Greg Kroah-Hartman has announced the release of the 5.18.2, 5.17.13, 5.15.45, 5.10.120, 5.4.197, 4.19.246, 4.14.282, and 4.9.317 stable kernels. Each contains a setof important fixes, as usual; users of those series should upgrade.
In something of a grab-bag session, Josef Bacik led a discussion aboutvarious challenges that Linux kernel maintainers face, some of which lead toburnout. The session was originallygoing to be led by Darrick Wong, but he was unable to come to LSFMM, soBacik gathered some of Wong's concerns and combined them with his own in ajoint storage and filesystem session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). As part of thediscussion, Bacik presentedhis view on what the role of a kernel maintainer should be, which seemed toresonate with those present.
Security updates have been issued by Debian (clamav, firefox-esr, pidgin, and thunderbird), Fedora (dotnet3.1, firefox, kernel, vim, and webkit2gtk3), Mageia (firefox/nss/nspr, gimp, logrotate, mariadb, thunderbird, trojita, webkit2, and webmin), Oracle (thunderbird), Red Hat (compat-openssl11, postgresql:10, postgresql:12, and thunderbird), Slackware (pidgin), and SUSE (openvpn).
Linus has released 5.19-rc1 and closed themerge window for this cycle. "Judging by the merge window, this releaseis going to be on the bigger side, but certainly not breaking any records,and nothing looks particularly odd or crazy."
Version22.05 of the NixOS distribution is out. "NixOS is already known asthe most up to date distribution and is the distribution with the mostpackages. This release saw 9345 new packages and 10666 updatedpackages". Significant changes include an update to version 2.8.0 ofthe Nix package manager with experimental support for flakes, GNOME 42, and manynew services; see therelease notes for details.
Opinions differ on the best way to disclose security vulnerabilities, butthere is a general consensus in our community that vulnerabilitiesshould, indeed, be made public at some point. What happens between the discovery of avulnerability and its disclosure can be more controversial. A recentdiscussion on the handling of kernel vulnerabilities has led to change inthe policies of the linux-distros mailing list — all based on the questionof what constitutes "disclosure".
Security updates have been issued by Debian (cifs-utils, debian-security-support, and pypdf2), Fedora (fapolicyd, mariadb, openssl, and qt5-qtbase), Oracle (firefox, maven:3.5, maven:3.6, postgresql:10, postgresql:12, and postgresql:13), Red Hat (.NET 6.0, firefox, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, pcs, rsync, subversion, thunderbird, and zlib), Scientific Linux (thunderbird), Slackware (mozilla), SUSE (firefox, hdf5, suse-hpc, kernel-firmware, libarchive, patch, php8, and redis), and Ubuntu (cifs-utils and vim).
The kernel tries hard to keep memory available for its present and futureneeds. Should that effort fail, though, the tool of last resort is thedreaded out-of-memory (OOM) killer, which is tasked with killing processeson the system to free their memory and alleviate the problem. The resultsof invoking the OOM killer are never going to be good, but they can bedistinctly worse if the wrong processes are chosen for an untimely end. Asone might expect, the effort to properly choose the right processes is anongoing effort. Most recently, ChristianKönig has proposed anew mechanism to address a blind spot in the OOM killer'sdeliberations.
Security updates have been issued by Debian (firefox-esr), Fedora (thunderbird and vim), Red Hat (firefox, postgresql:10, postgresql:12, and postgresql:13), Scientific Linux (firefox and rsyslog), SUSE (hdf5, hdf5, suse-hpc, postgresql14, rubygem-yajl-ruby, and udisks2), and Ubuntu (imagemagick and influxdb).
Adding support for an in-kernel TLShandshake was the topic of a combined storage and filesystem session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). Chuck Lever andHannes Reinecke led the discussion on ways to add that support; they areinterested in order to provide TLS for network storage and filesystems.But there are likely other features, such as QUIC support, that could use an in-kernel TLS implementation.
The challenges of testing filesystems and the block layer were the topic of acombined storage and filesystem session led by Luis Chamberlain at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). His goal is toreduce the amount of time it takes to test new features in those areas, butone of the problems that he has encountered is a lack of determinism in thetest results. It is sometimes hard to distinguish problems in the kernelcode from problems in the tests themselves.
If you are running Fedora 34, the time has come to move on; thatdistribution will reach the end of its supportlife on June 7. Users of Ubuntu 21.10 have a little longer, butthat release loses support on July 14 andusers should update to 22.04.
Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk).
In a filesystem session at the 2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), Amir Goldsteinled a discussion about the stable kernel trees. Those trees, andespecially the long-term support (LTS) versions, are used as a basis for avariety of Linux-based products, but the kind of testing that is being doneon them for filesystems is lacking. Part of the problem is that the teststarget filesystem developers so they are not easily used by downstreamconsumers of the stable kernel trees.
Security updates have been issued by Debian (haproxy, libdbi-perl, pjproject, spip, and trafficserver), Oracle (firefox, kernel, kernel-container, libvirt libvirt-python, and thunderbird), Red Hat (maven:3.5, maven:3.6, nodejs:16, postgresql, postgresql:10, and rsyslog), SUSE (gimp, helm-mirror, ImageMagick, mailman, openstack-neutron, pcmanfm, pcre2, postgresql10, and tiff), and Ubuntu (dpkg and freetype).
The ID-mapped mounts feature was added toLinux in 5.12, but the general idea behind it goes back a fair bitfurther. There are a number of different situations where the user andgroup IDs for files on disk do not match the current human (or process) user of thosefiles, so ID-mapped mounts provide a way to resolve that problem—withoutchanging the files on disk. The developer of the feature, ChristianBrauner, led a discussion at the 2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM) on ID-mapped mounts.
Our introduction to Linux audio and MIDIplugin APIs ended with a mention ofthe Clever Audio Plugin(CLAP) but did not get into the details. CLAP is an MIT-licensed API fordeveloping audio and MIDI plugins that, its developers feel, has thepotential to improve the audio-software situation on Linux. The time hasnow come to get to those details and look at the state of CLAP and where itis headed.
The 5.18.1, 5.17.12, 5.15.44, and 5.10.119 stable kernels have been released.As usual, they contain important fixes; users of those series should upgrade.
Version 5.36.0 of the Perl language is out. "Perl 5.36.0 representsapproximately a year of development since Perl 5.34.0 and containsapproximately 250,000 lines of changes across 2,000 files from 82authors." Changes include the enabling of function signatures,Unicode 14.0 support, experimental iteration over multiple values, and alot more; see therelease notes for the full list.
Security updates have been issued by Debian (modsecurity-apache, pngcheck, rsyslog, and smarty3), Fedora (firefox, golang-github-opencontainers-runc, gron, kernel, kernel-headers, kernel-tools, logrotate, mingw-pcre2, and rubygem-git), Mageia (admesh, chromium-browser-stable, golang, kernel, kernel-linus, and pidgin), Red Hat (firefox, openvswitch2.13, openvswitch2.15, openvswitch2.16, rsyslog, and thunderbird), SUSE (bind, curl, opera, pcp, postgresql12, and postgresql14), and Ubuntu (gnupg2 and ntfs-3g).
Paul McKenney writesabout why read-copy-update coverage is not universal in the kernel, thehazards that can result from that, and what is being done to improve thesituation.
As of this writing, just under 4,600 non-merge changesets have been pulledinto the mainline repository for the 5.19 development cycle. The 5.19merge window is clearly well underway. The changes pulled so far cover anumber of areas, including the core kernel, architecture support, networking,security, and virtualization; read on for highlights from the first part ofthis merge window.
Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion).
The normal rule of kernel development is that the creation of user-spaceregressions is not allowed; a patch that breaks a previously workingapplication must be either fixed or reverted. There are exceptions,though, including a5.10 patch that has been turning up regressions ever since. The storythat emerges here shows what can happen when the goals of stability,avoiding security problems, and code cleanup run into conflict.
Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion).
Right on the heels of his previous filesystemsession at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), Steve French leda session on temporary files and their interaction with networkfilesystems.The problem is that creating temporary files is not always atomic, so he wasproposing changing that, which would eliminate a possible race conditionand be more efficient for network filesystems.Since the temporary-file discussion did not fill the 30-minute slot, however, French tookthe opportunity to discuss some attributes he would like to see get added for thestatx()system call.
Steve French led a discussion on change notifications for networkfilesystems in a session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). He is part ofthe Samba team and noted that both Windows and macOS clients get notifiedof new and changed files in a shared directory immediately, while on Linux that does not happen. Hewanted to explore what it would take to add that functionality.
The Linux Foundation has posted an "Open SourceSoftware Security Mobilization Plan" that aims to address a number ofperceived security problems with the expenditure of nearly$140 million over two years.
The5.17.10,5.15.42,5.10.118,5.4.196,4.19.245,4.14.281, and4.9.316stable kernel updates have all been released; each contains another set ofimportant fixes.Update: the 5.17.11 and 5.15.43 updates followed immediatelythereafter with a single MPTCP networking fix.
Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog).
On the second day of the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), Goldwyn Rodriguesled a combined filesystem and memory-management session on saving memory whenreading files that share extents. That kind of sharing can occur withcopy-on-write (COW) filesystems, reflinks, snapshots, and other featuresof that sort. When reading those files, memory is wasted because multiplecopies of the same data is stored in the page cache, so he wanted toexplore adding a cachespecifically to handle that.
In a fast-paced talk at PyCon 2022 in Salt Lake City,Utah, Pablo Galindo Salgado described some changes he and others have madeto the error reporting for CPython 3.10. He painted a picture of arather baffling set of syntax errors reported by earlier interpreterversions and how they have improved. This work is not done by any means,he said, and encouraged attendees to get involved in making error reportingeven better in future Python versions.
Security updates have been issued by Debian (firefox-esr and openldap), Fedora (curl), Oracle (kernel and kernel-container), Red Hat (maven:3.5), SUSE (cacti, cacti-spine, firefox, go1.18, openldap2, python-requests, rsyslog, and slurm_20_11), and Ubuntu (firefox, htmldoc, libpng, libxfixes, libxrender, thunderbird, and vim).
Version3.16.0 of the Alpine Linux distribution has been released. Significantchanges include a switch to tmpfs for the /tmp directory, thesplitting out of a number of NetworkManager plugins into separate packages,the removal of Python 2, and a lot of updated packages; see therelease notes for more information.
The 5.18 kernel was releasedon May 22 after a nine-week development cycle. That can only meanthat the time has come to look at some of the statistics behind thisrelease, which was one of the busiest in a while. Read on for a look atthe 5.18 kernel, where the code in this release came from, and how it foundits way into the mainline.
Systemd 251 is out. The list of changes includes an increase of theminimum kernel version to 4.15, use of C11 to build the program, increased use of filesystem ID mapping, and many other things;see the announcement for all the details.
Linus has released the 5.18 kernel."No unexpected nasty surprises this last week, so here we go with the5.18 release right on schedule." Some of the headline changes inthis release includethe DAMOS memory-management interface,a number of random-number-generator improvements,the Intel software-defined silicon driver,strict memcpy() bounds checking,a switch to the C11 standard, and more. Also, the Reiserfs filesystem has beendeprecated and the last vestiges of a.outsupport have been removed.See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.18 pagefor more details.
For readers who want to follow our article stream on Mastodon, LWN now(finally) has a presence in the Fosstodon community; you can find us at@LWN@fosstodon.org.
The final session in the memory-management track at the 2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM) was run remotelyby James Gowans and David Woodhouse. It was titled "user-space control ofmemory mappings", with a subtitle of "letting guest memory and statesurvive kexec". Some options were discussed, but the real work is clearlyyet to be done.
As the memory-management track at the 2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM) neared itsconclusion, Mike Kravetz ran a session remotely to talk about pagesharing with hugetlbfs, which is a special filesystem that provides accessto huge pages. (See this article seriesfor lots of information about hugetlbfs). Hugetlbfs can help to reducepage-table overhead when pages are shared between large numbers ofprocesses, but there is a problem that he is trying to find a solution for.
The numerous correctness problemswith the kernel's get_user_pages() functionality have been a fixture at the LinuxStorage, Filesystem, Memory-management and BPF Summit (LSFMM) for someyears. The 2022 eventdid not break that tradition. The first-day discussion on page pinning was covered here.On the final day, in the memory-managementtrack, David Hildenbrand led a session on the current status ofget_user_pages() and its interaction with copy-on-write (COW)memory.
LWN.net