Post Syndicated from daroc original https://lwn.net/Articles/1056601/

Control-flow integrity (CFI) is a set of techniques that make it more difficult for
attackers to hijack indirect jumps to exploit a system. The Linux kernel has
supported forward-edge CFI (which protects indirect function calls)
since 2020, with the most recent implementation
of the feature introduced in 2022. That
version avoids the overhead introduced by the earlier approach by using a
compiler flag (-fsanitize=kcfi) that is present in Clang but not in
GCC. Now, Kees Cook has

a patch set adding that support to GCC that looks likely to land in GCC
17.

Post Syndicated from daroc original https://lwn.net/Articles/1055590/

The

team behind

Tyr started 2025 with little to show in our quest to
produce a Rust GPU driver for Arm Mali hardware, and by the end of the
year, we were able to play SuperTuxKart (a 3D open-source racing
game) at the Linux Plumbers Conference (LPC). Our prototype was a joint
effort between Arm, Collabora, and Google; it ran well for the duration
of the event, and the performance was more than adequate for players.
Thankfully, we picked up steam at precisely the right moment: Dave
Airlie just

announced in the Maintainers Summit that the DRM subsystem
is only “about a year away” from disallowing new drivers written in C
and requiring the use of Rust. Now it is time to lay out a
possible roadmap for 2026 in order to upstream all of this work.

Post Syndicated from daroc original https://lwn.net/Articles/1055211/

A few years ago, the only way to compile Rust code was using the rustc compiler
with LLVM as a backend. Since then, several projects, including

Mutabah’s Rust Compiler (mrustc), GCC’s Rust
support (gccrs),

rust_codegen_gcc, and

Cranelift have made enormous progress
on diversifying Rust’s compiler implementations. The most recent such project,

Eurydice, has a
more ambitious goal: converting Rust code to clean C code. This is especially
useful in high-assurance software, where existing verification and compliance
tools expect C. Until such tools can be updated to work with Rust, Eurydice could
provide a smoother transition for these projects, as well as a stepping-stone
for environments that have a C compiler but no working Rust compiler. Eurydice
has been used to compile some post-quantum-cryptography routines from Rust to C,
for example.

Post Syndicated from daroc original https://lwn.net/Articles/1049295/

The

Linux Kernel Runtime Guard (LKRG) is a out-of-tree loadable kernel module that
attempts to detect and report violations of the kernel’s internal invariants,
such as might be caused by an in-progress security exploit or a rootkit.
LKRG has been experimental since its

initial release in 2018. In September
2025, the project
announced
the 1.0 version. With the promises of stability that version brings, users might want more
information to decide whether to include it in their kernel.

Post Syndicated from daroc original https://lwn.net/Articles/1054216/

LWN has had a number of articles on immutable distributions,
such as Bluefin and
Bazzite, in recent years. These distributions have taken a variety of approaches, including
using

rpm-ostree, filesystem snapshots, and
bootable container (bootc) images. But those
approaches, especially the latter, lead to extra complexity for a user
attempting to install new software, instead of just
using the existing package manager.

AshOS (Any Snapshot Hierarchical OS) is an experimental AGPL-3-licensed
“meta-distribution” that tried a different approach more in line with
traditional package management. Although the project is no longer updated,
it remains usable, and can still shed some light on a potential alternate path for users
worried about adopting bootc-based approaches.

Post Syndicated from daroc original https://lwn.net/Articles/1053099/

While there are several rootkits that target Linux, they have so far not fully
embraced the open-source ethos typical of Linux software.
Luckily, Matheus Alves has been working to remedy
this lack by creating

an open-source rootkit called Singularity for Linux systems. Users who feel
their computers are too secure can install the Singularity kernel module in
order to allow remote code execution, disable security features, and hide files
and processes from normal administrative tools. Despite its many features,
Singularity is not currently known to be in use in the wild — instead, it
provides security researchers with a testbed to investigate new detection and
evasion techniques.

Post Syndicated from daroc original https://lwn.net/Articles/1051982/

Quality-of-service (QoS) mechanisms attempt to prioritize some processes (or
network traffic, disk I/O, etc.) over others in order to meet a system’s
performance goals. This is a difficult topic to handle in the world of Linux,
where workloads, hardware, and user expectations vary wildly. Qais Yousef spoke
at the 2025 Linux Plumbers Conference, alongside his collaborators John Stultz,
Steven Rostedt, and Vincent Guittot, about their plans for introducing a
high-level QoS API for Linux in a way that leaves end users in control of its
configuration. The talk focused specifically on a QoS mechanism for the
scheduler, to prioritize access to CPU resources differently for different kinds
of processes.
(slides;
video)

Post Syndicated from daroc original https://lwn.net/Articles/1052734/

The

Software Freedom Conservancy (SFC) is

suing

VIZIO over smart TVs that
include software licensed under the GPL and LGPL (including the Linux kernel,
FFmpeg, systemd, and others).
VIZIO didn’t provide the source code along with the device, and on request they
only provided some of it. Unlike a typical lawsuit about enforcing the GPL, the
SFC isn’t suing as a copyright holder; it’s suing as
a normal owner of the TV
in question. This approach opens some important legal questions, and after years
of pre-trial maneuvering (most recently resulting in
a ruling related to signing keys that
is the subject of a separate article),
we might finally obtain some answers when the case goes
to trial on January 12. As things stand, it seems likely that the judge in
the case will rule that that the GPL-enforcement lawsuits can be a matter of
contract law, not just copyright law, which would be a major change to how GPL
enforcement works.

Post Syndicated from daroc original https://lwn.net/Articles/1051768/

The nature and role of the Linux Foundation’s Technical Advisory Board (TAB) is
not well-understood, though
a recent LWN article shed some light on its
role and
history. At the 2025

Linux Plumbers Conference (LPC), the TAB held a question and
answer session to address whatever it was the community wanted to know
(video).
Those questions ended up covering the role of large language models in kernel
development, what it is like to be on the TAB, how the TAB can help grease the
wheels of corporate bureaucracy, and more.

Post Syndicated from daroc original https://lwn.net/Articles/1050887/

Aleksa Sarai, as the maintainer of the
runc container runtime, faces a
constant battle against security problems. Recently, runc has seen

another
instance of a security vulnerability that can be traced back to the difficulty
of handling file paths on Linux. Sarai spoke at the 2025
Linux Plumbers Conference
(slides;
video)
about
some of the problems runc has had with path-traversal vulnerabilities, and to
ask people to please use

libpathrs, the library that he has been developing for
safe path traversal.

Post Syndicated from daroc original https://lwn.net/Articles/1050779/

The BPF verifier works, on a theoretical level, by considering every possible
path that a BPF program could take. As a practical matter, however, it needs to
do that in a reasonable amount of time. At the

2025 Linux Plumbers Conference, Mahé Tardy and Paul Chaignon
gave a detailed explanation
(slides;
video) of
the main mechanism that it uses to accomplish that: state pruning. They focused
on two optimizations that help reduce the number of paths the verifier needs to
check, and discussed some of the complications the optimizations introduced to the verifier’s
code.

Post Syndicated from daroc original https://lwn.net/Articles/1050585/

The BPF verifier is complicated. It needs to
check every possible path that a
BPF program’s execution could take. The fact that its determination of whether a
BPF program is safe is based on the whole lifetime of the program, instead of
simple local factors, means that the cause of a verification
failure is not always obvious. Ihor Solodrai and Jordan Rome gave a presentation
(slides)
at the

2025 Linux Plumbers Conference in Tokyo about
the
BPF verifier visualizer that they have been building
to make diagnosing verification failures easier.

Post Syndicated from daroc original https://lwn.net/Articles/1048978/

The

Internet Engineering Task Force (IETF) is the standards body responsible
for the TLS encryption standard — which your browser is using right now
to allow you to read LWN.net. As part of its work to keep TLS secure, the IETF
has been entertaining

proposals to adopt “post-quantum” cryptography (that is,
cryptography that is not known to be easily broken by a quantum computer) for TLS
version 1.3. Discussion of the proposal has exposed a large disagreement between
participants who worried about weakened security and others who worried about
weakened marketability.

Post Syndicated from daroc original https://lwn.net/Articles/1046933/

Emma Smith and Kirill Podoprigora, two of Python’s core developers, have
opened a
discussion about including Rust code in CPython, the reference implementation of
the Python programming language. Initially, Rust would only be used for optional
extension modules, but they would like to see Rust become a required dependency
over time. The initial plan was to make Rust required by 2028, but Smith and
Podoprigora indefinitely postponed that goal in response to concerns raised in the discussion.

Post Syndicated from daroc original https://lwn.net/Articles/1049158/

Loris Cro has published

a detailed YouTube video talking about the terminology used to discuss asynchronicity, concurrency, and parallelism in our recent article about Zig’s new Io interface. Our article is not completely clear because it uses the term “asynchronous I/O” to refer to what should really be called “non-blocking I/O“, and sometimes confuses asynchronicity for concurrency, among other errors of terminology, he says. Readers interested in precise details about Zig’s approach and some of the motivation behind the design may find Cro’s video interesting.

Post Syndicated from daroc original https://lwn.net/Articles/1046084/

The designers of the

Zig programming language have been working to find a
suitable design for asynchronous code for some time.
Zig is a carefully minimalist language, and its

initial design for
asynchronous I/O did not fit well with its other
features. Now, the project has

announced (in a Zig SHOWTIME video) a new approach to asynchronous I/O that
promises to solve the

function coloring problem, and allows writing code that will execute
correctly using either synchronous or asynchronous I/O.

Post Syndicated from daroc original https://lwn.net/Articles/1048195/

Security updates have been issued by AlmaLinux (bind, binutils, delve and golang, expat, firefox, haproxy, kernel, libsoup3, libssh, libtiff, openssh, openssl, pam, podman, python-kdcproxy, shadow-utils, squid, thunderbird, vim, xorg-x11-server-Xwayland, and zziplib), Debian (cups-filters, libsdl2, linux-6.1, net-snmp, pdfminer, rails, and tryton-sao), Fedora (chromium, docker-buildkit, docker-buildx, and sudo-rs), Gentoo (librnp), Mageia (webkit2), SUSE (amazon-ssm-agent, buildah, curl, dpdk, fontforge-20251009, kernel, libIex-3_4-33, librnp0, python311, rclone, and sssd), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-aws-6.14, linux-oracle-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-realtime, linux-realtime-6.8, mupdf, openjdk-17, openjdk-8, and openjdk-lts).

Post Syndicated from daroc original https://lwn.net/Articles/1047950/

Security updates have been issued by AlmaLinux (buildah, firefox, go-rpm-macros, kernel, kernel-rt, podman, and thunderbird), Debian (erlang, python-gevent, and r-cran-gh), Fedora (buildah, chromium, k9s, kubernetes1.33, kubernetes1.34, podman, python-mkdocs-include-markdown-plugin, and webkitgtk), Gentoo (Chromium, Google Chrome, Microsoft Edge. Opera, qtsvg, redict, redis, UDisks, and WebKitGTK+), Mageia (cups-filters and ruby-rack), Oracle (kernel and libssh), Red Hat (.NET 8.0, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (act, bind, cups-filters, govulncheck-vulndb, grub2, libebml, python39, and tcpreplay), and Ubuntu (linux-raspi, linux-raspi-realtime, openjdk-21, openjdk-25, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and runc-app, runc-stable).

Post Syndicated from daroc original https://lwn.net/Articles/1047683/

Greg Kroah-Hartman has announced the release of the
6.17.9,
6.12.59, and
6.6.117 stable kernels. As usual, he advises
users of stable kernels to upgrade.

Post Syndicated from daroc original https://lwn.net/Articles/1047682/

Security updates have been issued by Fedora (calibre, chromium, cri-o1.32, cri-o1.33, cri-o1.34, dotnet10.0, dovecot, gnutls, gopass, gopass-hibp, gopass-jsonapi, kubernetes1.31, kubernetes1.32, kubernetes1.33, kubernetes1.34, and linux-firmware), Mageia (ffmpeg, kernel, kmod-xtables-addons & kmod-virtualbox, kernel-linus, konsole, and redis), Red Hat (bind and bind-dyndb-ldap and kernel), SUSE (act, alloy, amazon-ssm-agent, ansible-12, ansible-core, blender, chromium, cups-filters, curl, elfutils, expat, firefox, glib2, grub2, helm, kernel, libipa_hbac-devel, libxslt, nvidia-container-toolkit, ongres-scram, openexr, podman, poppler, runc, samba, sssd, thunderbird, and tomcat), and Ubuntu (cups-filters, linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime, linux-oem-6.14, and linux-realtime-6.14).