LWN.net

The GNOME Foundation has announcedthe receipt of a 1million award from the German Sovereign Tech Fund. Thefunding will support work on accessibility, privacy, hardware support, and more.

Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), SUSE (go1.21), and Ubuntu (linux-gke and linux-iot).

It is (relatively) easy to add code to the kernel; it tends to be muchharder to remove that code later. The most recent example of this dynamiccan be seen in the story of the ia64 ("Itanium") architecture, support forwhich was removed during the 6.7 merge window. That removal has left asmall group of dedicated ia64 users unhappy and clinging to a faint hopethat this support could return in a year's time.

Security updates have been issued by Debian (cacti and chromium), Fedora (CuraEngine, podman, and rubygem-rmagick), Mageia (gnome-shell, openssl, and zlib), SUSE (salt), and Ubuntu (xrdp).

The LWN.net Weekly Edition for November 9, 2023 is available.

The reminderhas gone out: the deadline for nominations for the Linux FoundationTechnical Advisory Board is November13. If you are interested inrepresenting the kernel community on the TAB, now is the time to puttogether a self-nomination and get onto the ballot.

The linux-kernel mailing list famously gets an enormous amount of email on adaily basis; the volume is so high that various email providers try torate-limit it, which can lead to huge backlogs on the sending side and, of course, delayed mail. Part of the reason there is so muchtraffic is that nearly every patch gets copied to the mailing list, evenwhen it may be unnecessary to do so. A proposed changewould start shunting some of that patch email aside and, as might beguessed, has both supporters and detractors, but the discussion doeshighlight some of thedifferent ways the mailing list is used by kernel developers.

The6.6.1,6.5.11,6.1.62,5.4.260,4.19.298, and4.14.329stable kernel updates have all been released, each contains another set ofimportant fixes.Note that 5.15.138and 5.10.200ended up going into a second round of review; they can be expected in thenear future.Update:5.15.138 and5.10.200are now available as well.

The developers of Home Assistant, which has recently been covered here, have announcedthat they will be removing support for Chamberlain and Liftmastergarage-door openers after being locked out by the company.

The Register attendeda talk about Ubuntu's upcoming Core Desktop immutable distribution.

Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).

There has been a lot of action for the Python C API in the last month orso-much of it organizational in nature. As predicted in our late September article on using the "limited"C API in the standard library, the core developer sprint in October was thescene of some discussions about the API and the plans for it. Out of those discussions have come two PEPs, one of which describes the API,its purposes, strengths, and weaknesses, while the other would establish a CAPI working group to coordinate and oversee the development and maintenanceof it.

Alexander "Solar Designer" Peslyak, the longtime maintainer of theoss-security and linux-distros mailing lists, has announcedthat this work has gained a sponsor:

Fedora39 has been released, one day after the Fedora project's 20thanniversary. See the list ofapproved changes and this FedoraMagazine article for more information.

Security updates have been issued by Debian (trapperkeeper-webserver-jetty9-clojure), Mageia (libsndfile, packages, thunderbird, and x11-server), Oracle (.NET 6.0), SUSE (kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, redis, and squid), and Ubuntu (gsl).

Containers and virtual machines on Linux communicate with the world viavirtual network devices. This arrangement makes the full power of theLinux networking stack available, but it imposes the full overhead of thatstack as well. Often, the routing of this networking traffic can behandled with relatively simple logic; the BPF-programmable network device,which was merged for the 6.7 kernel release, makes it possible to avoidexpensive network processing, in at least some cases.

Security updates have been issued by Debian (chromium, open-vm-tools, openjdk-17, pmix, and trafficserver), Fedora (netconsd, podman, suricata, and usd), Oracle (.NET 6.0, .NET 7.0, binutils, ghostscript, java-1.8.0-openjdk, kernel, and squid), SUSE (apache-ivy, gstreamer-plugins-bad, kernel, nodejs12, opera, poppler, rubygem-activesupport-5.2, tiff, util-linux, and virtualbox), and Ubuntu (krb5).

The Google Project Zero blog celebratesthe launch of the Pixel8 handset, the first to make use of Arm'sMemory Tagging Extension (MTE). Linux has supported MTE since the 5.10 release in 2020,but that support has only now shown up (in experimental form) in anavailable handset.

The Open Enterprise Linux Association, ajoint venture founded by CIQ, Oracle, and SUSE, has announcedits first code release.

As of this writing, 9,842 non-merge changesets have found their way intothe mainline repository since the 6.7 merge window opened. Nearly a thirdof those consist of the entire bcachefs development history but, evendiscounting that, there has been a lot of material landing for the nextrelease. Read on for a summary of the most interesting changes pulled sofar in this development cycle.

Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).

One of the core objectives of any confidential-computing implementation isto protect a guest system's memory from access by actors outside of theguest itself. The host computer and hypervisor are part of the group thatis to be excluded from such access; indeed, they are often seen as threat in their own right. Hardware vendors have added features like memoryencryption to make memory inaccessible to the host, but such features canbe difficult to use and are not available on all CPUs, so there is ongoinginterest in software-only solutions that can improve confidentiality. Theguest-firstmemory patch set, posted by Sean Christopherson and containing work byseveral developers, looks poised to bring some software-based protection toan upcoming kernel release.

Julia Evans has posted a list ofconfusing Git terms and behavior along with explanations of what isactually going on.

HomeAssistant 2023.11 is available. New features include a to-do listmanager, Matter1.2 support, customizable tile cards, new integrations, and more. (LWNlooked at Home Assistant last month).

The GNU awk text-processing utility, gawk, has released version5.3.0. The main new features add compatibility with "The One True Awk" (also knownas "BWK awk"); version 5.3.0 adds CSV (comma-separated values) parsing andthe ability to use \u escape sequences for Unicode code points.Read on for other changes in the release.

The 6.5.10 and 6.1.61 stable kernels have been released. Asusual, they contain important fixes throughout the kernel tree; users ofthose series should upgrade.

Security updates have been issued by Gentoo (Netatalk), Oracle (firefox), Red Hat (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), SUSE (gcc13, tomcat, and xorg-x11-server), and Ubuntu (axis, libvpx, linux-starfive, thunderbird, and xrdp).

The LWN.net Weekly Edition for November 2, 2023 is available.

LWN.net is looking to hire a full-time writer/editor to help us keep thenews flowing and to expand our content in areas of interest to our readers.We are certain that the person we need is out there somewhere, and arecounting on help from LWN readers to find them. Read on for details on whowe are looking for and how we see them fitting in here.

Python functions can use both positional and keyword arguments; the latterprovide a certain level of documentation for an argument and its meaning,while allowing them to be given in any order in a call. But it is oftenthe case that the name of the local variable to be passed is the same asthe keyword, which can lead to overly repetitive argument lists, at leastin some eyes. A recent proposal to shorten the syntax for calls withthese duplicate names seems to be gaining some steam-a Python EnhancementProposal (PEP) is forthcoming-though there are some who find it to be anunnecessary and unwelcome complication for the language.

LWN editor Jonathan Corbet was asked to give a brief talk about kernelmaintainership at the recently concluded LinuxFoundation Member Summit. That talk was recorded and has now been made availableon YouTube. There is little in it that will be news to regular LWNreaders, but it may be instructive to folks who are less well versed in howkernel development works.

Matthew Garrett explainswhy ACPI exists and why it is not as bad a thing as some think.

Security updates have been issued by Debian (h2o, open-vm-tools, pmix, and zookeeper), Gentoo (GitPython), Oracle (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), Red Hat (samba), SUSE (container-suseconnect, libsndfile, and slurm), and Ubuntu (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-laptop, linux-nvidia-6.2, linux-oem-6.1, linux-raspi, open-vm-tools, and xorg-server).

A fast-moving patch set-seemingly the norm for Linux networkingdevelopment-seeks to add some Rust abstractions for physical layer(PHY) drivers. Lots of review has been done, and the patch set has been reworkedfrequently in response to those comments. Unfortunately, the Rust-for-Linux developers arehaving trouble keeping up with that pace. There is, it would appear, something of a disconnect between the two communities'development practices.

Version0.2 of Incus, an LXD fork, has been released. "This versionincorporates most changes that went into LXD 5.19 as well as introduce afew additional features and improvements." Changes include NVMEstorage support, support for migrating clustered environments from LXD, andmore.

Security updates have been issued by Debian (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), Fedora (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), Gentoo (ConnMan, libxslt, and Salt), Mageia (chromium-browser-stable), Red Hat (firefox, libguestfs-winsupport, and thunderbird), SUSE (clamav, gcc13, gstreamer-plugins-bad, icu73_2, java-17-openjdk, nodejs10, poppler, python-Werkzeug, redis, thunderbird, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (kernel, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-iot, linux-raspi, linux-raspi-5.4, and mysql-8.0).

The New Stack coversa conference talk by Bjarne Stroustrup on turning C++ into a saferlanguage.

The 6.6 kernel was released,right on schedule, on October29. This development cycle saw theaddition of 14,069 non-merge changesets from 1,978 developers - fairlytypical numbers for recent releases. The time has come for LWN'straditional look at where the changes in this release came from, along witha look at the longer development "supercycle" that (probably) ends with6.6.

Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).

Linus has released the 6.6 kernel. "Sothis last week has been pretty calm, and I have absolutely no excuses todelay the v6.6 release any more, so here it is."Headline features in 6.6 include the earliesteligible virtual deadline first (EEVDF) CPU scheduler, a number ofenhancements (quota support, user extended attributes, direct I/O) to thetmpfs filesystem, the fchmodat2()system call, initial support for building akernel without buffer-head support, the kmalloc() randomness patches, user-space shadow stacks for Intel CPUs, andquite a bit more. See the LWN merge window summaries (part1, part2) and the KernelNewbies 6.6 page formore information.

User-space developers working with highly threaded applications would oftenlike to be able to use spinlocks to protect shared data structures fromconcurrent access. There is a fundamental problem with user-spacespinlocks, though: there is no way to prevent a thread from beingpreempted. Various ways of working around this problem have been explored,but thispatch from Steven Rostedt questions the premise on which much of thatwork is based: what if it were possible to prevent preemption, for ashort period at least?

For a view into the OpenBSD approach to security, see this message fromTheo de Raadt, where he describes a plan to remove the syscall() system call(which allows the invocation of any available system call by providing itsnumber) from the kernel. The purpose, of course, is to make it harder foran attacker to invoke an arbitrary system call, even if they are able torun some code on the target system.

Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk).

The C programming language is replete with features that seemed like a goodidea at the time (and perhaps even were good ideas then) that have not agedwell. Most would likely agree that string handling, and the use ofNUL-terminated strings, is one of those. Kernel developers have, foryears, tried to improve the handling of strings in an attempt to slow theflow of bugs and vulnerabilities that result from mistakes in that area.Now there is an early discussion on the idea of moving away fromNUL-terminated strings in much of the kernel.

Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland).

The LWN.net Weekly Edition for October 26, 2023 is available.

The kernel has, for many years, had the ability to control how memoryallocation is performed in systems with multiple NUMA nodes. Morerecently, NUMA nodes have also been pressed into service to representdifferent classes of memory; those nodes are now organized into tiersaccording to their performance characteristics. While memory-allocationpolicies can control the placement of pages at the NUMA-node level, thekernel provides no way to connect those policies with memory tiers. Thispatch series from Gregory Price aims to change this situation byallowing allocations to be placed across tiers in a weighted manner.

The Python Steering Council has posted adetailed plan for the addition of "free-threaded" (no globalinterpreter lock) support into the Python mainline. It will not be a shortprocess and does not have a guaranteed successful outcome.

The6.5.9,6.1.60,5.15.137,5.10.199,5.4.259,4.19.297, and4.14.328stable kernels have all been released; each contains another set ofimportant fixes.

Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).