Linux Weekly News

In part 1 of this article, we gave an overview of the Kernel Concurrency Sanitizer (KCSAN) and looked how it can detect data races in the kernel. KCSAN uses the definition of "data race" that is part of the Linux-Kernel Memory Consistency Model (LKMM), but there is more that KCSAN can do. This concluding part of the article describes other ways that the tool can be used to find data races and other kinds of problems in concurrent code. It provides some ideas on strategies and best practices, briefly considers some alternative approaches, and concludes with some known limitations.

The Zimbra email and collaboration suite will change its open source policy. This post from the Zeta Alliance notes the changes for Zimbra 9. "John E. explained that Zimbra 9 introduces a change to Synacor's open source policy for Zimbra. Starting with Zimbra 9, a binary version of Zimbra 9 will no longer be released to the community and will instead only be made available to Zimbra Network Edition customers. There are currently no plans to release the source code for Zimbra 9 to the community. Zimbra 8.8.15 will remain open source for the community and continue to be supported for the remainder of its lifecycle through December, 31, 2024 (https://www.zimbra.com/support/support- ... lifecycle/). Version 8.8.15 will also continue to receive patches during this time frame. John E. described this new model for Zimbra 9 as "open core" where the open source products on which Zimbra is built will continue to be freely available, but the Zimbra 9 product itself will not be open source." (Thanks to Emmanuel Seyman)

Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird).

By the end of the 5.7 merge window, 11,998 non-merge changesets had been pulled into the mainline repository for this development cycle. That is 1,218 more than were seen during the 5.6 merge window; it would appear that current world events have not succeeded in slowing down the kernel community — at least, not yet. The latter half of the merge window tends to see more fixes and fewer new features, but there are still a number of interesting things that showed up after the first-half summary was written.

Stable kernels 5.6.4, 5.5.17, 5.4.32, 4.19.115, 4.14.176, 4.9.219, and 4.4.219 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet).

Linus has released the 5.7-rc1 kernel prepatch and closed the merge window for this development cycle. "Maybe an hour or two early, because it's Easter Sunday, and I may be socially distancing but we're still doing the usual Finnish Easter dinner with lamb, mämma and pasha... I may not be religious, but tradition is tradition. Thanks to the social distancing, this year we'll have to forgo trying to force-feed our poor American friends mämma, which never really works out anyway. In fact, I think I can hear the sighs of relief from miles away."

The NGI POINTER program, funded by the European Commission, is looking for interesting development project to support. Its objective is "to support promising bottom-up projects that are able to build, on top of state-of-the-art research, scalable protocols and tools to assist in the practical transition or migration to new or updated technologies, whilst keeping European Values at the core." The application period is open; there must be no end of interesting projects in the free-software space that would fit within this program's parameters. (Thanks to Thorsten Leemhuis).

While social distancing often comes naturally to free-software developers, there are still times when we wish to talk to each other. In the absence of community conferences, the next-best alternative is often video conferencing. While video conferences tend to be held using centralized, proprietary systems, there are free alternatives as well. LWN recently looked at Jitsi but this effort did not stop there; next on the list is BigBlueButton, a system that is oriented toward the needs of online educators but is applicable beyond that use case.

The Blender 3D modeling and rendering project mourns the passing of Octavio Mendez. "It is with great sadness that I must report we lost a great community member today. Octavio Mendez, a long-time cornerstone of the Mexican Blender and open source community, has passed away after fighting the Corona virus." Gunnar Wolf also has a tribute: "Long-time free software supporter, very well known for his craft –and for his teaching– with Blender."

Security updates have been issued by Arch Linux (chromium, firefox, haproxy, libssh, and wireshark-cli), Fedora (firefox, glibc, nss, and rubygem-puma), openSUSE (ceph, exim, firefox, and gnuhealth), Oracle (firefox, kernel, and qemu-kvm), and SUSE (djvulibre and firefox).

A new parser for the CPython implementation of the Python language has been in the works for a while, but the announcement of a Python Enhancement Proposal (PEP) for it indicates that we may see it fairly soon. The intent is to add the parser, and make it the default for Python 3.9, which is due in October. If that plan holds, the current parser will not be going away for another year or so after that. The change should go completely unnoticed within the community; the benefits are mainly for the CPython core developers in the form of easier maintenance.

The openSUSE Leap distribution is a community effort built on top of a set of stable packages from the SUSE Linux Enterprise offering. SUSE is now floating a proposal to unify the work of building those two distributions; click below for the details or see the "closing the Leap gap" FAQ, which summarizes things this way: "Today, SUSE is also offering the pre-built binaries from SLE in addition to the sources, to increase compatibility and to leverage synergies." The intended advantages (or "leveraged synergies") seem to be reducing the effort required to create Leap and making it easier to migrate a system between the two distributions.

Here's a message posted by Olaf Schmidt-Wischhöfer to the kde-community mailing list detailing the current state of discussions between the KDE community, the Qt development project, and the Qt Company. It seems they are not going entirely well. "But last week, the company suddenly informed both the KDE e.V. board and the KDE Free QT Foundation that the economic outlook caused by the Corona virus puts more pressure on them to increase short-term revenue. As a result, they are thinking about restricting ALL Qt releases to paid license holders for the first 12 months. They are aware that this would mean the end of contributions via Open Governance in practice."

There is a response from the Qt Company that doesn't add a whole lot.

Security updates have been issued by CentOS (firefox, ipmitool, krb5-appl, and telnet), Debian (ceph and firefox-esr), Mageia (firefox), openSUSE (bluez and exiv2), Red Hat (firefox), SUSE (ceph, libssh, mgetty, permissions, python-PyYAML, rubygem-actionview-4_2, and vino), and Ubuntu (libiberty and libssh).

The LWN.net Weekly Edition for April 9, 2020 is available.

Stable kernels 5.6.3, 5.5.16, and 5.4.31 have been released. As usual, they all contain important fixes and users should upgrade.

Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).

The first installment of the "big bad" series described how a compiler can optimize your concurrent program into oblivion, while the second installment introduced a tool to analyze small litmus tests for such problems. Those two articles can be especially helpful for training, design discussions, and checking small samples of code. Although such automated training and design tools are welcome, automated code inspection that could locate even one class of concurrency bugs would be even better. In this two-part article, we look at a tool to do that kind of analysis.

One of the many features merged for the 5.7 kernel is split-lock detection for the x86 architecture. This feature has encountered a fair amount of controversy over the course of its development, with the result that the time between its initial posting and appearance in a released kernel will end up being over two years. As it happens, there is another hurdle for split-lock detection even after its merging into the mainline; this feature threatens to create problems for a number of virtualization solutions, and it's not clear what the solution would be.