LWN.net

Stable kernels 5.1.11, 4.19.52, 4.14.127, 4.9.182, and 4.4.182 have been released. They all contain arelatively small set of important fixes; users should upgrade.

At KubeCon +CloudNativeCon Europe 2019 there was a public meeting of the Cloud Native Computing Foundation (CNCF) TechnicalOversight Committee (TOC); its members outlined the currentstate of the CNCF and where things are headed.What emerged was apicture of how the CNCF's governance is evolving as it brings in moreprojects, launches a new special interest group mechanism, andcontemplates what to do with projects that go dormant.

Security updates have been issued by Arch Linux (chromium and thunderbird), Debian (php-horde-form, pyxdg, thunderbird, and znc), Fedora (containernetworking-plugins, mediawiki, and podman), openSUSE (chromium), Red Hat (bind, chromium-browser, and flash-plugin), SUSE (docker, glibc, gstreamer-0_10-plugins-base, gstreamer-plugins-base, postgresql10, sqlite3, and thunderbird), and Ubuntu (firefox).

The 5.2-rc5 kernel prepatch is out fortesting. "But the good news is that we're getting to the later partsof the rc series, and things do seem to be calming down. I was hoping rc5would end up smaller than rc4, and so it turned out."

There's yet another set of stable kernel updates out there:5.1.10,4.19.51, and4.14.126.Each contains another set of important fixes.

The 2019 Linux Storage, Filesystem, andMemory-Management Summit included adetailed discussion about a memory-management fix thataddressed one performance regression while causing another. That fix,which was promptly reverted, is still believed by most memory-managementdevelopers to implement the correct behavior, so apatch posted by Andrea Arcangeli in early May has relatively broadsupport. That patch remains unapplied as of this writing, but thediscussion surrounding it has continued at a slow pace over the lastmonth. Memory-management subsystem maintainer Andrew Morton is faced witha choice: which performance regression is more important?

Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, elfutils, libvirt, and python-requests).

If a user-space process needs to wait for some event to happen, there is awhole range of mechanisms provided by the kernel to make that easy. Butcalling into the kernel tends not to work well for the shortest of waits— those measured in small numbers of microseconds. For delays of thismagnitude, developers often resort to busy loops, which have a muchsmaller potential for turning a small delay into a larger one.Needless to say, busy waiting has its own disadvantages, so Intel has come upwith a set of instructions to support short delays. A patchset from Fenghua Yu to support these instructions is currently workingits way through the review process.

Security updates have been issued by Fedora (firefox, kernel, kernel-headers, libreswan, python-urllib3, and vim), Red Hat (python), SUSE (sssd), and Ubuntu (dbus).

The LWN.net Weekly Edition for June 13, 2019 is available.

In an offshoot of the Debian discussion we looked at last week, the Debian project hasbeen discussing the idea of paying developers to work on the distribution.There is some history behind the idea, going back to the controversial Dunc-Tank initiative in 2006,but some think attitudes toward funding developers may have changed—or thata new approach might be better accepted. While it is playing out with regard toDebian right now, it is a topic that other projects have struggled withalong the way—and surely will again.

Security updates have been issued by Debian (libgd2, mediawiki, otrs2, vlc, and zookeeper), Fedora (containernetworking-plugins, kernel, kernel-headers, nodejs-tough-cookie, podman, python-django, and python-urllib3), openSUSE (virtualbox), SUSE (gnome-shell, libcroco, and php7), and Ubuntu (dbus, Neovim, and vim).

Python is, famously, a "batteries included" language; it comes with a richstandard library right out of the box, which makes for a highly usefulstarting point for everyone. But that does have some downsides as well. Thestandard library modules are largely maintained by the CPython coredevelopers, which adds to their duties; the modules themselves aresubject to the CPython release schedule, which may be suboptimal. Forthose reasons and others, there have been thoughts about retiring someof the older modules; it is a topic that has come up several times over thelast year or so.

The Matrix team has announcedthe first stable release of the Matrix protocol and specification acrossall APIs. The Synapse 1.0 reference implementation, which implements thefull Matrix 1.0 API surface, has also been released. "Now, before you get too excited, it’s critical to understand that Matrix 1.0 is all about providing a stable, self-consistent, self-contained and secure version of the standard which anyone should be able to use to independently implement production-grade Matrix clients, servers, bots and bridges etc. It does not mean that all planned or possible features in Matrix are now specified and implemented, but that the most important core of the protocol is a well-defined stable platform for everyone to build on.On the Synapse side, our focus has been exclusively on ensuring thatSynapse correctly implements Matrix 1.0, to provide a stable and securebasis for participating in Matrix without risk of room corruption or othernastinesses." The announcement also covers the launch of theMatrix.org Foundation.

Interfaces for the reporting of events to user space from the kernel havebeen a recurring topic on the kernel mailing lists for almost as long asthe kernel has existed; LWN covered one 15years ago, for example. Numerous special-purpose event-reporting APIsexist, but there are none that are designed to be a single place toobtain any type of event. David Howells is the latest to attempt to changethat situation with anew notification interface that, naturally, uses a ring buffer totransfer events to user space without the need to make system calls. TheAPI itself (which hasn't changed greatly since it was posted in 2018) is not hugely controversial,but the associated security model has inspired a few heated discussions.

Stable kernels 5.1.9, 4.19.50, 4.14.125, 4.9.181, and 4.4.181 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by CentOS (bind and thunderbird), Mageia (firefox, ghostscript, graphicsmagick, imagemagick, postgresql, and thunderbird), Oracle (kernel), Red Hat (Advanced Virtualization and rh-haproxy18-haproxy), SUSE (bind, gstreamer-0_10-plugins-base, thunderbird, and vim), and Ubuntu (elfutils, glib2.0, and libsndfile).

BPF is probably familiar to many LWN readers, though it's likely not yetquite as well known in the Kubernetes community — but that could soonchange. At KubeCon +CloudNativeCon Europe 2019 there were multiple sessions with BPF in the title where developers talked about how BPF can be used tohelp with Kubernetes security, monitoring, and even chaos engineeringtesting.We will look at two of those talks that were led by engineers closelyaligned with the open-source Cilium project, which is allabout bringing BPF to Kubernetes container environments.Thomas Graf, who contributes to BPF development in the Linux kernel,led a session on transparent chaos testing with Envoy, Cilium, and BPF,while his counterpart Dan Wendlandt, who is well known in the OpenStackcommunity for helping to start the Neutron networking project, spoke aboutusing the kernel's BPF capabilities to add visibility andsecurity in a Kubernetes-aware manner.

Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt).

The 5.2-rc4 kernel prepatch is out fortesting. "We've had a fairly calm release so far, and on the whole that seems tohold. rc4 isn't smaller than rc3 was (it's a bit bigger), but rc3 wasfairly small, so the size increase isn't all that worrisome. I do hopethat we'll start actually shrinking now, though."

The5.1.8,4.19.49,and 4.14.124stable kernel updates have been released; each contains another set ofimportant fixes.

The Intel architecture allows misaligned memory access in situationswhere other architectures (such as ARM or RISC-V) do not. One suchsituation is atomic operations on memory that is split across two cachelines. This feature is largely unknown, but its impact is even less so. Itturns out that the performance and security impact can be significant,breaking realtime applications or allowing a rogue application to slow thesystem as a whole. Recently, Fenghua Yu has been working on detecting andfixing these issues in the split-lockpatch set, which is currently on its eighth revision.

Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws).

In mid-May, LWN reported on the discussions in the openSUSE project over whether a separation from SUSEwould be a good move. It would appear that this issue hasbeen resolved and that openSUSE will be setting up a foundation as its newhome independent of the SUSE corporation. But now the community has beenovertaken by a new, related discussion that demonstrates a characteristicof free-software projects: the hardest issues are usually related tonaming.

Qualys has put out an advisory on a vulnerability in the Exim mail transferagent, versions 4.87 through 4.91; it allows for easy command execution bya local attacker and remote execution in some scenarios. "To remotelyexploit this vulnerability in the default configuration, an attackermust keep a connection to the vulnerable server open for 7 days (bytransmitting one byte every few minutes). However, because of theextreme complexity of Exim's code, we cannot guarantee that thisexploitation method is unique; faster methods may exist." Sitesrunning Exim should upgrade to 4.92 if they have not already.

Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2).

The LWN.net Weekly Edition for June 6, 2019 is available.

Debian takes an almost completely "hands off" approach to the decisionsthat Debian developers(DDs) can make in regard to the packaging and maintenance of theirpackages. That leads to maximal freedom for DDs, but impacts the project in other ways, some of which may be less than entirelydesirable. New Debian project leader (DPL) Sam Hartman started aconversation about potential changes to the Debian packaging requirementsback in mid-May. In something of a departure from the Debian tradition ofnearly endless discussion without reaching a conclusion (and, possibly,punting the decision to the technical committee or avote in a general resolution), Hartman has instead tried to guide the discussion toward reaching some kind of rough consensus.

The kernel self-test framework (kselftest) has been a part of the kernel for some time now; a relatively recentproposal for a kernel unit-testing framework,called KUnit,has left some wondering why both exist. In a lengthy discussion thread aboutKUnit, the justification for adding another testingframework to the kernel was debated. While there are different use casesfor kselftest and KUnit, there was concern about fragmenting the kernel-testinglandscape.

Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon).

The CockroachDB database management system has beenrelicensed; the new license is non-free. "CockroachDB users canscale CockroachDB to any number of nodes. They can use CockroachDB or embedit in their applications (whether they ship those applications to customersor run them as a service). They can even run it as a serviceinternally. The one and only thing that you cannot do is offer a commercialversion of CockroachDB as a service without buying a license."

The Mozilla blog announcesa new Firefox feature: "One of those initiatives outlined was toblock cookies from known third party trackers in Firefox. Today, Firefoxwill be rolling out this feature, Enhanced Tracking Protection, to all newusers on by default, to make it harder for over a thousand companies totrack their every move. Additionally, we’re updating our privacy-focusedfeatures including an upgraded Facebook Container extension, a Firefoxdesktop extension for Lockwise, a way to keep their passwords safe acrossall platforms, and Firefox Monitor’s new dashboard to manage multiple emailaddresses."

Nina Zakharenko has been programming for a long time; when she was youngshe thought that "the idea that I could trick computers into doing what Itell them was pretty awesome". But as she joined the workforce, heropportunities for "creative coding" faded away; she regained some of thatworking with open source, but tinkering with hardware is what let hercreativity "truly explode". It has taken her years to get back what shelearned long ago, she said, and her keynote at PyCon 2019 was meant to showattendees the kinds of things can be built with Python—starting withsomething that attendees would find in their swag bag.

Stable kernels 5.1.7, 5.0.21, and 4.19.48 have been released. They all containthe usual set of important fixes. This is the last 5.0.y release and usersshould move to 5.1.y now.

Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src).

Nedim Šabić has written atutorial article on using the eXpress Data Path for fast packetfiltering. "Now comes the most relevant part of our XDP program thatdeals with packet’s processing logic. XDP ships with a predefined set ofverdicts that determine how the kernel diverts the packet flow. Forinstance, we can pass the packet to the regular network stack, drop it,redirect the packet to another NIC and such. In our case, XDP_DROP yieldsan ultra-fast packet drop."

The fs‑verity mechanism has its origins in the Android project; its purposeis to make individual files read-only and enable the kernel to detectany modifications that might have been made, even if those changes happenoffline. Previous fs‑verity implementations have run into criticism in thedevelopment community, and none have been merged. A newversion of the patch set was posted on May 23; it features achanged user-space API and may have a better chance of getting into themainline.

Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, java-1_7_0-openjdk, libtasn1, libvirt, lxc, lxcfs, NetworkManager, php5, php7, screen, sles12sp3-docker-image, sles12sp4-image, system-user-root, and thunderbird), Oracle (kernel), SUSE (apache2-mod_jk and libpng16), and Ubuntu (doxygen).

The 5.2-rc3 kernel prepatch has beenreleased. "Anyway, even ignoring the SPDX changes, there's just alot of small fixes spread all over, not anything that looks particularlyscary or worrisome. Maybe next week is when the other shoe drops, but maybethis will just be a nice calm release. That would be lovely."

The 5.1.6, 5.0.20, 4.19.47, 4.14.123, and 4.9.180 stable kernels have been released. Asusual, they contain important fixes throughout the kernel tree; users ofthose series should upgrade.

The basic organizational construct within the Kubernetes project is a setof Special Interest Groups (SIGs), each of which represents a different area ofresponsibility within the project. Introductions to what the various SIGsdo, as well as more detailed sessions, were a core part of KubeCon + CloudNativeCon Europe 2019, as the different groups explained whatthey're doing now and their plans for the future. Two sessions, inparticular, covered the work of the Release and Architecture SIGs, both ofwhich have a key role in driving the project forward.

Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp).

The set of system calls known collectively as epoll wasdesigned to make polling for I/O events more scalable. To that end, itminimizes the amount of setup that must be done for each system call andreturns multiple events so that the number of calls can also be minimized.But that turns out to still not be scalable enough for some users. Theresponse to this problem, in the form of this patchseries from Roman Penyaev, takes a familiar form: add yet anotherring-buffer interface to the kernel.

Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo).

The LWN.net Weekly Edition for May 30, 2019 is available.

A kernel debugger that allows Python scripts to access data structures ina running kernel was the topic of Omar Sandoval's plenary session at the2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). Inhis day job at Facebook, Sandoval does a fair amount of kernel debuggingand he found the existing tools to be lacking. That led him to build drgn, which is a debugger builtinto a Python library.

In a followup to his earlier session on dyingcontrol groups, Roman Gushchin wanted to talk about problems with theshrinkers and filesystem caches in a combined filesystem andmemory-management session at the 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).Specifically, for control groups that share the same underlying filesystem,the shrinkers are not able to reclaim memory from the VFS caches after acontrol group dies, at least under slight to moderate memory pressure. Hewanted to discuss how to reclaim that memory without major performanceimpacts.

Version 1.0 of the GParted GNOME Partition Editor has been released. "The GParted 1.0.0 release includes a significant undertaking to migratethe code base from gtkmm2 to gtkmm3 (our GTK3 port)."

Version 4.2.0of the Krita paint tool is out. "New in Krita 4.2.0 is updatedsupport for drawing tablets, support for HDR monitors on Windows, animproved color palette docker, scripting API for animation, color gamutmasking, improved selection handling, much nicer handling of theinteraction between opacity and flow and much, much, much more" Seethe releasenotes for more details.

Kees Cook reviewsthe security-related enhancements in the 5.1 kernel release."Now /proc/$pid can be opened and used as an argument for sendingsignals with the new pidfd_send_signal() syscall. This handle will onlyrefer to the original process at the time the open() happened, and not toany later 'reused' pid if the process dies and a new process is assignedthe same pid. Using this method, it’s now possible to racelessly sendsignals to exactly the intended process without having to worry about pidreuse. (BTW, this commit wins the 2019 award for Most Well DocumentedCommit Log Justification.)"