|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Rust code review and netdev

[Kernel] Posted Oct 31, 2023 17:43 UTC (Tue) by jake

A fast-moving patch set—seemingly the norm for Linux networking development—seeks to add some Rust abstractions for physical layer (PHY) drivers. Lots of review has been done, and the patch set has been reworked frequently in response to those comments. Unfortunately, the Rust-for-Linux developers are having trouble keeping up with that pace. There is, it would appear, something of a disconnect between the two communities' development practices.

Full Story (comments: 15)

[$] Some 6.6 development statistics

[Kernel] Posted Oct 30, 2023 16:18 UTC (Mon) by corbet

The 6.6 kernel was released, right on schedule, on October 29. This development cycle saw the addition of 14,069 non-merge changesets from 1,978 developers — fairly typical numbers for recent releases. The time has come for LWN's traditional look at where the changes in this release came from, along with a look at the longer development "supercycle" that (probably) ends with 6.6.

Full Story (comments: none)

[$] Deferred scheduling for user-space critical sections

[Kernel] Posted Oct 27, 2023 15:31 UTC (Fri) by corbet

User-space developers working with highly threaded applications would often like to be able to use spinlocks to protect shared data structures from concurrent access. There is a fundamental problem with user-space spinlocks, though: there is no way to prevent a thread from being preempted. Various ways of working around this problem have been explored, but this patch from Steven Rostedt questions the premise on which much of that work is based: what if it were possible to prevent preemption, for a short period at least?

Full Story (comments: 3)

[$] Better string handling for the kernel

[Kernel] Posted Oct 26, 2023 14:52 UTC (Thu) by corbet

The C programming language is replete with features that seemed like a good idea at the time (and perhaps even were good ideas then) that have not aged well. Most would likely agree that string handling, and the use of NUL-terminated strings, is one of those. Kernel developers have, for years, tried to improve the handling of strings in an attempt to slow the flow of bugs and vulnerabilities that result from mistakes in that area. Now there is an early discussion on the idea of moving away from NUL-terminated strings in much of the kernel.

Full Story (comments: 59)

[$] LWN.net Weekly Edition for October 26, 2023

Posted Oct 26, 2023 0:02 UTC (Thu)

The LWN.net Weekly Edition for October 26, 2023 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Hyphens, minus, and dashes; GNU C Library tunables; mseal(); Tiered-memory systems; Home assistant.
  • Briefs: Brief news items from throughout the community.
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

[$] Weighted interleaving for memory tiering

[Kernel] Posted Oct 25, 2023 16:13 UTC (Wed) by corbet

The kernel has, for many years, had the ability to control how memory allocation is performed in systems with multiple NUMA nodes. More recently, NUMA nodes have also been pressed into service to represent different classes of memory; those nodes are now organized into tiers according to their performance characteristics. While memory-allocation policies can control the placement of pages at the NUMA-node level, the kernel provides no way to connect those policies with memory tiers. This patch series from Gregory Price aims to change this situation by allowing allocations to be placed across tiers in a weighted manner.

Full Story (comments: none)

[$] Home Assistant: ten years of privacy-focused home automation

[Development] Posted Oct 24, 2023 14:40 UTC (Tue) by koenvervloesem

Many home-automation devices come with their own mobile app or cloud service. However, using multiple apps or services is inconvenient, so it's (purposely) tempting to only buy devices from the same vendor, but this can lead to lock-in. One project that lets users manage home-automation devices from various vendors without lock-in is Home Assistant. Over its ten-year existence, it has developed into a user-friendly home-automation platform that caters to both technically inclined and less tech-savvy people.

Full Story (comments: 28)

[$] Hyphens, minus, and dashes in Debian man pages

[Distributions] Posted Oct 23, 2023 13:07 UTC (Mon) by corbet

It is probably fair to say that most Linux users spend little time thinking about the troff typesetting program, despite that application's groundbreaking role in computing history. Troff (along with nroff) is still with us, though, even if they are called groff these days, and every now and then they make their presence known. A recent groff change created a bit of a tempest within the Debian community, and has effectively been reverted there. It all comes down to the question of what, exactly, is the character used to mark command-line options on Unix systems?

Full Story (comments: 116)

[$] mseal() and what comes after

[Kernel] Posted Oct 20, 2023 16:27 UTC (Fri) by corbet

Jeff Xu recently proposed the addition of a new system call, named mseal(), that would allow applications to prevent modifications to selected memory mappings. It would enable the hardening of user-space applications against certain types of attacks; some other operating systems have this type of feature already. There is support for adding this type of mechanism to the Linux kernel as well, but it has become clear that mseal() will not land in the mainline in anything resembling its current form. Instead, it has become an example of how not to do kernel development at a number of levels.

Full Story (comments: 19)

[$] Toward safer GNU C Library tunable handling

[Security] Posted Oct 19, 2023 15:12 UTC (Thu) by corbet

When considering the interface provided by the GNU C Library (glibc), thoughts naturally turn to the programming interface as specified by POSIX, along with numerous extensions added over the years. But glibc also provides a "tunables" interface to control how the library operates; rather than being managed by a C API, tunables are set with the GLIBC_TUNABLES environment variable. Glibc tunables have been a part of a few security problems involving setuid binaries, most recently the "Looney Tunables" bug disclosed at the beginning of October. The glibc developers are now considering significant changes to tunable handling in the hope of avoiding such problems in the future.

Full Story (comments: 12)

Incus 0.2 released

[Development] Posted Oct 31, 2023 14:48 UTC (Tue) by corbet

Version 0.2 of Incus, an LXD fork, has been released. "This version incorporates most changes that went into LXD 5.19 as well as introduce a few additional features and improvements." Changes include NVME storage support, support for migrating clustered environments from LXD, and more.

Comments (none posted)

Security updates for Tuesday

[Security] Posted Oct 31, 2023 13:11 UTC (Tue) by corbet

Security updates have been issued by Debian (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), Fedora (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), Gentoo (ConnMan, libxslt, and Salt), Mageia (chromium-browser-stable), Red Hat (firefox, libguestfs-winsupport, and thunderbird), SUSE (clamav, gcc13, gstreamer-plugins-bad, icu73_2, java-17-openjdk, nodejs10, poppler, python-Werkzeug, redis, thunderbird, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (kernel, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-iot, linux-raspi, linux-raspi-5.4, and mysql-8.0).

Full Story (comments: none)

Bjarne Stroustrup’s Plan for Bringing Safety to C++ (The New Stack)

[Development] Posted Oct 30, 2023 16:43 UTC (Mon) by corbet

The New Stack covers a conference talk by Bjarne Stroustrup on turning C++ into a safer language.

Stroustrup has arrived at his solution: profiles. (That is, a set of rules which, when followed, achieve specific safety guarantees.) They’d be defined by the ISO C++ standard, addressing common safety issues like pointers and array ranges. In response to a later question from the audience about the difficulty of adding new tooling, Stroustrup pointed out that the C++ compiler itself is now a pretty sophisticated static analyzer, and could also be tasked with meeting the profile's requirements.

Comments (103 posted)

Security updates for Monday

[Security] Posted Oct 30, 2023 13:46 UTC (Mon) by jake

Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).

Full Story (comments: none)

The 6.6 kernel has been released

[Kernel] Posted Oct 30, 2023 12:43 UTC (Mon) by corbet

Linus has released the 6.6 kernel. "So this last week has been pretty calm, and I have absolutely no excuses to delay the v6.6 release any more, so here it is."

Headline features in 6.6 include the earliest eligible virtual deadline first (EEVDF) CPU scheduler, a number of enhancements (quota support, user extended attributes, direct I/O) to the tmpfs filesystem, the fchmodat2() system call, initial support for building a kernel without buffer-head support, the kmalloc() randomness patches, user-space shadow stacks for Intel CPUs, and quite a bit more. See the LWN merge window summaries (part 1, part 2) and the KernelNewbies 6.6 page for more information.

Comments (3 posted)

Removing syscall() from OpenBSD

[Security] Posted Oct 27, 2023 15:31 UTC (Fri) by corbet

For a view into the OpenBSD approach to security, see this message from Theo de Raadt, where he describes a plan to remove the syscall() system call (which allows the invocation of any available system call by providing its number) from the kernel. The purpose, of course, is to make it harder for an attacker to invoke an arbitrary system call, even if they are able to run some code on the target system.

I hope I am forcing attack coders into using increasingly more complicated methods. Same time, it means fewer methods are available. Other methods make exploitation more fragile. This is pushing success rates into "low-percent statistical" success. If we teach more software stacks to "fail hard, don't try to recover", that is an improvement in security.

Full Story (comments: 32)

Security updates for Friday

[Security] Posted Oct 27, 2023 13:06 UTC (Fri) by corbet

Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk).

Full Story (comments: none)

Security updates for Thursday

[Security] Posted Oct 26, 2023 14:12 UTC (Thu) by corbet

Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland).

Full Story (comments: none)

The path toward a no-GIL Python

[Development] Posted Oct 25, 2023 15:45 UTC (Wed) by corbet

The Python Steering Council has posted a detailed plan for the addition of "free-threaded" (no global interpreter lock) support into the Python mainline. It will not be a short process and does not have a guaranteed successful outcome.

Phase I: Experimental phase, which can start immediately, in which the free-threaded build is enabled through a build-time option. This should not be the default install anywhere. At least one major Python release should include this experimental free-threaded build, to allow third-party packages to test and do their own experimentation. In this stage we should make it clear the build is experimental, not supported for “production use”, and may be reverted.

Comments (none posted)

Seven stable kernel updates

[Kernel] Posted Oct 25, 2023 15:32 UTC (Wed) by corbet

The 6.5.9, 6.1.60, 5.15.137, 5.10.199, 5.4.259, 4.19.297, and 4.14.328 stable kernels have all been released; each contains another set of important fixes.

Comments (none posted)

--> More news items


Copyright © 2023, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds