The kernel does not lack for memory allocators, so one might well questionthe need for yet another one. As thispatch set from Alexei Starovoitov makes clear, though, the BPFsubsystem feels such a need. The proposed new allocator is intended toincrease the reliability of allocations made within BPF programs, which mightbe run in just about any execution context.
Security updates have been issued by Debian (firefox-esr, firejail, and ublock-origin), Fedora (chromium, firefox, thunderbird, and vim), Mageia (kernel and kernel-linus), Oracle (389-ds-base and python-virtualenv), SUSE (chromium), and Ubuntu (cloud-init).
On the first day of the 2022 LinuxSecurity Summit North America (LSSNA) in Austin, Texas, Stéphane Graberand Christian Brauner gave a presentation on using system-call interceptionfor container security purposes. The idea is to allow unprivilegedcontainers, those without elevated privileges on the host, to stillaccomplish their tasks, some of which require privileges. A fair amount ofwork has been done to make this viable, but there is still more to do.
Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl).
Version 9.0 of the Vim texteditor has been released. The biggest change would appear to be theaddition of the "Vim9 Script" language for editor customization:
In something of an Open Source Summit tradition, Linus Torvalds and DirkHohndel sit down for a discussion on various topics related to open sourceand, of course, the Linux kernel. OpenSource Summit North America (OSSNA) 2022 in Austin, Texas was noexception, as they reprised their keynote on the first day of theconference. The headline-grabbing part of the chat was Torvalds's declaration that Rust forLinux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there.
Version102.0 of the Firefox browser is out. Changes include the ability todisable the panel that otherwise materializes on every downloadand the strippingof certain query parameters in extendedtracking protection mode. The stripping will be the default forprivate browsing in the next release.
Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).
Version 2.37.0 of the Gitsource-code management system has been released. Highlights include a newobject-pruning mechanism called "cruft packs", fullintegration of the sparseindex, and more; see this GitHubblog post for more information.
Once upon a time, computers just had one type memory, so memory withina given system was interchangeable. The arrival of non-uniformmemory access (NUMA) systems complicated the situation significantly; nowsome memory was faster to access than the rest, and memory-managementalgorithms had to adapt or performance would suffer. But NUMA was just thestart; today's tiered-memory systems, which may include several tiers ofmemory with different performance characteristics, are adding newchallenges. A couple of relevant patch sets currently under review help toillustrate the types of problems that will have to be solved.
The5.18.7,5.15.50,5.10.125,5.4.201,4.19.249,4.14.285, and4.9.320stable updates have all been released. The 5.x updates are relativelysmall, but the 4.x updates contain a fair number of backportedrandom-number-generator improvements along with the usual fixes.Update: Due to an io_uring problem reported by Greg Thelen in 5.10.125, which was quickly fixed by Jens Axboe, 5.10.126 was released less than 24 hours later.
The network filesystem (NFS) protocol has been with us for nearly 40 years.While defined initially as a stateless protocol, NFS implementations havealways had to manage state, and that need has been increasingly built intothe protocol over successive revisions. The early days of NFS werediscussed, with a focus on state management, in the first part of this series. This articlecompletes the job with a look at the evolution of NFS since, approximately,the beginning of this millennium.
Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).
Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).
In a keynote at PyCon 2022 in SaltLake City, Utah, Peter Wang introduced another entrant in the field ofin-browser Python interpreters. The Python community has long sought a wayto be able to write Python—instead of JavaScript—to run in web browsers, and therehave been various efforts to do so over the years. Wang announced PyScript as a new framework, built atopone of those earlier projects, to allowPython scripting directly within the browser; those programs have access tomuch of the existing Python ecosystem as well as being able to interactwith the browser document object model (DOM) directly. In addition, he gave some rather eye-opening demonstrations as part of the talk.
Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).
In the final filesystem session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), David Howells leda discussion on a filesystem optimization that is causing various kinds ofproblems. Extent-based filesystems have data structures that sometimes donot reflect the holes that exist in files. Reads from holes in sparse files (i.e. files withholes) must return zeroes, but filesystems are not obligated to maintain knowledge ofthe holes beyond that, which leads to the problems.This concludes our coverage of LSFMM 2022.
ThisMeta blog post by Johannes Weiner and Dan Schatzberg describes a set ofmemory-management changes used there that they call "transparent memoryoffloading".
I recently had cause to reflect on the changes to the NFS (Network FileSystem) protocol over the years and found that it was a story worthtelling. It would be easy for such a story to become swamped by thedetails, as there are many of those, but one idea does stand out fromthe rest. The earliest version of NFS has been described as a"stateless" protocol, a term I still hear used occasionally. Much ofthe story of NFS follows the growth in the acknowledgment of, andsupport for, state. This article looks at the evolution of NFS (and itshandling of state) during theearly part of its life; a second installment will bring the story up to thepresent.
The 5.19-rc3 kernel prepatch is out fortesting. "5.19-rc3 is fairly small, and just looking at the diffstat, a lot ofit ends up being in the documentation subdirectory. With another chunkin selftests."
Some kernel features last longer than others. Support for forward-edgecontrol-flow integrity (CFI) for kernels compiled with LLVM was added to the 5.13kernel, but now there is already a replacement knocking on the door.Control-flow integrity will remain, but the new implementation will besignificantly different — and seemingly better in a number of ways.
Fedora's objective to become the desktop Linux distribution of choice haslong been hampered by Red Hat's risk-averse legal department, whichstrictly limits the type of software that Fedora can ship. Specifically,anything that might be encumbered by patents is off-limits, with the resultthat much of the media that users might find on the net is unplayable. Thissituation has improved over the years as the result of a lot of work withinthe Fedora project, but it still puts Fedora at a disadvantage relative tosome other distributions. A recentdiscussion on video support, though, shines a light on how some surprisinglegal reasoning may be providing a way out of this problem; that waymay not be pleasing to all involved, however.
Seven new stable kernels have been released: 5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319. All contain a small set of patchesto address the recently disclosed processorMMIO stale-data vulnerabilities; users of those series should upgrade.
Security updates have been issued by Fedora (containerd, golang-github-containerd-cni, golang-github-containernetworking-cni, golang-x-sys, kernel, and qt5-qtbase), Oracle (kernel, kernel-container, microcode_ctl, subversion:1.14, and xz), Red Hat (.NET 6.0, .NET Core 3.1, cups, and xz), Scientific Linux (xz), SUSE (caddy, chromium, librecad, libredwg, varnish, and webkit2gtk3), and Ubuntu (bluez).
As with many conferences these days, the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM) had a virtualcomponent. The main rooms were equipped with a camera trained on thepodium, thus the session leader, so thatremote participants could watch; this camera connected into a Zoomconference that allowed participation from afar. In a session near theend of the conference, led by conference organizer Josef Bacik, remoteparticipants were invited to share their experiences—on camera—with those who were there in person. It was anopportunity to discuss what went right—and wrong—with an eye towardimproving the experience for future events.
Readahead is an I/Ooptimization that causes the system to read more data than has been requested by an application—in the belief that the extra data willbe requested soon thereafter. At the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), Matthew Wilcoxled a session to discuss readahead, especially as it relates to networkfilesystems, with assistance from Steve French andDavid Howells. The latency of the underlying storage needs to factor intothe calculation of how much data to read in advance, but it is not entirelyclear how to do so.
The 2022 Kernel Summit and Maintainers Summit will be held in Dublin; theKernel Summit will run as part of the Linux Plumbers Conference (September 12-14)while the Maintainers Summit will be on September 15. The call for proposals for both events has been posted. The deadline for the KernelSummit is tight (June 19), so this is not the time for anybody wantingto speak to procrastinate.
Security updates have been issued by Red Hat (.NET 6.0 and log4j), SUSE (389-ds, grub2, kernel, openssl-1_1, python-Twisted, webkit2gtk3, and xen), and Ubuntu (php7.2, php7.4, php8.0, php8.1 and util-linux).
Today's branded, logo-equipped vulnerability is known as Hertzbleed; it affects x86processors (at least) and can be exploited in some situations to extractcryptographic keys from a remote server.
5.18.4,5.17.15,5.15.47,5.10.122,5.4.198,4.19.247,4.14.283, and4.9.318 stable updates have all been released; eachcontains another large set of important fixes.Note that 5.17.15 will be the last release in the 5.17.x stable series.
Zoned storage is a form of storage that offers higher capacities by making tradeoffs in the kindsof writes that are allowed to the device. It was the topic of a storage andfilesystem session led by LuisChamberlain at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). Over the years,zoned storage has been a frequent topic at LSFMM, going back to LSFMM 2013, where support forshingled magnetic recording (SMR) devices, which were the starting point forzoned storage, was discussed.
LWN.net