Post Syndicated from corbet original https://lwn.net/Articles/939685/

The 6.5-rc4 kernel prepatch is out for
testing.

So here we are, and the 6.5 release cycle continues to look
entirely normal.

In fact, it’s *so* normal that we have hit on a very particular
(and peculiar) pattern with the rc4 releases: we have had *exactly*
328 non-merge commits in rc4 in 6.2, 6.3 and now 6.5. Weird
coincidence.

And honestly, that weird numerological coincidence is just about
the most interesting thing here.

Post Syndicated from corbet original https://lwn.net/Articles/939568/

The Python Steering Council has announced
its intent to accept PEP
703 (Making the Global Interpreter Lock Optional in CPython), with
initial support possibly showing up in the 3.13 release. There are still
some details to work out, though.

We want to be very careful with backward compatibility. We do not
want another Python 3 situation, so any changes in third-party code
needed to accommodate no-GIL builds should just work in with-GIL
builds (although backward compatibility with older Python versions
will still need to be addressed). This is not Python 4. We are
still considering the requirements we want to place on ABI
compatibility and other details for the two builds and the effect
on backward compatibility.

Post Syndicated from corbet original https://lwn.net/Articles/939542/

For those who are interested in the gory details of how the StackRot vulnerability works, Ruihan Li has
posted a detailed
writeup of the bug and how it can be exploited.

As StackRot is a Linux kernel vulnerability found in the memory
management subsystem, it affects almost all kernel configurations
and requires minimal capabilities to trigger. However, it should be
noted that maple nodes are freed using RCU callbacks, delaying the
actual memory deallocation until after the RCU grace
period. Consequently, exploiting this vulnerability is considered
challenging.

To the best of my knowledge, there are currently no publicly
available exploits targeting use-after-free-by-RCU (UAFBR)
bugs. This marks the first instance where UAFBR bugs have been
proven to be exploitable, even without the presence of
CONFIG_PREEMPT or CONFIG_SLAB_MERGE_DEFAULT settings.

Post Syndicated from corbet original https://lwn.net/Articles/939097/

One of the longstanding strengths of Linux, and a key to its early success,
is its ability to interoperate with other systems. That interoperability
includes filesystems; Linux supports a wide range of filesystem types,
allowing it to mount filesystems created by many other operating systems.
Some of those filesystem implementations, though, are better maintained
than others; developers at both the kernel and distribution levels are
currently considering, again, how to minimize the security risks presented
by the others.

Post Syndicated from corbet original https://lwn.net/Articles/939511/

Systemd 254 has been released. As usual, there is a long list of changes,
including a new list-paths command for systemctl, the
ability to send POSIX signals to services, a “soft reboot” feature that
restarts user space while leaving the kernel in place, improved support for
“confidential
virtual machines“, and a lot more.

The announcement also notes the support for split-/usr systems
will be removed in the next release, and support for version-one control
groups and for System V service scripts will be deleted in the near
future as well.

Post Syndicated from corbet original https://lwn.net/Articles/939217/

The fchmodat()
system call on Linux hides a little secret: it does not actually implement
all of the functionality that the man page claims (and that POSIX
calls for). As a result, C libraries have to do a bit of a complicated
workaround to provide the API that applications expect. That situation
looks likely to change with the 6.6 kernel, though, as the result of this patch
series posted by Alexey Gladkov.