Linux Weekly News

"Subinterpreters", which are separate Python interpreters running in the same process that can be created using the C API, have been a part of Python since the previous century (version 1.5 in 1997), but they are largely unknown and unused. Eric Snow has been on something of a quest, since 2015 or so, to bring better multicore processing to Python by way of subinterpreters (or "multiple interpreters"). He has made it part of the way there, with the adoption of a separate global interpreter lock (GIL) for each subinterpreter, which was added for Python 3.12. Back in April, Snow gave a talk (YouTube video) at PyCon about multiple interpreters, their status, and his plans for the feature in the future.

Version 5.0 ("Daedalus") of the Debian-based Devuan distribution has been released. "This is the result of many months of painstaking work by the Team and detailed testing by the wider Devuan community." The announcement lists a couple of new features but mostly defers to the Debian 12 ("bookworm") release notes.

The 2023 Maintainers Summit will be held on November 16 in Richmond, VA, immediately after the Linux Plumbers Conference.

As in previous years, the Maintainers Summit is invite-only, where the primary focus will be process issues around Linux Kernel Development. It will be limited to 30 invitees and a handful of sponsored attendees.

The call for topics has just gone out, with the first invitations to be sent within a couple of weeks or so.

Security updates have been issued by Debian (samba), Red Hat (.NET 6.0, .NET 7.0, rh-dotnet60-dotnet, rust, rust-toolset-1.66-rust, and rust-toolset:rhel8), and SUSE (kernel and opensuse-welcome).

For those who find the 6.x kernel intimidating, Seiya Nuta has written a look at the 0.01 kernel, which reflects a simpler time.

By the way, there's an interesting comment about the scheduler:

* 'schedule()' is the scheduler function. This is GOOD CODE! There * probably won't be any reason to change this, as it should work well * in all circumstances (ie gives IO-bound processes good response etc).

Yes it's indeed good code. Unfortunately (or fortunately), this prophecy is false. Linux became one of most practical and performant kernel which has introduced many new scheduling improvements and algorithms over the years, like Completely Fair Scheduler (CFS).

The Linux fast user-space mutex ("futex") subsystem debuted with the 2.6.0 kernel; it provides a mechanism that can be used to implement user-space locking. Since futexes avoid calling into the kernel whenever possible, they can indeed be fast, especially in the uncontended case. The API used to access futexes has never been seen as one of Linux's strongest points, though, so there has long been a desire to improve it. This patch series from Peter Zijlstra shows what the future of futexes may look like.

Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).

The 6.5-rc6 kernel prepatch is out for testing.

So apart from the regularly scheduled hardware mitigation patches, everything looks fairly normal. And I guess the hw mitigation is to be considered normal too, apart from the inevitable fixup patches it then causes because the embargo keeps us from testing it widely and keeps it from all our public automation. Sigh.

LWN recently covered a discussion on file-position locking that demonstrated the hazards that can result from unexpected concurrency. It turns out that this discussion had not yet fully run its course. Since that article was written, additional changes intended to address a performance regression evolved into a core virtual filesystem (VFS) layer API change to carry out some much-delayed housecleaning.

Greg Kroah-Hartman has announced the release of the 6.4.10, 6.1.45, 5.10.190, 5.4.253, 4.19.291, and 4.14.322 stable kernels. Note that 5.15.126 was also in the review process for this batch, but has not (yet) been released. Meanwhile, the rest of the batch all have important fixes throughout the kernel tree, as usual.

Update: the 5.15.126 announcement has now gone out as well.

Security updates have been issued by Debian (intel-microcode, kernel, and php-dompdf), Fedora (linux-firmware, OpenImageIO, and php), Oracle (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), SUSE (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and Ubuntu (dotnet6, dotnet7, php-dompdf, and velocity-tools).

The Open Enterprise Linux Association has announced its existence. It is a collaboration between CIQ (Rocky Linux), Oracle, and SUSE to provide an RHEL-compatible distribution.

Starting later this year, OpenELA will provide sources necessary for downstreams compatible with RHEL to exist, with initial focus on RHEL versions EL8, EL9 and possibly EL7. The project is committed to ensuring the continued availability of OpenELA sources to the community indefinitely.

OpenELA’s core tenets, reflecting the spirit of the project, include full compliance with this existing standard, swift updates and secure fixes, transparency, community, and ensuring the resource remains free and redistributable for all.

It is the kernel's business to know when a process's memory has been written to; among other things, this knowledge is needed to determine which pages can be immediately reclaimed or to properly write dirty pages to backing store. Sometimes, though, user space also needs access to this information in a reliable and fast manner. This patch series from Muhammad Usama Anjum adds a new ioctl() call for this purpose; using it requires repurposing an existing system call in an unusual way, though.

OpenSSH 9.4 has been released. Changes this time include the ability to forward Unix-domain sockets, a tags mechanism for more flexible configuration, and more.

Security updates have been issued by Debian (firefox-esr), Fedora (chromium, kernel, krb5, and rust), and Ubuntu (graphite-web and velocity).

The LWN.net Weekly Edition for August 10, 2023 is available.

The global interpreter lock (GIL) has been a part of CPython since the beginning—nearly—but that seems likely to change over the next five or so years. As we described last week, the Python steering council has announced its intention to start moving toward a no-GIL CPython, potentially as soon as Python 3.13 in October 2024 for the preliminaries. The no-GIL version of CPython comes from Sam Gross, who introduced it as a proof-of-concept nearly two years ago; now, the idea has been formalized in a Python Enhancement Proposal (PEP) that describes no-GIL mode and how it interacts with the rest of the Python ecosystem.

Security updates have been issued by Debian (cjose, hdf5, and orthanc), Fedora (java-17-openjdk and seamonkey), Red Hat (curl, dbus, iperf3, kernel, kpatch-patch, libcap, libxml2, nodejs:16, nodejs:18, postgresql:10, postgresql:12, postgresql:13, and python-requests), SUSE (bluez, cjose, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, keylime, openssl-1_1, openssl-3, pipewire, poppler, qemu, rubygem-actionpack-4_2, rubygem-actionpack-5_1, rust1.71, tomcat, webkit2gtk3, and wireshark), and Ubuntu (binutils, dotnet6, dotnet7, openssh, php-dompdf, and unixodbc).

Getting a stack trace of a running program is useful in a variety of scenarios: tracing, profiling, debugging, performance tuning, and more. There are existing mechanisms to get stack traces, but there are some downsides to them; the "Simple Frame" (SFrame) stack-trace format came about to address the shortcomings in the other techniques. Back in May, Steve Rostedt and Indu Bhagat gave a talk about SFrame support in the kernel as part of LSFMM+BPF; a few days later, Bhagat gave a more general talk about SFrame (YouTube video) at Open Source Summit North America in Vancouver. That second talk helped fill in some other aspects of SFrame and the overall stack-tracing picture.

The 6.4.9, 6.1.44, 5.15.125, 5.10.189, 5.4.252, 4.19.290, and 4.14.321 stable kernel updates have all been released; they are dominated by fixes for the latest round of speculative-execution vulnerabilities.

Do note the warning attached to each of these releases:

Note, PLEASE TEST this kernel if you are on the 6.4.y tree before using it in a real workload. This was a quick release due to the obvious security fixes in it, and as such, it has not had very much testing "in the wild". Please let us know of any problems seen. Also note that the user/kernel api for the new security mitigations might be changing over time, so do not get used to them being fixed in stone just yet.