Hartman and MITREannounced that the Linux kernel project had become its own CVE NumberingAuthority (CNA). Since then, the Linux CNA Team has developed workflowsand mechanisms to help manage the various tasks associated with thischallenge. There does however, appear to be a lack of understanding amongcommunity members of the processes and rules the team have been workingwithin. The principal aim of this article, written by a member of theLinux kernel CNA team, is to clarify how the team works and how kernel CVEnumbers are assigned.

Security updates have been issued by AlmaLinux (container-tools, firefox, and flatpak), Debian (composer, roundcube, and thunderbird), Fedora (kitty and webkitgtk), Oracle (container-tools and flatpak), Red Hat (flatpak and java-1.8.0-ibm), SUSE (gdcm, gdk-pixbuf, libarchive, libzypp, zypper, ntfs-3g_ntfsprogs, openssl-1_1, openssl-3, podman, python-Werkzeug, and thunderbird), and Ubuntu (git, linux-hwe-6.5, mariadb, mariadb-10.6, and thunderbird).

One of the big-ticket items for the upcoming Python3.13 release is an experimental just-in-time (JIT) compiler for the language;the other is, of course, the removal of the global interpreter lock (GIL), which is also an experiment. BrandtBucher is a member of the Faster CPython project, which isworking on making the reference implementation of the language faster via avariety of techniques. Last year at PyCon, he gave a talk about the specializing adaptiveinterpreter; at PyCon2024 in Pittsburgh, he described the work he and others have been doingto add a copy-and-patch JIT compiler to CPython.

On the final day of the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit, the BPF trackopened with a series of sessions on improving the performance andflexibility of probes and other performance-monitoring tools, in the kernel and inuser space. Jiri Olsa led two sessions about different aspects of probes:making the API for BPF programs attached to a probe more flexible, and makinguser-space probes more efficient.

Version 6.1 ofthe Plasma desktop environment has been released.

Security updates have been issued by Debian (php7.3), Fedora (galera, ghostscript, and mariadb), Mageia (cups, iperf, and libndp), Oracle (firefox and flatpak), Red Hat (container-tools:rhel8, Firefox, firefox, and flatpak), SUSE (booth, bouncycastle, firefox, ghostscript, less, libaom, openssl-1_1, openssl-3, podman, python-Authlib, python-requests, python-Werkzeug, webkit2gtk3, and xdg-desktop-portal), and Ubuntu (ghostscript, ruby-rack, ruby2.7, ruby3.0, ruby3.1, ruby3.2, and sssd).

The kernel has a lot of code paths that are normally disabled: debugging printstatements, tracepoints, etc. To support these efficiently, thereis a common mechanism calledstatic keys that provides a way to enable or disable acode path at run time, with effectively no overhead for disabledbranches. BPF programs have not been able to take advantage of static keys so far,because they aren't compiled into the kernel.Now, it looks like BPF may be getting support for a similar mechanism -and the design could also provide one of the components needed to supportjump tables, another missing feature.Anton Protopovov presented his plans to add static keys to BPF at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit.

PostmarketOS is an Alpine Linuxderivative distribution aimed at mobile devices; the v24.06release claims support for over 250 devices, though the level of thatsupport varies widely. "This release is geared mainly towards Linuxenthusiasts. We are working hard on stability improvements and automatedtesting, but if you expect Android or iOS levels of polish, then this isnot for you yet." Changes include an upgrade to Alpine Linux 3.20,newer GNOME and KDE versions, and more.

Software-interrupt handlers (also called "bottom halves") have a longhistory in the Linux kernel; for much of that history, developers havewished that they could go away. One of their unfortunate characteristicsis that they can add unexpected latency to the execution of unrelatedprocesses; this problem is felt especially acutely in therealtime-preemption community. The solution adopted there has createdproblems of its own, though; in response Sebastian Andrzej Siewior is proposinga new locking mechanism for realtime builds of the kernel that may havebenefits for non-realtime users as well.

Security updates have been issued by AlmaLinux (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, libreoffice, podman, python-idna, rpm-ostree, and ruby), Debian (atril, chromium, ffmpeg, libndp, libvpx, nano, plasma-workspace, pymongo, roundcube, sendmail, and thunderbird), Fedora (booth and thunderbird), Mageia (aom, atril, libvpx, nano, nss, firefox, and vte), Red Hat (linux-firmware), SUSE (bind, booth, mariadb, openssl-1_1, php7, php8, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-fde, linux-azure, linux-gke, and linux-nvidia-6.5).

Linus has released 6.10-rc4 for testing."Apart from a rather unusual spike in the diffstat due to a parisc fix,things look normal and pretty small."

The6.9.5,6.6.34,6.1.94,5.15.161,5.10.219,5.4.278, and4.19.316stable kernels have all been released; each contains another set ofimportant fixes.

The Python Software Foundation has published aset of reports from the 2024 Python Language summit. Topics coveredinclude version numbering, the limited C API, a new default read-eval-printloop, and Python's security model in light of the XZ backdoor:

Christian Schaller writes about AI and GPU-related features that are in flight and planned for Fedora 41.

KDE developer Nate Graham has announceda new set of KDE HumanInterface Guidelines (HIG) for the KDE project. Graham says that the goalsfor the new HIGs were to reflect how KDE designs software today, makethe content 100% actionable, improve navigation, and to improve theguidelines so people feel comfortable contributing:

The openSUSE project recently announcedthe second release candidate (RC2) of its Aeon Desktop, formerly knownas MicroOS Desktop GNOME. Aside from the new coat of naming paint,Aeon breaks ground in a few other ways by dabbling with technologies not found in other openSUSE releases. The goal for Aeon is to provideautomated system updates using snapshots that can be appliedatomically, removing the burden of system maintenance for"lazy developers" who want to focus on their work rather than desktopadministration. System-tinkerers need not apply.

ThisProject Zero article looks at the exploitation of a few Android driverbugs in great detail.

Security updates have been issued by CentOS (389-ds-base, bind, bind-dyndb-ldap, and dhcp, firefox, glibc, ipa, less, libreoffice, and thunderbird), Debian (cups), Fedora (chromium and cyrus-imapd), Mageia (golang and poppler), Oracle (bind, bind-dyndb-ldap, and dhcp, gvisor-tap-vsock, python-idna, and ruby), Red Hat (dnsmasq and expat), SUSE (libaom, php8, podman, python-pymongo, python-scikit-learn, and tiff), and Ubuntu (h2database and vte2.91).

The BPF verifier is a complex program. This has the unfortunate effect of makingit simultaneously more difficult for contributors to work on, and more likelyto harbor unknown bugs. Shung-Hsi Yu had two concrete proposals for how tosimplify the verifier to make it easier to maintain that he presented at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit. Yu proposed changing how theverifier tracks partially known values and cleaning up the interface tohide the details of the value-tracker's internal representation.

Redirecting execution flow is a common malwaretechnique that can be used to compromise operating systems. To protect from such attacks,the chip makers of leading architectures like x86 and arm64 have implementedcontrol-flow-integrity (CFI) extensions, though they need systemsoftware support to function. At the LinuxSecurity Summit North America, RISC-V kernel developer Deepak Gupta described the CFIprotections for that architecture and invited community input on thekernel support for them.

Version1.79.0 of the Rust language has been released. Changes this timeinclude inline const expressions, the "associated item boundssyntax", and more.

Security updates have been issued by Debian (firefox-esr), Fedora (nginx-mod-modsecurity, php, and tomcat), Mageia (strongswan), Oracle (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, firefox, gdk-pixbuf2, idm:DL1, ipa, kernel, libreoffice, podman, rpm-ostree, and thunderbird), Red Hat (dnsmasq and nghttp2), Slackware (mozilla), SUSE (curl, firefox, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, openssl-3, and python-Pillow), and Ubuntu (libmatio, libndp, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-oem-6.5, and virtuoso-opensource).

The LWN.net Weekly Edition for June 13, 2024 is available.

The Cockpit project hasannouncedthe first release of CockpitFiles, a plugin for Cockpit that allows file management on your servervia a web browser:

CentOS Linux7 was firstreleased in July2014, and is due to go end-of-life (EOL) on June30.By now, anyone who pays attention to such things is aware that Red Hat pulled the plug onCentOSLinux in late2020 to be replaced by CentOS Streaminstead. CentOSLinux8support was wounddown at the end of 2021 rather than in 2029 as originally stated.CentOS Linux7 was allowed to serve out itsfull lifespan-but that EOL is approaching rapidly andthere's no direct upgrade path. Users and organizations looking for a lifeline might want to considerAlmaLinux's ELevateutility, which allows CentOS users to migrate to alternate enterpriseLinux (EL) operating systems.

The Python SoftwareFoundation (PSF) has announcedthat nominations are open for the PSF Board election through June25:

The mseal() system call allows aprocess to prevent any future changes to portions of its address space(thus "sealing" them); it was patterned after the mimmutable() system call in OpenBSD.mseal() generated a lot of discussion, but it was finally mergedfor the upcoming 6.10 kernel release. While mseal() was initiallyaimed at securing the Chrome browser, the hope was that it would be usefulelsewhere; as a step toward realizing that hope, Adhemerval Zanella hasposted apatch series adding support for - and use of - mseal() to theGNU C library (glibc).

Systemd 256 has been released. As usual, the list of changes is long; seethis article for an overview, or theannouncement for all the details.

Greg Kroah-Hartman has announced another round of stable kernelupdates: 6.9.4, 6.6.33, and 6.1.93 have been released. Each containsanother set of important fixes, users of these kernels are advised toupgrade right away.

The openSUSELeap 15.6 release is available; this is intended to be the lastLeap15.x release before Leap16 comes out."Leap 15.6 is projected to receive maintenance and security updatesuntil the end of 2025 to ensure sufficient overlap with the nextrelease". Changes include the addition of the Cockpit server-management tool, a6.4 kernel, GNOME45, and many other upgrades. This release alsoremoves a long list of unmaintained Python packages. See therelease notes for details.

Security updates have been issued by AlmaLinux (booth), Debian (cyrus-imapd and vlc), Fedora (firefox, libarchive, php, and singularity-ce), Oracle (ipa and ruby:3.3), Red Hat (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, kernel, kernel-rt, kpatch-patch, libreoffice, podman, protobuf-c, python-idna, rpm-ostree, ruby, and tomcat), Slackware (cups and mozilla), SUSE (bind, cups, iperf, kernel, nano, and poppler), and Ubuntu (libapache-mod-jk, linux-aws, linux-aws-5.15, linux-aws, linux-oracle, linux-intel-iotg-5.15, linux-nvidia, and mysql-8.0).

The extensible scheduler class("sched_ext") framework allows the writing of CPU schedulers as a set ofBPF programs. It has been somewhatcontroversial, and its merging into the kernel has been blocked despitea clear level of interest from users.Linus Torvalds has now letit be known that he has made a decision and, overriding the schedulermaintainer, will merge sched_ext for the 6.11 release.

BPF is in a unique position in terms of security. It runs in a privilegedcontext, within the kernel, and can have access to many sensitive details of thekernel's operation. At the same time, unlike kernel modules, BPF programs aren't signed.Additionally, the mechanisms behind BPF present challenges to implementingsigning or other security features. Three nearly back-to-back sessions at the2024Linux Storage,Filesystem, Memory Management, and BPF Summitaddressed some of the potential security problems.

Version127.0 of the Firefox browser is out. Changes include support for DNSprefetching and the ability to close duplicate tabs in a window. Thebrowser will now try to upgrade images and videos with HTTP URLs that arefound in an HTTPS page to HTTPS as well; if that fails, the non-HTTPSresources will simply fail to load.Update: thisMozilla Security Blog post describes the HTTPS-related changes indetail.

VFS maintainer Christian Brauner led a discussion about the possibility ofselectively dropping the contents of the page cache for a filesystem in asession at the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. As he described in histopicproposal, the use case that started him down this path comes fromGNOME, which wants to be able to safely suspend access to an encrypted homedirectory. While it is known to kerneldevelopers, it is surprising to others that reads from encryptedfilesystems that have been suspended will succeed if the data to be readstill exists in the page cache.

Security updates have been issued by AlmaLinux (ruby:3.3), Fedora (efifs, libvirt, podman-tui, prometheus-podman-exporter, and strongswan), Red Hat (firefox, idm:DL1, ipa, nghttp2, and thunderbird), SUSE (aws-nitro-enclaves-cli, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, frr, glibc, go1.21, go1.22, gstreamer-plugins-base, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, libxml2, mariadb, poppler, python-Brotli, python-docker, python-idna, rmt-server, skopeo, sssd, unbound, unrar, util-linux, and webkit2gtk3), and Ubuntu (giflib, libphp-adodb, linux-gkeop, linux-gkeop-5.15, linux-kvm, linux-laptop, linux-oem-6.8, nodejs, and tiff).

P4, short for "ProgrammingProtocol-independent Packet Processors", is a programming language aimed atnetworking devices; it is useful for the configuration of firewalls andcomplicated routing architectures. Since a lot of advanced networking isdone with Linux systems, it stands to reason that there would be value insupporting P4 and, indeed, animplementation of P4 in the kernel's traffic-control subsystem wasfirst posted by Jamal Hadi Salim at the beginning of 2023. After nearly18months, though, this feature has not been merged, and the chancesof that happening would appear to be getting worse.

Version 5.40.0 of the Perl language has been released. "Perl 5.40.0represents approximately 11 months of development since Perl 5.38.0 andcontains approximately 160,000 lines of changes across 1,500 files from 75authors". Significant changes include a new __CLASS__keyword, a :reader: attribute for field variables, a new"^^" logical-XOR operator (because two of those were not enough),moving "try/catch" out of the experimental category, and more; seethispage for lots of details.

Security updates have been issued by Fedora (galera and mariadb10.11), Mageia (0-plugins-base and plasma-workspace), Oracle (ruby:3.1 and ruby:3.3), Red Hat (bind, bind-dyndb-ldap, and dhcp), SUSE (apache2, glib2, libvirt, openssl-1_1, openssl-3, opera, python-Jinja2, python-requests, and squid), and Ubuntu (linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp, linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi, linux, linux-ibm, linux-lowlatency, linux-raspi, linux-aws, linux-gcp, linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5, and linux-gke, linux-ibm, linux-intel-iotg, linux-oracle).

The 6.10-rc3 kernel prepatch is out."So things look good, the water is warm, please jump right in and keeptesting,"

Ladybird is an open-sourceproject aimed at building an independent web browser, rather thanyet another browser based on Chrome. It is written in C++ and licensed under atwo-clause BSD license. The effort began as part of the SerenityOS project, butdeveloper Andreas Kling announcedon June3 that he was "forking" Ladybird as a separate project and stepping away fromSerenityOS to focus his attention on the browser completely. Ladybirdis not ready to replace Firefox or Chrome for regular use, but it is showinggreat promise.

According to CrowdStrike, avulnerability in the Linux kernel's nftables codethat was discovered earlier thisyear is being actively exploited in the wild. The vulnerability allows forlocal privilege escalation. Most distributions have already released a fix.

BPF was firstgeneralized beyond packet filtering more than a decade ago. In that time, ithas changed a lot, becoming much more capable.Alexei Starovoitov kicked off the second day of the BPF track at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit by leading a sessiondiscussing which changes to BPF are going to come in the next ten years as itcontinues evolving. He proposed several ideas, including expanding the number ofregisters available to BPF programs, dynamic deadlock detection, and relaxingsome existing limits of the verifier.

Security updates have been issued by Mageia (libtiff), Oracle (cockpit, glibc, kernel, less, libxml2, linux-kernel, and tomcat), Red Hat (java-1.8.0-ibm, nghttp2, and ruby:3.3), Slackware (php), SUSE (go1.21, go1.22, and python-docker), and Ubuntu (aom and libvpx).

The kernel's user-space ABI does not lack for ring buffers; they have beendefined for subsystems like BPF, io_uring, perf,and tracing, forexample. Naturally, each of those ring buffers is unique, with no commoninterface between them. The natural response to this ABI proliferation is,of course, to add yet another ring buffer as the generic option; that isthe intent of thispatch series from Kent Overstreet adding a new set of system calls forring buffers.