Linux Weekly News

Some years back, I was caught in a weak moment and somehow became the kernel documentation maintainer. More recently, I've given a few talks on the state of kernel documentation and the sort of work that needs to be done to make things better. A key part of getting that work done is communicating to potential contributors the tasks that they might helpfully take on — a list that was, naturally, entirely undocumented. To that end, a version of the following document is currently under review and headed for the mainline. Read on to see how you, too, can help to make the kernel's documentation better.

Greg Kroah-Hartman has announced the release of the 4.4.211, 4.9.211, 4.14.167, 4.19.98, and 5.4.14 stable kernels. As usual, these contain important fixes throughout the kernel tree; users should upgrade.

Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).

The LWN.net Weekly Edition for January 23, 2020 is available.

Keith Packard is no stranger to the linux.conf.au stage; he has spoken on a wide variety of topics since he started going to the conference in 2004 (which was held in Adelaide, where organizers apparently had a lot of ice cream for attendees). One of his talks at this year's conference was on an education-focused project that he has been working on for around a year: a version of Python called "Snek" targeting embedded processors. He gave a look at some of the history of his work with 10-12 year-old students that led to the development of Snek as well as some plans for the language—and hardware to run it on—moving forward.

Security updates have been issued by Debian (tiff and transfig), Fedora (thunderbird-enigmail), Mageia (ffmpeg and sox), openSUSE (fontforge, python3, and tigervnc), Oracle (python-reportlab), Red Hat (apache-commons-beanutils, java-1.8.0-openjdk, kernel, kernel-alt, libarchive, openslp, openvswitch2.11, openvswitch2.12, and python-reportlab), Scientific Linux (java-1.8.0-openjdk and python-reportlab), SUSE (samba and tigervnc), and Ubuntu (python-pysaml2).

Control-flow integrity (CFI) is a technique used to reduce the ability to redirect the execution of a program's code in attacker-specified ways. The Clang compiler has some features that can assist in maintaining control-flow integrity, which have been applied to the Android kernel. Kees Cook gave a talk about CFI for the Linux kernel at the recently concluded linux.conf.au in Gold Coast, Australia.

Wine 5.0 has been released. The main highlights are builtin modules in PE format, multi-monitor support, XAudio2 reimplementation, and Vulkan 1.1 support. Wine is capable of running Windows applications on Linux and other POSIX-compliant systems.

Brent Roose argues that it is time to take another look at PHP. "In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago."

Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba).

Once upon a time, there were few ways for one process to operate upon another after its creation; sending signals and ptrace() were about it. In recent years, interest in providing ways for processes to control others has been on the increase, and the kernel's process-management API has been expanded accordingly. Along these lines, the process_madvise() system call has been proposed as a way for one process to influence how memory management is done in another. There is a new process_madvise() series which is interesting in its own right, but this series has also raised a couple of questions about how process management should be improved in general.

GNU make 4.3 is out. New features include explicit grouped targets, a new .EXTRA_PREREQS variable, the ability to specify parallel builds in the makefile itself, and more. There are also a couple of backward-incompatible changes; see the announcement for details.

Security updates have been issued by CentOS (git, java-11-openjdk, and thunderbird), Debian (cacti, chromium, gpac, kernel, openjdk-11, ruby-excon, and thunderbird), Fedora (chromium and rubygem-rack), Mageia (suricata, tigervnc, and wireshark), openSUSE (glusterfs, libredwg, and uftpd), and Ubuntu (linux-hwe and sysstat).

The 5.5-rc7 kernel prepatch is out. Linus is still unsure whether the final 5.5 release will come out next week or not: "if it looks like there's pent-up fixes pending next week, I'll make another rc".

Stable kernels 5.4.13, 4.19.97, and 4.14.166 have been released. They all contain important fixes and users should upgrade.

The "kernel runtime security instrumentation" (or KRSI) patch set enables the attachment of BPF programs to every security hook in the kernel; LWN covered this work in December. That article focused on ABI issues, but it deferred another potential problem to our 2020 predictions: the possibility that vendors could start shipping proprietary BPF programs for use with frameworks like KRSI. Other developers did pick up on the possibility that KRSI could be abused this way, though, leading to a discussion on whether KRSI should continue to allow the loading of BPF programs that do not carry a GPL-compatible license.

Fedora Magazine reports that the Fedora CoreOS distribution is now deemed ready for use. "Fedora CoreOS is a new Fedora Edition built specifically for running containerized workloads securely and at scale. It’s the successor to both Fedora Atomic Host and CoreOS Container Linux and is part of our effort to explore new ways of assembling and updating an OS. Fedora CoreOS combines the provisioning tools and automatic update model of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host."

Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).

Android users make heavy use of the displays on their devices for almost all of their interaction; good display performance is thus critical for a satisfactory user experience. Achieving that performance is not always easy; there are a lot of pieces that need to work together, and the kernel does not always support this collaboration as well as one might like. The Android team is currently considering a number of combinations of existing kernel features and possible enhancements in its efforts to provide the best display experience possible.

Version 3.0.0 of the Guile implementation of the Scheme programming language has been released. There's a lot of work here, including a new, lower-level byte code implementation, interleaved internal definitions, a new exception implementation, and much more. "Guile programs now run up to 4 times faster, relative to Guile 2.2, thanks to just-in-time (JIT) native code generation. Notably, this brings the performance of "eval" as written in Scheme back to the level of 'eval' written in C, as in the days of Guile 1.8."