All posts by corbet

[$] The real realtime preemption end game

Post Syndicated from corbet original https://lwn.net/Articles/951337/

The addition of realtime support to Linux is a long story; it first
shows up in LWN in 2004. For much of that
time, it has seemed like only a little more work was needed to get across
the finish line; thus we ran headlines like the
realtime preemption endgame — in 2009. At the 2023 Linux Plumbers Conference, Thomas
Gleixner informed the group that, now, the end truly is near. There is
really only one big problem left to be solved before all of that work can
land in the mainline.

Security updates for Thursday

Post Syndicated from corbet original https://lwn.net/Articles/951681/

Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).

Intel’s “redundant prefix issue”

Post Syndicated from corbet original https://lwn.net/Articles/951500/

Tavis Ormandy has described a bug
in some Intel CPUs that can lead to a crash (or worse):

We believe this bug causes the frontend to miscalculate the size of
the movsb instruction, causing subsequent entries in the ROB [reorder buffer] to be
associated with incorrect addresses. When this happens, the CPU
enters a confused state that causes the instruction pointer to be
miscalculated.

The machine can eventually recover from this state, perhaps with
incorrect intermediate results, but becoming internally consistent
again. However, if we cause multiple SMT or SMP cores to enter the
state simultaneously, we can cause enough microarchitectural state
corruption to force a machine check.

Intel has released
a microcode update to address the issue.

A GNU COBOL status update

Post Syndicated from corbet original https://lwn.net/Articles/951498/

For the COBOL users out there, James K. Lowden has posted
an update on the current status of the GNU COBOL compiler.

When in November we turn back our clocks, then naturally do
programmers’ thoughts turn to Cobol, its promise, and future.

At last post, nine months ago, we were working our way through the
NIST CCVS/85 test suite. I am pleased to report that process is
complete. As far as NIST is concerned, gcobol is a Cobol compiler.

Security updates for Wednesday

Post Syndicated from corbet original https://lwn.net/Articles/951480/

Security updates have been issued by Debian (libclamunrar and ruby-sanitize), Fedora (frr, roundcubemail, and webkitgtk), Mageia (freerdp and tomcat), Red Hat (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod_auth_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, procps-ng, protobuf-c, python-cryptography, python-pip, python27:2.7, python3, python3.11, python3.11-pip, python38:3.8, python38-devel:3.8, python39:3.9, python39-devel:3.9, qt5-qtbase, qt5-qtsvg, rhc, ruby:2.5, shadow-utils, squid:4, sysstat, tang, tomcat, tpm2-tss, virt:rhel, virt-devel:rhel, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (mariadb), SUSE (chromium, connman, exfatprogs, ucode-intel, and w3m), and Ubuntu (cobbler, ffmpeg, linux-oem-6.5, procps, and traceroute).

Security updates for Tuesday

Post Syndicated from corbet original https://lwn.net/Articles/951311/

Security updates have been issued by Debian (postgresql-11, postgresql-13, and postgresql-15), Fedora (chromium, optipng, and radare2), Scientific Linux (plexus-archiver and python), Slackware (tigervnc), SUSE (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and Ubuntu (firefox and memcached).

[$] The rest of the 6.7 merge window

Post Syndicated from corbet original https://lwn.net/Articles/949957/

By the time that the 6.7 merge window closed on November 12, 15,418
non-merge changesets had been pulled into the mainline kernel. That makes
this one of the busiest merge windows ever; if one discounts the lengthy
bcachefs development history (some 2,800 commits), though, then the patch
volume is roughly in line with other recent kernels. Over 5,000 of those
commits were merged after our first-half
merge-window summary was written.

Security updates for Monday

Post Syndicated from corbet original https://lwn.net/Articles/951237/

Security updates have been issued by Debian (audiofile and ffmpeg), Fedora (keylime, python-pillow, and tigervnc), Mageia (quictls and vorbis-tools), Oracle (grub2), Red Hat (galera, mariadb, plexus-archiver, python, squid, and squid34), and SUSE (clamav, kernel, mupdf, postgresql14, tomcat, tor, and vlc).

[$] listmount() and statmount()

Post Syndicated from corbet original https://lwn.net/Articles/950569/

Years ago, the list of mounted filesystems on a Unix or Linux machine was
relatively short and static. Adding a filesystem, which typically involved
buying a new drive, happened rarely. In contrast, contemporary systems
with a large number of containers can have a long and dynamic list of
mounted filesystems. As was discussed at
the 2023 LSFMM+BPF Summit, the Linux
kernel’s mechanism for providing information about mounted filesystems has
not kept up with this change, leading to system-management headaches. Now,
two new system calls proposed
by Miklos Szeredi look set to provide some much-needed pain relief.

[$] The push to save Itanium

Post Syndicated from corbet original https://lwn.net/Articles/950466/

It is (relatively) easy to add code to the kernel; it tends to be much
harder to remove that code later. The most recent example of this dynamic
can be seen in the story of the ia64 (“Itanium”) architecture, support for
which was removed during the 6.7 merge window. That removal has left a
small group of dedicated ia64 users unhappy and clinging to a faint hope
that this support could return in a year’s time.

Chamberlain v. Home Assistant

Post Syndicated from corbet original https://lwn.net/Articles/950696/

The developers of Home Assistant, which has recently been covered here, have announced
that they will be removing support for Chamberlain and Liftmaster
garage-door openers after being locked out by the company.

Because we cannot continue to work around Chamberlain Group if they
keep blocking access to third parties, the MyQ integration will be
removed from Home Assistant in the upcoming 2023.12 release on
December 6, 2023. We are very disappointed that it has come to this
and sincerely hope that Chamberlain Group is willing to reconsider
its position.

Longtime readers may remember that Chamberlain tried to use the DMCA to block the use of
third-party remotes nearly 20 years ago.

Canonical reveals more details about Ubuntu Core Desktop (Register)

Post Syndicated from corbet original https://lwn.net/Articles/950695/

The Register attended
a talk about Ubuntu’s upcoming Core Desktop immutable distribution.

We suspect that Core Desktop might yet be the tool that validates
Canonical’s Snap format and helps to overcome some of the
resistance it faces. Snap’s single-file distribution format is
simple and enables transactional installation – including,
critically, rollback – without a fancy filesystem underneath, or
elaborate distribution methods such as libostree.

Security updates for Wednesday

Post Syndicated from corbet original https://lwn.net/Articles/950694/

Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).

Sponsorship for the Openwall lists

Post Syndicated from corbet original https://lwn.net/Articles/950538/

Alexander “Solar Designer” Peslyak, the longtime maintainer of the
oss-security and linux-distros mailing lists, has announced
that this work has gained a sponsor:

After 15+ years of being a 100% volunteer effort, Openwall’s
maintenance of oss-security and (linux-)distros is finally
sponsored by the OpenSSF, a project of the Linux Foundation. This
sponsorship does not provide the Linux Foundation with the ability
to set policies for community resources managed by Openwall. I am
grateful for the support, which will help ensure continued
operation of these resources on a new level while retaining
independence.

As part of this arrangement, Peslyak is now producing statistics on
vulnerability handling; the first
set for 2023 has been posted.