LWN.net

The merge window for the 6.11 kernel release opened on July14; as ofthis writing, 4,072 non-merge changesets have been pulled into the mainlinerepository since then. This merge window, in other words, is just nowbeginning. Still, there has been enough time for a number of interestingchanges to land for the next kernel release; read on for a summary of whathas been merged so far.

Security updates have been issued by Debian (chromium), Fedora (freeradius), Red Hat (firefox, java-1.8.0-openjdk, and java-17-openjdk), Slackware (openssl), SUSE (ghostscript, gnutls, podman, and python-Django), and Ubuntu (linux-hwe-6.5, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-oracle, linux-xilinx-zynqmp, and stunnel).

The LWN.net Weekly Edition for July 18, 2024 is available.

Version4.2 LTS of the Blenderopen-source 3D creation suite has been released. Major improvementsinclude a rewrite of the EEVEErender engine, faster rendering, and much more. See the showcasereel for examples of work created by the Blender community withthis release.See the text releasenotes for even more about 4.2 LTS, which will be maintained untilJuly 2026.

Maintenance of the kernel is a difficult, often thankless, task; how it isbeing handled, the role of maintainers, burnout, and so on are recurringtopics at kernel-related conferences. Atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Josef Bacik andChristian Brauner led a session to discuss possible changes to the wayfilesystems are maintained, though Bacik took the lead role (and the podium). There are a number of interrelated topics,including merging new filesystems, removing old ones, making and testing changesthroughout the filesystem tree, and more.

Version 8.4.0 of the digiKam photo editing and managementapplication has been released. Thisrelease includes an update of the LibRaw RAW decoder whichbrings support for many new cameras, a new version of the LensFuntoolkit, a feature for automatic translation of image tags, GMIC-Qt 3.4.0, and manybug fixes. See the announcement for full details.

Gustavo A. R. Silva describesthe path to safer flexible arrays in the kernel, thanks to thecounted_by attribute supported by Clang18 and GCC15.

Security updates have been issued by Debian (kernel), Fedora (golang and krb5), Red Hat (cups, firefox, git, java-21-openjdk, kernel, linux-firmware, nghttp2, nodejs, and podman), SUSE (libndp, nodejs18, nodejs20, tomcat, and xen), and Ubuntu (gtk+2.0, gtk+3.0 and linux-hwe-5.4, linux-oracle-5.4).

SUSE has, in a somewhat clumsyfashion, asked openSUSEto consider rebranding to clear up confusion over therelationship between SUSE the company and openSUSE as a communityproject. That, in turn, has opened conversations about revisingopenSUSE governance and more. So far, there is no concrete proposal toconsider, no timeline, or even a process for the community and companyto follow to make any decisions.

Amir Goldstein led a filesystem-track session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on his project to build ahierarchicalstorage management (HSM) system using fanotify.The idea is to monitor file access in order to determine when to retrievecontent from non-local storage (e.g. the cloud). The session was afollow-up to last year's introduction to theproject, which covered some of the problems he had encountered; thisyear, hewas updating attendees on its status and progress, along with some otherproblem areas that he wanted to discuss.

Redox has received agrant to work on implementing POSIX-compatible signals. Thedraft design calls for them to be implemented nearly completely in user space.

Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).

On June 25, Matthew Wilcox posteda second version of a patch setintroducing a newdata structure called rosebush, which"is a resizing, scalable, cache-aware, RCU optimised hashtable." The kernel already has generic hash tables, though, includingrhashtable. Wilcox believes that the design ofrhashtable is not the best choice for performance, and has written rosebush asan alternative for use in thedirectory-entry cache (dcache) - the filesystem cache used to speed upfile-name lookup.

The 6.10 kernel was releasedon July14 after a nine-week development cycle. This time around,13,312 non-merge changesets were pulled into the mainline repository - thelowest changeset count since 5.17 in early 2022. Longstanding traditionsays that it is time for LWN to gather some statistics on where the newcode for 6.10 came from and how it got to the mainline; read on for thedetails.

Greg Kroah-Hartman has released the 6.6.40and 6.1.99 stable kernels. Both contain afix for the USB subsystem; anyone who uses those kernel series and "the XHCIUSB host controller driver (i.e. USB 3) must upgrade".

Security updates have been issued by Fedora (cups, krb5, pgadmin4, python3.6, and yarnpkg), Mageia (freeradius, kernel, kmod-xtables-addons, kmod-virtualbox, and dwarves, kernel-linus, and squid), Red Hat (ghostscript, kernel, and less), SUSE (avahi, c-ares, cairo, cups, fdo-client, gdk-pixbuf, git, libarchive, openvswitch3, podman, polkit, python-black, python-Jinja2, python-urllib3, skopeo, squashfs, tiff, traceroute, and wget), and Ubuntu (linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm).

Linus hasreleasedthe 6.10 kernel.

The GNOME Foundation has announcedthat executive director Holly Million is stepping down at the end ofJuly, and will be replaced by Richard Littauer as interim executivedirector:

Linux Mint has released a beta of itsnext long-term-support (LTS) release, LinuxMint22 (code-named "Wilma"), based on Ubuntu24.04. Aside from the standardsoftware updates that come with any major upgrade, some of Wilma'slargest selling points are what it doesn't have; namely snappackages or GNOME applications that have broken theming on non-GNOMEdesktops like Mint's Cinnamon desktop.

Security updates have been issued by Debian (apache2), Fedora (mingw-python3 and python-urllib3), Oracle (dotnet6.0, dotnet8.0, fence-agents, openssh, pki-core, and virt:ol and virt-devel:rhel), SUSE (apache2, firefox, libvpx, oniguruma, python-zipp, python310, thunderbird, and tomcat10), and Ubuntu (apache2, apport, linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi, linux, linux-gcp, linux-nvidia-6.5, linux-raspi, linux-gke, and python-django).

Since thedisagreements that led to Eelco Dolstrastepping down from the NixOSFoundation board, there have been a number of projects forked from or inspiredbyNix that have stepped up to compete with it. Two months on, some of theseprojects are now well-established enough to look at what they have to offer andhow they compare to each other. Overall, users have a number of good options tochoose from, whether they're seeking a compatible replacement for Nix (theconfiguration language and package manager) or NixOS (the Linux distribution),or something that takes the same ideas in a different direction.

The sixth edition of the Power Management and Schedulingin the Linux Kernel (OSPM) Summit took place on May 30-31 2024, and wasgraciously hosted by the Institut deRecherche en Informatique de Toulouse (IRIT) in Toulouse, France. Thisis the first of a series of articles describing the discussions held atOSPM 2024; topics covered include latency hints, energy-aware scheduling,ChromeOS, and user-space schedulers.

The 6.9.9, 6.6.39, and 6.1.98 stable kernels have been released. Asusual, they contain lots of important fixes throughout the tree.

Security updates have been issued by AlmaLinux (dotnet6.0, dotnet8.0, fence-agents, and virt:rhel and virt-devel:rhel), Debian (exim4 and firefox-esr), Fedora (dotnet8.0, firefox, onnx, qt6-qtbase, squid, and wordpress), Mageia (golang, netatalk, php, and poppler), Red Hat (ghostscript, httpd, openssh, python3, and ruby), Slackware (mozilla), SUSE (kernel and openssh), and Ubuntu (linux-aws-5.4, linux-azure, linux-ibm-5.15, and python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12).

The research value of thisUSENIX paper by Hongyu Li et al. is not entirely clear, but it doesshow that the Rust-for-Linux project is gaining wider attention.

The LWN.net Weekly Edition for July 11, 2024 is available.

Doug Brown documentsthe long journey to fixing a bug in the GDebi utility forinstalling Debian packages. He first encountered the bug inUbuntuMATE18.04: "at the time I just ignored thisissue. I didn't want to deal with it. I went off to the trusty Linuxterminal and installed Chrome that way instead".

Fedora Atomic Desktopand Fedora IoT systems installedbefore Fedora40 may fail to boot after an update if secure bootis enabled. Fedora Magazine has apost by Timothee Ravier about the problem, how users can workaround it, and what the project is doing to avoid the similar problemsin the future:

The eventfs filesystem provides an interface to the tracepoints that are availableto be used by various Linux tracing tools (e.g. ftrace, perf, uprobes,etc.); it is meant to be a version of the tracefs filesystem thatdynamically allocates its entries as needed. The goal is to reduce the memoryrequired for multiple instances of tracefs, as Steven Rostedt described ina session at the 2022Linux Storage,Filesystem, Memory Management, and BPF Summit. He returned to the 2024edition of the summit to talk further about how to make pseudo (or virtual)filesystems, such as tracefs/eventfs, more like regular Linux filesystems,where the directory entries (dentries) and inodes are only created (andcached) as needed.

Sxmo, short for "Simple X Mobile", is described on its web site as "aminimalist environment for Linux mobile devices"; it offers a menu-driveninterface that is controlled with the phone's hardware buttons. Sxmo enables the userto send SMS messages from a text editor and is entirely customizable withshell scripts. This peculiar mobile user interface significantly differsfrom the prevailing approach-but it works.

Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox, freeradius-server, haproxy, jbigkit, kernel, kernel-firmware, pam, ppp, python3-cryptography, skopeo, and tar), and Ubuntu (dotnet6, dotnet8, exim4, firefox, golang-1.21, golang-1.22, openssh, and python-django).

There are a number of kernel filesystems that store their directory entriesdirectly in the directory-entry cache (dcache) without having any permanentstorage for those objects. It started out as a "neat hack" for ramfs,Al Viro said, at the start of his filesystem-track session atthe2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. Unfortunately, as the useof this technique has grown into other filesystems, there has been a lot ofscope creep that has gotten out of control. He wanted to discuss some newinfrastructure that he is working on to try to clean some of that up.

Version128.0 of the Firefox browser has been released. Changes this timeinclude the ability to translate highlighted phrases from the context menu,display of recent searches on opening the address bar (US/Canada only), astreamlined dialog for clearing user data, and more.

ThePSP security protocol (PSP) is a way to transparently encrypt packets byefficiently offloading encryption and decryption to the networkinterface cards (NICs) that Google uses for connections inside its data centers. Theprotocol is similar toIPsec, in that it allows for wrapping arbitrary trafficin a layer of encryption. The difference is that PSP is encapsulated in UDP, anddesigned from the beginning to reduce the amount of state that NICshave to track in order to send and receive encrypted traffic, allowing for moresimultaneous connections. Jakub Kicinskiwants to add support for the protocol to the Linux kernel.

Alexander "Solar Designer" Peslyak has disclosed another OpenSSHvulnerability that can be exploited for remote code execution, but onlyon distributions that have applied a patch to add auditing support.Specifically, RHEL9 and derivatives are affected, as areFedora36 and37 (but not later releases).

Security updates have been issued by AlmaLinux (virt:rhel and virt-devel:rhel), Fedora (ghostscript, golang, httpd, libnbd, netatalk, rust-sequoia-chameleon-gnupg, rust-sequoia-gpg-agent, rust-sequoia-keystore, rust-sequoia-openpgp, and rust-sequoia-sq), Mageia (apache), Red Hat (booth, buildah, edk2, fence-agents, git, gvisor-tap-vsock, kernel, kernel-rt, less, libreswan, linux-firmware, openssh, pki-core, podman, postgresql-jdbc, python3, tpm2-tss, virt:rhel, and virt:rhel and virt-devel:rhel modules), SUSE (krb5, poppler, and python-docker), and Ubuntu (apache2, cinder, glance, nova, and Tomcat).

The 6.6.38 stable kernel update has beenreleased, without the benefit of the usual review process. It reverts someBPF changes with patches that do not appear in the mainline (in this form,at least). "All powerpc and arm64 users of the 6.6 kernel series mustupgrade. Everyone else probably should as well to be safe."

On his blog, Behdad Esfahbod has published a lengthy and detailed look at the state of open-source text rendering. It looks at the libraries available, application support, future directions, and gives a summary analysis of the ecosystem.

At DevConf.cz 2024,Marta Lewandowska gave a talk to discuss anew approach for booting Linux systems, "No more bootloader: Please use the kernel instead". The talk, available onYouTube, introduced a new project called nmbl (for "no more bootloader",pronounced "nimble"). The idea is to get rid of bootloaders (e.g., GNU GRUB) with aUnifiedKernel Image (UKI) that removes the need for a separate bootloaderaltogether. It is early days for nmbl, currently the project is onlybeing tested for use with virtual machines, but the idea iscompelling. If successful, nmbl could offer security, performance, andmaintenance benefits compared to GRUB and other separate bootloaders.

Version 15.1 of the GNU debugger has been released. Changes include anumber of enhancements to GDB's Python support, some Debugger AdapterProtocol additions, some new GDBserver options, and more.

Security updates have been issued by AlmaLinux (openssh), Debian (krb5), Fedora (yt-dlp), Gentoo (firefox, KDE Plasma Workspaces, Stellarium, thunderbird, and X.Org X11 library), Mageia (python-js2py and znc), Oracle (389-ds, c-ares, container-tools, cups, go-toolset, httpd:2.4/httpd, iperf3, kernel, less, libreoffice, libuv, nghttp2, openldap, openssh, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, and xmlrpc-c), Red Hat (kernel, kernel-rt, openssh, and virt:rhel and virt-devel:rhel modules), and SUSE (go1.21, go1.22, krb5, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, netty3, opera, and python-urllib3).

The 6.10-rc7 kernel prepatch is out fortesting.

ISO releases new C++language standards on a three-year cadence; now that it's beenmore than a year since the finalization ofC++23, we have a good idea of whatfeatures could be adopted forC++26 - although proposals canstill be submitted until January 2025. Of particular interest is the addition ofsupport forhazard pointers anduser-space read-copy-update (RCU).Even though C++26 is not yet a standard, many of the proposed features are alreadyavailable to experiment with in GCC or Clang.

Greg Kroah-Hartman has announced the release of seven more stable kernels.Versions 6.9.8,6.6.37,6.1.97,5.15.162,5.10.221,5.4.279,and 4.19.317 are now available.

Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).

Random numbers, it seems, can never be random enough, and they cannot begenerated quickly enough. The kernel's getrandom()system call might, after years of discussion, be seen as sufficientlysecure by most users, but it is still a system call. Linux system callsare relatively fast, but they are necessarily slower than calling afunction directly. In an attempt to speed the provision of secure randomdata to user space, Jason Donenfeld has put together animplementation of getrandom() that lives in the virtual dynamicshared object (vDSO) area.

Security updates have been issued by AlmaLinux (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, nghttp2, openldap, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), Debian (znc), Fedora (firmitas and libnbd), Mageia (dcmtk, krb5, libcdio, and openssh), Oracle (golang, openssh, pki-core, and qemu-kvm), Red Hat (openssh), SUSE (apache2-mod_auth_openidc, emacs, go1.21, go1.22, krb5, openCryptoki, and openssh), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux, linux-gcp, linux-gcp-6.5, linux-laptop, linux-nvidia-6.5, linux-raspi, linux, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-xilinx-zynqmp, linux, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-aws, linux-aws-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-starfive, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure, linux-azure-6.5, linux-bluefield, linux-iot, linux-gcp, linux-intel, linux-hwe-5.15, and php7.0 and php7.2).

The LWN.net Weekly Edition for July 4, 2024 is available.

There are a handful of extensions to the "new" mount API that ChristianBrauner wanted to discuss as part of a filesystem session at the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. In the session, though,the only one that he got to was a followup to last year's discussion on mount-operation monitoring.There is a need for user-space programs to be able to follow mountoperations (e.g. mount and unmount) that happen in the system, especiallyfor tools like containermanagers or systemd.

Debian's proposed tag2uploadservice would be worthy of an articleeven if it wasn't so contentious; tag2upload promises astreamlined way for Debian developers using Git to upload packages tothe DebianArchive. But tag2upload has been in limbo foryears due to disagreement and a communication breakdown between the teambehind tag2upload and the ftpmasters team. It took thethreat of a GeneralResolution (GR), weeks of discussion, and more than1,000 emails to finally move forward.