LWN.net

As it has evolved over the years, Android has acquired some hacks inhow it handles its filesystems. Ted Ts'o would like to see those hackseliminated, so he led a session at LSFMM 2017 to look at the problem andsee what, if any, upstream-acceptable solution could be found.

The Association for Computing Machinery (ACM) has announcedthat Sir Tim Berners-Lee is the recipient of the 2016 ACM A.M. Turing Award. "Berners-Lee was cited for inventing the World Wide Web, the first web browser, and the fundamental protocols and algorithms allowing the Web to scale. Considered one of the most influential computing innovations in history, the World Wide Web is the primary tool used by billions of people every day to communicate, access information, engage in commerce, and perform many other important activities."

Kdenlive is a video editing tool. This statusreport covers what the project has been working on and where they needmore help. "Since the beginning of the year, we have been working on a big refactoring/rewrite of some of the core parts of Kdenlive. Being more than 10 years old, some parts of our code had become messy and impossible to maintain. Not to mention the difficulty in adding new features.Part of the process involves improving the architecture of the code, adding some tests, and switching the timeline code from QGraphicsView to the more recent QML framework. This should hopefuly improve stability, allow further developments and also more flexibility in the display and user interaction of the timeline."

Here's alengthy and detailed description of how the Project Zero team reverseengineered Broadcom's proprietary WiFi processor and developed a remotecode execution exploit. "All that said and done, the introduction ofWi-Fi FullMAC chips does not come without a cost. Introducing these newpieces of hardware, running proprietary and complex code bases, may weakenthe overall security of the devices and introduce vulnerabilities whichcould compromise the entire system."

Security updates have been issued by Debian (collectd, curl, and tryton-server), Fedora (kernel and pcs), Mageia (jhead, munin, mxml, phpmyadmin, pidgin, and wget), openSUSE (geotiff), Red Hat (kernel), SUSE (kernel and ruby19), and Ubuntu (nagios3).

The Linux Foundation has announcedthat the FRRouting project has come under the LF umbrella."FRRouting (FRR) is an IP routing protocol suite for Unix and Linuxplatforms which includes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM,and RIP, and the community is working to make this the best routingprotocol stack available. FRR is rooted in the Quagga project and includesthe fundamentals that made Quagga so popular as well as a ton of recentenhancements that greatly improve on that foundation." It is a forkof Quagga that originally wentunder the name "Cumulus private Quagga".

The AprilAndroid Security Bulletin provides a discouragingly long list ofvulnerabilities fixed in the latest update (for those with devicessufficiently well supported to receive them). "The most severe ofthese issues is a Critical security vulnerability that could enable remotecode execution on an affected device through multiple methods such asemail, web browsing, and MMS when processing media files." There'salso a fix for CVE-2016-10229, which is a remotely exploitablevulnerability in the UDP stack that was fixedin the 4.5 and 4.4.21 kernels. Those kernels were not vulnerable as theresult of other work, but older kernels with backported fixes (Androidkernels, for example) were.

We are getting closer to being able to do unprivileged mounts insidecontainers, but there are still some pieces that do not work well in thatscenario. In particular, the user IDs (and group IDs) that are embeddedinto filesystem images are problematic for this use case. James Bottomleyled a discussion on the problem in a session at the 2017 Linux Storage,Filesystem, and Memory-Management Summit.

Red Hat, CentOS, and Scientific Linux have announced theend-of-life for version 5 of their enterprise Linux offering. As of March31, 2017 there will be no more updates, including security updates.

Security updates have been issued by Fedora (samba) and openSUSE (ceph).

The 4.11-rc5 kernel prepatch has beenreleased for testing. "Ok, things have definitely started to calmdown, let's hope it stays this way and it wasn't just a fluke thisweek."

The mount()system call tries to do too many things, Miklos Szeredi said at the startof a filesystem-only discussion at LSFMM 2017. He has been interested incleaning that up for a long time. So he wanted to discuss some ideas hehad for a new interface to mount filesystems.

Security updates have been issued by Debian (ejabberd, jhead, and samba), Fedora (chromium, drupal8, empathy, erlang, firefox, icoutils, kernel, knot-resolver, libICE, libupnp, libXdmcp, links, mbedtls, moodle, mupdf, ntp, openslp, R, rkward, rpy, sane-backends, sscg, tcpreplay, thunderbird, and webkitgtk4), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (apache2, Chromium, kernel, and virglrenderer), Oracle (kernel), and Slackware (samba).

Crunchy Data has announcedthe availability of a "security technical implementation guide" for thePostgreSQL database management system. "While the STIG was authoredfor the benefit of the U.S. Government, the DISA PostgreSQL STIG offerssecurity-conscious enterprises a comprehensive guide for the configurationand operation of open source PostgreSQL. Enterprises can refer to the STIGas for guidance on PostgreSQL security best practices they consider opensource PostgreSQL as an alternative to proprietary, closed source, databasesoftware."

The Scientific Linux project has announced that Scientific Linux 5 has reached its end of life. "After March 31 2017 Scientific Linux 5 will not receive further updates and the files will be archived.The existing files will be moved into http://ftp.scientificlinux.org/linux/scientific/obsolete/ for archival purposes after March 31 2017.This will break existing yum repos and kickstarts using the official distribution servers."

When Andreas Dilger proposed the statx() topic for the 2017 LinuxStorage, Filesystem, and Memory-Management Summit, the system call hadstill not been merged. But that all changed in the 4.11 development cycle when Al Viro merged thesystem call to provide additional file information. So, unlikeprevious years, the discussion was not about how to merge such a system call but,instead, how to extend statx() for additional file information.

The 4.10.8, 4.9.20, and 4.4.59 stable kernels have been released.Users of those kernel series should upgrade.[Update: It appears that the urgency for getting these stable kernels out comes from a fix for CVE-2017-7184, which is a local privilege-escalation vulnerability.]

Security updates have been issued by Arch Linux (chromium), Debian (tiff3), Fedora (erlang), Mageia (deluge and mariadb), openSUSE (GraphicsMagick, pidgin, and wget), Red Hat (chromium-browser), and Ubuntu (firefox and samba).

Version2.3 of the OpenShot video editor has been released. "This is oneof the biggest updates ever to OpenShot, and is filled with new features,performance improvements, and tons of bug fixes". This release addsa new transform tool, better zooming, better title editing, and more; therazor tool has also made a comeback.

Videos from the LibrePlanet 2017 keynotes and sessions are becoming available at media.libreplanet.org; many are already posted and others will be filled in over the next few days. "LibrePlanet 2017 closed Sunday, March 26th with a keynote bySumana Harihareswara, bringing to an end two days ofpresentations, workshops, hacking, conversations, and fun. Morethan 400 people interested in free software joined the FreeSoftware Foundation (FSF) and MIT's Student Information ProcessingBoard (SIPB) in Cambridge, MA for the 9th annual LibrePlanet." LWN was there for the conference, so you can expect more coverage coming soon (our first article on Conor Schaefer's SecureDrop talk appeared in the March 30 weekly edition).

Greg Kroah-Hartman has announced the release of the 4.10.7, 4.9.19, and 4.4.58 stable kernels. They contain fixesthroughout the tree and users of those series should upgrade. The nextround of stable kernels is also in the review process at this point and those kernelscan be expected on April 1.

Security updates have been issued by Debian (firebird2.5), openSUSE (gstreamer-0_10-plugins-good and php5), Oracle (curl), SUSE (kernel and samba), and Ubuntu (kernel, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux, linux-ti-omap4, linux-hwe, linux-lts-trusty, linux-lts-xenial, and oxide-qt).

The LWN.net Weekly Edition for March 30, 2017 is available.

The overlayfs filesystem is being used moreand more these days, especially in conjunction with containers. Amir Goldstein and Miklos Szerediled a discussion about recent and upcoming features for the filesystem atLSFMM 2017.

The latest version of the Vivaldi web browser highlights a new Historyfeature that "lets users explore their browsing patterns, backedby statistics and visual clues". There are a number of new ways tofind old URLs in your history. "The latest releasealso includes more options for taking notes in the browser, powerful soundcontrol for tabs and other improvements." While you have access toyour browsing history, Vivaldi does not collect your history data.

Memory-management (MM) patches are notoriously difficult to get merged into themainline kernel. They are subjected to a high degree of review becausethis is an area where it is easy to get things wrong. Or, at least, thatis how it used to be. The final memory-management session at the 2017Linux Storage, Filesystem, and Memory-Management Summit was concerned withpatch review in the MM subsystem — or the lack of it.

Security updates have been issued by CentOS (icoutils and openjpeg), Debian (eject, graphicsmagick, libytnef, and tnef), Fedora (drupal8, firefox, kernel, ntp, qbittorrent, texlive, and webkitgtk4), Oracle (bash, coreutils, glibc, gnutls, kernel, libguestfs, ocaml, openssh, qemu-kvm, quagga, samba, samba4, tigervnc, and wireshark), Red Hat (curl), Slackware (mariadb), SUSE (samba), and Ubuntu (apparmor).

David Malcolm has put together thebeginnings of an unofficial guide to GCC for developers who are gettingstarted with the compiler. "I’m a relative newcomer to GCC, so Ithought it was worth documenting some of the hurdles I ran into when Istarted working on GCC, to try to make it easier for others to starthacking on GCC. Hence this guide."

The userfaultfd() system callallows user space to intervene in the handling of page faults. As AndreaArcangeli and Mike Rapaport described in a 2017 Linux Storage, Filesystem,and Memory-Management Summit session dedicated to the subject,userfaultfd() was originally created to help with the livemigration of virtual machines between physical hosts. It allows pages tobe copied to the new host on demand, after the machine itself has beenmoved, leading to faster, more predictable migrations. Work onuserfaultfd() is not finished, though; there are a number of otherfeatures that developers would like to add.

A processor's translation lookaside buffer (TLB) caches the mappings fromvirtual to physical addresses. Looking up virtual addresses is expensive,so good performance often depends on making the best use of the TLB. Inthe memory-management track of the 2017 Linux Storage, Filesystem, andMemory-Management Summit, Mike Kravetz described a SPARC processor featurethat can improve TLB performance and explored ways in which that featurecould be supported.

Version1.6 of the Kubernetes orchestration system is available. "Inthis release the community’s focus is on scale and automation, to help youdeploy multiple workloads to multiple users on a cluster. We are announcingthat 5,000 node clusters are supported. We moved dynamic storageprovisioning to stable. Role-based access control (RBAC), kubefed, kubeadm,and several scheduling features are moving to beta. We have also addedintelligent defaults throughout to enable greater automation out of thebox."

Google has announcedthe launch of opensource.google.com. "Today, we’re launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source.This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we "do" open source."

When the transparent huge page feature was added to the kernel, it onlysupported anonymous (non-file-backed) memory. In 2016, support for huge pages in the page cache wasadded, but only the tmpfs filesystem was supported. There is interest inexpanding support to other filesystems, since, for some workloads, theperformance improvement can be significant. Kirill Shutemov led the onlysession that combined just the filesystem and memory-management tracks atthe 2017 Linux Storage, Filesystem, and Memory-Management Summit in adiscussion of adding huge-page support to the ext4 filesystem.

Security updates have been issued by Debian (eject, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, gstreamer1.0, php5, and tiff), Fedora (kernel), Gentoo (curl, deluge, libtasn1, and xen-tools), Mageia (mbedtls, putty, and roundcubemail), openSUSE (dbus-1, gegl, mxml, open-vm-tools, partclone, qbittorrent, tcpreplay, and xtrabackup), and Ubuntu (eject, gst-plugins-base0.10, gst-plugins-base1.0, and gst-plugins-good0.10, gst-plugins-good1.0).

DAX is the mechanism that enables direct access to files stored inpersistent memory arrays without the need to copy the data through the pagecache. At the 2017 Linux Storage, Filesystem, and Memory-ManagementSummit, Ross Zwisler led a plenary session on the future of DAX. Development inthis area offers a number of interesting trade-offs between data safety andenabling the highest performance.

DragonFly BSD 4.8 has been released. "DragonFlyversion 4.8 brings EFI boot support in the installer, further speedimprovements in the kernel, a new NVMe driver, a new eMMC driver, and Intelvideo driver updates." DragonFly is an independent BSD variant,perhaps best known for the HAMMER filesystem.

The Free Software Foundation has announcedthe winners of the 2016 Free Software Awards. The Award for Projectsof Social Benefit went to SecureDropand the Award for the Advancement of Free Software went to Alexandre Oliva. "SecureDrop is an anonymous whistleblowing platform used by major news organizations and maintained by Freedom of the Press Foundation. Originally written by the late Aaron Swartz with assistance from Kevin Poulsen and James Dolan, the free software platform was designed to facilitate private and anonymous conversations and secure document transfer between journalists and sensitive sources."

Stable kernels 4.10.6, 4.9.18, and 4.4.57 have been released. All of themcontain important fixes and users should upgrade.

Security updates have been issued by Debian (apt-cacher, jbig2dec, libplist, python3.2, tnef, and xrdp), Fedora (firefox, mbedtls, and sane-backends), Mageia (flash-player-plugin, freetype2, glibc, kernel, kernel-linus, kernel-tmb, libquicktime, libwmf, and tnef), and Ubuntu (thunderbird).

The 4.11-rc4 kernel prepatch is out fortesting. "So on the whole things look fine. There's changes allover, and in mostly the usual proportions. Some core kernel code shows upin the diffstat slightly more than it usually does - we had an audit fixand a bpf hashmap fix, but on the whole it all looks very regular."

In the memory-management subsystem, the term "mapping" refers to theconnection between pages in memory and their backing store — the file thatrepresents them on disk. One of the fundamental assumptions in thekernel is that a given page in the page cache belongs to exactly one mapping.But, as Miklos Szeredi explained in a plenary session at the 2017 LinuxStorage, Filesystem, and Memory-Management Summit, there are situationswhere it would be desirable to associate the same page with multiplemappings. Achieving this goal may not be easy, though.<p>Click below (subscribers only) for continuing coverage from LSFMM 2017

The Eudyptula Challenge is aseries of programming exercises for the Linux kernel. It starts from avery basic "Hello world" kernel module, moves up in complexity to gettingpatches accepted into the main kernel. The challengewill be closed to new participants in a few months, when 20,000 people havesigned up. LWN covered the Eudyptula Challenge in May 2014,when it was fairly new. At this time over 19,000 people have signed up andonly 149 have finished.

Security updates have been issued by Arch Linux (libpurple), Debian (audiofile, cgiemail, and imagemagick), Fedora (cloud-init, empathy, and mupdf), Mageia (firefox and thunderbird), Scientific Linux (icoutils and openjpeg), Slackware (mcabber and samba), and Ubuntu (eglibc).

Back in 2015, the OpenSSL project announced itsintent to move away from its rather quirky license. Now it has announcedthat thechange is moving forward. "After careful review, consultationwith other projects, and input from the Core Infrastructure Initiative andlegal counsel from the SFLC, the OpenSSL team decided to relicense the codeunder the widely-used ASLv2." It is worth noting that this changeand the way it is being pursued are not universally popular, in the OpenBSD camp, at least.

Laszlo Agocs takesa look at improvements to the basic OpenGL enablers that form thefoundation of Qt Quick and the optional OpenGL-based rendering path ofQPainter in Qt 5.9. "Asexplained here, such shader programs will attempt to cache the programbinaries on disk using GL_ARB_get_program_binaryor the standard equivalents in OpenGL ES 3.0. When no support is providedby the driver, the behavior is equivalent to the non-cached case. The filesare stored in the global or per-process cache location, whichever is writable. The result is a nice boost in performance when a program is created with the same shader sources next time."

Security updates have been issued by Debian (audiofile, jhead, libxslt, samba, suricata, and wordpress), Fedora (openslp), Mageia (icoutils, kdelibs4, and virtualbox), Oracle (icoutils and openjpeg), Red Hat (icoutils and openjpeg), and Ubuntu (audiofile, git, and samba).

The LWN.net Weekly Edition for March 23, 2017 is available.

GitLab 9.0 has been releasedwith many new features and improvements. "In the last several releases, GitLab has transformed how development teams get from idea to production. In just a few minutes, you can deploy GitLab to a container scheduler, add CI/CD with auto deployed review apps, utilize ChatOps, and analyze your cycle time. With 9.0 you can now watch your deploys with deploy boards and monitor application performance with Prometheus."

The NTPsec Project has announced the 0.9.7 release of NTPsec, withassistance from the Mozilla Foundation's "Secure Open Source" initiative.NTPsec is an implementation of the Network Time Protocol (NTP)."NTPsec 0.9.7 incorporates significant improvements in security, accuracy,precision, visualization, and usability, with assistance, contributions,and audits provided by infosec researchers and other technical contributors.For this release, the NTPsec Project worked particularly closely with theMozilla Foundation's "Secure Open Source" initiative, who funded an infosecaudit, and with Cure53.de, who provided the audit."

The GNOME Project has announced the release of GNOME 3.24, "Portland"."This release is the result of 6 months’ hard work by the GNOME community.It contains major new features such as night light, as well as many smallerimprovements and bug fixes. GNOME's existing applications have beenimproved and there is also a new Recipes app. Improvements to our platforminclude refined notifications and several revamped settings panels."