LWN.net

Security updates have been issued by Debian (bind9 and owslib), Fedora (dav1d, dotnet6.0, dotnet7.0, mingw-dbus, vim, and wabt), and SUSE (cloud-init and golang-github-vpenso-prometheus_slurm_exporter).

Linus has released the 6.4 kernel.

Over on the Software Freedom Conservancy blog, Policy Fellow and Hacker-in-Residence Bradley M. Kuhn analyzes the recent changes to Red Hat Enterprise Linux (RHEL) source availability in light of the GPL. It contains some interesting information about two alleged GPL violations that came about because the company's business model is structured in a way that brings it too close to non-compliance with the license, he said:

The final day of the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit featured three separate sessions led byLuis Chamberlain (he also led a plenary onday two); the first of those was a filesystem session on the status of thekthread-freezer-removal effort. The kthread freezer is meant to helpfilesystems freeze their state in order tosuspend or hibernate the system, but since at least2015, the freezer has been targeted for removal. Thingsdid not change much a year later, nor by LSFMM in2018 when Chamberlain had picked up Jiri Kosina's removaleffort; this year, Chamberlain was back to try to push things along.

The fifth conference on PowerManagement and Scheduling in the Linux Kernel (abbreviated "OSPM") washeld on April17 to19 in Ancona, Italy. LWN was not there,unfortunately, but the attendees of the event have gotten together to writeup summaries of the discussions that took place and LWN has the privilegeof being able to publish them. Reports from the third and final day of theevent appear below.

Security updates have been issued by Debian (asterisk, lua5.3, and trafficserver), Fedora (tang and trafficserver), Oracle (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), Red Hat (python27:2.7 and python39:3.9 and python39-devel:3.9), Scientific Linux (c-ares), Slackware (cups), SUSE (cups, dav1d, google-cloud-sap-agent, java-1_8_0-openjdk, libX11, openssl-1_0_0, openssl-1_1, openssl-3, openvswitch, and python-sqlparse), and Ubuntu (cups, dotnet6, dotnet7, and openssl).

The AlmaLinux organization has posted a messagedescribing the impact of Red Hat's decision to stop releasing the source tothe RHEL distribution and how AlmaLinux will respond.

The quest to enable limited use of BPF features in unprivileged processescontinues. In the previous episode, anattempt to use authoritative Linux security module (LSM) hooks for thispurpose was strongly rejected by the LSM developers. BPF developer AndriiNakryiko has now returned with a new mechanism based on aprivilege-conveying token. That approach, too, has run into someresistance, but a solution for the strongest concerns might be in sight.

Security updates have been issued by Debian (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), Oracle (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), Red Hat (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), Slackware (bind and kernel), SUSE (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Salt, salt, terraform-provider-aws, terraform-provider-null, and webkit2gtk3), and Ubuntu (bind9, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-oracle, and linux-ibm).

The LWN.net Weekly Edition for June 22, 2023 is available.

Kernel support for copy offload is a feature that has been floating aroundin limbo for a decade or more at this point; it has been implemented along the way, but never merged. The idea is that the hostsystem can simply ask a block storage device to copy some data within the deviceand it will do so without further involving the host; instead of reading data intothe host so that it can be written back out again, the device circumventsthat process. At the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit, Nitesh Shetty led a storage andfilesystem session to discuss the current status of a patch set that he andothers have been working on, with aneye toward getting something merged fairly soon.

Red Hat has announcedthat public source releases will be restricted to CentOS Stream goingforward:

The6.3.9,6.1.35,5.15.118,5.10.185,5.4.248,4.19.287, and4.14.319stable kernel updates have all been released; each contains another set ofimportant fixes.

Running a Linux distribution on Arm-based single-board computers (SBCs)is still not as easy as on x86 systems because many Arm devices require avendor-supplied kernel, a patched bootloader, and other device-specificcomponents. One distribution that addresses this problem is Armbian, which offers Debian- andUbuntu-based distributions formany devices. The headline feature in the recent release, Armbian23.05, which came at the end of May, is a major rework of the buildframework that has been made faster and more reliable after three years ofdevelopment.

Security updates have been issued by Debian (libfastjson, libx11, opensc, python-mechanize, and wordpress), SUSE (salt and terraform-provider-helm), and Ubuntu (firefox, libx11, pngcheck, python-werkzeug, ruby3.1, and vlc).

Backporting fixes to stable kernels is an ongoing process that, in general,is handled by the stable maintainers or the developers of the fixes.However, due to some unhappiness in the XFS developmentcommunity with the process of handling stable fixes for that filesystem,a different process has come about for backporting XFS patches to thestable kernels. The three developers doing that work, Leah Rumancik, AmirGoldstein, and Chandan Babu Rajendra, led a plenary session at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit (with Rajendraparticipating remotely) to discuss that process.

The Rust project has announcedthe formation of the Rust Leadership Council, which will take the place ofthe existing Core Team and Leadership Chat groups.

Security updates have been issued by Debian (libxpm and php7.3), Fedora (chromium), Mageia (kernel, kernel-linus, and sysstat), Red Hat (c-ares), SUSE (libwebp), and Ubuntu (cups-filters, libjettison-java, and libsvgpp-dev).

Drew DeVault has announcedthe launch of a new web sitethat is intended to be a better introduction to the free-softwarecommunity.

In the fast-moving open-source world, programs can come and go quickly; atool that has many users today can easily be eclipsed by something betternext week. Even in this environment, though, some programs endure for along time. As an example, consider thePostgreSQL database system, which traces itshistory back to 1986. Making fundamental changes to a large code basewith that much history is never an easy task. As fundamental changes go,moving PostgreSQL away from its process-oriented model is not a small one,but it is one that the project is considering seriously.

Security updates have been issued by Debian (golang-go.crypto, maradns, requests, sofia-sip, and xmltooling), Fedora (chromium, iaito, iniparser, libX11, matrix-synapse, radare2, and thunderbird), Red Hat (c-ares, jenkins and jenkins-2-plugins, and texlive), SUSE (bluez, chromium, go1.19, go1.20, jetty-minimal, kernel, kubernetes1.18, kubernetes1.23, kubernetes1.24, libX11, open-vm-tools, openvswitch3, opera, syncthing, and xen), and Ubuntu (libcap2, libpod, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-lowlatency, linux-raspi, linux-oem-5.17, linux-oem-6.1, pypdf2, and qemu).

The 6.4-rc7 kernel prepatch is out fortesting. "Nothing particular stands out in the rc this week,unless you count the mptcp selftest changes that are about making the testswork on stable kernels too."

The registration for this year's Linux Plumbers Conference (LPC) is now open. It will be held November 13-15 in Richmond, Virginia in the US. The attend page has all of the details. Meanwhile, some of the calls for proposals are still open, though the microconferences CFP is closed; this year's proposed microconference topics are listed here. Those who want to attend should note:"As usual we expect to sell [out] rather quickly so don't delay your registration for too long!"

The bcachefs filesystem, and theprocess for getting it upstream, were the topicsof a session led remotely by Kent Overstreet, creator of bcachefs, at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit. He has also discussed bcachefs inprevious editions of the summit, firstin2018 and at last year's event;in both of those cases, the question of getting bcachefs mergedinto the mainline kernel came up, but that merge has not happened yet.This time around, though, Overstreet seemed closer than ever to being ready to actually start that process.

The fifth conference on PowerManagement and Scheduling in the Linux Kernel (abbreviated "OSPM") washeld on April17 to19 in Ancona, Italy. LWN was not there,unfortunately, but the attendees of the event have gotten together to writeup summaries of the discussions that took place and LWN has the privilegeof being able to publish them. Reports from the second day of the eventappear below.

Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd).

The developers working on improving the speed of the CPython interpreterhave posteda plan describing their objectives for the Python 3.13 release. Thebiggest piece appears to be the tier-2optimizer, which will optimize larger chunks of Python code:"https://github.com/faster-cpython/ideas/issues/557".

The C language does not provide the sort of resource-management featuresfound in more recent languages. As a result, bugs involvingleaked memory or failure to release a lock are relatively common inprograms written in C — including the kernel. The kernel project has neverlimited itself to the language features found in the C standard, though;kernel developers will happilyuse extensions provided by compilers if they prove helpful. It looks likea relatively simple compiler-provided feature may lead to a significantchange in some common kernel coding patterns.

Darrick Wong has been doing work on XFS onlinerepair for a number of years and things are getting to the point where most of the filesystem-internal workhas been completed and is under review. The work remaining mostly concernsthe user-space side to set up a periodic scan and repair cycle, so he wanted to discuss whatuser space needs from this kind of feature in a filesystem session at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit that he led remotely. The session maynot have gone quite as he hoped, as it got somewhat derailed by topics thatspilled over from the earlier session onunprivileged image mounts.

Security updates have been issued by Debian (webkit2gtk), Fedora (python-django-filter and qt), Mageia (cups, firefox/nss, httpie, thunderbird, and webkit2), Red Hat (.NET 6.0, .NET 7.0, c-ares, firefox, jenkins and jenkins-2-plugins, nodejs, nodejs:18, python3, python3.11, python3.9, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (frr, opensc, python3, and rekor), and Ubuntu (c-ares, glib2.0, libcap2, linux-intel-iotg-5.15, pano13, and requests).

The LWN.net Weekly Edition for June 15, 2023 is available.

Robert Haas looksat the advantages and disadvantages of how documentation for PostgreSQLis written.

In something of a follow-on from the mount-operation monitoring session theprevious day, Christian Brauner led another discussion about providing userspace with a mechanism to get current mount information on day two of the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit. The session also continued on fromone at last year's summit—and likely others before that.There are two separate proposals for ways to retrieve this kind ofinformation, one from Miklos Szeredi and another from David Howells, bothof whom were present this year; Brauner's intent was to try to reach somekind of agreement on the way forward in the session.

There are some "magic links" in kernel pseudo-filesystems, like procfs,that can be—have been—(ab)used to cause security problems, such as acontainer-confinement breach in 2019.Aleksa Sarai has long been working on ways to blunt the impact of thesemagic links. He led a filesystem session at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit to discuss the status of those efforts.

The6.3.8,6.1.34,5.15.117,5.10.184,5.4.247,4.19.286, and4.14.318stable kernel updates have all been released; each contains another set ofimportant fixes.

Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado).

There has long been a desire to enable users to mount filesystem images withoutrequiring privileges, but the securityimplications of allowing it are seriously concerning. Few, if any, kernelfilesystems are hardened against maliciously crafted images, after all.Lennart Poettering led a filesystem session at the 2023 Linux Storage, Filesystem,Memory-Management and BPF Summit where he presented a possible pathforward.

The fifth conference on PowerManagement and Scheduling in the Linux Kernel (abbreviated "OSPM") washeld on April 17 to 19 in Ancona, Italy. LWN was not there,unfortunately, but the attendees of the event have gotten together to writeup summaries of the discussions that took place and LWN has the privilegeof being able to publish them. Reports from the first day of the eventappear below.

Paul McKenney has announced a newversion of his book IsParallel Programming Hard, And, If So, What Can You Do About It?.

Videosfrom the 2022 Tracing Summit are now available on YouTube. Theyinclude talks about Visual eBPF, Perfetto, the state of Linux tracers,libpatch, hardware trace, and more.

Security updates have been issued by Debian (vim), Fedora (kernel), Oracle (emacs, firefox, python3, and qemu), SUSE (firefox, java-1_8_0-ibm, and libwebp), and Ubuntu (firefox, glusterfs, and sniproxy).

The Fedora project has posted the results of its elections for members oftheFedoraEngineering Steering Committee (Stephen Gallagher, Neal Gompa, MajorHayden, and Tom Stellard),FedoraCouncil (Sumantro Mukherjee), and MindshareCommittee (David Duncan).

The CPU scheduler's one job at any given time is to run the task that hasthe strongest claim to the CPU. There are many factors that complicatethat job, not the least of which is that the "strongest claim" is sometimesa bit of a fuzzy concept. Realtime throttling, a mechanism designed tokeep a runaway realtime task from monopolizing the CPU, is one case wheredevelopers have concluded that the task with, ostensibly, the highestpriority should not actually be the one that runs. But realtime throttlinghas rarely pleased anybody; the deadline-serverinfrastructure patches posted by Daniel Bristot de Oliveira are thelatest attempt to find a better solution.

Security updates have been issued by Debian (pypdf2 and thunderbird), Fedora (chromium, dbus, mariadb, matrix-synapse, sympa, and thunderbird), Scientific Linux (python and python3), SUSE (chromium, gdb, and openldap2), and Ubuntu (jupyter-core, requests, sssd, and vim).

The 6.4-rc6 kernel prepatch is out fortesting.

"After 1 year, 9 months, and 28 days of development", Debian 12, codenamed "bookworm", has been released. The announcement has lots of details about package versions for desktop environments (6 are supported), kernel version (Linux 6.1 series), other package versions (compilers, graphics tools, office suites, languages, and more), architectures supported (8 for real hardware and 5 for cloud services), blends, and lots more.

Two different topics concerning the virtual filesystem (VFS) layer were thesubject of a session led by VFS co-maintainer Christian Brauner at the2023 Linux Storage, Filesystem,Memory-Management and BPF Summit. As might be guessed, it was afilesystem-track session; Brauner had three separate items he planned onbringing up, but the discussion on the first two consumed the wholehalf-hour—and then some. A mechanism to avoid media-change races whenmounting loop (or loopback) and other devices was disposed of fairlyquickly, but the discussion around the mount-beneath feature went on at length.

Priority inversion comes about when a low-priority task holds a resourcethat is needed by a higher-priority task, with the result that the wrongtask is the only one that can run. This problem is arguably most acute inrealtime settings, but it can happen in just about any system that hasmultiple tasks running. The variety ofscheduling classes provided by the Linux kernel make handling priorityinversion a difficult problem; the latest version of the proxyexecution patch series points toward a possible solution.

Greg Kroah-Hartman has released the 6.3.7,6.1.33, 5.15.116, 5.10.183, 5.4.246, 4.19.285, and 4.14.317 stable kernels. As usual, theycontain many important fixes throughout the tree; users of those seriesshould upgrade.

Security updates have been issued by Debian (jupyter-core, openssl, and ruby2.5), Fedora (firefox), Mageia (libreoffice, openssl, and python-flask), Red Hat (python and python3), Slackware (mozilla, php8, and python3), SUSE (java-1_8_0-ibm, libcares2, mariadb, and python36), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-intel-iotg, linux-raspi, linux-xilinx-zynqmp, and mozjs102).