Linux Weekly News

Just one day after the RHEL 8.6 release, AlmaLinux 8.6 Stable has been released. See the release notes for more information. The AlmaLinux OS Foundation is excited to announce that AlmaLinux OS 8.6 Stable is now available. Just like a flash after the beta release. This stable release is for the x86_64, aarch64 and ppc64le architectures and is ready for production installations and to power all your computing needs and workloads. Grab it from the nearest mirror and join us on the AlmaLinux Community Chat to discuss.

Seven new stable kernels were released: 5.17.7, 5.15.39, 5.10.115, 5.4.193, 4.19.242, 4.14.278, and 4.9.313. As usual, they contain important fixes throughout the tree and users of those series should upgrade.

The kernel's "direct map" makes the entirety of a system's physical memory available in the kernel's virtual address space. Normally, huge pages are used for this mapping, making it relatively efficient to access. Increasingly, though, there is a need to carve some pages out of the direct map; this splits up those huge pages and makes the system as a whole less efficient. During a memory-management session at the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Mike Rapoport led a session on direct-map fragmentation and how it might be avoided.

Security updates have been issued by Fedora (microcode_ctl, mingw-SDL2_ttf, seamonkey, and thunderbird), Mageia (cifs-utils, gerbv, golang, libcaca, libxml2, openssl, python-pillow, python-rencode, python-twisted, python-ujson, slurm, and sqlite3), Red Hat (gzip, kernel, kpatch-patch, podman, rsync, subversion:1.10, and zlib), Scientific Linux (gzip), Slackware (curl), SUSE (clamav), and Ubuntu (curl, firefox, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux-oem-5.14).

The LWN.net Weekly Edition for May 12, 2022 is available.

On May 10, Red Hat announced the release of Red Hat Enterprise Linux 9 (RHEL 9). Not surprisingly, the announcement is rather buzzword-heavy and full of marketing, though there are some technical details scattered in it. The release notes for the RHEL 9 beta are available, which have a lot more information. "The platform will be generally available in the coming weeks." Building on decades of relentless innovation, the latest version of the world’s leading enterprise Linux platform is the first production release built from CentOS Stream, the continuously delivered Linux distribution that tracks just ahead of Red Hat Enterprise Linux. This approach helps the broader Red Hat Enterprise Linux ecosystem, from partners to customers to independent users, provide feedback, code and feature updates to the world’s leading enterprise Linux platform.

Phoronix reports that the days of proprietary NVIDIA graphics drivers are coming to a close.

NVIDIA's open kernel modules is already considered "production ready, opt-in" for data center GPUs. For GeForce and workstation GPUs, the open kernel module code is considered "alpha quality" but will be ramped up moving forward with future releases. NVIDIA has already deprecated the monolithic kernel module approach for their data center GPU support to focus on this open kernel driver solution (and their existing proprietary kernel module using the GSP). Only Turing and newer GPUs will be supported by this open-source kernel driver. Pre-Turing GPUs are left to using the existing proprietary kernel drivers or the Nouveau DRM driver for that matter.

The user-space code remains proprietary, though, which could inhibit the eventual merging of this code into the mainline kernel.

Update: here is NVIDIA's press release on the new drivers.

In a filesystem session at the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Ted Ts'o brought up the subject of filesystems that get resized frequently and whether the default parameters for filesystem creation should change as a result. It stems from a conversation that he had with XFS developer Darrick Wong, who is experiencing some of the same challenges as ext4 in this area. He outlined the problem and how it comes about, then led the discussion on ways to perhaps address it.

Out-of-memory (OOM) situations are dreaded by users, system administrators, and kernel developers alike. Usually, all that is known is that a lot of memory is being used somewhere and the system has run out, but the kernel provides little help to anybody trying to figure out where the memory has gone. In a memory-management session at the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Kent Overstreet asked what could be done to improve OOM reports and reduce the pain for all involved.

Over on the Python Software Foundation (PSF) blog, Alex Waygood has a report from this year's Python Language Summit. There are reports from each of the nine sessions, including "Python without the GIL", The 'Faster CPython' project: 3.12 and beyond", "F-Strings in the grammar", lightning talks, and more.

Memory protection keys are a CPU feature that allows additional access restrictions to be imposed on regions of memory and changed in a fast and efficient way. Support for protection keys in user space has been in the kernel for some time, but kernel-side protection (often called "protection keys supervisor" or PKS) remains unsupported — on x86, at least. At the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Ira Weiny provided an update on the state of PKS and led a discussion on what the proper in-kernel API for PKS should be.

The Rust Blog warns developers of a malicious crate named rustdecimal, which was evidently targeted at GitLab users who mistype rust_decimal.

The crate contained identical source code and functionality as the legit rust_decimal crate, except for the Decimal::new function.

When the function was called, it checked whether the GITLAB_CI environment variable was set, and if so it downloaded a binary payload into /tmp/git-updater.bin and executed it. The binary payload supported both Linux and macOS, but not Windows.

Security updates have been issued by Debian (mutt), Fedora (blender, freerdp, kernel, kernel-headers, kernel-tools, mingw-freetype, and vim), Oracle (kernel and kernel-container), Red Hat (aspell, bind, bluez, c-ares, cairo and pixman, cockpit, compat-exiv2-026, container-tools:3.0, container-tools:rhel8, cpio, dovecot, exiv2, fapolicyd, fetchmail, flatpak, gfbgraph, gnome-shell, go-toolset:rhel8, grafana, grub2, httpd:2.4, keepalived, kernel, kernel-rt, libpq, libreoffice, libsndfile, libssh, libtiff, lynx, maven:3.5, maven:3.6, mod_auth_mellon, mod_auth_openidc:2.3, openssh, php:7.4, pki-core:10.6, postgresql:10, python-lxml, python27:2.7, python3, python38:3.8 python38-devel:3.8, python39:3.9 python39-devel:3.9, qt5-qtbase, qt5-qtsvg, rust-toolset:rhel8, samba, squid:4, udisks2, virt:rhel virt-devel:rhel, webkit2gtk3, xorg-x11-server xorg-x11-server-Xwayland, and zsh), SUSE (gzip and php-composer), and Ubuntu (busybox, cairo, cron, dnsmasq, libsndfile, and nss).

It would have been surprising indeed if the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM) did not include a session working toward solutions to the longstanding problems with get_user_pages(), an internal function that locks user-space pages in memory for access by the kernel. The issue has, after all, come up numerous times over the years. This year's event duly contained a session in the joint filesystem and memory-management track, led by John Hubbard, with a focus on page pinning and how it interacts with filesystems.

In a combined filesystem and memory-management session at the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Paul McKenney gave an update on the changes to the read-copy-update (RCU) subsystem that had been made over the last several years. He started with a quick overview of what RCU is and why it exists at all. He did not go into any real depth, though, since many of the topics could take a 90-minute session of their own, he said, but he did provide some descriptions of the work that has gone into RCU recently.

The 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM) was the first chance for Linux memory-management developers to gather in three years. In a session at the end of the first day led by maintainer Andrew Morton, those developers discussed the memory-management development process. While the overall governance will remain the same, there are nonetheless some significant changes in store for this subsystem.

The Fedora 36 release is now available. Improvements include GNOME 42, Wayland support by default on systems with NVIDIA graphics, Podman 4.0, Ansible 5, the removal of support for legacy ifcfg configuration files, GCC 12, and more; see the release notes for details.

Like much of the kernel, the memory-management subsystem is under-documented, and much of the documentation that does exist is less than fully current. At the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Mike Rapoport ran a session on memory-management documentation and what can be done to improve it. The result was a reinvigorated interest in documentation, but only time will tell what actual improvements will come from that interest.

Security updates have been issued by Debian (kicad and qemu), Fedora (thunderbird), Oracle (expat), Red Hat (samba), Slackware (kernel), and SUSE (firefox, ldb, and rsyslog).

Lennart Poettering designs his ideal desktop operating system in great detail:

First and foremost, I think the focus must be on an image-based design rather than a package-based one. For robustness and security it is essential to operate with reproducible, immutable images that describe the OS or large parts of it in full, rather than operating always with fine-grained RPM/dpkg style packages. That's not to say that packages are not relevant (I actually think they matter a lot!), but I think they should be less of a tool for deploying code but more one of building the objects to deploy.