LWN.net

The seventh edition of the Power Management and Schedulingin the Linux Kernel Summit (known as "OSPM") took place on March 18-20,2025. Topics discussed on the second day include improvements to devicesuspend and resume, the status and future of sched_ext, the scx_lavdscheduler, improving the efficiency of load balancing, and hierarchicalconstant bandwidth server scheduling.

The BPF verifier is an increasingly complex and security-critical piece of code.When the kinds of people who are apt to work on BPF see a situation like that,they naturally question whether it's possible to use formal verification toensure that the implementation of the code in question is correct. SantoshNagarakatte led the first of two extra-long sessions in the BPF trackof the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summitabout his team's work formally verifying the BPF verifier with acustom tool calledAgni.

Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3).

Mozilla has announcedthat it is shutting down Pocket, a bookmarking service acquired by Mozillain 2017, this coming July. "Pocket has helped millions save articlesand discover stories worth reading. But the way people use the web hasevolved, so we're channeling our resources into projects that better matchtheir browsing habits and online needs."

Our recent article on Home Assistantobserved that the project emphasizes installations using its own Linuxdistribution or within containers. The project has now made that emphasisrather stronger with thisannouncement of the deprecation of the "core" and "supervised"installation modes, which allowed Home Assistant to be installed as anordinary application on a Linux system.

The Fedora Council has ruled on the Fedora Engineering SteeringCouncil's (FESCo) decision last year to revoke Peter Robinson'sprovenpackager status. In a statementpublished to the fedora-devel-announce mailing list, the council hasannounced that it has overturned FESCo's decision:

Testing filesystems is a frequent topic atthe Linux Storage, Filesystem,Memory Management, and BPF Summit (LSFMM+BPF); the 2025 edition was noexception. Boris Burkov led a filesystem-track session to discussstress-testing filesystems-and running those tests for lengthy periods. Hereviewed what he has been doing when testing filesystems and wanted togather ideas for what could be done to catch more bugs before thefilesystems hit production.

Greg Kroah-Hartman has announced the release of the 6.14.8, 6.12.30, 6.6.92, 6.1.140, and 5.15.184 stable kernels. As usual, eachcontains a long list of important fixes throughout the kernel tree.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4, postgresql-17, and Tomcat).

Inside this week's LWN.net Weekly Edition:

Shawn Webb has published a statusreport on work to provide basic support in FreeBSD for userland componentswritten in Rust.

In late March, version 78.0.1 of Setuptools - an importantPython packaging tool - was released. It was scarcely half an hour beforethe first bugreport came in, and it quickly became clear that the change was farmore disruptive than anticipated. Within only about five hours 78.0.2 waspublished to roll back the change, and multiple discussions werestarted about how to limit the damage caused by future breakingchanges. Nevertheless, many users still felt the response wasinadequate. Some previous Setuptools releases have also caused problems on a smaller but still notable scale, and hopefully the developers will be more cautious going forward. But there are also lessons here for the developers of Python package installers, ordinary Python developers and end users, and even Linux distribution maintainers.

Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, perl-Mojolicious, thunderbird, yelp, and yelp-xsl), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk with Extended Lifecycle Support, java-21-ibm-semeru-certified-jdk, java-21-openjdk, kernel, libxslt, ruby, ruby:3.1, ruby:3.3, unbound, and webkit2gtk3), SUSE (glib2, grub2, kernel, libwebp, openssh, and s390-tools), and Ubuntu (linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime, linux-azure, linux-azure-5.15, linux-nvidia-tegra, linux-azure, linux-azure-6.8, linux-oem-6.8, linux-azure, linux-kvm, linux-azure-fips, linux-azure-nvidia, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, mariadb-10.6, and postgresql-12, postgresql-14, postgresql-16).

Ihor Solodrai has been working on the BPF subsystem's continuous-integration(CI) testing for the last six months. At the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit, he remotely sharedan update on his work, and solicited feedback on how the tests could be furtherimproved. Much of the work he's done has been specific to the BPF subsystem, butsome is more generic and could potentially be of use to other subsystems. Healso shared some general lessons learned from working on the BPF CI tests.

Despite careful planning and months of warning, Debian developer MoZhou has acknowledged that the project needs more time to grapple withthe questions around AI models and the Debian Free Software Guidelines(DFSG). For now, he has withdrawn his proposed General Resolution (GR)that would have required the original training data for AI models tobe released in order to be considered DFSG-compliant-though thedebates on the topic continue.

Red Hat has announcedthe release of Red Hat Enterprise Linux (RHEL) 10. A blog postaccompanying the release provides details on some of the more notablefeatures, such as encrypted DNS, a developer preview of RHEL10for RISC-V,and imagemode for RHEL using bootc.

Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips).

Roland Shoemaker has published a blog post about arecent security audit of the cryptography packages shipped as part ofthe Go standard library. The audit, performed by the Trail of Bits security firm,uncovered one low-severity vulnerability in the legacy Go+BoringCryptointegration, as well as a handful of informational findings.

The seventh edition of the Power Management and Schedulingin the Linux Kernel (known as "OSPM") Summit took place on March 18-20,2025. It was organized by Juri Lelli, Frauke Jager, Tommaso Cucinotta, andLorenzo Pieralisi, and was hosted by Linutronix at Alte Fabrik,Uhldingen-Muhlhofen, Germany. The event was sponsored by Linutronix, Arm,and the Scuola Superiore Sant'Anna in Pisa.

Security updates have been issued by Debian (dropbear, firefox-esr, intel-microcode, net-tools, openafs, thunderbird, and xrdp), Fedora (chromium, micropython, syslog-ng, webkitgtk, and xen), Mageia (dropbear and openssh), Oracle (.NET 9.0, kernel, libjpeg-turbo, and yelp and yelp-xsl), Red Hat (compat-openssl11, git-lfs, grafana, kernel, and osbuild and osbuild-composer), Slackware (mozilla), SUSE (cargo-c, gimp, iputils-20240905, kernel, libraw, microcode_ctl, openssh, pnpm, python311-cramjam, python311-httptools, python311-jwcrypto, python311-loguru, python311-mechanize, python311-nltk, python311-oauthlib, python311-py7zr, python311-pycapnp, python311-pyspnego, python311-pywayland, python311-suds, python311-treq, python311-ujson, python311-waitress, ruby3.4-rubygem-actionmailer, ruby3.4-rubygem-actiontext, ruby3.4-rubygem-activerecord, ruby3.4-rubygem-activestorage, ruby3.4-rubygem-fluentd, ruby3.4-rubygem-globalid, ruby3.4-rubygem-jquery-rails, ruby3.4-rubygem-kramdown, ruby3.4-rubygem-loofah, ruby3.4-rubygem-multi_xml, ruby3.4-rubygem-puma, ruby3.4-rubygem-rails, ruby3.4-rubygem-rails-html-sanitizer, ruby3.4-rubygem-sprockets, ruby3.4-rubygem-web-console, ruby3.4-rubygem-websocket-extensions, ucode-intel-20250512, and valkey), and Ubuntu (dotnet8, dotnet9, linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-oracle, linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, and linux-xilinx-zynqmp).

The 6.15-rc7 kernel prepatch is out fortesting. "So while I wish we hadn't had some of the excitement of lastweek, on the whole it all still looks pretty solid, and unless somethingstrange happens I'll do the final 6.15 release next weekend."

The6.14.7,6.12.29,6.6.91,6.1.139, and5.15.183stable kernel updates have been released; each contains another set ofimportant fixes.

The first article in this series providedan overview of Home Assistant,its community, and its capabilities. It was deliberately short ondescriptions of interesting things that can be done with Home Assistant,though - the reasons why one might actually want to use this program. Inthis closing article, we'll look at how Home Assistant was used to solvesome real problems.

The Asahi Linuxproject, which supports Linux on Apple Silicon Macs, has published aprogress report ahead of the 6.15 kernel's release.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, kernel, kernel-rt, redis:6, and yelp and yelp-xsl), Debian (chromium), Red Hat (compat-openssl11, kernel, and thunderbird), and SUSE (nbdkit, open-vm-tools, and rustup).

The Electronic Frontier Foundation has posted a somewhat belated memorialfor John Young, the founder of Cryptome.

To commemorate the tenth anniversary of the 1.0 releaseof the Rust language,version1.87.0 was announced live today at the 10 Years of Rustcelebration in Utrecht, Netherlands. Notable changesinclude the addition of anonymous pipes to the standard library andthe ability for inline assembly (asm!) to jump to labeledblocks within Rust code.

Leon Romanovsky began his session at the 2025 Linux Storage, Filesystem,Memory Management, and BPF Summit (LSFMM+BPF) by explaining that the improved DMA-mapping API that he has beenworking on is a group effort. He, Chaitanya Kulkarni, Christoph Hellwig,Jason Gunthorpe, and others are proposing to modernize the API and to"make it more suitable for current kernels". He told the assembledstorage and filesystem developers that the progress on the proposal hasstalled, but that it was the basis for further work in various areas, so hehoped to find a way to move forward with it.

The Tor project has announcedthe oniux utility which provides Tor network isolation, using Linuxnamespaces, for third-party applications.

Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack).

Inside this week's LWN.net Weekly Edition:

At the Linux ApplicationSummit (LAS) in April, Sebastian Wick said that, by many metrics, Flatpak is doing great. The Flatpakapplication-packaging format is popular with upstream developers, andwith many users. More and more applications are being published in theFlathub application store, and theformat is even being adopted by Linux distributions likeFedora. However, he worried that work on the Flatpak project itselfhad stagnated, and that there were too few developers able to reviewand merge code beyond basic maintenance.

Version5.5.0 of the Podman container-management tool has beenreleased. Notable features include the addition of a podmanmachinecp command to copy files into a running PodmanVM, a podmanartifactextract command to copycontents of an OCIartifact to disk, and a --mount=artifact option to mountOCI artifacts into containers. See the release announcement for a fulllist of improvements and bug fixes.

Fromservers in a data center to desktop computers, many devicescommunicating on a network will eventually have to filter networktraffic, whether it's for security or performance reasons. As a result,this is a domain where a lot of work is put into improving performance:a tiny performance improvement can have considerable gains.Bpfilter is aproject that allows for packet filtering to easily be done with BPF, which canbe faster than other mechanisms.

Security updates have been issued by AlmaLinux (emacs, firefox, gnutls, java-17-openjdk, java-21-openjdk, osbuild-composer, python39:3.9, and thunderbird), Arch Linux (screen), Debian (varnish), Fedora (chromium), Gentoo (Atop, FreeType, and Spidermonkey), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk and postgresql15, postgresql13), Oracle (389-ds-base, emacs, firefox, kernel, libsoup, libtiff, mod_auth_openidc:2.3, nodejs:20, nodejs:22, osbuild-composer, python39:3.9, qemu-kvm, ruby, ruby:3.1, ruby:3.3, and thunderbird), Red Hat (.NET 8.0, .NET 9.0, avahi, buildah, corosync, delve and golang, exiv2, expat, firefox, ghostscript, gimp, git, grafana, gvisor-tap-vsock, java-21-openjdk, kernel, kernel-rt, libarchive, libjpeg-turbo, libsoup, libsoup3, libxslt, mod_auth_openidc, nginx, nginx:1.22, nginx:1.24, nodejs22, nodejs:20, nodejs:22, opentelemetry-collector, osbuild-composer, perl, php, php:8.2, php:8.3, podman, python-jinja2, redis, redis:7, rhc, ruby:2.5, skopeo, sqlite, thunderbird, tomcat, tomcat9, valkey, vim, xorg-x11-server-Xwayland, xterm, xz, yelp, and yggdrasil), Slackware (screen), SUSE (apparmor, dirmngr, gimp, golang-github-prometheus-node_exporter, java-11-openj9, java-17-openj9, java-21-openj9, libxmp-devel, python311-Django4, rabbitmq-server313, rke2, and transfig), and Ubuntu (abseil and open-vm-tools).

BPF arenas are areas of memory where the verifier can safely relax its checking ofpointers, allowing programmers to write arbitrary data structures in BPF. EmilTsalapatis reported on how his team has used arenas in writingsched_ext schedulers at the 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit. His biggest complaint was about the fact thatkernel pointers can't be stored in BPF arenas - something that the BPFdevelopers hope to address, although there are some implementation problems thatmust be sorted out first.

Nextcloud provides anopen-source collaboration platform called Nextcloud Hub, which includes file-sharing and syncingfeatures. The company has writtena blog post explaining that Google has revoked a critical permissionfrom the Nextcloud Files app for Android that allows it to sync filesto Nextcloud Hub.

Security updates have been issued by Debian (libeconf and rubygems), Fedora (libxmp), Gentoo (glibc), Oracle (java-1.8.0-openjdk, kernel, libxslt, and virtuoso-opensource), SUSE (augeas, git-lfs, kanidm, and tomcat10), and Ubuntu (linux-lts-xenial).

The SUSE Security Team has publishedan article detailing several securityissues it has uncovered with GNU Screen. This includesa local root exploit when Screen is shipped setuid-root, as it is insome Linux and BSD distributions. The security team also reports problemsin coordinating disclosure with the upstream Screen project.

The Guix project has announcedthat it is migrating all of its Git repositories, as well as bugtracking and patch tracking, from Savannah to the Codeberg Git forge.

The announcementof the openSUSE Leap 16.0 beta contained something of asurprise-along with the usual set of changes and updates, itinformed the community of the retirement of "the traditional YaSTstack" from Leap. The YaST ("Yet another Setup Tool")installation and configuration utility has been a core part of theopenSUSE distribution since its inceptionin 2005, and part of SUSE Linux since 1996. It will not, immediately,be removed from the openSUSETumbleweed rolling-releasedistribution, but its future is uncertain and its fate is up to the largercommunity to decide.

Security updates have been issued by Debian (libbson-xs-perl, postgresql-13, redis, and simplesamlphp), Fedora (chromium, deluge, epiphany, golang-github-nats-io-nkeys, libxmp, nodejs22, perl-Compress-Raw-Lzma, php-adodb, python-h11, and xz), Gentoo (firefox, NVIDIA Drivers, Orc, PAM, and thunderbird), Mageia (libreoffice, python-django, and transfig), Red Hat (emacs, firefox, python39:3.9, and thunderbird), SUSE (bird3, freetype2, ldap-proxy, libmosquitto1, and ruby3.4-rubygem-rack), and Ubuntu (linux, linux-aws, linux-kvm, linux-aws, and linux-fips).

Linus has released 6.15-rc6 for testing.

Those of us who have spent our lives playing with computers naturally seethe appeal of deploying them though the home for both data acquisition andautomation. But many of us who have watched the evolution of thetechnology industry are increasingly unwilling to entrust criticalhousehold functions to cloud-based servers run by companies that may nothave our best interests at heart. The Apache-licensed Home Assistant project offers awelcome alternative: locally controlled automation with free software.This two-part series covers roughly a year of Home Assistant use, startingwith a set of overall observations about the project.

Lance Albertson writes that theOregon State University Open Source Lab has been funded for the nextyear, following his announcement in Aprilthat the future of OSL was in jeopardy. OSL is now focusing onbecoming self-sustainable long term.

Greg Kroah-Hartman has announced the release of the6.14.6,6.12.28,6.6.90,6.1.138, and5.15.182 stable kernel versions.

Security updates have been issued by Debian (fossil, libapache2-mod-auth-openidc, and request-tracker4), Fedora (thunderbird), Mageia (firefox and thunderbird), SUSE (389-ds, apparmor, cargo-c, chromium, go1.24, govulncheck-vulndb, java-1_8_0-openjdk, kanidm, libsoup, mozjs102, openssl-1_1, openssl-3, python-Django, sccache, tealdeer, tomcat, transfig, wasm-bindgen, and wireshark), and Ubuntu (libreoffice and python-h11).

The GNOME Foundation has announcedthe hiring of Steven Deobald as its new executive director.

The famfsfilesystem is meant to provide a shared-memory filesystem for large datasets that are accessed for computations by multiple systems. It wasdeveloped by John Groves, who led a combined filesystem andmemory-management session atthe 2025 Linux Storage, Filesystem, MemoryManagement, and BPF Summit (LSFMM+BPF) to discuss it. The session was afollow-up to the famfs session at last year'ssummit, but it was also meant to discuss whether the kernel's direct-access (DAX)mechanism, which is used by famfs, could be replaced in the filesystemby using other kernel features.

Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).