|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] The first half of the 5.13 merge window

[Kernel] Posted Apr 30, 2021 13:24 UTC (Fri) by corbet

As of this writing, just over 7,800 non-merge commits have been pulled into the mainline repository for the 5.13 development cycle. It does indeed seem true that 5.13 will be busier than its predecessor was. The work merged thus far affects subsystems across the kernel; read on for a summary of what has been merged so far.

Full Story (comments: none)

[$] An update on the UMN affair

[Front] Posted Apr 29, 2021 14:39 UTC (Thu) by corbet

On April 20, the world became aware of a research program conducted out of the University of Minnesota (UMN) that involved submitting intentionally buggy patches for inclusion into the Linux kernel. Since then, a paper resulting from this work has been withdrawn, various letters have gone back and forth, and numerous patches from UMN have been audited. It's clearly time for an update on the situation.

Full Story (comments: 33)

[$] LWN.net Weekly Edition for April 29, 2021

Posted Apr 29, 2021 0:16 UTC (Thu)

The LWN.net Weekly Edition for April 29, 2021 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Fedora's compiler policy; Signed BPF programs; SO_REUSEPORT; Ext4 information leaks; 5.12 development statistics.
  • Briefs: Brief news items from throughout the community.
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

[$] Rethinking Fedora's compiler policy

[Distributions] Posted Apr 28, 2021 15:52 UTC (Wed) by corbet

Now that the Fedora 34 release is out the door, the Fedora project is turning its attention to Fedora 35, which is currently scheduled for release on October 26. One of the changes under consideration for Fedora 35 is this proposal allowing maintainers to choose whether to build their packages with GCC or Clang. This policy change may give maintainers some welcome flexibility, but it has not proved entirely popular in the Fedora community.

Full Story (comments: 9)

[$] Preventing information leaks from ext4 filesystems

[Kernel] Posted Apr 27, 2021 15:33 UTC (Tue) by corbet

A filesystem's role is to store information and retrieve it in its original form on request. But filesystems are also expected to prevent the retrieval of information by people who should not see it. That requirement extends to data that has been deleted; users expect that data to be truly gone and will not welcome its reappearance in surprising places. Some work being done with ext4 shows the kind of measures that are required to live up to that expectation.

Full Story (comments: 58)

[$] Some 5.12 development statistics

[Kernel] Posted Apr 26, 2021 16:45 UTC (Mon) by corbet

By the time the 5.12 kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainline repository for this development cycle. That makes 5.12 the slowest development cycle since 5.6, which was released at the end of March 2020. Still, there was plenty of work done for 5.12. Read on for our traditional look at where that work came from and how it got into the kernel.

Full Story (comments: none)

[$] Avoiding unintended connection failures with SO_REUSEPORT

[Kernel] Posted Apr 23, 2021 14:54 UTC (Fri) by corbet

Many of us think that we operate busy web servers; LWN's server, for example, sweats hard when keeping up with the comment stream that accompanies any article mentioning the Rust programming language. But some organizations run truly busy servers and have to take some extraordinary measures to keep up with levels of traffic that even language advocates cannot create. The SO_REUSEPORT socket option is one of many features that have been added to the network stack to help these use cases. SO_REUSEPORT suffers from an implementation problem that can cause connections to fail, though. Kuniyuki Iwashima has posted a patch set addressing this problem, but there is some doubt as to whether it takes the right approach.

Full Story (comments: 35)

[$] Toward signed BPF programs

[Kernel] Posted Apr 22, 2021 13:52 UTC (Thu) by corbet

The kernel's BPF virtual machine is versatile; it is possible to load BPF programs into the kernel to carry out a large (and growing) set of tasks. The growing body of BPF code can reasonably be thought of as kernel code in its own right. But, while the kernel can check signatures on loadable modules and prevent the loading of modules that are not properly signed, there is no such mechanism for BPF programs; any sufficiently privileged process can load any program that will pass the verifier. One might think that adding this checking for BPF would be straightforward, but that subsystem has some unique characteristics that make things more challenging than one might expect. There may be a solution in the works, though; fittingly, it works by loading yet another BPF program.

Full Story (comments: 2)

LWN.net Weekly Edition for April 22, 2021

Posted Apr 22, 2021 0:41 UTC (Thu)

The LWN.net Weekly Edition for April 22, 2021 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Intentionally buggy patches; process_vm_exec(); Fedora 34; Btrfs on zoned devices; Rust in the kernel.
  • Briefs: Rust for Linux; tglx on the realtime project; Debian election results; LLVM 12; OpenSSH 8.6; GNU Assembly; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

Intentionally buggy commits for fame—and papers

[Kernel] Posted Apr 21, 2021 22:00 UTC (Wed) by jake

A buggy patch posted to the linux-kernel mailing list in early April was apparently the last straw for Greg Kroah-Hartman as it led to the planned reversion of a whole slew of commits with one thing in common: their origin at the University of Minnesota (UMN). The patch to the NFSv4 authorization mechanism was duly questioned by two NFS developers, but it is not an honest mistake; according to Kroah-Hartman, there has been an attack of sorts underway as part of some academic research at the university. In order to be sure that these intentional bugs, many with security implications, do not continue to haunt Linux, he is working on reverting commits that came from email addresses with the umn.edu domain.

Full Story (comments: 104)

QEMU 6.0.0 released

[Development] Posted Apr 30, 2021 13:28 UTC (Fri) by corbet

Version 6.0.0 of the QEMU hardware emulator is out. "This release contains 3300+ commits from 268 authors." This release includes a lot of new emulations; see the announcement for a short list or the changelog for details.

Comments (none posted)

Security updates for Friday

[Security] Posted Apr 30, 2021 13:22 UTC (Fri) by corbet

Security updates have been issued by Arch Linux (bind, chromium, firefox, gitlab, libupnp, nimble, opera, thunderbird, virtualbox, and vivaldi), Debian (composer, edk2, and libhibernate3-java), Fedora (java-1.8.0-openjdk, jetty, and samba), openSUSE (nim), Oracle (bind and runc), Red Hat (bind), SUSE (cifs-utils, cups, ldb, samba, permissions, samba, and tomcat), and Ubuntu (samba).

Full Story (comments: none)

Michlmayr: Growing open-source projects with a stable foundation

[Development] Posted Apr 29, 2021 16:25 UTC (Thu) by corbet

Martin Michlmayr has put together a primer on managing open-source projects through their growth cycle, specifically with the help of a support foundation, and published the results as a 67-page PDF file.

Starting an open source project is easy. Running a successful project, on the other hand, comes with a lot of work and responsibilities, especially if the project attracts a large user base. While open source projects come in all shapes and forms, most projects encounter a similar set of growth issues throughout their life cycles. Because of this, various organizations have arisen to help projects handle these problems; these organizations are generally known as FOSS foundations. This primer covers non-technical aspects that the majority of projects will have to consider at some point. It also explains how FOSS foundations can help projects grow and succeed.

He has also posted a separate research report [PDF] on foundations that support open-source projects.

Comments (1 posted)

Security updates for Thursday

[Security] Posted Apr 29, 2021 13:29 UTC (Thu) by corbet

Security updates have been issued by Fedora (ceph, jetty, kernel, kernel-headers, kernel-tools, openvpn, and shim-unsigned-x64), Mageia (firefox and thunderbird), Oracle (nss and openldap), Red Hat (bind), Slackware (bind), SUSE (firefox, giflib, java-1_7_0-openjdk, libnettle, librsvg, thunderbird, and webkit2gtk3), and Ubuntu (bind9 and gst-plugins-good1.0).

Full Story (comments: none)

"Full disclosure" from the University of Minnesota

[Kernel] Posted Apr 28, 2021 16:31 UTC (Wed) by corbet

The researchers at the University of Minnesota have posted a description of the work they did [PDF] as part of their "hypocrite commits" project. It includes a list of the buggy commits they posted and how they were handled.

In the following we will show two parts: (1) the message log of our disclosure of the findings to the community, and (2) the patches we submitted. By showing the details of the patches and the exchange of messages, we wish to help the community to confirm that the buggy patches were "stopped" during message exchanges and not merged into the actual Linux code. No other interactions with the Linux Kernel team has involved intentional deception or intentionally misleading or bad patches. This misguided behavior on our part was limited to the patches described and clarified in this document.

Amusingly, one of their attempts to submit a buggy commit was, itself, buggy, yielding a valid change overall.

Comments (15 posted)

A set of stable kernel updates

[Kernel] Posted Apr 28, 2021 15:49 UTC (Wed) by ris

Stable kernels 5.11.17, 5.10.33, 5.4.115, 4.19.189, 4.14.232, 4.9.268, and 4.4.268 have been released. They all contain important fixes and users should upgrade.

Comments (none posted)

Security updates for Wednesday

[Security] Posted Apr 28, 2021 15:36 UTC (Wed) by ris

Security updates have been issued by Debian (chromium and shibboleth-sp), Fedora (ceph and salt), Oracle (thunderbird), Red Hat (etcd), Scientific Linux (nss and openldap), SUSE (curl, gdm, and libnettle), and Ubuntu (openjdk-8, openjdk-lts and underscore).

Full Story (comments: none)

An Interview With Linus Torvalds: Linux and Git (Tag1)

[Kernel] Posted Apr 28, 2021 15:18 UTC (Wed) by corbet

The Tag1 Consulting site has posted an interview with Linus Torvalds.

So I think the GPLv2 is pretty much the perfect balance of "everybody works under the same rules", and still requires that people give back to the community ("tit-for-tat"). And everybody knows that all the other people involved are bound by the same rules, so it's all very equitable and fair.

Of course, another part of that is that you also get out what you put in. Sure, you can try to "coast" on the project and be just a user, and that's ok. But if you do that, you also have no control over the project. That can be perfectly fine too, if you really just need a basic operating system, and Linux already does everything you want. But if you have special requirements, the only way to really affect the project is to participate.

Comments (15 posted)

Yocto Project 3.3 (hardknott-25.0.0) released

[Distributions] Posted Apr 27, 2021 19:28 UTC (Tue) by ris

Yocto Project, a system to build embedded Linux distributions, released version 3.3 "Hardknott". In this version all OE-Core recipes build reproducibly regardless of host distro/build location except golang recipes and ruby's docs package. There are many more new features, upgrades, and bug fixes. The release notes have more details.

Full Story (comments: 2)

Security updates for Tuesday

[Security] Posted Apr 27, 2021 15:28 UTC (Tue) by ris

Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).

Full Story (comments: none)

--> More news items


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds