LWN.net

The LWN.net Weekly Edition for June 1, 2023 is available.

The code-tagging mechanism proposed lastyear by Suren Baghdasaryan and Kent Overstreet has been the subject of anumber of (sometimes tense) discussions. That conversation came to thememory-management track at the 2023 LinuxStorage, Filesystem, Memory-Management and BPF Summit, where itsdevelopers (Baghdasaryan attending in-person and Overstreet remotely) triedto convince the attendees that its benefits justify its cost.

David Malcolm writesabout a number of new features that have been added to the staticanalyzer in the GCC 13 release.

Security updates have been issued by Debian (connman and kamailio), Fedora (texlive-base), Mageia (cups-filters, postgresql, qtbase5, tcpreplay, tomcat, and vim), Slackware (openssl), SUSE (amazon-ssm-agent, cni, cni-plugins, compat-openssl098, installation-images, libaom, openssl, openssl-1_0_0, openssl-1_1, terraform, terraform-provider-helm, tiff, tomcat, and wireshark), and Ubuntu (batik, flask, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, linux-oracle, linux-oracle-5.4, mozjs102, nanopb, openssl, openssl1.0, snapd, and texlive-bin).

The6.3.5,6.1.31,5.15.114,5.10.181,5.4.244,4.19.284, and4.14.316stable kernels have all been released; each contains another set ofimportant fixes.

Martin Petersen and John Garry led a session at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit on work they have been doing toimplement atomic block writes of various sizes for SCSI and NVMe. The idea is to support devices that can guarantee atomic operations forsizes larger than their block size. It isan attempt to "find common ground" between the two standards, Petersen said, because the twohave slightly different semantics, depending on the device type, anddifferent restrictions, which has made for an "interesting project". It hasbeen a challenge to find an abstraction layer that can work with the "fivedifferent variants of SCSI and NVMe implementations that may or may not be out there".

Security updates have been issued by Debian (libssh and sssd), Fedora (microcode_ctl and python3.6), Gentoo (cgal, firefox firefox-bin, openimageio, squashfs-tools, thunderbird thunderbird-bin, tiff, tomcat, webkit-gtk, and xorg-server xwayland), SUSE (c-ares and go1.18-openssl), and Ubuntu (Jhead, node-hawk, node-nth-check, and perl).

The Rust community has experienced some turbulence in response to thecancellation of a keynote talk at the upcoming RustConf event. TheRust project leadership has now put out a blog postapologizing for and explaining its role in the event, describing its"decision-making and communication processes" as the primary causeof the failure.

Thanks to an LWN comment from "engla", we have learned that the videos from the recently completed 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit are now available on YouTube. LWN sat in on many of the talks, of course, and we are still chugging along on our coverage of the conference.

Version 1.9 of Julia, which is anopen-source programming language popular in scientific computing, was releasedin early May. There are a number of interesting new features this timearound, including more work addressing thestartup-time complaints and a number of improvements to the package system.Beyond that, there are a few interesting features from the Julia 1.8 releaseto catch up on.

Aseries of blog posts from the 2023 Python Language Summit has beenposted; topics covered include the C API, the global interpreter lock,the standard library, and a talk on burnout from Guido van Rossum:

Certain topics return predictably to development conferences every year,usually because developers are still struggling to find a viable solutionto a specific problem. One such topic is the lack of scalability in thekernel's page-fault-handling code, so it was no surprise to see thisproblem on the agenda for the 2023 LinuxStorage, Filesystem, Memory-Management and BPF Summit. Matthew Wilcoxled a session in the memory-management track to discuss the state ofpage-fault handling and what can be done to improve it further.

Security updates have been issued by Debian (docker-registry, gpac, libraw, libreoffice, rainloop, and sysstat), Fedora (bottles, c-ares, edk2, libssh, microcode_ctl, python-vkbasalt-cli, rust-buffered-reader, rust-nettle, rust-nettle-sys, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-openpgp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sequoia-wot, and xen), SUSE (opera), and Ubuntu (Jhead, linuxptp, and sudo).

Niels Provos reflectson 25 years of experience with Bcrypt and ponders the future of passwordsecurity in a ;login article.

The 6.4-rc4 kernel prepatch is out fortesting, a few hours earlier than usual. "Other than that timingchange, things look fairly normal".

"I/O hints" for storage devices, which are meant to improve performance bygiving the devices extra information about the nature of the I/O, have a long history withLinux. But the codefor write hints was "ripped out last year", according to a message from TedTs'o proposing a discussion about new optimizations for cloud-storage devices.That discussion took place in acombined storage and filesystem session at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit. In it, Ts'o proposed that the Linuxcommunity define its own set of hints rather than just following along with thehints in the standards—which have largely been ignored by the vendors inany case.

The "vmap area" is a range of kernel address space used when the kernelneeds to virtually map a range of memory; among other things, memoryallocations obtained from vmalloc() and loadable modules areplaced there. At the 2023 Linux Storage,Filesystem, Memory-Management and BPF Summit, Uladzislau Rezki,presenting remotely, explained a performance problem related to the vmap area and discussedpossible solutions.

The kernel's memory-management subsystem is optimized for the sharing ofresources to the greatest extent possible. But, as Pasha Tatashin pointedout during a memory-management session at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, a lot of memory has a single ownerand will never be shared. He presented some ideas for optimizing themanagement of that memory to a somewhat skeptical crowd.

Security updates have been issued by Debian (sniproxy), Fedora (c-ares), Oracle (apr-util, curl, emacs, git, go-toolset and golang, go-toolset:ol8, gssntlmssp, libreswan, mysql:8.0, thunderbird, and webkit2gtk3), Red Hat (go-toolset-1.19 and go-toolset-1.19-golang and go-toolset:rhel8), Slackware (ntfs), SUSE (rmt-server), and Ubuntu (linux-raspi, linux-raspi-5.4 and python-django).

Over on the Collabora blog, Marius Vlad looks at the Weston 12.0 release. Weston is the reference compositor for the Wayland project. The highlights include two new backends and support for multiple scanout devices, along with "multiple fixes and internal changes that would further facilitate integration of functionality like color management or the ability to load up multiple backends at the same time".

Issues around zoned storage for filesystems was the topic of a combinedstorage and filesystem session at 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit led byBart Van Assche, Viacheslav A. Dubeyko, and Naohiro Aota. Zoned storage began with theadvent of shingledmagnetic recording (SMR) devices, but is now implemented by NVMe zonednamespaces (ZNS) as well.SMR devices can have multiple zones with differentcharacteristics, with some zones that can only be written in sequentialorder, while other, conventional zones can be written in any order. Thetalk was focused on filesystems using the sequential type of zonessince the conventional zones are already well-supported in Linux and itsfilesystems.

The conversion to folios is intended to,among other things, make it easy for the kernel to manage chunks of memoryin a number of different sizes. So far, though, that flexibility is notbeing used in the kernel's handling of anonymous pages. At the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, Yu Zhao and Yang Shi ran a session inthe memory-management track aimed at charting a path toward support foranonymous pages in a variety of sizes.

Security updates have been issued by Debian (python2.7), Fedora (maradns), Red Hat (devtoolset-12-binutils, go-toolset and golang, httpd24-httpd, jenkins and jenkins-2-plugins, rh-ruby27-ruby, and sudo), Scientific Linux (git), Slackware (texlive), SUSE (cups-filters, poppler, texlive, distribution, golang-github-vpenso-prometheus_slurm_exporter, kubernetes1.18, kubernetes1.23, openvswitch, rmt-server, and ucode-intel), and Ubuntu (ca-certificates, calamares-settings-ubuntu, Jhead, libhtml-stripscripts-perl, and postgresql-10, postgresql-12, postgresql-14, postgresql-15).

The LWN.net Weekly Edition for May 25, 2023 is available.

It is, it seems, a week of Python Package Index (PyPI) news. On the PyPI blog, Director of Infrastructure at the Python Software Foundation (PSF), Ee Durbin, has posted an admirably detailed description of the organization's response to three subpoenas it received for PyPI user information in March and April. The requests for information were quite broad and the PSF did produce the requested material (to the extent possible), which involved five PyPI user accounts, under the advice of counsel.

Greg Kroah-Hartman has released the 6.3.4,6.1.30, and 5.15.113 stable kernels. They each contain alarge group of important fixes throughout the kernel tree.

Amir Goldstein kicked off a session on monitoring mounts at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit. In particular, there are problemswhen trying to efficiently monitor "a very large number of mounts in amount namespace"; some user-space programs need an accurate view of themount tree without having to constantly parse /proc/mounts or thelike. There are a number of questions to be answered, including what the API should look like and what entity should be watchedin order to get notifications of new mount operations.

Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).

Google has announcedthe release of the results of internal audits on a number of rust crates.

Bootlin has releaseda tool called Snagboot that is intended to help with the recovery ofbricked embedded systems.

The PyPI package archive has removed supportfor PGP signatures on packages.

Security updates have been issued by Debian (node-nth-check), Mageia (mariadb and python-reportlab), Slackware (c-ares), SUSE (geoipupdate and qt6-svg), and Ubuntu (linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-bluefield, linux-gcp, linux-hwe, linux-raspi2, linux-snapdragon, and linux-gcp, linux-hwe-5.19).

In the filesystem track of the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, Amir Goldstein led a session on usingfanotifyfor hierarchicalstorage management (HSM). Linux had some support for HSM in the XFSfilesystem's implementation of the data management API (DMAPI),but that code was removedback in 2010. Goldstein has done some work on using fanotify for HSM features, but he has run into some problems withdeadlocks that he wanted to discuss with attendees.

A complete stack trace is needed for a number of debugging and optimizationtasks, but getting such traces reliably can be surprisingly challenging.At the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, Steve Rostedt and Indu Bhagatdescribed a mechanism called SFrame that enables the creation of reliableuser-space stack traces in the kernel withoutthe memory and run-time overhead of some other solutions.

The kernel developers try hard to avoid duplicating functionality in thekernel, which is enough of a challenge to maintain as it is. So it hasoften seemed out of character for the kernel to support three differentslab allocators (called SLAB, SLOB, and SLUB), all of which handle themanagement of small memory allocations in similar ways. At the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, slab maintainer Vlastimil Babkaupdated the group on progress toward the goal of reducing the number ofslab allocators in the kernel and gave an overview of what to expect inthat area.

The kernel's swapping code tends to not get much love. Users try to avoidit, and developers often find better things to do with their time thantrying to improve it. At the 2023 LinuxStorage, Filesystem, Memory-Management and BPF Summit, though, YosryAhmed dedicated a memory-management-track session to the problem of theswap layer and what might be done to make it better.

Security updates have been issued by Debian (cups-filters, imagemagick, libwebp, sqlite, and texlive-bin), Fedora (chromium and vim), Gentoo (librecad, mediawiki, modsecurity-crs, snakeyaml, and tinyproxy), Mageia (apache-mod_security, cmark, dmidecode, freetype2, glib2.0, libssh, patchelf, python-sqlparse, sniproxy, suricata, and webkit2), Oracle (apr-util and firefox), Red Hat (git), SUSE (containerd, openvswitch, python-Flask, runc, terraform-provider-aws, and terraform-provider-null), and Ubuntu (tar).

Nick Black has put together an extensiveguide to the io_uring API and the lib_uring user-space library.

Linus has released 6.4-rc3 for testing."Nothing really huge stands out there".

The PyPI Python module repository has temporarily suspended acceptance ofnew users and project names.

Memory control groups (or "memcgs") allow an administrator to manage thememory resources given to the processes running on a system. Often,though, memcgs seem to have memory-use problems of their own, and that hasmade them into a recurring Linux Storage, Filesystem, and Memory-ManagementSummit topic since at least 2019. The topic returned at the 2023 event with a focus on thehandling of shared, anonymous memory. The quirks associated with thismemory type, it seems, can subject systems to an unpleasant sort of zombieinvasion; a session in the memory-management track led by T.J. Mercier,Yosry Ahmed, and Chris Li discussed possible solutions.

Bernd Schubert led a session at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit on the intersectionof FUSEand io_uring. Heworks for DDN Storage, which is using FUSE for two network-storageproducts; he has found FUSE to be a bottleneck for those filesystems. Thatcould perhaps be improved by using io_uring, which is something he has been working on andwanted to discuss.

The "scatterlist" is a core-kernel data structure used to describe DMA I/Ooperations from the point of view of both the CPU and the peripheraldevice. Over the years, the shortcomings of scatterlists have become moreapparent, but there has not been a viable replacement on the horizon.During a memory-management session at the 2023 Linux Storage, Filesystem, Memory-Managementand BPF Summit, Jason Gunthorpe described a possible alternative, knownalternatively as "phyr", "physr", or "rlist", that might improve onscatterlists for at least some use cases.

Memory management is tricky enough on it own, but virtualization addsanother twist: now there are two kernels (host and guest) managing the samememory. This duplicated effort can be wasteful if not implementedcarefully, so it is not surprising that a lot of effort, from both hardwareand software developers, has gone into this problem. As Pasha Tatashinpointed out during a memory-management-track session at the 2023 Linux Storage, Filesystem, Memory-Managementand BPF Summit, though, there are still ways in which these systems runless efficiently than they could. He has put some effort into improvingthat situation.

Security updates have been issued by Fedora (cups-filters, kitty, mingw-LibRaw, nispor, rust-ybaas, and rust-yubibomb), Mageia (kernel-linus), Red Hat (jenkins and jenkins-2-plugins), SUSE (openvswitch and ucode-intel), and Ubuntu (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-oracle-5.15, linux-ibm, linux-oracle, and linux-oem-6.0).

Joel Fernandes introduced himself to the memory-management track at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit as a co-maintainer of theread-copy-update (RCU) subsystem and an implementer of the "lazy RCU"functionality. Lazy RCU can improve performance, especially on systemsthat are not heavily utilized, but it also has some implications for memorymanagement that he wanted to discuss with the group.

The memory-management subsystem has the unenviable task of trying topredict which pages of memory will be needed in the near future. Sincepredictions tend to be difficult, the code relies heavily on the heuristicthat memory used in the recent past is likely to be used again in the nearfuture. However, even knowing which memory has been recently used can be achallenge. At the 2023 Linux Storage,Filesystem, Memory-Management and BPF Summit, Aneesh Kumar and Wei Xu,both presenting remotely,discussed some ways to use the increasingly capable hardware counters thatare provided by current and upcoming CPUs.

The buffer head is a kernel data structure that dates back to the firstLinux release; for much of the time since then, kernel developers have beenhoping to get rid of it. Hannes Reineckestarted a plenary session at the 2023 Linux Storage, Filesystem, Memory-Managementand BPF Summit by saying that everybody agrees that buffer heads are abad idea, but there is less agreement on how to take them out of thekernel. The core functionality they provide — facilitating sector-size I/Ooperations to a block device underlying a filesystem — must be providedsomehow.

Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Fedora (clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, qt5-qtbase, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, and rust-ybaas), Oracle (apr-util, curl, emacs, firefox, kernel, libreswan, mysql, nodejs and nodejs-nodemon, openssh, thunderbird, and webkit2gtk3), Red Hat (apr-util, emacs, firefox, git, jenkins and jenkins-2-plugins, kernel, kpatch-patch, and thunderbird), Scientific Linux (apr-util, firefox, and thunderbird), Slackware (curl), SUSE (cups-filters, curl, java-1_8_0-openjdk, kernel, mysql-connector-java, and ovmf), and Ubuntu (cups-filters, git, linux-gcp-4.15, linux-oracle, linux-raspi, node-minimatch, ruby2.3, ruby2.5, ruby2.7, and runc).

The LWN.net Weekly Edition for May 18, 2023 is available.