Post Syndicated from jake original https://lwn.net/Articles/774411/rss
In the RDMA microconference of the 2018 Linux Plumbers Conference (LPC),
John Hubbard, Dan Williams, and Matthew Wilcox led a discussion on the
problems surrounding get_user_pages() (and friends) and the
interaction with DMA. It is not the first time the topic has come up,
there was also a discussion about it at the
Linux Storage, Filesystem, and Memory-Management Summit back in April. In
a nutshell, the problem is that multiple parts of the kernel think they
have responsibility for the same chunk of memory, but they do not
coordinate their activities; as might be guessed, mayhem can sometimes ensue.
Post Syndicated from jake original https://lwn.net/Articles/774125/rss
Git does not handle large files very well. While there is
work underway to handle large repositories through the commit
graph work, Git’s internal design has remained surprisingly constant
throughout its history, which means that storing large files into Git comes
with a significant and, ultimately, prohibitive performance
cost. Thankfully, other projects are helping Git address this
challenge. This article compares how Git LFS and git-annex address this problem
and should help readers pick the right solution for their needs.
Post Syndicated from jake original https://lwn.net/Articles/773976/rss
There are a lot of claims regarding the relative security of containers
versus virtual machines (VMs), but there has been little in the way of
actually trying to measure those differences. James Bottomley gave a talk
refereed track of the 2018 Linux Plumbers Conference (LPC)
that described work that targets filling in that gap. He and his colleagues
have come up with
a measure that, while not perfect, gives a starting point for further
Post Syndicated from jake original https://lwn.net/Articles/774270/rss
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).
Post Syndicated from jake original https://lwn.net/Articles/774089/rss
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).
Post Syndicated from jake original https://lwn.net/Articles/773456/rss
Daniel Vetter began his talk in the refereed track of the 2018 Linux Plumbers Conference (LPC)
by noting that it would be in a somewhat similar vein to other talks he has
given, since it is about tooling and workflows that are outside of the
kernel norm. But, unlike those other talks that concerned changes that had
already taken place, this talk was about switching open-source graphics projects
to using a hosted version of GitLab, which has not yet happened.
In it, he wanted to share his thoughts about why he thinks migrating to
GitLab makes sense for the kernel graphics community—and maybe the kernel
as a whole.
Post Syndicated from jake original https://lwn.net/Articles/773836/rss
A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3). “With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection. […] In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation. […] There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server.” Kubernetes users should obviously update as soon as possible.
Post Syndicated from jake original https://lwn.net/Articles/773342/rss
Back in 2011, Harald Hoyer and Kay Sievers came up with a proposal for
merge much of the operating system into /usr; former top-level
directories, /bin, /lib,
and /sbin, would then become symbolic links pointing into the
corresponding subdirectories of /usr.
Left out of the merge would be things like
configuration files in /etc, data in
/var, and user home directories. This change was aimed at
features like atomic upgrades and easy snapshots. The switch
to a merged /usr was successful for Fedora 17; many other
just to name a few) have followed suit. More recently, Debian has been
working toward a merged /usr, but it ran into some surprising
problems that are unique to the distribution.
Post Syndicated from jake original https://lwn.net/Articles/773465/rss
As of today, Fedora 27 will not be getting any more updates, including security updates. Users should be planning to upgrade more or less immediately. “Fedora 28 will continue to receive
updates until 4 weeks after the release of Fedora 30.
The maintenance schedule of Fedora releases is documented on the
Fedora Project wiki. The Fedora Project wiki also contains
instructions on how to upgrade from a previous release of Fedora
to a version receiving updates.”
Post Syndicated from jake original https://lwn.net/Articles/773437/rss
Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws).
Post Syndicated from jake original https://lwn.net/Articles/773296/rss
Security updates have been issued by Gentoo (openssl and rpm), Mageia (icecast and yaml-cpp), Oracle (kernel and sos-collector), Red Hat (rh-ruby23-ruby, rh-ruby24-ruby, and rh-ruby25-ruby), Slackware (samba), SUSE (tomcat6), and Ubuntu (ghostscript).
Post Syndicated from jake original https://lwn.net/Articles/773121/rss
Malware inserted into a popular npm
package has put some users at risk of losing Bitcoin, which is certainly
worrisome. More concerning, though, is the implications of how the malware
got into the package—and how the package got distributed. This is not the
first time we have seen package-distribution channels exploited, nor will
it be the last, but the underlying problem requires more than a technical
solution. It is, fundamentally, a social problem: trust.
Post Syndicated from jake original https://lwn.net/Articles/772960/rss
A recurring topic in filesystem-developer circles is on handling
case-insensitive file names. Filesystems for other operating systems do
so but, by and large, Linux filesystems do not. In the Kernel Summit track
of the 2018 Linux Plumbers Conference (LPC),
Gabriel Krisman Bertazi described his plans for making Linux filesystems
encoding-aware as part of an effort to make ext4, and possibly other
interoperable with case-insensitivity in Android, Windows, and macOS.
Post Syndicated from jake original https://lwn.net/Articles/772525/rss
The kernelci.org project develops and
distributed testing infrastructure for the kernel. It continuously builds,
tests multiple kernel trees on various types of boards. Kevin Hilman and Gustavo Padovan led a session in the Testing
& Fuzzing microconference at the 2018 Linux Plumbers Conference (LPC)
to describe the project, its goals, and its future.
Post Syndicated from jake original https://lwn.net/Articles/772845/rss
Greg Kroah-Hartman has released a number of stable kernels over the last
few days, 3.18.126 on November 22, and,
on November 23: 4.19.4, 4.14.83, and 4.9.193. Two problems were reported for
4.9.193, which quickly led to the release of 4.9.194. As usual, these kernels contain
important fixes; users of those series should upgrade.
Post Syndicated from jake original https://lwn.net/Articles/772851/rss
Security updates have been issued by Arch Linux (flashplugin, lib32-libtiff, and webkit2gtk), Debian (libphp-phpmailer and openjdk-7), Mageia (flash-player-plugin, Ghostscript, and poppler), openSUSE (chromium and virtualbox), and SUSE (java-1_8_0-ibm, libwpd, openssl, openssl-1_1, realtime-kernel, salt, and SDL_image).
Post Syndicated from jake original https://lwn.net/Articles/772811/rss
Security updates have been issued by Debian (ceph, openssl, and pixman), Fedora (kernel-headers, kernel-tools, libconfuse, python-urllib3, and xen), Mageia (gettext and roundcubemail), openSUSE (GraphicsMagick and libwpd), Oracle (thunderbird), Slackware (openssl), and Ubuntu (libapache2-mod-perl2).
Post Syndicated from jake original https://lwn.net/Articles/771782/rss
In the first session of the Testing
& Fuzzing microconference at the 2018 Linux Plumbers Conference (LPC), Kevin
Hilman gave a report on the recently held Automated Testing
Summit (ATS). Since the summit was an invitation-only gathering of 35
people, there were many at LPC who were not at ATS but had a keen
interest in what was discussed. The summit came out of a realization that
there is a lot of kernel testing going on in various places, but not a lot
of collaboration between those efforts, Hilman said.
Post Syndicated from jake original https://lwn.net/Articles/771355/rss
many architectures and, even for those it does not officially support,
there are Debian ports that try
to fill in the gap. For most user applications, it is mostly a matter of
getting GCC up and running for the architecture in question, then building
all of the different packages
that Debian provides. But for packages
that need to be built with LLVM—applications or libraries that use Rust,
for example—that simple recipe becomes more complicated. How much the lack
of Rust support for an unofficial architecture
should hold back the rest of the distribution was the subject of a somewhat
acrimonious discussion recently.
Post Syndicated from jake original https://lwn.net/Articles/771324/rss
Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and xorg-x11-server), and Ubuntu (pyopenssl).