Post Syndicated from corbet original https://lwn.net/Articles/953381/

The LWN.net Weekly Edition for December 7, 2023 is available.

Post Syndicated from corbet original https://lwn.net/Articles/953880/

Many processor vendors provide a mechanism to allow some bits of a pointer
value to be used to store unrelated data; these include Intel’s linear address masking (LAM), AMD’s upper address ignore, and Arm’s top-byte
ignore. A set of researchers has now come up with a way (that
they call “SLAM”) to use those features to bypass many checks on pointer
validity, opening up a new set of Spectre attacks.

In response to SLAM, Intel made plans to provide software guidance
prior to the future release of Intel processors which support LAM
(e.g., deploying LAM jointly with LASS). Linux engineers developed
patches to disable LAM by default until further guidance is
available. ARM published an advisory to provide guidance on future
TBI-enabled CPUs. AMD did not implement guidance updates and
pointed to existing Spectre v2 mitigations to address the SLAM
exploit described in the paper.

See the full
paper for the details.

Post Syndicated from corbet original https://lwn.net/Articles/953861/

Security updates have been issued by Fedora (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), Mageia (samba), Red Hat (postgresql:12), SUSE (haproxy and kernel-firmware), and Ubuntu (haproxy, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-lowlatency, linux-oracle, linux-raspi,
linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.1, and redis).

Post Syndicated from corbet original https://lwn.net/Articles/953736/

Version
5.0 of the Django web framework is out. Significant changes include database-computed
default values, field groups in the templating system, and more; see the release
notes for details.

Post Syndicated from corbet original https://lwn.net/Articles/953438/

The kernel’s deadline scheduling class
offers a solution to a number of realtime (or generally latency-sensitive)
problems, but it is also resistant to the usual solutions for the priority-inversion
problem. The development community has been pursuing proxy execution as a
solution to a few scheduling challenges, including this one; the problem is
difficult and progress has been slow. LWN last looked at proxy execution in June; at the 2023 Linux
Plumbers Conference, John Stultz gave an overview of proxy execution,
the current status of the work, and the remaining problems to solve.

Post Syndicated from corbet original https://lwn.net/Articles/953732/

Version 14.1 of the GDB debugger is out. Changes include initial support
for the debugger
adapter protocol, NO_COLOR support, the ability to work with
integer types larger than 64 bits, a number of enhancements to the
Python API, and more.

Post Syndicated from corbet original https://lwn.net/Articles/953706/

Davidlohr Bueso has posted a
summary of the CXL microconference at the recently concluded Linux
Plumbers Conference. “The goals for the track were to openly discuss
current on-going development efforts around the core driver, as well as
experimental memory management topics which lead to accommodating kernel
infrastructure for new technology and use cases.”

Post Syndicated from corbet original https://lwn.net/Articles/953645/

Linus has released 6.7-rc4 for testing.
“And things look fine for now, with a fairly
small rc4“.

Meanwhile, the
6.6.4,
6.1.65, and
5.15.141
stable kernel updates have been released; each contains another set of
important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/953144/

Support for NVIDIA graphics processors has traditionally been a sore point
for Linux users; NVIDIA has not felt the need to cooperate with the kernel
community or make free drivers available, and the reverse-engineered
Nouveau driver has often struggled to keep up with product releases. There
have, however, been signs of improvement in recent years. At the 2023 Linux
Plumbers Conference, graphics subsystem maintainer Dave Airlie provided
an update on the state of support for NVIDIA GPUs and what remains to be
done.

Post Syndicated from corbet original https://lwn.net/Articles/953116/

The Android system was once famous for extensive, out-of-tree kernel
enhancements. Many of those have been eliminated or upstreamed over
the years, bringing Android much closer to the mainline kernel. One
significant component in the “upstreamed” category is Binder, an
interprocess communication mechanism that is used only by Android. There
are a number of factors that make Binder a good candidate for rewriting in
the Rust language; at the 2023 Linux
Plumbers Conference, Carlos Llamas and Alice Rhyl described the
motivation behind and implementation of a rewrite of Binder in Rust.

Post Syndicated from corbet original https://lwn.net/Articles/951631/

The LWN.net Weekly Edition for November 30, 2023 is available.

Post Syndicated from corbet original https://lwn.net/Articles/953286/

The LibreQoS project
describes itself as:

LibreQoS is a Quality of Experience (QoE) Smart Queue Management
(SQM) system designed for Internet Service Providers to optimize
the flow of their network traffic and thus reduce bufferbloat, keep
the network responsive, and improve the end-user experience.

Version
1.4 of LibreQoS was released on November 17. “Version 1.4 is a
huge milestone. A whole new back-end, new GUI, 30%+ performance
improvements, support for single-interface mode.”

Post Syndicated from corbet original https://lwn.net/Articles/953228/

Nextcloud has announced
the “acquisition” of the Roundcube webmail system.

As a product, Roundcube has an established path to success on its
own. With opportunities remaining to be explored, a direct merger
between Roundcube and Nextcloud is not planned. Neither will
Roundcube replace Nextcloud Mail or the other way around. The
products both have strengths and weaknesses and as open source
products they already do share some underlying libraries and tools,
but remain independent offerings for overlapping but different use
scenarios. Nextcloud Mail will evolve as it is, focused on being
used naturally within Nextcloud. Roundcube will continue to serve
its active and new users as a stand-alone secure mail client.

Post Syndicated from corbet original https://lwn.net/Articles/953226/

Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).

Post Syndicated from corbet original https://lwn.net/Articles/953126/

The large
6.6.3,
6.5.13,
6.1.64,
5.15.140,
5.10.202,
5.4.262,
4.19.300,
4.14.331
stable kernel updates have all been released; each contains another set of
important fixes. Note that 6.5.13 is the final update for 6.5.

Post Syndicated from corbet original https://lwn.net/Articles/953099/

Security updates have been issued by Debian (cryptojs, fastdds, mediawiki, and minizip), Fedora (chromium, kubernetes, and thunderbird), Mageia (lilypond, mariadb, and packages), Red Hat (firefox, linux-firmware, and thunderbird), SUSE (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and Ubuntu (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11).

Post Syndicated from corbet original https://lwn.net/Articles/952146/

A regular feature of the Kernel Maintainers Summit is a session where Linus
Torvalds discusses the problems that he has been encountering. In recent
years, though, there have been relatively few of those problems, so this
year he turned things around a bit by asking
the community what problems it was seeing instead. He then addressed
them at the Summit in a session covering aspects of the development
community, including feedback to maintainers, diversity (or the
lack thereof), and more.

Post Syndicated from corbet original https://lwn.net/Articles/952848/

PipeWire, the audio/video bus meant to
replace PulseAudio, JACK, and other systems, has reached
1.0. In celebration, Fedora Magazine is running an
interview with PipeWire creator Wim Taymans.

PipeWire is an IPC mechanism for multimedia. The most interesting
stuff will happen in the session manager, the modules, the
applications and the tools around all this. I hope to see more cool
tools to route video and set up video filters etc.

Post Syndicated from corbet original https://lwn.net/Articles/952848/

PipeWire, the audio/video bus meant to
replace PulseAudio, JACK, and other systems, has reached
1.0. In celebration, Fedora Magazine is running an
interview with PipeWire creator Wim Taymans.

PipeWire is an IPC mechanism for multimedia. The most interesting
stuff will happen in the session manager, the modules, the
applications and the tools around all this. I hope to see more cool
tools to route video and set up video filters etc.

Post Syndicated from corbet original https://lwn.net/Articles/952842/

Linus has released 6.7-rc3 for testing.
“The diffstat here is dominated by a couple of reverts of some Realtek
phy code (accounting for almost a third of the diff).

But ignoring that, it’s mostly fairly small, and all over the place.”