Hírolvasó

As of this writing, just over 7,800 non-merge commits have been pulled into the mainline repository for the 5.13 development cycle. It does indeed seem true that 5.13 will be busier than its predecessor was. The work merged thus far affects subsystems across the kernel; read on for a summary of what has been merged so far.

Security updates have been issued by Arch Linux (bind, chromium, firefox, gitlab, libupnp, nimble, opera, thunderbird, virtualbox, and vivaldi), Debian (composer, edk2, and libhibernate3-java), Fedora (java-1.8.0-openjdk, jetty, and samba), openSUSE (nim), Oracle (bind and runc), Red Hat (bind), SUSE (cifs-utils, cups, ldb, samba, permissions, samba, and tomcat), and Ubuntu (samba).

Martin Michlmayr has put together a primer on managing open-source projects through their growth cycle, specifically with the help of a support foundation, and published the results as a 67-page PDF file.

Starting an open source project is easy. Running a successful project, on the other hand, comes with a lot of work and responsibilities, especially if the project attracts a large user base. While open source projects come in all shapes and forms, most projects encounter a similar set of growth issues throughout their life cycles. Because of this, various organizations have arisen to help projects handle these problems; these organizations are generally known as FOSS foundations. This primer covers non-technical aspects that the majority of projects will have to consider at some point. It also explains how FOSS foundations can help projects grow and succeed.

He has also posted a separate research report [PDF] on foundations that support open-source projects.

On April 20, the world became aware of a research program conducted out of the University of Minnesota (UMN) that involved submitting intentionally buggy patches for inclusion into the Linux kernel. Since then, a paper resulting from this work has been withdrawn, various letters have gone back and forth, and numerous patches from UMN have been audited. It's clearly time for an update on the situation.

Security updates have been issued by Fedora (ceph, jetty, kernel, kernel-headers, kernel-tools, openvpn, and shim-unsigned-x64), Mageia (firefox and thunderbird), Oracle (nss and openldap), Red Hat (bind), Slackware (bind), SUSE (firefox, giflib, java-1_7_0-openjdk, libnettle, librsvg, thunderbird, and webkit2gtk3), and Ubuntu (bind9 and gst-plugins-good1.0).

A developer meet-up for OpenStack, known as PTG, occurred a week ago. I attended the Swift track, where somewhat to my surprise we had two new contributors show up.

I got into a habit of telling people that I did not want Swift to end like AFS: develop great software and dead, with nobody using it. Today I looked it up, and what do you know: OpenAFS made a release in June 2020 (and apparently they also screwed up and had to post an emergency release in October).

So, I was chatting with Matt O. at PTG and he said, "oh yeah, we won some contracts when I was at SuSE, Swift was beating the competition." Not entirely a surprise, but it got me thinking: is it too early to declare Swift dead, or even AFS level dead?

Since NVIDIA gobbled up Swift, I was full of concerns for the centralization. NVIDIA uses Swift as a hyperscaler, in support of their own clusters. They already started to divest themselves from Swiftstack's customer base. I envisioned a future where NVIDIA assembles all the core contributors, then fires them all and closes the project. But then I learned that Lustre went through a cycle like that, being acquired, but then sold out to a smaller, more focused company (to DDN).

To sum, I see a possibility for Swift to remain relevant through a three-step strategy, if you will. First, Swift remains open, aligned to technology, and performant. Thanks to that, it wins new deployments (in HPC and Telco in particular). And because of the field use, it will find a corporate stewardship. So, basically, suck less for success.

P.S. Also at PTG I learned that S3 Inventory existed. Seemed like implementing it in Swift could be a satisfying accomplishment for someone new.

The LWN.net Weekly Edition for April 29, 2021 is available.

The researchers at the University of Minnesota have posted a description of the work they did [PDF] as part of their "hypocrite commits" project. It includes a list of the buggy commits they posted and how they were handled. In the following we will show two parts: (1) the message log of our disclosure of the findings to the community, and (2) the patches we submitted. By showing the details of the patches and the exchange of messages, we wish to help the community to confirm that the buggy patches were "stopped" during message exchanges and not merged into the actual Linux code. No other interactions with the Linux Kernel team has involved intentional deception or intentionally misleading or bad patches. This misguided behavior on our part was limited to the patches described and clarified in this document.

Amusingly, one of their attempts to submit a buggy commit was, itself, buggy, yielding a valid change overall.

Now that the Fedora 34 release is out the door, the Fedora project is turning its attention to Fedora 35, which is currently scheduled for release on October 26. One of the changes under consideration for Fedora 35 is this proposal allowing maintainers to choose whether to build their packages with GCC or Clang. This policy change may give maintainers some welcome flexibility, but it has not proved entirely popular in the Fedora community.

Stable kernels 5.11.17, 5.10.33, 5.4.115, 4.19.189, 4.14.232, 4.9.268, and 4.4.268 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (chromium and shibboleth-sp), Fedora (ceph and salt), Oracle (thunderbird), Red Hat (etcd), Scientific Linux (nss and openldap), SUSE (curl, gdm, and libnettle), and Ubuntu (openjdk-8, openjdk-lts and underscore).

The Tag1 Consulting site has posted an interview with Linus Torvalds.

So I think the GPLv2 is pretty much the perfect balance of "everybody works under the same rules", and still requires that people give back to the community ("tit-for-tat"). And everybody knows that all the other people involved are bound by the same rules, so it's all very equitable and fair.

Of course, another part of that is that you also get out what you put in. Sure, you can try to "coast" on the project and be just a user, and that's ok. But if you do that, you also have no control over the project. That can be perfectly fine too, if you really just need a basic operating system, and Linux already does everything you want. But if you have special requirements, the only way to really affect the project is to participate.

Although Linux-kernel RCU gets most of the attention, without rcutorture, RCU would not be what it is today. To see this, note that the old saying “If it ain't tested, it don't work!” is if anything more valid today than it was back then. After all, software has not gotten any simpler, workloads have not become less demanding, and systems have not grown smaller, except in terms of physical size. That said, the decrease in size has been truly impressive. Back when Jack and I invented RCU, the hardware contained in my laptop would have filled no fewer than fifteen standard racks, and that ignores the hardware that simply was not available back then, and also ignores the reliability issues that would have resulted from such an imposing agglomeration of hardware.

It is rcutorture's job to make sure that Linux-kernel RCU actually works, and so it is worthwhile getting to know rcutorture a bit better. The following blog posts cover design of, use of, and experience with this test suite:

1. Stupid RCU Tricks: So you want to torture RCU? (use)
   
2. Stupid RCU Tricks: So rcutorture is Not Aggressive Enough For You? (use)
   
3. Stupid RCU Tricks: Failure Probability and CPU Count (use)
   
4. Stupid RCU Tricks: Enlisting the Aid of a Debugger (use)
   
5. Stupid RCU Tricks: Torturing RCU Fundamentally, Part I (design)
   
6. Stupid RCU Tricks: Torturing RCU Fundamentally, Part II (design)
   
7. Stupid RCU Tricks: Torturing RCU Fundamentally, Part III (design)
   
8. Stupid RCU Tricks: Torturing RCU Fundamentally, Parts IV and V (design)
   
9. Stupid RCU Tricks: So rcutorture is Still Not Aggressive Enough For You? (use)
   
10. Stupid RCU Tricks: rcutorture fails to find an RCU bug (experience)
    
11. Stupid RCU Tricks: The design of rcutorture (design)
    
12. Stupid RCU Tricks: Which tests do I run??? (use)
    
13. Stupid RCU Tricks: Making Race Conditions More Probable (design)
    

And here are a few older posts covering rcutorture:

1. Hunting Heisenbugs (experience, 2009)
   
2. Hunting More Heisenbugs (experience, 2009)
   
3. Stupid RCU Tricks: RCU Priority Inversion (design, 2010)
   
4. And it used to be so simple... (design, 2011)
   
5. Stupid RCU Tricks: Bug Found by Refactored Tests (design, experience, and use, 2014)
   
6. Stupid RCU Tricks: rcutorture Catches an RCU Bug (experience, 2014)
   
7. Stupid RCU Tricks: rcutorture Accidentally Catches an RCU Bug (experience, 2017)
   

Ah, but what about formal verification? But of course! Please see this series, and especially this post.

I hope that this series is helpful, and I further hope that it will inspire more aggressive torturing of other software!

Yocto Project, a system to build embedded Linux distributions, released version 3.3 "Hardknott". In this version all OE-Core recipes build reproducibly regardless of host distro/build location except golang recipes and ruby's docs package. There are many more new features, upgrades, and bug fixes. The release notes have more details.

A filesystem's role is to store information and retrieve it in its original form on request. But filesystems are also expected to prevent the retrieval of information by people who should not see it. That requirement extends to data that has been deleted; users expect that data to be truly gone and will not welcome its reappearance in surprising places. Some work being done with ext4 shows the kind of measures that are required to live up to that expectation.

Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).

The Fedora 34 release is now available. "This release features GNOME 40, the next step in focused, distraction-free computing. GNOME 40 brings improvements to navigation whether you use a trackpad, a keyboard, or a mouse. The app grid and settings have been redesigned to make interaction more intuitive." LWN recently reviewed the Fedora 34 Workstation release.

Version 11.1 of the GCC compiler suite is out. "This release switches the default debugging format to DWARF 5 on most targets and switches the default C++ language version to -std=gnu++17. It makes great progress in the C++20 language support, both on the compiler and library sides, adds experimental C++23 support, some C2X enhancements, various optimization enhancements and bug fixes, several new hardware enablement changes and enhancements to the compiler back-ends and many other changes."

The Register reports on the death of security researcher Dan Kaminsky. "Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet's infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades."

By the time the 5.12 kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainline repository for this development cycle. That makes 5.12 the slowest development cycle since 5.6, which was released at the end of March 2020. Still, there was plenty of work done for 5.12. Read on for our traditional look at where that work came from and how it got into the kernel.