Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2025-09-13 22:30
Security updates for Monday
Security updates have been issued by Arch Linux (chromium and pam-u2f), Debian (cyrus-imapd), Fedora (curl, cyrus-imapd, kernel, kernel-headers, php, and vim), openSUSE (axis, bind, bubblewrap, evolution, firefox, gnome-shell, libpng16, and rmt-server), Oracle (edk2 and kernel), and SUSE (bind, cloud7, and libvirt).
Kernel prepatch 5.2-rc4
The 5.2-rc4 kernel prepatch is out fortesting. "We've had a fairly calm release so far, and on the whole that seems tohold. rc4 isn't smaller than rc3 was (it's a bit bigger), but rc3 wasfairly small, so the size increase isn't all that worrisome. I do hopethat we'll start actually shrinking now, though."
Stable kernel updates
The5.1.8,4.19.49,and 4.14.124stable kernel updates have been released; each contains another set ofimportant fixes.
[$] Detecting and handling split locks
The Intel architecture allows misaligned memory access in situationswhere other architectures (such as ARM or RISC-V) do not. One suchsituation is atomic operations on memory that is split across two cachelines. This feature is largely unknown, but its impact is even less so. Itturns out that the performance and security impact can be significant,breaking realtime applications or allowing a rogue application to slow thesystem as a whole. Recently, Fenghua Yu has been working on detecting andfixing these issues in the split-lockpatch set, which is currently on its eighth revision.
Security updates for Friday
Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws).
[$] Renaming openSUSE
In mid-May, LWN reported on the discussions in the openSUSE project over whether a separation from SUSEwould be a good move. It would appear that this issue hasbeen resolved and that openSUSE will be setting up a foundation as its newhome independent of the SUSE corporation. But now the community has beenovertaken by a new, related discussion that demonstrates a characteristicof free-software projects: the hardest issues are usually related tonaming.
Severe vulnerability in Exim
Qualys has put out an advisory on a vulnerability in the Exim mail transferagent, versions 4.87 through 4.91; it allows for easy command execution bya local attacker and remote execution in some scenarios. "To remotelyexploit this vulnerability in the default configuration, an attackermust keep a connection to the vulnerable server open for 7 days (bytransmitting one byte every few minutes). However, because of theextreme complexity of Exim's code, we cannot guarantee that thisexploitation method is unique; faster methods may exist." Sitesrunning Exim should upgrade to 4.92 if they have not already.
Security updates for Thursday
Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2).
[$] LWN.net Weekly Edition for June 6, 2019
The LWN.net Weekly Edition for June 6, 2019 is available.
[$] Seeking consensus on dh
Debian takes an almost completely "hands off" approach to the decisionsthat Debian developers(DDs) can make in regard to the packaging and maintenance of theirpackages. That leads to maximal freedom for DDs, but impacts the project in other ways, some of which may be less than entirelydesirable. New Debian project leader (DPL) Sam Hartman started aconversation about potential changes to the Debian packaging requirementsback in mid-May. In something of a departure from the Debian tradition ofnearly endless discussion without reaching a conclusion (and, possibly,punting the decision to the technical committee or avote in a general resolution), Hartman has instead tried to guide the discussion toward reaching some kind of rough consensus.
[$] How many kernel test frameworks?
The kernel self-test framework (kselftest) has been a part of the kernel for some time now; a relatively recentproposal for a kernel unit-testing framework,called KUnit,has left some wondering why both exist. In a lengthy discussion thread aboutKUnit, the justification for adding another testingframework to the kernel was debated. While there are different use casesfor kselftest and KUnit, there was concern about fragmenting the kernel-testinglandscape.
Security updates for Wednesday
Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon).
CockroachDB relicensed
The CockroachDB database management system has beenrelicensed; the new license is non-free. "CockroachDB users canscale CockroachDB to any number of nodes. They can use CockroachDB or embedit in their applications (whether they ship those applications to customersor run them as a service). They can even run it as a serviceinternally. The one and only thing that you cannot do is offer a commercialversion of CockroachDB as a service without buying a license."
Firefox adds tracking protection by default
The Mozilla blog announcesa new Firefox feature: "One of those initiatives outlined was toblock cookies from known third party trackers in Firefox. Today, Firefoxwill be rolling out this feature, Enhanced Tracking Protection, to all newusers on by default, to make it harder for over a thousand companies totrack their every move. Additionally, we’re updating our privacy-focusedfeatures including an upgraded Facebook Container extension, a Firefoxdesktop extension for Lockwise, a way to keep their passwords safe acrossall platforms, and Firefox Monitor’s new dashboard to manage multiple emailaddresses."
[$] Fun with LEDs and CircuitPython
Nina Zakharenko has been programming for a long time; when she was youngshe thought that "the idea that I could trick computers into doing what Itell them was pretty awesome". But as she joined the workforce, heropportunities for "creative coding" faded away; she regained some of thatworking with open source, but tinkering with hardware is what let hercreativity "truly explode". It has taken her years to get back what shelearned long ago, she said, and her keynote at PyCon 2019 was meant to showattendees the kinds of things can be built with Python—starting withsomething that attendees would find in their swag bag.
Three stable kernels
Stable kernels 5.1.7, 5.0.21, and 4.19.48 have been released. They all containthe usual set of important fixes. This is the last 5.0.y release and usersshould move to 5.1.y now.
Security updates for Tuesday
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src).
Šabić: eBPF and XDP for Processing Packets at Bare-metal Speed
Nedim Šabić has written atutorial article on using the eXpress Data Path for fast packetfiltering. "Now comes the most relevant part of our XDP program thatdeals with packet’s processing logic. XDP ships with a predefined set ofverdicts that determine how the kernel diverts the packet flow. Forinstance, we can pass the packet to the regular network stack, drop it,redirect the packet to another NIC and such. In our case, XDP_DROP yieldsan ultra-fast packet drop."
[$] Yet another try for fs-verity
The fs‑verity mechanism has its origins in the Android project; its purposeis to make individual files read-only and enable the kernel to detectany modifications that might have been made, even if those changes happenoffline. Previous fs‑verity implementations have run into criticism in thedevelopment community, and none have been merged. A newversion of the patch set was posted on May 23; it features achanged user-space API and may have a better chance of getting into themainline.
Security updates for Monday
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, java-1_7_0-openjdk, libtasn1, libvirt, lxc, lxcfs, NetworkManager, php5, php7, screen, sles12sp3-docker-image, sles12sp4-image, system-user-root, and thunderbird), Oracle (kernel), SUSE (apache2-mod_jk and libpng16), and Ubuntu (doxygen).
Kernel prepatch 5.2-rc3
The 5.2-rc3 kernel prepatch has beenreleased. "Anyway, even ignoring the SPDX changes, there's just alot of small fixes spread all over, not anything that looks particularlyscary or worrisome. Maybe next week is when the other shoe drops, but maybethis will just be a nice calm release. That would be lovely."
Five new stable kernels
The 5.1.6, 5.0.20, 4.19.47, 4.14.123, and 4.9.180 stable kernels have been released. Asusual, they contain important fixes throughout the kernel tree; users ofthose series should upgrade.
[$] SIGnals from KubeCon
The basic organizational construct within the Kubernetes project is a setof Special Interest Groups (SIGs), each of which represents a different area ofresponsibility within the project. Introductions to what the various SIGsdo, as well as more detailed sessions, were a core part of KubeCon + CloudNativeCon Europe 2019, as the different groups explained whatthey're doing now and their plans for the future. Two sessions, inparticular, covered the work of the Release and Architecture SIGs, both ofwhich have a key role in driving the project forward.
Security updates for Friday
Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp).
[$] A ring buffer for epoll
The set of system calls known collectively as epoll wasdesigned to make polling for I/O events more scalable. To that end, itminimizes the amount of setup that must be done for each system call andreturns multiple events so that the number of calls can also be minimized.But that turns out to still not be scalable enough for some users. Theresponse to this problem, in the form of this patchseries from Roman Penyaev, takes a familiar form: add yet anotherring-buffer interface to the kernel.
Security updates for Thursday
Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo).
[$] LWN.net Weekly Edition for May 30, 2019
The LWN.net Weekly Edition for May 30, 2019 is available.
[$] A kernel debugger in Python: drgn
A kernel debugger that allows Python scripts to access data structures ina running kernel was the topic of Omar Sandoval's plenary session at the2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). Inhis day job at Facebook, Sandoval does a fair amount of kernel debuggingand he found the existing tools to be lacking. That led him to build drgn, which is a debugger builtinto a Python library.
[$] Shrinking filesystem caches for dying control groups
In a followup to his earlier session on dyingcontrol groups, Roman Gushchin wanted to talk about problems with theshrinkers and filesystem caches in a combined filesystem andmemory-management session at the 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).Specifically, for control groups that share the same underlying filesystem,the shrinkers are not able to reclaim memory from the VFS caches after acontrol group dies, at least under slight to moderate memory pressure. Hewanted to discuss how to reclaim that memory without major performanceimpacts.
GParted 1.0.0 Released
Version 1.0 of the GParted GNOME Partition Editor has been released. "The GParted 1.0.0 release includes a significant undertaking to migratethe code base from gtkmm2 to gtkmm3 (our GTK3 port)."
Krita 4.2.0 released
Version 4.2.0of the Krita paint tool is out. "New in Krita 4.2.0 is updatedsupport for drawing tablets, support for HDR monitors on Windows, animproved color palette docker, scripting API for animation, color gamutmasking, improved selection handling, much nicer handling of theinteraction between opacity and flow and much, much, much more" Seethe releasenotes for more details.
Cook: security things in Linux v5.1
Kees Cook reviewsthe security-related enhancements in the 5.1 kernel release."Now /proc/$pid can be opened and used as an argument for sendingsignals with the new pidfd_send_signal() syscall. This handle will onlyrefer to the original process at the time the open() happened, and not toany later 'reused' pid if the process dies and a new process is assignedthe same pid. Using this method, it’s now possible to racelessly sendsignals to exactly the intended process without having to worry about pidreuse. (BTW, this commit wins the 2019 award for Most Well DocumentedCommit Log Justification.)"
[$] The Linux "copy problem"
<p>In a filesystem session on the third day of the 2019 Linux Storage,Filesystem, and Memory-Management Summit (LSFMM), Steve French wanted totalk about copy operations. Much of the development work that has gone onin the Linux filesystem world over the last few years has been related tothe performance ofcopying files, at least indirectly, he said. There are still painpoints around copy operations, however, so he would like to see those getaddressed.
Security updates for Wednesday
Security updates have been issued by Arch Linux (webkit2gtk), Debian (kernel and libav), Fedora (c3p0 and community-mysql), Scientific Linux (pacemaker), SUSE (axis, libtasn1, NetworkManager, sles12sp3-docker-image, sles12sp4-image, system-user-root, and xen), and Ubuntu (freerdp, GNU Screen, keepalived, and thunderbird).
[$] A way to do atomic writes
<p>Finding a way for applications to do atomic writes to files, so that eitherthe old or new data is present after a crash and not a combination of thetwo, was the topic of a session led by Christoph Hellwig at the 2019 Linux Storage, Filesystem, andMemory-Management Summit (LSFMM).Application developers hate the fact that when they update files in place,a crash can leave them with old or new data—or sometimes a combination ofboth. He discussed some implementation ideasthat he has for atomic writes for XFS and wanted to see what the otherfilesystem developers thought about it.
[$] Storage testing
Ted Ts'o led a discussion on storage testing and, in particular, on hisexperience getting blktests running for his testenvironment,in a combined storage and filesystem session at the 2019 Linux Storage,Filesystem, and Memory-Management Summit. He has been adding more testingto his automated test platform, including blktests, and he would like tosee more people running storage tests. The idea of his session was to seewhat could be done to help that cause.
[$] Improving .deb
Debian Linux and its family of derivatives (such as Ubuntu) are partlycharacterized by their use of .deb as the packaging format.Packages in this format are produced not only by the distributions themselves,but also by independent software vendors. The last major change of the formatinternals happened back in 1995. However, a discussion of possiblechanges has been brought up recently on the debian-devel mailing list by AdamBorowski.
Security updates for Tuesday
Security updates have been issued by Arch Linux (firefox and thunderbird), Debian (sox and vcftools), Fedora (safelease and sharpziplib), openSUSE (chromium, evolution, graphviz, nmap, systemd, transfig, and ucode-intel), Red Hat (pacemaker), SUSE (curl, libvirt, openssl, php7, php72, and systemd), and Ubuntu (gnome-desktop3, keepalived, and samba).
[$] Testing and the stable tree
<p>The stable tree was the topic for a plenary session led by Sasha Levin atthe 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).One of the main areas that needs attention is testing, according to Levin.He wanted to discuss how to do more and better testing as well as toaddress any concerns that attendees might have with regard to the stable tree.
[$] Memory: the flat, the discontiguous, and the sparse
The physical memory in a computer system is a precious resource, so alot of effort has been put into managing it effectively. This task is mademore difficult by the complexity of the memory architecture on contemporarysystems. There are severallayers of abstraction that deal with the details of how physical memoryis laid out; one of those is simply called the "memory model". Thereare three models supported in the kernel, but one of them is on its wayout. As a way of understanding this change, this article willtake a closer look at the evolution of the kernel's memory models,their current state, and their possible future.
Security updates for Monday
Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen).
Kernel prepatch 5.2-rc2
The second 5.2 kernel prepatch is out fortesting. "Fairly normal rc2, no real highlights - I thinkmost of the diff is the SPDX updates.Who am I kidding? The highlight of the week was clearly Finlandwinning the ice hockey world championships." The codename has beenchanged to "Golden Lions".
Some weekend stable kernel updates
The latest set of stable kernel updates is5.1.5,5.0.19,4.19.46,4.14.122, and4.9.179.Each contains yet another set of important fixes.
[$] New system calls for memory management
Several new system calls have been proposed for addition to the kernel in anear-future release. A few of those, in particular, focus on memory-managementtasks. Read on for a look at process_vm_mmap() (for zero-copydata transfer between processes), and two new APIs for advising the kernelabout memory use in a different process.
Security updates for Friday
Security updates have been issued by Debian (zookeeper), Fedora (kernel, singularity, and thunderbird), openSUSE (java-1_8_0-openjdk), Oracle (curl), Red Hat (firefox, libvirt, and virt:rhel), SUSE (php5, python-Jinja2, python-Pillow, and sysstat), and Ubuntu (MariaDB).
[$] New system calls: pidfd_open() and close_range()
The linux-kernel mailing list has recently seen more than the usual amountof traffic proposing new system calls. LWN is endeavoring to catch up withthat stream, starting with a couple of proposals for the management of filedescriptors. pidfd_open() is a new way to create a "pidfd" filedescriptor that refers to a process in the system, whileclose_range() is an efficient way to close many open descriptorswith a single call.
Security updates for Thursday
Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode).
[$] LWN.net Weekly Edition for May 23, 2019
The LWN.net Weekly Edition for May 23, 2019 is available.
[$] Transparent huge pages for filesystems
One thing that is known about using transparent huge pages (THPs) forfilesystems is that it is a hard problem to solve, but is there a solid firststep that could be taken toward that goal? That is the question Song Liu asked toopen his combined filesystem and memory-management session atthe 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).His employer, Facebook, has a solid use case for using THPs on files inthe page cache, which may provide a starting point.
[$] Lazy file reflink
<p>Amir Goldstein has a use case for a feature that could be called a "lazyfile reflink", he said, though it might also be described as "VFS-levelsnapshots". He went through the use case, looking for suggestions, in asession at the 2019 Linux Storage, Filesystem, and Memory-Management Summit(LSFMM). He has already implemented parts of the solution, but would liketo get something upstream, which would mean shifting from thestacked-filesystem approach he has taken so far.
...126127128129130131132133134135...