2 év óta
Google's Project Zero has spent some time studying the Arm memory tagging
extension (MTE),
support for which was
merged into the 5.10 kernel, and
posted
the results:
Despite its limitations, MTE is still by far the most promising
path forward for improving C/C++ software security in 2023. The
ability of MTE to detect memory corruption exploitation at the
first dangerous access provides a significant improvement in
diagnostic and potential security effectiveness.
There is a
separate section on weaknesses in the current kernel implementation of
MTE support.
corbet
2 év óta
The
Asahi Linux project, which is
working to create a Linux distribution for Apple hardware, has
announced
that its new "flagship" distribution will be based on Fedora Linux.
Working directly with upstream means not only can we integrate more
closely with the core distribution, but we can also get issues in
other packages fixed quickly and smoothly. This is particularly
important for platforms like desktop ARM64, where we still run into
random app and package bugs quite often. ARM64 desktop Linux has
been a niche platform (until now!), and with much less testing
comes a higher propensity for bugs, so it’s very important that we
can address these issues quickly. Fedora already has a very solid,
fully supported ARM64 port with a large userbase in the
server/headless segment, so it is an excellent base to build upon
and help improve the state of desktop Linux on ARM64 for everyone.
There is a version for "adventurous users" to play with now, with an
official release expected by the end of the month.
corbet
2 év óta
August is now upon us, and the deadline for refereed track submissions is August 6, which is right around the corner. We have already received some excellent submissions, for which we gratefully thank our submitters!
For those thinking about submitting, please polish off your ideas, and point your browsers at the call-for-proposals page. Looking forward to your submissions.
Reminder: we’ve got a tight deadline to prepare the submissions for the LPC program committee to review, so, as communicated last year, we will not be extending the deadline this year, please submit by August 6th, anywhere on earth.
2 év óta
Security updates have been issued by Debian (bouncycastle), Fedora (firefox), Red Hat (cjose, curl, iperf3, kernel, kernel-rt, kpatch-patch, libeconf, libxml2, mod_auth_openidc:2.3, openssh, and python-requests), SUSE (firefox, jtidy, libredwg, openssl, salt, SUSE Manager Client Tools, and SUSE Manager Salt Bundle), and Ubuntu (firefox).
corbet
2 év óta
NKI
2 év óta
Kernel testing is a perennial topic at Linux-related conferences and the
KernelCI project is one of the larger testing
players. It does its own testing but also coordinates with various other
testing systems and aggregates their
results. At the
2023
Embedded
Open Source Summit (EOSS), KernelCI developer Nikolai Kondrashov gave a
presentation on the testing framework, its database, and how others can get
involved in the project. He also had some thoughts on where KernelCI is
falling short of its goals and potential, along with some ideas of ways to
improve it.
jake
2 év óta
Here is
a
long reminiscence from Jon "maddog" Hall leading up to some thoughts on
Red Hat's source-release policy changes.
Recently I have been seeing some cracks in the dike. As more and
more users of FOSS come on board, they put more and more demands on
developers whose numbers are not growing sufficiently fast enough
to keep all the software working.
I hear from FOSS developers that too few, and sometimes no,
developers are working on blocks of code. Of course this can also
happen to closed-source code, but this shortness hits mostly in
areas that are not considered “sexy”, such as quality assurance,
release engineering, documentation and translations.
corbet
2 év óta
Version 2.38 of
the GNU C Library has been released. This release consists mostly of
relatively small changes, including improved support for working with
binary integer constants, some new printf() formatting options,
libmvec support for 64-bit Arm systems, the strlcpy() and
strlcat() string functions, and more. See
the release notes
for the details.
corbet
2 év óta
Security updates have been issued by Debian (tiff), Fedora (curl), Red Hat (bind, ghostscript, iperf3, java-1.8.0-ibm, nodejs, nodejs:18, openssh, postgresql:15, and samba), Scientific Linux (iperf3), Slackware (mozilla and seamonkey), SUSE (compat-openssl098, gnuplot, guava, openssl-1_0_0, pipewire, python-requests, qemu, samba, and xmltooling), and Ubuntu (librsvg, openjdk-8, openjdk-lts, openjdk-17, openssh, rabbitmq-server, and webkit2gtk).
corbet
2 év óta
NKI
2 év óta
NKI
2 év óta
Version 29.1 of the Emacs editor has been released. There is a long list
of changes, including integration with the
Tree-sitter
incremental parsing library, the ability to access SQLite databases,
"pure GTK" display support (which enables
Wayland support), and a lot more; see
the
NEWS file for all the details.
corbet
2 év óta
Version 3.2 of the GNU COBOL compiler is out. "The amount of features
are too much to note, but you can skip over the attached NEWS file to
investigate them." These new features include improved support for
COBOL dialects, performance improvements, better GDB debugging support, and
more.
corbet
2 év óta
It is well understood that concurrency makes programming problems harder;
the high level of concurrency inherent in kernel development is one of the
reasons why kernel work can be challenging. Things can get even worse,
though, if concurrent access happens in places where the code is not
expecting it. The long story accompanying
this
short patch from Christian Brauner is illustrative of the kind of
problem that can arise when assumptions about concurrency prove to be
incorrect.
corbet
2 év óta
Security updates have been issued by CentOS (apr-util, bcel, c-ares, emacs, git, java-1.8.0-openjdk, libwebp, open-vm-tools, python, and python3), Debian (amd64-microcode, kernel, and thunderbird), Fedora (iperf3), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cjose, java-17-openjdk, jtidy, kernel-firmware, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, libqt5-qtbase, librsvg, libvirt, openssl-1_0_0, openssl-3, qemu, samba, thunderbird, and zabbix), and Ubuntu (linux-iot and wireshark).
jake
2 év óta
The
6.5-rc4 kernel prepatch is out for
testing.
So here we are, and the 6.5 release cycle continues to look
entirely normal.
In fact, it's *so* normal that we have hit on a very particular
(and peculiar) pattern with the rc4 releases: we have had *exactly*
328 non-merge commits in rc4 in 6.2, 6.3 and now 6.5. Weird
coincidence.
And honestly, that weird numerological coincidence is just about
the most interesting thing here.
corbet
2 év óta
Version 8.5
of rpki-client,
OpenBSD's
implementation of the Resource Public Key Infrastructure (RPKI)
for Relying Parties (RP),
has been released.
Features include:
- updated ASPA support
- Added support for gzip and deflate
HTTP
Content-Encoding compression
- 30%-50% performance improvement
See
the announcement
for full details.
2 év óta
LPC 2023 will host the second edition of the Rust MC. This microconference intends to cover talks and discussions on both Rust for Linux as well as other non-kernel Rust topics. Proposals can be submitted via LPC submission system, selecting the Rust MC track.
Rust is a systems programming language that is making great strides in becoming the next big one in the domain. Rust for Linux is the project adding support for the Rust language to the Linux kernel.
Rust has a key property that makes it very interesting as the second language in the kernel: it guarantees no undefined behavior takes place (as long as unsafe code is sound). This includes no use-after-free mistakes, no double frees, no data races, etc. It also provides other important benefits, such as improved error handling, stricter typing, sum types, pattern matching, privacy, closures, generics, etc.
Possible Rust for Linux topics:
- Rust in the kernel (e.g. status update, next steps…).
- Use cases for Rust around the kernel (e.g. subsystems, drivers,
other modules…).
- Discussions on how to abstract existing subsystems safely, on API design, on coding guidelines…
- Integration with kernel systems and other infrastructure (e.g. build system, documentation, testing and CIs, maintenance, unstable features, architecture support, stable/LTS releases, Rust versioning, third-party crates…).Updates on its subprojects (e.g. klint, pinned-init)
Possible Rust topics:
- Language and standard library (e.g. upcoming features, stabilization of the remaining features the kernel needs, memory model…).
- Compilers and codegen (e.g. rustc improvements, LLVM and Rust, rustc_codegen_gcc, Rust GCC…).
- Other tooling and new ideas (bindgen, Cargo, Miri, Clippy, Compiler Explorer, Coccinelle for Rust…).
- Educational material.
- Any other Rust topic within the Linux ecosystem.
Last year was the first edition of the Rust MC and the focus was on showing the ongoing efforts by different parties (compilers, Rust for Linux, CI, eBPF…). Shortly after the Rust MC, Rust got merged into the Linux kernel. Abstractions are getting upstreamed, with the first major drivers looking to be merged soon: Android Binder, the Asahi GPU driver and the NVMe driver (presented in that MC).
2 év óta
The Python Steering Council has
announced
its intent to accept
PEP
703 (Making the Global Interpreter Lock Optional in CPython), with
initial support possibly showing up in the 3.13 release. There are still
some details to work out, though.
We want to be very careful with backward compatibility. We do not
want another Python 3 situation, so any changes in third-party code
needed to accommodate no-GIL builds should just work in with-GIL
builds (although backward compatibility with older Python versions
will still need to be addressed). This is not Python 4. We are
still considering the requirements we want to place on ABI
compatibility and other details for the two builds and the effect
on backward compatibility.
corbet
2 év óta
For those who are interested in the gory details of how the
StackRot vulnerability works, Ruihan Li has
posted
a detailed
writeup of the bug and how it can be exploited.
As StackRot is a Linux kernel vulnerability found in the memory
management subsystem, it affects almost all kernel configurations
and requires minimal capabilities to trigger. However, it should be
noted that maple nodes are freed using RCU callbacks, delaying the
actual memory deallocation until after the RCU grace
period. Consequently, exploiting this vulnerability is considered
challenging.
To the best of my knowledge, there are currently no publicly
available exploits targeting use-after-free-by-RCU (UAFBR)
bugs. This marks the first instance where UAFBR bugs have been
proven to be exploitable, even without the presence of
CONFIG_PREEMPT or CONFIG_SLAB_MERGE_DEFAULT settings.
corbet