LWN.net

Linus has released 6.10-rc4 for testing."Apart from a rather unusual spike in the diffstat due to a parisc fix,things look normal and pretty small."

The6.9.5,6.6.34,6.1.94,5.15.161,5.10.219,5.4.278, and4.19.316stable kernels have all been released; each contains another set ofimportant fixes.

The Python Software Foundation has published aset of reports from the 2024 Python Language summit. Topics coveredinclude version numbering, the limited C API, a new default read-eval-printloop, and Python's security model in light of the XZ backdoor:

Christian Schaller writes about AI and GPU-related features that are in flight and planned for Fedora 41.

KDE developer Nate Graham has announceda new set of KDE HumanInterface Guidelines (HIG) for the KDE project. Graham says that the goalsfor the new HIGs were to reflect how KDE designs software today, makethe content 100% actionable, improve navigation, and to improve theguidelines so people feel comfortable contributing:

The openSUSE project recently announcedthe second release candidate (RC2) of its Aeon Desktop, formerly knownas MicroOS Desktop GNOME. Aside from the new coat of naming paint,Aeon breaks ground in a few other ways by dabbling with technologies not found in other openSUSE releases. The goal for Aeon is to provideautomated system updates using snapshots that can be appliedatomically, removing the burden of system maintenance for"lazy developers" who want to focus on their work rather than desktopadministration. System-tinkerers need not apply.

ThisProject Zero article looks at the exploitation of a few Android driverbugs in great detail.

Security updates have been issued by CentOS (389-ds-base, bind, bind-dyndb-ldap, and dhcp, firefox, glibc, ipa, less, libreoffice, and thunderbird), Debian (cups), Fedora (chromium and cyrus-imapd), Mageia (golang and poppler), Oracle (bind, bind-dyndb-ldap, and dhcp, gvisor-tap-vsock, python-idna, and ruby), Red Hat (dnsmasq and expat), SUSE (libaom, php8, podman, python-pymongo, python-scikit-learn, and tiff), and Ubuntu (h2database and vte2.91).

The BPF verifier is a complex program. This has the unfortunate effect of makingit simultaneously more difficult for contributors to work on, and more likelyto harbor unknown bugs. Shung-Hsi Yu had two concrete proposals for how tosimplify the verifier to make it easier to maintain that he presented at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit. Yu proposed changing how theverifier tracks partially known values and cleaning up the interface tohide the details of the value-tracker's internal representation.

Redirecting execution flow is a common malwaretechnique that can be used to compromise operating systems. To protect from such attacks,the chip makers of leading architectures like x86 and arm64 have implementedcontrol-flow-integrity (CFI) extensions, though they need systemsoftware support to function. At the LinuxSecurity Summit North America, RISC-V kernel developer Deepak Gupta described the CFIprotections for that architecture and invited community input on thekernel support for them.

Version1.79.0 of the Rust language has been released. Changes this timeinclude inline const expressions, the "associated item boundssyntax", and more.

Security updates have been issued by Debian (firefox-esr), Fedora (nginx-mod-modsecurity, php, and tomcat), Mageia (strongswan), Oracle (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, firefox, gdk-pixbuf2, idm:DL1, ipa, kernel, libreoffice, podman, rpm-ostree, and thunderbird), Red Hat (dnsmasq and nghttp2), Slackware (mozilla), SUSE (curl, firefox, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, openssl-3, and python-Pillow), and Ubuntu (libmatio, libndp, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-oem-6.5, and virtuoso-opensource).

The LWN.net Weekly Edition for June 13, 2024 is available.

The Cockpit project hasannouncedthe first release of CockpitFiles, a plugin for Cockpit that allows file management on your servervia a web browser:

CentOS Linux7 was firstreleased in July2014, and is due to go end-of-life (EOL) on June30.By now, anyone who pays attention to such things is aware that Red Hat pulled the plug onCentOSLinux in late2020 to be replaced by CentOS Streaminstead. CentOSLinux8support was wounddown at the end of 2021 rather than in 2029 as originally stated.CentOS Linux7 was allowed to serve out itsfull lifespan-but that EOL is approaching rapidly andthere's no direct upgrade path. Users and organizations looking for a lifeline might want to considerAlmaLinux's ELevateutility, which allows CentOS users to migrate to alternate enterpriseLinux (EL) operating systems.

The Python SoftwareFoundation (PSF) has announcedthat nominations are open for the PSF Board election through June25:

The mseal() system call allows aprocess to prevent any future changes to portions of its address space(thus "sealing" them); it was patterned after the mimmutable() system call in OpenBSD.mseal() generated a lot of discussion, but it was finally mergedfor the upcoming 6.10 kernel release. While mseal() was initiallyaimed at securing the Chrome browser, the hope was that it would be usefulelsewhere; as a step toward realizing that hope, Adhemerval Zanella hasposted apatch series adding support for - and use of - mseal() to theGNU C library (glibc).

Systemd 256 has been released. As usual, the list of changes is long; seethis article for an overview, or theannouncement for all the details.

Greg Kroah-Hartman has announced another round of stable kernelupdates: 6.9.4, 6.6.33, and 6.1.93 have been released. Each containsanother set of important fixes, users of these kernels are advised toupgrade right away.

The openSUSELeap 15.6 release is available; this is intended to be the lastLeap15.x release before Leap16 comes out."Leap 15.6 is projected to receive maintenance and security updatesuntil the end of 2025 to ensure sufficient overlap with the nextrelease". Changes include the addition of the Cockpit server-management tool, a6.4 kernel, GNOME45, and many other upgrades. This release alsoremoves a long list of unmaintained Python packages. See therelease notes for details.

Security updates have been issued by AlmaLinux (booth), Debian (cyrus-imapd and vlc), Fedora (firefox, libarchive, php, and singularity-ce), Oracle (ipa and ruby:3.3), Red Hat (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, kernel, kernel-rt, kpatch-patch, libreoffice, podman, protobuf-c, python-idna, rpm-ostree, ruby, and tomcat), Slackware (cups and mozilla), SUSE (bind, cups, iperf, kernel, nano, and poppler), and Ubuntu (libapache-mod-jk, linux-aws, linux-aws-5.15, linux-aws, linux-oracle, linux-intel-iotg-5.15, linux-nvidia, and mysql-8.0).

The extensible scheduler class("sched_ext") framework allows the writing of CPU schedulers as a set ofBPF programs. It has been somewhatcontroversial, and its merging into the kernel has been blocked despitea clear level of interest from users.Linus Torvalds has now letit be known that he has made a decision and, overriding the schedulermaintainer, will merge sched_ext for the 6.11 release.

BPF is in a unique position in terms of security. It runs in a privilegedcontext, within the kernel, and can have access to many sensitive details of thekernel's operation. At the same time, unlike kernel modules, BPF programs aren't signed.Additionally, the mechanisms behind BPF present challenges to implementingsigning or other security features. Three nearly back-to-back sessions at the2024Linux Storage,Filesystem, Memory Management, and BPF Summitaddressed some of the potential security problems.

Version127.0 of the Firefox browser is out. Changes include support for DNSprefetching and the ability to close duplicate tabs in a window. Thebrowser will now try to upgrade images and videos with HTTP URLs that arefound in an HTTPS page to HTTPS as well; if that fails, the non-HTTPSresources will simply fail to load.Update: thisMozilla Security Blog post describes the HTTPS-related changes indetail.

VFS maintainer Christian Brauner led a discussion about the possibility ofselectively dropping the contents of the page cache for a filesystem in asession at the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. As he described in histopicproposal, the use case that started him down this path comes fromGNOME, which wants to be able to safely suspend access to an encrypted homedirectory. While it is known to kerneldevelopers, it is surprising to others that reads from encryptedfilesystems that have been suspended will succeed if the data to be readstill exists in the page cache.

Security updates have been issued by AlmaLinux (ruby:3.3), Fedora (efifs, libvirt, podman-tui, prometheus-podman-exporter, and strongswan), Red Hat (firefox, idm:DL1, ipa, nghttp2, and thunderbird), SUSE (aws-nitro-enclaves-cli, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, frr, glibc, go1.21, go1.22, gstreamer-plugins-base, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, libxml2, mariadb, poppler, python-Brotli, python-docker, python-idna, rmt-server, skopeo, sssd, unbound, unrar, util-linux, and webkit2gtk3), and Ubuntu (giflib, libphp-adodb, linux-gkeop, linux-gkeop-5.15, linux-kvm, linux-laptop, linux-oem-6.8, nodejs, and tiff).

P4, short for "ProgrammingProtocol-independent Packet Processors", is a programming language aimed atnetworking devices; it is useful for the configuration of firewalls andcomplicated routing architectures. Since a lot of advanced networking isdone with Linux systems, it stands to reason that there would be value insupporting P4 and, indeed, animplementation of P4 in the kernel's traffic-control subsystem wasfirst posted by Jamal Hadi Salim at the beginning of 2023. After nearly18months, though, this feature has not been merged, and the chancesof that happening would appear to be getting worse.

Version 5.40.0 of the Perl language has been released. "Perl 5.40.0represents approximately 11 months of development since Perl 5.38.0 andcontains approximately 160,000 lines of changes across 1,500 files from 75authors". Significant changes include a new __CLASS__keyword, a :reader: attribute for field variables, a new"^^" logical-XOR operator (because two of those were not enough),moving "try/catch" out of the experimental category, and more; seethispage for lots of details.

Security updates have been issued by Fedora (galera and mariadb10.11), Mageia (0-plugins-base and plasma-workspace), Oracle (ruby:3.1 and ruby:3.3), Red Hat (bind, bind-dyndb-ldap, and dhcp), SUSE (apache2, glib2, libvirt, openssl-1_1, openssl-3, opera, python-Jinja2, python-requests, and squid), and Ubuntu (linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp, linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi, linux, linux-ibm, linux-lowlatency, linux-raspi, linux-aws, linux-gcp, linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5, and linux-gke, linux-ibm, linux-intel-iotg, linux-oracle).

The 6.10-rc3 kernel prepatch is out."So things look good, the water is warm, please jump right in and keeptesting,"

Ladybird is an open-sourceproject aimed at building an independent web browser, rather thanyet another browser based on Chrome. It is written in C++ and licensed under atwo-clause BSD license. The effort began as part of the SerenityOS project, butdeveloper Andreas Kling announcedon June3 that he was "forking" Ladybird as a separate project and stepping away fromSerenityOS to focus his attention on the browser completely. Ladybirdis not ready to replace Firefox or Chrome for regular use, but it is showinggreat promise.

According to CrowdStrike, avulnerability in the Linux kernel's nftables codethat was discovered earlier thisyear is being actively exploited in the wild. The vulnerability allows forlocal privilege escalation. Most distributions have already released a fix.

BPF was firstgeneralized beyond packet filtering more than a decade ago. In that time, ithas changed a lot, becoming much more capable.Alexei Starovoitov kicked off the second day of the BPF track at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit by leading a sessiondiscussing which changes to BPF are going to come in the next ten years as itcontinues evolving. He proposed several ideas, including expanding the number ofregisters available to BPF programs, dynamic deadlock detection, and relaxingsome existing limits of the verifier.

Security updates have been issued by Mageia (libtiff), Oracle (cockpit, glibc, kernel, less, libxml2, linux-kernel, and tomcat), Red Hat (java-1.8.0-ibm, nghttp2, and ruby:3.3), Slackware (php), SUSE (go1.21, go1.22, and python-docker), and Ubuntu (aom and libvpx).

The kernel's user-space ABI does not lack for ring buffers; they have beendefined for subsystems like BPF, io_uring, perf,and tracing, forexample. Naturally, each of those ring buffers is unique, with no commoninterface between them. The natural response to this ABI proliferation is,of course, to add yet another ring buffer as the generic option; that isthe intent of thispatch series from Kent Overstreet adding a new set of system calls forring buffers.

Security updates have been issued by AlmaLinux (cockpit, kernel, kernel-rt, libxml2, ruby:3.1, and tomcat), Debian (libarchive, pillow, and tinyproxy), Fedora (apptainer), Mageia (amavisd-new and libxml2), Oracle (edk2), Red Hat (booth, cockpit, kernel-rt, less, libxml2, nghttp2, ruby:3.1, ruby:3.3, and tomcat), Slackware (kernel), and Ubuntu (atril, bluez, frr, gdk-pixbuf, openjdk-17, openjdk-21, openjdk-8, openjdk-lts, qemu, and unixodbc).

The LWN.net Weekly Edition for June 6, 2024 is available.

There are two types of file I/O on Linux, buffered I/O, which goes throughthe page cache, and direct I/O, which goes directly to the storage device.The performance of buffered I/O was reported to be a lot worse than directI/O, especially for one specific test, in Luis Chamberlain's topicproposal for a session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit.The proposal resulted in a lengthy mailing-list discussion, which also came up in Paul McKenney's RCU session the nextday; Chamberlain led a combined storage and filesystem session to discuss those results with aneye toward improving buffered I/O performance.

Version 2024.2 of the Kali Linux penetration testing distributionhas been released. Thisrelease includes an update to GNOME46, a high-resolution (HiDPI) mode for Xfce, as well as a numberof new packages such as the AutoRecon networkreconnaissance tool, pspy command-line utility forsnooping on Linux processes, and SploitScan tool forfetching and displaying CVE information. Kali Linux is based on Debiantesting, and 2024.2 incorporates Debian's work to transition to 64-bittime_t to avoid year 2038 problems. Users with existing Kalisystems should be sure to follow the documentationwhen upgrading.

Version 14.1 of FreeBSD hasbeen released. Thisis the second release of the 14.x stable branch. Highlights of thisrelease include upgrades to OpenZFS 2.2.4, Clang/LLVM 18.1.5, andOpenSSH 9.7p1. FreeBSD 14.1 also features cloud-init support,sound subsystem improvements, and more. See thewhat'snew blog post from the FreeBSD Foundation, releasenotes, and errata formore information.

Many years ago, the PostgreSQL project started holding regular CommitFests tohelp tackle the work of reviewing and committing patches in a moreorganized fashion. That has served the project well, but some inthe project are concerned that CommitFests are no longer meetingthe needs of PostgreSQL or its contributors. A lengthy discussion on thepgsql-hackers mailing list turned up a number of complaints, a fewsuggestions for improvement, but little consensus or momentum towarda solution.

The GFP_NOFS flag is meant for kernel memory allocations thatshould not cause a call into the filesystems to reclaim memory because there arealready locks held that can potentially cause a deadlock. The "scopedallocation" API is a better choice for filesystems to indicate that theyare holding a lock, so GFP_NOFS has long been on the chopping block, thoughprogress has been slow. In a filesystem-track session atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Matthew Wilcox wanted todiscuss how to move kernel filesystems away from the flag with the eventualgoal of removing it completely.

Drew DeVault has publishedan update about the state of the SourceHut software developmentplatform and its plans for the coming months. This is the first updatesince the January post-mortemfollowing a distributed denial-of-service (DDoS) attack that resultedin a prolongedoutage:

Alan Jowett returned for a second remote presentation at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit to compare the performance ofdifferent BPF runtimes. He showed the results of the MIT-licensed BPFmicrobenchmark suite he has been working on.The benchmark suite does not yet provide a good direct comparison between allplatforms, so the results should betaken with a grain of salt. They doseem to indicate that there is some significant variation betweenimplementations, especially for different types of BPF maps.

Security updates have been issued by Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dotnet8.0, dwayland, fcitx-qt5, fcitx5-qt, gammaray, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qgnomeplatform, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, and qt5-qtspeech), Oracle (389-ds-base and ruby:3.1), Red Hat (389-ds-base, glibc, and kernel), SUSE (python-PyMySQL), and Ubuntu (libarchive).

We have just received thesad news that longtime core BSD developer Mike Karels has died; he willcertainly be missed.

Version 6.2 of the Incus container-management system is out. "Thisrelease contains the second wave of changes contributed by students of theUniversity of Texas at Austin and a few other features andimprovements." The features include a new incustopcommand, a new API for system load information, and more.

In the recent discussion on commenting atLWN, several readers asked for the ability to hide subthreads of a longcomment stream. That feature has just been added; it is also integratedwith the three comment-display modes and with comment filtering, removingthe need for JavaScript for filtering. Hiding is not persistent; no extradata is stored at either end.Give it a try; if you have comments on the new mechanism, this is the placeto put them.

The saga of the i_version field for inodes, which tracks theoccurrence of changesto the data or metadata of a file, continued in a discussion at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. In a session led byJeff Layton, who has been doing a lot the work on changing the semantics and functioning ofi_version over the years, he updated attendees on the status of the effort since a session at last year's summit. His summarywas that things are"pretty much where we started last year", but the discussion this timepointed to some possible ways forward.

There are few topics as arcane as memory models, so it was a pleasant surprisewhen the double-length session on the BPF memory model at theLinux Storage,Filesystem, Memory Management, and BPF Summit turned out to beunderstandable. Paul McKenney led the session, although he was clear that thework he was presenting was also due to Puranjay Mohan, who unfortunately couldnot attend the summit.BPF does not actually have a formalized memory model yet;instead it has relied on a history of talks like this one and a general informal understanding.Unfortunately, ignoring memory models does not make them go away, and this hasalready caused at least one BPF-related bug on weakly-ordered architectures.Figuring out what a formal memory model for BPF should define was the focus ofMcKenney's talk.