LWN.net

The LWN.net Weekly Edition for December 8, 2022 is available.

Version12.0 of the Tor browser has been released. Changes includemulti-locale support, Apple silicon support, HTTPS-only behavior by defaulton Android and more.

A read-only filesystem that will transparently share file data between disparatedirectory trees, while also providing integrity verification for the dataand the directory metadata, was recently posted as anRFCto the linux-kernel mailing list. Composefs was developedby Alexander Larsson (who posted it) and Giuseppe Scrivano for use by podman containers and OSTree (or "libostree" as itis now known) root directories, but there are likely others who want theabilities it provides. So far, there has been little response, either with feedback orcomplaints, but it is a small patch set (around 2K lines of code) andgenerally self-contained since it is a filesystem, so it would not be asurprise to see it appear in some upcoming kernel.

Security updates have been issued by Debian (cgal, ruby-rails-html-sanitizer, and xfce4-settings), Red Hat (dbus, grub2, kernel, pki-core, and usbguard), Scientific Linux (pki-core), SUSE (bcel, LibVNCServer, and xen), and Ubuntu (ca-certificates and u-boot).

Gccrs — the Rust front-end for GCC — has been approvedfor merging into the GCC trunk. That means that the next GCC release willbe able to compile Rust, sort of; as gccrs developer Arthur Cohen warns:"This is very much an extremely experimental compiler and will still geta lot of changes in the coming weeks and months up until the release".See this article and this one for more details on the currentstatus of gccrs.

Over on the Collabora blog, Adrian Ratiu writes about the addition of the kernel's Rust code to the KernelCI automated kernel testing project. The blog post looks at what it took to add the support and on some plans for future additions, as well.

The kernel's page cache holds pages from files in RAM, allowing thosepages to be accessed without expensive trips to persistent storage.Applications are normally entirely unaware of the page cache's operation;it speeds things up and that is all that matters. Some applications,though, can benefit from knowledge about how much of a given file ispresent in the page cache at any given time; the proposedcachestat() system call from Nhat Pham is the latest in a longseries of attempts to make that information available.

Security updates have been issued by Ubuntu (binutils and ca-certificates).

Alison Chaiken provides anoverview of Linux ABI concerns on opensource.com.

The kernel project is now more than three decades old; over that time, anumber of development practices have come and gone. Once upon a time, theuse of "magic numbers" to identify kernel data structures was seen as agood way to help detect and debug problems. Over the years, though, theuse of magic numbers has gone into decline; thispatch set from Ahelenia Ziemiańska may be an indication that the reignof magic numbers may be reaching its end.

Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke).

The eighth and presumably final 6.1 kernelprepatch has been released for testing. "So everything looks good,and while the calming down may have happened later than I wished for, itdid happen. Let's hope this upcoming week is as quiet (or quieter)."

The6.0.11,5.15.81, and5.10.157stable kernel updates have been released; each contains another set ofimportant fixes.

The software-interrupt mechanism is one of the oldest parts in the kernel;arguably, the basic design behind it predates Linux itself. Softwareinterrupts can get in the way of other work so, for almost aslong as they have existed, developers have wished that theycould be made to go away. That has never happened, though, and doesn'tlook imminent. Instead, Android systems have long carried a patch thattries to minimize the impact of software interrupts, at least in somesituations. John Stultz is now postingthat work, which contains contributions from a number of authors, inthe hope of getting it into the mainline kernel.

Security updates have been issued by Debian (snapd), Fedora (firefox, libetpan, ntfs-3g, samba, thunderbird, and xen), SUSE (busybox, emacs, and virt-v2v), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-hwe, linux-gcp, linux-hwe, linux-oracle, and tiff).

Bleeping Computer reportsthat the Android platform signing certificates for several manufacturershave leaked and been used to sign malware.

Over on the Google security blog, Jeffrey Vander Stoep writes about the impact of focusing on using memory-safe languages for new code in Android.

The Document Foundation(TDF) was created in 2010 to steward andsupport the development of the LibreOffice suite, which was then a new fork of OpenOffice.org. TDF hasclearly been successful; unlike OpenOffice,which is currently under the Apache umbrella, LibreOffice is an activelydeveloped and widely used project. But TDF has also been showing signs of stress in recentyears, and the situation does not appear to be getting better. There arecurrently some significant disagreements over just what role TDF shouldplay; if those cannot be resolved, there is a real chance that they couldrip the Foundation apart.

Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).

The LWN.net Weekly Edition for December 1, 2022 is available.

The recent discussion of a proposed change to the Python language—the usualfare on the language's Ideasforum—was interesting, somewhat less for the actual feature underdiscussion than for the other issues raised. The change itself is a minor, conveniencefeature that would provide a reproducible iteration order for certainkinds of sets betweenseparate invocations of the interpreter. That is a pretty limited use case, and onethat could perhaps be fulfilled in other ways, but the discussion alsohighlighted some potentially worrying trends in the way that feature ideas are handled inthe Python community.

It was only a matter of time before somebody found a way to inject BPF intothe CPU scheduler. This patchseries, posted by Tejun Heo and containing work by David Vernet, JoshDon, and Barret Rhoden, does exactly that. The cover letter covers themotivation behind this work in detail:

Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, and sysstat).

As of late, concerns about the future of Twitter have caused many of itsusers to seek alternatives. Amid this upheaval, an open-sourcemicroblogging service called Mastodon has received a great deal ofattention. Mastodon is not reliant on any single company or centralauthority to run its servers; anyone can run their own. Servers communicatewith each other, allowing people on different servers to send each othermessages and follow each other's posts. Mastodon doesn't just talk toitself, though; it can exchange messages with anything that speaks the ActivityPub protocol.There are many such implementations, so someone who wants to deploy their ownmicroblogging service enjoys a variety of choices.

Asahi Lina gives a detailedupdate on progress toward a graphics driver for Apple M1 hardware.

Lucien Cartier-Tilet looksforward to the upcoming Emacs 29 release.

Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz).

The BPF subsystem, which allows code to be loaded into the kernel from userspace and safely executed in the kernel context, is bound to create a number ofchallenges for the kernel as a whole. One might not think that allocatingmemory for BPF programs would be high on the list of problems, but life(and memory management) can be surprising. The attempts to do a better jobof providing space for compiled BPF code have, to date, only been partiallysuccessful; now Song Liu is back with a newapproach to finish the job.

FFmpeg is an indispensable tool forworking with audio and video streams, but it can be challenging to learn to use well.FFmpeg — TheUltimate Guide, posted by Csaba Kopias, can help. "This guidecovers the ins and outs of FFmpeg starting with fundamental concepts andmoving to media transcoding and video and audio processing providingpractical examples along the way."

Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), and Ubuntu (libice and shadow).

The 6.1-rc7 kernel prepatch has beenreleased for testing.

Greg Kroah-Hartman has released the 5.10.156, 5.4.225, 4.19.267, 4.14.300, and 4.9.334 stable kernels. As usual, theycontain important fixes throughout the kernel tree.Update: 6.0.10 and 5.15.80 were released on November 26.

Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff).

Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xwayland).

The 4.19.266 stable kernel update has beenreleased; it consists entirely of backported fixes forspeculative-execution vulnerabilities.

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

For those who are waiting for Linux on Apple hardware, the Asahi Linuxproject has put out a detailedreport on progress toward a working kernel and distribution.

The Document Foundation has announcedthe hiring of a quality-assurance analyst, bringing its staff up to 13people.

Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).

Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), and Ubuntu (flac, git, linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4, linux-gcp, linux-gcp-4.15, and linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi).

The 6.1-rc6 kernel prepatch is out fortesting.

Even a single kernel oops is never a good thing; it is an indication that something hasgone badly wrong in the system somewhere and a straightforwardrecovery is not possible. But it seems that oopsing a large numberof times has the potential to be even worse. To head off problems thatmight result from repeated oopsing, thereis currently work afoot to put an upper limit on the number of times thatthe kernel can be allowed to oops before just giving up and rebooting.

Libre Arts looks atthe GIMP as the 3.0 release approaches.

The Register looksat the discussion around the GNU Tools Infrastructure proposal.

Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).

The merge window for the 6.1 release brought in basic support for writing kernel code in Rust— with an emphasis on "basic". It is possible to create a "hello world"module for 6.1, but not much can be done beyond that. There is, however, alot more Rust code for the kernel out there; it's just waiting for its turn to bereviewed and merged into the mainline. Miguel Ojeda has now posted the nextround of Rust patches, adding to the support infrastructure in thekernel.

Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

The LWN.net Weekly Edition for November 17, 2022 is available.

The high-frequency-trading (HFT) industry is rather tight-lipped about whatit does and how it does it, but PJ Waskiewicz of Jump Trading came to the Netdev 0x16 conference to tryto demystify some of that, especially with respect to its use ofnetworking. He wanted to contrast the needs of HFT with those of the traditional networkingas it is used outside of the HFT space. He also has some thoughts on whatthe Linux kernel could do to help address those needs so that HFT companiescould move away from some of the custom code that is currently beingdeveloped and maintained by multiple firms in the industry.

Meta has announcedthe open-source release of part of its internal source-code managementsystem, called Sapling.