LWN.net

The 2024 LinuxStorage, Filesystem, Memory-Management and BPF Summit was a developmentconference, where discussion was prioritized and presentations with a lotof slides were discouraged. Paul McKenney seemingly flouted thisconvention in a joint session of the storage, filesystem, andmemory-management tracks where he presented about 50slides - in fiveminutes, twice. The subject was the use of the read-copy-update (RCU)mechanism in the memory-reclaim process, and whether changes to RCU wouldbe needed for that purpose.

Version3.20.0 of the Alpine Linuxdistribution has been released with initial support for 64-bitRISC-V. Other important changes include updates to GNOME46, KDEPlasma6, and replacing Redis with Valkey due to Redis'sadoption of a non-freelicense model. See the releasenotes for more on this release.

Looking up a virtual memory area (VMA) in a process's address space, forthe handling of page faults or any of a number of other tasks, inmulti-threaded processes has long been bedeviled by lock contention in thekernel. As a result, developer gatherings have been subjected to manysessions on how to improve the situation. At the 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit, developers in thememory-management track met, in a session led by Liam Howlett, to talkabout a situation that has improved considerably in recent times, but whichstill offers opportunities for optimization.

Security updates have been issued by Debian (webkit2gtk), Fedora (kernel), Mageia (chromium-browser-stable, djvulibre, gdk-pixbuf2.0, nss & firefox, postgresql15 & postgresql13, python-pymongo, python-sqlparse, stb, thunderbird, and vim), Red Hat (go-toolset:rhel8, nodejs, and varnish:6), SUSE (gitui, glibc, and kernel), and Ubuntu (libspreadsheet-parseexcel-perl, linux-aws, linux-aws-5.15, linux-gke, linux-gcp, python-idna, and thunderbird).

Vineeth Pillai gave a remote talk at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit explaining how BPF could beused to improve the performance of virtual machines (VMs). Pillai hasa patchset designed to let guest and host machines share scheduling information inorder to eliminate some of the overhead of running in a VM. The assembleddevelopers had several comments on the design, but seemed overall to approve ofthe prospect.

Brendan Jackman started his memory-management-track session at the 2024 Linux Storage,Filesystem, Memory-Management and BPF Summit by saying that, for someyears now, the kernel community has been stuck in a reactive posture withregard to hardware vulnerabilities. Each problem shows up with its ownscary name, and kernel developers find a way to mitigate it, usually losingperformance in the process. Jackman said that it is time to take back theinitiative against these vulnerabilities by reconsidering the moregeneral use of address-space isolation.

Optimizing the kernel's memory use is made much easier if developers havean accurate idea of how memory is being used, but the kernel'sinstrumentation is not as good as it could be. When Suren Baghdasaryan andKent Overstreet presented theirmemory-allocation profiling work, which is meant to address thisshortcoming, at the 2023 Linux Storage, Filesystem, Memory Management, andBPF Summit, their objective was uncontroversial but the proposed solutionran into opposition that played out at length on the mailing lists (example)over the last year. So it may be a bit surprising that, when the tworeturned to the memory-management track in the 2024 gathering, thecontroversy was gone and the discussion focused on improving details of theimplementation.

The AlmaLinux project has announcedthe formation of the AlmaLinux EngineeringSteering Committee (ALESCo):

The kernel stack is a scarce and tightly constrained resource; kerneldevelopers often have to go far out of their way to avoid using too muchstack space. The size of the stack is also fixed, leading to situationswhere it is too small for some code paths, while wastefully large forothers. At the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Pasha Tatashin proposedmaking the kernel stack size dynamic, making more space available whenneeded while saving memory overall. This change is not as easy toimplement as it might seem, though.

The pagestructure is a complicated beast, but some parts of it are moreintimidating than others. The mapcount field is one of thescarier parts. It allegedly records the number of references to the pagein page tables, but, as David Hildenbrand described during thememory-management track at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, things are morecomplicated than that. Few people truly understand the semantics of thisfield, but the situation will hopefully get better over time.

Security updates have been issued by AlmaLinux (firefox, nodejs, and thunderbird), Fedora (uriparser), Oracle (firefox and thunderbird), Slackware (mariadb), SUSE (cairo, gdk-pixbuf, krb5, libosinfo, postgresql14, and python310), and Ubuntu (firefox, linux-aws, linux-aws-5.15, and linux-azure).

There are two fundamental levels of memory allocator in the Linux kernel:the page allocator, which allocates memory in units of pages, and the slaballocator, which allocates arbitrarily-sized chunks that are usually (butnot necessarily) smaller than a page. The slab allocator is the one thatstands behind commonly used kernel functions like kmalloc(). Atthe 2024 LinuxStorage, Filesystem, Memory Management, and BPF Summit, slab maintainerVlastimil Babka provided an update on recent changes at the slab level anddiscussed the changes that are yet to come.

David Vernet kicked off the BPF track at 2024's BPF track at theLinux Storage,Filesystem, Memory Management, and BPF Summitwith atalk about polymorphic kfuncs - or, with less jargon, kernel functions that canbe called from BPF which use different implementations depending on context.He explained how this would be useful tothe sched_ext BPF scheduling framework,but expected it to be helpful inother areas as well.

The term "memory tiering" refers to the management of memory placement onsystems with multiple types of memory, each of which has its ownperformance characteristics. On such systems, poor placement can lead tosignificantly worse performance. A memory-management-track discussion atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit took yet another look attiering challenges with a focus on upcoming technologies that may simplify(or complicate) the picture.

As the shiny new KDEPlasma6 desktop makes its way into distributionreleases, a small group of developers is still trying to preserve theKDE experience circa2008. The TrinityDesktopEnvironment(TDE), is a continuation of KDE3 that has maintained theold-school desktop with semi-regular releases since 2010. The mostrecent release, R14.1.2,was announcedon April 28. TDE does deliver a usable retro desktop, but withsome limitations that hamper its usability on modern systems.

Jens Axboe describesthe new io_uring features that will be a part of the 6.10 kernelrelease.

Security updates have been issued by Debian (bind9, chromium, and thunderbird), Fedora (buildah, chromium, firefox, mingw-python-werkzeug, and suricata), Mageia (golang), Oracle (firefox and nodejs:20), Red Hat (firefox, httpd:2.4, nodejs, and thunderbird), and SUSE (firefox, git-cliff, and ucode-intel).

Non-uniform memory access (NUMA) systems are organized with their CPUsgrouped into nodes, each of which has memory attached to it. All memory inthe system is accessible from all CPUs, but memory attached to the localnode is faster. The kernel's memory-policy("mempolicy") interface allows threads to inform the kernel about howthey would like their memory placed to get the best performance. In recentyears, the NUMA concept has been extended to support the management ofdifferent types of memory in a system, pushing the limits of the mempolicysubsystem. In a remotely presented session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Gregory Price discussedthe ways in which the kernel's memory-policy support should evolve tohandle today's more-complex systems.

Working on the Linux kernel has always been unlike working onmany other software projects.One particularly noticeable difference is the decentralized nature of thekernel's testing infrastructure. Projects such assyzkaller, KernelCI,or the kernel self teststest the kernel in different ways. On February 28, HelenKoikeposted a patch set that would add continuous integration (CI) scripts forthe whole kernel. The response was generally positive, but several peoplesuggested changes.

The6.9.1,6.8.10,6.6.31,6.1.91,5.15.159,5.10.217,5.4.276, and4.19.314 stable kernels have been released.These versions include important fixes; as usual, Greg Kroah-Hartman advisesusers to update right away.

The DAMONsubsystem was the subject of the first session in the memory-managementtrack at the LinuxStorage, Filesystem, Memory Management, and BPF Summit. DAMONmaintainer SeongJae Park introduced the data-access monitoringframework, which can generate snapshots of how memory is accessed, enablingthe detection of hot and cold regions of memory in both the virtual andphysical address spaces. The session covered recent changes and futureplans for this tool.

Security updates have been issued by Fedora (chromium, firefox, and podman), Mageia (chromium-browser-stable, ghostscript, and java-1.8.0, java-11, java-17, java-latest), Red Hat (bind, Firefox, firefox, gnutls, httpd:2.4, and thunderbird), SUSE (glibc, opera, and python-Pillow), and Ubuntu (dotnet7, dotnet8, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5, linux, linux-aws, linux-azure-4.15, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi).

Ronnie Sahlberg, Jonathan Maple, and Jeremy Allison of CiQ have publisheda whitepaper looking at the security-relevant bug fixes applied (or notapplied) to the RHEL8.x kernel over time.

The merge window for the 6.10 kernel release opened on May12; betweenthen and the time of this writing, 6,819 non-merge commits were pulled intothe mainline kernel for that release. Your editor has taken some time outfrom LSFMM+BPF in an attempt to keepup with the commit flood. Read on for an overview of the most significantchanges that were pulled in the early part of the 6.10 merge window.

Version0.10 of the Vim-based text editor Neovim is now available. This releaseincludes a new default color scheme, enhanced support for renderingmultibyte characters, support for hyperlinks, system clipboardsynchronization, and more. Many features have been deprecatedin 0.10 and will be removed in future release. Neovim core contributorGregory Anders has written a summaryof some of the highlights and thoughts on upcoming releases:

Security updates have been issued by AlmaLinux (.NET 7.0, .NET 8.0, and nodejs:20), Debian (chromium, firefox-esr, ghostscript, and libreoffice), Fedora (djvulibre, mingw-glib2, mingw-python-jinja2, and mingw-python-werkzeug), Oracle (.NET 7.0, .NET 8.0, kernel, and nodejs:18), Red Hat (nodejs:20), Slackware (gdk and git), SUSE (python), and Ubuntu (linux-hwe-5.15, linux-raspi).

The LWN.net Weekly Edition for May 16, 2024 is available.

The Mozilla Foundation has announcedthat its new executive director will be Nabiha Syed.

Ars technica looksat a arecent report on the Ebury root kit, with a focus on the 2011 compromise of kernel.org, which may havebeen more extensive than believed at the time.

Version126.0 of the Firefox browser is out. Changes include improvements tothe "copy link without site tracking" feature, support for zstdcompression, and a new tracking "feature": "Telemetry was added to createan aggregate count of searches by category to broadly inform search featuredevelopment."

The advent of the folio structure todescribe groups of pages has been one of the most fundamentaltransformations within the kernel in recent years. Since the foliotransition affects many subsystems, it is fitting that the subject wascovered at the beginning of the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit in a joint session of thestorage, filesystem, and memory-management tracks. Matthew Wilcox used thesession to review the work that has been done in this area and to discusswhat comes next.

Security updates have been issued by Mageia (sssd and tcpdump), Red Hat (.NET 7.0, .NET 8.0, expat, kernel, and kernel-rt), Slackware (mozilla), SUSE (kernel, postgresql15, postgresql16, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, and python3), and Ubuntu (linux-bluefield).

Version24.0of the Arch-based Manjaro distribution is now available withthe 6.9kernel, GNOME46, Xfce4.18, and an update to thePamac packageinstaller. This is also the project's first release with KDEPlasma6:

Large language models (LLMs) have been the subject of much discussion andscrutiny recently. Of particular interest to open-source enthusiasts are theproblems with running LLMs on one's own hardware - especially when doing sorequires NVIDIA's proprietary CUDA toolkit, which remains unavailable in manyenvironments.Mozilla has developedllamafile as apotential solution to these problems. Llamafile can compile LLM weightsinto portable, native executables for easy integration, archival, ordistribution. These executables can take advantage of supported GPUs whenpresent, but do not require them.

Security updates have been issued by Debian (glib2.0 and shim), Fedora (glib2, gnome-shell, tcpdump, tpm2-tools, tpm2-tss, and uriparser), Mageia (mutt), Oracle (git-lfs, glibc, kernel, kernel-container, nodejs:18, nodejs:20, and pcp), SUSE (apache2, opensc, openssl-1_1, openssl-3, perl, python-Pillow, python-pyOpenSSL, python-Werkzeug, SUSE Manager Client Tools Beta, tpm2-0-tss, and tpm2.0-tools), and Ubuntu (sqlparse and strongswan).

The 6.9 kernel was releasedon May12 after a typical nine-week development cycle. Once again,this is a major release containing a lot of changes and new features. Ourmerge-window summaries (part1, part2) covered those changes; now thatthe development cycle is complete, the time has come to look at where allthat work came from - and to introduce a new and experimental LWN featurefor readers interested in this kind of information.

Maintainers of open-source projects sometimes have disagreements withcontributors over how contributions are reviewed, modified, merged, andcredited. A written policy describing how contributions are handled canhelp maintainers set reasonable expectations for potential contributors.In turn, that can make the maintainer's job easier because it can helpreduce a source of friction in the project. A guide to help create thiskind of policy for a project has recently been developed.

Security updates have been issued by AlmaLinux (nodejs:18 and shim), Debian (atril and chromium), Fedora (chromium, glib2, gnome-shell, mediawiki, php-wikimedia-cdb, php-wikimedia-utfnormal, stb, and tcpdump), Gentoo (Kubelet, PoDoFo, Rebar3, and thunderbird), Mageia (glibc and libnbd), Oracle (kernel), Red Hat (bind and dhcp and varnish), and SUSE (chromium, cpio, freerdp, giflib, gnutls, opera, python-Pillow, python-Werkzeug, tinyproxy, and tpm2-0-tss).

Linus has released the 6.9 kernel. "So 6.9 is now out, and last week has looked quite stable (and thewhole release has felt pretty normal)."Significant changes in this release includethe ability to create pidfds for individualthreads,the BPF arena subsystem,the BPF token security mechanism,truncate() support in io_uring,support for the Rust language on 64-bit Arm systems,weighted interleaving in thememory-management subsystem,the device-mappervirtual data optimizer target,initial FUSE passthrough support,and more.See the LWN merge-window summaries(part1, part2) for more information.

In April, the Gentoo Linux project banned the use ofgenerative AI/ML tools due to copyright, ethical, and qualityconcerns. This means contributors cannot use tools like ChatGPT or GitHub Copilot tocreate content for the distribution such as code, documentation,bug reports, and forum posts. A proposal for Debian to adopt a similarpolicy revealed a distinct lack of love for those kinds of tools,though it would also seem few contributors supportbanning them outright.

Security updates have been issued by AlmaLinux (container-tools:4.0, container-tools:rhel8, git-lfs, glibc, libxml2, nodejs:18, and nodejs:20), Debian (dav1d and libpgjava), Fedora (kernel and pypy), Red Hat (glibc and nodejs:16), SUSE (ffmpeg, ffmpeg-4, ghostscript, go1.21, go1.22, less, python-python-jose, python-Werkzeug, and sssd), and Ubuntu (fossil, glib2.0, and libspreadsheet-parsexlsx-perl).

The extensible scheduler class (or "sched_ext") is a comprehensiveframework that enables the implementation of CPU schedulers as a set of BPFprograms that can be loaded at run time. Despite having attracted a fairamount of interest from the development community, sched_ext has run intoconsiderable opposition and seems far from acceptance into the mainline.The posting by Tejun Heo of a newversion of the sched_ext series at the beginning of May has restartedthis long-running discussion, but it is not clear what the end result willbe.

Security updates have been issued by AlmaLinux (ansible-core, avahi, bind, buildah, containernetworking-plugins, edk2, fence-agents, file, freeglut, freerdp, frr, git-lfs, gnutls, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, libjpeg-turbo, libnbd, LibRaw, libreswan, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild-composer, pam, pcp, perl, pmix, podman, python-jinja2, python-jwcrypto, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, sssd, systemd, tcpdump, tigervnc, toolbox, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), CentOS (firefox, grub2, kernel, squid, thunderbird, tigervnc, and xorg-x11-server), Debian (chromium, glib2.0, python-idna, webkit2gtk, and wordpress), Fedora (freerdp, freerdp2, and pypy), Mageia (chromium-browser-stable, exfatprogs, freeglut, libtiff, libvirt, libxml2, openpmix, php-tcpdf, ruby, tpm2-tools, tpm2-tss, traceroute, and zziplib), Oracle (bind, buildah, git-lfs, gnutls, golang, grafana, grafana-pcp, libreswan, libvirt, libxml2, mod_http2, podman, python-jwcrypto, skopeo, sssd, and tigervnc), Red Hat (nodejs:18, nodejs:20, and squid:4), and SUSE (avahi, ghostscript, go1.21, go1.22, python-pymongo, python-Werkzeug, and sssd).

The LWN.net Weekly Edition for May 9, 2024 is available.

The so-called software supply chain starts with source code. But most security measures and toolingdon't kick in until source is turned into an artifact-a sourcetarball, binary build, container image, or other method of delivering arelease to users. The gittuf projectis an attempt to provide a security layer for Git that can handle key management,enforce security policies for repositories, and guard against attacksat the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish AYelgundhalli and Billy Lynch presentedan introduction to gittuf with an overview of its goals andstatus.

Fedora Magazine reportsthat the Fedora AsahiRemix for Apple Arm hardware, based on Fedora40, is now available:

Security updates have been issued by Debian (glib2.0 and php7.3), Gentoo (Commons-BeanUtils, Epiphany, glibc, MariaDB, Node.js, NVIDIA Drivers, qtsvg, rsync, U-Boot tools, and ytnef), Oracle (kernel), Red Hat (git-lfs and kernel), SUSE (flatpak, less, python311, rpm, and sssd), and Ubuntu (libde265, libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oem-6.5, and nghttp2).

A proposal to switch the default desktop for Fedora Workstation from GNOMEto KDE Plasma largely went over like the proverbial lead balloon-unsurprisingly.But the conversation about the proposal did surface some areas where thedistribution could perhaps be more inclusive with regard to the other desktop choicesavailable. The project believes that itbenefits from being opinionated and not requiring users to makemultiple decisions before they can even install the distribution, but thereis a balance to be found.

Thesystemd project is preparing for a new release.Version256-rc1 was releasedon April25 with a large number of changes and new features. Most of thechanges relate to security, easier configuration, unprivileged access to systemresources, or all three of these. Users of systemd will find setting upcontainers - even without root access - much simpler and more secure.

Version14.1 of the GCC compiler suite has been released. The list of changesis long; it includes support for more C++26 features, preparation forFortran 2023 support, a new -fhardened flag to enablesecurity-hardening features, vectorizer improvements, and a number of static-analyzer improvements. See the release notes fordetails.