All posts by corbet

[$] CRIB: checkpoint/restore in BPF

Post Syndicated from corbet original https://lwn.net/Articles/984313/

The desire for the ability to checkpoint a process — to record its state in
a form that can be restarted at a future time — on Linux is almost as old as
Linux itself. See, for example, this announcement of a checkpoint
project that appeared in LWN in 1998. While working solutions exist, they
can be somewhat fragile and difficult to use; it is not surprising that
some people are interested in finding a better alternative. A current
effort goes by the name CRIB,
for Checkpoint/Restore in (naturally) BPF. It is far from clear that CRIB
will replace the existing solutions, but it is an interesting look at a
different way of solving the problem.

[$] Maximal min() and max()

Post Syndicated from corbet original https://lwn.net/Articles/983965/

Like many projects written in C, the kernel makes extensive use of the C
preprocessor; indeed, the kernel’s use is rather more extensive than most.
The preprocessor famously has a number of sharp edges associated with it.
One might not normally think of increased compilation time as one of them,
though. It turns out that some changes to a couple of conceptually simple
preprocessor macros — min() and max() — led to some truly
pathological, but hidden, behavior where those macros were used.

Security updates for Tuesday

Post Syndicated from corbet original https://lwn.net/Articles/983935/

Security updates have been issued by Fedora (curl), Mageia (virtualbox), Oracle (squid), Red Hat (kernel), SUSE (apache2, bind, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, devscripts, espeak-ng, freerdp, ghostscript, gnome-shell, gtk2, gtk3, java-11-openjdk, java-17-openjdk, kubevirt, libgit2, openssl-3, orc, p7zip, python-dnspython, and shadow), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi, linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux-aws, linux-aws-5.4, linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-gcp-5.15, and linux-lowlatency).

Kernel prepatch 6.11-rc1

Post Syndicated from corbet original https://lwn.net/Articles/983760/

Linus Torvalds has released 6.11-rc1 and closed the
merge window for this development cycle. “The merge window felt pretty
normal, and the stats all look pretty normal too. I was expecting things to
be quieter because of summer vacations, but that (still) doesn’t actually
seem to have been the case.

Note that the extensible scheduler class
(“sched_ext”) was not merged, even though Torvalds had said he would back in June. Sched_ext, it
seems, will need another development cycle out of tree.

[$] May the FOLL_FORCE not be with you

Post Syndicated from corbet original https://lwn.net/Articles/983169/

One of the simplest hardening concepts to understand is that memory should
never be both writable and executable, otherwise an attacker can use it to
load and run arbitrary code. That rule is generally followed in Linux
systems, but there is a glaring loophole that is exploitable from user
space to inject code into a running process. Attackers have duly exploited
it. A new effort to close the hole ran into trouble early in the merge
window, but a solution may yet be found in time for the 6.11 kernel
release.

[$] What became of getrandom() in the vDSO

Post Syndicated from corbet original https://lwn.net/Articles/983186/

In the previous episode of the
vgetrandom() story, Jason Donenfeld had put together a version of
the getrandom()
system call that ran in user space, significantly improving performance for
applications that need a lot of random data while retaining all of the
guarantees provided by the system call. At that time, it seemed that a
consensus had built around the implementation and that it was headed toward
the mainline in that form. A few milliseconds after that article was
posted, though, a Linus-Torvalds-shaped obstacle appeared in its path.
That obstacle has been overcome and this work has now been merged for the
6.11 kernel, but its form has changed somewhat.

Zuckerberg: Open Source AI Is the Path Forward

Post Syndicated from corbet original https://lwn.net/Articles/982954/

Mark Zuckerberg has posted
an article announcing some new releases of the Llama large language
model and going on at length about why open-source models are important:

AI has more potential than any other modern technology to increase
human productivity, creativity, and quality of life – and to
accelerate economic growth while unlocking progress in medical and
scientific research. Open source will ensure that more people
around the world have access to the benefits and opportunities of
AI, that power isn’t concentrated in the hands of a small number of
companies, and that the technology can be deployed more evenly and
safely across society.

There is an ongoing debate about the safety of open source AI
models, and my view is that open source AI will be safer than the
alternatives. I think governments will conclude it’s in their
interest to support open source because it will make the world more
prosperous and safer.

Of course, whether Llama is truly open source is debatable at best, but it
is more open than many of the alternatives.