LWN.net

Security updates have been issued by AlmaLinux (cockpit, kernel, kernel-rt, libxml2, ruby:3.1, and tomcat), Debian (libarchive, pillow, and tinyproxy), Fedora (apptainer), Mageia (amavisd-new and libxml2), Oracle (edk2), Red Hat (booth, cockpit, kernel-rt, less, libxml2, nghttp2, ruby:3.1, ruby:3.3, and tomcat), Slackware (kernel), and Ubuntu (atril, bluez, frr, gdk-pixbuf, openjdk-17, openjdk-21, openjdk-8, openjdk-lts, qemu, and unixodbc).

The LWN.net Weekly Edition for June 6, 2024 is available.

There are two types of file I/O on Linux, buffered I/O, which goes throughthe page cache, and direct I/O, which goes directly to the storage device.The performance of buffered I/O was reported to be a lot worse than directI/O, especially for one specific test, in Luis Chamberlain's topicproposal for a session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit.The proposal resulted in a lengthy mailing-list discussion, which also came up in Paul McKenney's RCU session the nextday; Chamberlain led a combined storage and filesystem session to discuss those results with aneye toward improving buffered I/O performance.

Version 2024.2 of the Kali Linux penetration testing distributionhas been released. Thisrelease includes an update to GNOME46, a high-resolution (HiDPI) mode for Xfce, as well as a numberof new packages such as the AutoRecon networkreconnaissance tool, pspy command-line utility forsnooping on Linux processes, and SploitScan tool forfetching and displaying CVE information. Kali Linux is based on Debiantesting, and 2024.2 incorporates Debian's work to transition to 64-bittime_t to avoid year 2038 problems. Users with existing Kalisystems should be sure to follow the documentationwhen upgrading.

Version 14.1 of FreeBSD hasbeen released. Thisis the second release of the 14.x stable branch. Highlights of thisrelease include upgrades to OpenZFS 2.2.4, Clang/LLVM 18.1.5, andOpenSSH 9.7p1. FreeBSD 14.1 also features cloud-init support,sound subsystem improvements, and more. See thewhat'snew blog post from the FreeBSD Foundation, releasenotes, and errata formore information.

Many years ago, the PostgreSQL project started holding regular CommitFests tohelp tackle the work of reviewing and committing patches in a moreorganized fashion. That has served the project well, but some inthe project are concerned that CommitFests are no longer meetingthe needs of PostgreSQL or its contributors. A lengthy discussion on thepgsql-hackers mailing list turned up a number of complaints, a fewsuggestions for improvement, but little consensus or momentum towarda solution.

The GFP_NOFS flag is meant for kernel memory allocations thatshould not cause a call into the filesystems to reclaim memory because there arealready locks held that can potentially cause a deadlock. The "scopedallocation" API is a better choice for filesystems to indicate that theyare holding a lock, so GFP_NOFS has long been on the chopping block, thoughprogress has been slow. In a filesystem-track session atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Matthew Wilcox wanted todiscuss how to move kernel filesystems away from the flag with the eventualgoal of removing it completely.

Drew DeVault has publishedan update about the state of the SourceHut software developmentplatform and its plans for the coming months. This is the first updatesince the January post-mortemfollowing a distributed denial-of-service (DDoS) attack that resultedin a prolongedoutage:

Alan Jowett returned for a second remote presentation at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit to compare the performance ofdifferent BPF runtimes. He showed the results of the MIT-licensed BPFmicrobenchmark suite he has been working on.The benchmark suite does not yet provide a good direct comparison between allplatforms, so the results should betaken with a grain of salt. They doseem to indicate that there is some significant variation betweenimplementations, especially for different types of BPF maps.

Security updates have been issued by Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dotnet8.0, dwayland, fcitx-qt5, fcitx5-qt, gammaray, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qgnomeplatform, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, and qt5-qtspeech), Oracle (389-ds-base and ruby:3.1), Red Hat (389-ds-base, glibc, and kernel), SUSE (python-PyMySQL), and Ubuntu (libarchive).

We have just received thesad news that longtime core BSD developer Mike Karels has died; he willcertainly be missed.

Version 6.2 of the Incus container-management system is out. "Thisrelease contains the second wave of changes contributed by students of theUniversity of Texas at Austin and a few other features andimprovements." The features include a new incustopcommand, a new API for system load information, and more.

In the recent discussion on commenting atLWN, several readers asked for the ability to hide subthreads of a longcomment stream. That feature has just been added; it is also integratedwith the three comment-display modes and with comment filtering, removingthe need for JavaScript for filtering. Hiding is not persistent; no extradata is stored at either end.Give it a try; if you have comments on the new mechanism, this is the placeto put them.

The saga of the i_version field for inodes, which tracks theoccurrence of changesto the data or metadata of a file, continued in a discussion at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. In a session led byJeff Layton, who has been doing a lot the work on changing the semantics and functioning ofi_version over the years, he updated attendees on the status of the effort since a session at last year's summit. His summarywas that things are"pretty much where we started last year", but the discussion this timepointed to some possible ways forward.

There are few topics as arcane as memory models, so it was a pleasant surprisewhen the double-length session on the BPF memory model at theLinux Storage,Filesystem, Memory Management, and BPF Summit turned out to beunderstandable. Paul McKenney led the session, although he was clear that thework he was presenting was also due to Puranjay Mohan, who unfortunately couldnot attend the summit.BPF does not actually have a formalized memory model yet;instead it has relied on a history of talks like this one and a general informal understanding.Unfortunately, ignoring memory models does not make them go away, and this hasalready caused at least one BPF-related bug on weakly-ordered architectures.Figuring out what a formal memory model for BPF should define was the focus ofMcKenney's talk.

Security updates have been issued by Mageia (chromium-browser-stable, git, libreoffice, microcode, python-requests, webkit2, and wireshark), Oracle (container-tools:ol8, glibc, go-toolset:ol8, idm:DL1 and idm:client, less, python39:3.9 and python39-devel:3.9, ruby:3.0, and virt:ol and virt-devel:rhel), Red Hat (nodejs, nodejs:18, python-idna, and ruby:3.1), and SUSE (389-ds, ffmpeg, ffmpeg-4, gnutls, gstreamer-plugins-base, libhtp, mariadb104, poppler, python-python-jose, squid, and unbound).

Version 2.4.0 of the LyXdocument processor has been released. LyX is a "What You See Is What YouMean" (WYSIWYM) application that offers GUI editing of LaTeXdocuments with import and export to PDF, HTML, OpenDocument, Word, andother formats. LyX 2.4.0 is the first major release in six years, andbrings support for EPUB, DocBook 5, improvedtable styles, and now uses Unicode (utf8) as its default encoding. Seethe full list of newfeatures on the LyX wiki, and releasenotes for information on known issues and caveats for thoseupgrading from earlier versions of LyX.

Debian had a major discussionabout mounting /tmp as a RAM-based tmpfs in 2012 but inertiawon out in the end. Debian systems have continued tostore temporary files on disk by default. Until now. A mere 12 years later, the project will be switching to a RAM-based /tmp in the Debian13 ("Trixie") release. Additionally, starting with Trixie, thedefault will be to periodically clean up temporary files automatically in/tmp and /var/tmp. Naturally, it involved a lengthy discussion first.

Security updates have been issued by AlmaLinux (python39:3.9 and python39-devel:3.9 and ruby:3.0), Debian (chromium, gst-plugins-base1.0, and kernel), Fedora (chromium, glances, glycin-loaders, gnome-tour, helix, helvum, kitty, libarchive, libipuz, librsvg2, loupe, maturin, ntpd-rs, plasma-workspace, and a huge list of Rust-based packages due to a "mini-mass-rebuild" that updated the toolchain to Rust 1.78 and picked up fixes for various pieces), Mageia (gifsicle, netatalk, openssl, python-jinja2, and unbound), Red Hat (kernel and kernel-rt), SUSE (bind, glibc, gstreamer-plugins-base, squid, and tiff), and Ubuntu (glibc).

The second 6.10 kernel prepatch is out fortesting. "Nothing feels particularly odd, but rc2 is usually fairly small andpeople are only starting to find regressions.So please go test some more."

The Fedora Project has announcedthe results of the Fedora Linux 40 election cycle. Four seats wereopen on the FedoraEngineering Steering Committee (FESCo), and the winners are StephenGallagher, Neal Gompa, Michel Lind, and Fabio Valentini. The FedoraCouncil had two seats open, and the winnersare Aleksandra Fedorova and Adam Samalik. One seat was open on theFedora MindshareCommittee, and the winneris Sumantro Mukherjee. Four seats were open for the first election to selectmembers of the EPELSteering Committee, which went to TroyDawson, Kevin Fenzi, Carl George, and Jonathan Wright.

KDE Eco, a KDE project focusedon reducing software's environmental impact, has announced its OptGreen campaign to reduce e-waste:

The "pidfdfs" virtual filesystem was added to the 6.9 kernel release as away to export better information about running processes to user space. Itreplaced a previous implementation in a way that was, on its surface, fullycompatible while adding a number of new capabilities. This transition,which was intended to be entirely invisible to existing applications,already ran into trouble in March, when amisunderstanding with SELinux caused systems with pidfdfs to fail to bootproperly. That problem was quickly fixed, but it turns out that there wasone more surprise in store, showing just how hard ABI compatibility can beat times.

The 2024 Kernel Maintainers Summit will happen on September17 inVienna, Austria; it is an invitation-only event for a small group todiscuss important kernel-development problems. The call forproposals for this gathering has now been posted. One of the best waysto be invited to the event is to propose a topic that needs discussion inthat forum. The deadline for proposals is June18.

The developers of the Krita paintingapplication are celebrating25years of development with a detailed history of the project.

Security updates have been issued by AlmaLinux (.NET 7.0, .NET 8.0, 389-ds:1.4, ansible-core bug fix, enhancement, and, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, gdk-pixbuf2, ghostscript, git-lfs, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, Image builder components bug fix, enhancement and, kernel, kernel-rt, krb5, less, LibRaw, libsndfile, libssh, libtiff, libX11, libXpm, linux-firmware, motif, mutt, nghttp2, openssh, pam, pcp, pcs, perl-Convert-ASN1, perl-CPAN, perl:5.32, pki-core:10.6 and pki-deps:10.6, pmix, poppler, python-dns, python-jinja2, python-pillow, python27:2.7, python3, python3.11, python3.11-cryptography, python3.11-urllib3, python39:3.9 and python39-devel:3.9, qt5-qtbase, resource-agents, squashfs-tools, sssd, systemd, tigervnc, traceroute, vorbis-tools, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (gst-plugins-base1.0), Fedora (cacti, cacti-spine, roundcubemail, and wireshark), Oracle (.NET 7.0, .NET 8.0, bind and dhcp, gdk-pixbuf2, git-lfs, glibc, grafana, krb5, pcp, python-dns, python3, sssd, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (edk2, less, nghttp2, and ruby:3.0), SUSE (gstreamer-plugins-base, Java, kernel, and python-requests), and Ubuntu (ffmpeg, node-browserify-sign, postgresql-14, postgresql-15, postgresql-16, and python-pymysql).

While BPF may be most famous for its use in the Linux kernel, there is actuallya growing effort to standardize BPF for use on other systems. These includeeBPF for Windows, but alsouBPF,rBPF,hBPF,bpftime, andothers. Some hardware manufacturers are evenconsidering integrating BPF directly into networking hardware. Dave Thalerled two sessions about all of the problems that cross-platform use inevitablybrings and the current status of the standardization work at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit.

A discussion of extensions to the statx()system call comes up frequently at the Linux Storage,Filesystem, Memory Management, and BPF Summit; this year's edition wasno exception. Kent Overstreet led the first filesystem-only session at thesummit on querying information about filesystems that have subvolumes andsnapshots. While it was billed as a discussion on statx()additions, it ranged more widely over new APIs needed for modern filesystems.

Greg Kroah-Hartman has announced the release of the 6.9.3 and 6.8.12 stable kernels. As usual, they containlots of important fixes throughout the tree. Note that 6.8.12 is the endof the line for the 6.8.x stable kernel series.

Security updates have been issued by Debian (python-pymysql), Fedora (chromium, mingw-python-requests, and thunderbird), Mageia (perl-Email-MIME and qtnetworkauth5 & qtnetworkauth6), Red Hat (gdisk and python39:3.9 and python39-devel:3.9 modules), SUSE (freerdp, gdk-pixbuf, gifsicle, glib2, java-1_8_0-ibm, kernel, libfastjson, libredwg, nodejs16, python, python3, python36, rpm, warewulf4, and xdg-desktop-portal), and Ubuntu (gst-plugins-base1.0, python-werkzeug, and tpm2-tss).

The LWN.net Weekly Edition for May 30, 2024 is available.

The Asahi Linux project worksto support Linux on Apple Silicon hardware. Theproject's flagshipdistribution is the FedoraAsahi Remix, which has its own installer (rather than Anaconda) toaccommodate the unique requirements of installing on Apple'shardware. Previously the installer was built by the Asahi project, but it has asked for (and received) an exceptionfrom the FedoraEngineering Steering Committee (FESCo) to include two binariesfrom upstream open-source projects so that the installer can be built on Fedorainfrastructure.

The FreeBSD Foundation has announcedthe 2024FreeBSD Community Survey Report. The report provides a summary of1,446 responses to an anonymous online survey of FreeBSD users. Itprovides insights into user profiles, typical usage, how the FreeBSDproject is viewed, as well as recommendations for expanding theFreeBSD community and contributor base:

When redesigning the LWN site in 2002, we thought long and hard aboutwhether the ability to post comments should be part of it; LWN had notoffered that feature for the first four years of its existence. There werealready plenty of examples of how comments can go bad by then, but wedecided to trust our readers to keep things under control. Much of thetime, that trust has proved justified, but there have been times wherethings have not gone so well. This time is quickly becoming one of thoseothers.

Security updates have been issued by AlmaLinux (glibc and tomcat), Fedora (chromium, fcitx5-qt, python-pyqt6, qadwaitadecorations, qgnomeplatform, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgraphs, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, and zeal), Red Hat (glibc, kernel, kernel-rt, kpatch-patch, linux-firmware, mod_http2, pcp, pcs, protobuf, python3, rpm-ostree, and rust), SUSE (git, glibc-livepatches, kernel, libxml2, openssl-1_1, SUSE Manager Client Tools, SUSE Manager Client Tools, salt, and xdg-desktop-portal), and Ubuntu (amavisd-new, firefox, flask-security, frr, git, intel-microcode, jinja2, libreoffice, linux-intel-iotg, unbound, and webkit2gtk).

The GCC project has been working to support compiling to BPFfor some time. Jose Marchesi and David Faust spoke in an extended session at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summitabout how that work has been going, and what is left for GCC to be on-par withLLVM with regard to BPF support. They also related tentative plans for howGCC BPF support would be maintained in the future.

The iomapblock-mapping abstraction is being used by more filesystems, in partbecause of its support for large folios. But there are some challenges inadopting iomap, which was the topic of a discussion led by Ritesh Harjaniin a combined storage and filesystem session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. One of the main troublespots is how to handle metadata, which is not an area that iomap has been aimedat.

In the final session in the memory-management track of the 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit, the exhausted group ofdevelopers looked one more time at the use of huge pages and the associatedproblem of memory fragmentation. At its worst, this problem can make hugepages harder (and more expensive) to allocate. Luis Chamberlain, who ranthe session, felt that people were worried about this problem, but thatthere was little data on how severe it truly is.

A longstanding tradition in the memory-management track of the Linux Storage,Filesystem, Memory-Management and BPF Summit is a session withmaintainer Andrew Morton to discuss the overall state of the community andthe development process. The 2024 gathering upheld that tradition towardthe end of the final day of the event. It seems that Morton and theassembled developers were all happy with how memory-management work isgoing, but there is always room for improvement.

Security updates have been issued by Debian (less), Mageia (chromium-browser-stable), SUSE (apache2, java-1_8_0-openj9, kernel, libqt5-qtnetworkauth, and openssl-3), and Ubuntu (netatalk and python-cryptography).

Geoff Huston suggeststhat it is time to give up on DNSSEC and look for a better way to securethe Internet namespace.

Alan Jowett gave a remote presentation at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit about what features could beadded to LLVM to make writing BPF programs easier. While there is nothing specificto LLVM about BPF code (and the next session in the track was led by GCCdeveloper Jose Marchesi about better support for that compiler), LLVM is currently the mostcommon way to turn C code into BPF bytecode. That translation, however, runsinto problems when the BPF verifier cannot understand the code LLVM'soptimizations produce.

One of the long-term goals of the folio conversion in the kernel'smemory-management subsystem is the replacement of the pagestructure, which describes a page of physical memory, with an eight-byte"memory descriptor". This change would reduce the overhead of trackingphysical memory, increase type safety, and make memory management moreflexible. Thus far, though, details on what the memory-descriptor futurewill look like have been relatively scarce. At the 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit, Matthew Wilcox led adiscussion to try to fill in the picture somewhat.

Security updates have been issued by Debian (apache2, bluez, chromium, fossil, libreoffice, python-pymysql, redmine, and ruby-rack), Fedora (buildah, crosswords, dotnet7.0, glycin-loaders, gnome-tour, helix, helvum, libipuz, loupe, maturin, mingw-libxml2, ntpd-rs, perl-Email-MIME, and a huge list of Rust-based packages due to a "mini-mass-rebuild" that updated the toolchain to Rust 1.78 and picked up fixes for various pieces), Mageia (chromium-browser-stable, mariadb, and roundcubemail), Oracle (kernel, libreoffice, nodejs, and tomcat), and SUSE (cJSON, libfastjson, opera, postgresql15, python3, and qt6-networkauth).

Linus Torvalds released 6.10-rc1 and closedthe 6.10 merge window on May26. By that time, 11,534 non-mergechangesets had been pulled into the mainline for the next release; nearly5,000 of those came in after "The first half ofthe 6.10 merge window" was written. While the latter half of the mergewindow tends to focus more on fixes, there was also a lot of newfunctionality that landed during this time.

The maple tree data structure was addedduring the 6.1 development cycle; since then, it has taken itsplace at the core of the kernel's memory-management subsystem.Unsurprisingly, work on maple trees is not yet done. Maple-tree maintainerLiam Howlett ran a session in the memory-management track of the 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit to discuss the currentstate of the maple tree and which features can be expected next.

Linus has released6.10-rc1 and closed the merge window for this release. For reasonsthat have not been spelled out, the codename for the release has beenchanged to "Baby Opossum Posse".

The 6.9.2, 6.8.11, 6.6.32, 6.1.92, 5.15.160, 5.10.218, 5.4.277, and 4.19.315stable kernel updates have all been released. Each contains animportant set of fixes. Users of those kernels should upgrade.

Using huge pages has been known for years to improve the performance ofmany workloads. But traditional huge pages, often sized by the CPU at 2MB,can be difficult to allocate and can waste memory due to internalfragmentation. Driven by both the folio transition and hardwareimprovements, attention to smaller, multi-size transparent huge pages(mTHPs) has been on the rise. In two memory-management-track sessions atthe 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit, developers discussed thekernel's ability to reliably allocate mTHPs and the performance gains thatresult.

John Garry and Ted Ts'o led a discussion about supporting atomic writes for bufferedI/O, without any torn (or partial) writes to the device, at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. It is something of acontinuation of a discussion at last year'ssummit. The goal is to help PostgreSQL, which writes its data using16KB buffered I/O; it currently has to do a lot of extra work to ensurethat its data is safe on disk. A promise of non-torn, 16KB buffered writeswould allow the database to avoid doing double writes.