Post Syndicated from jake original https://lwn.net/Articles/980755/

Security updates have been issued by AlmaLinux (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, nghttp2, openldap, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), Debian (znc), Fedora (firmitas and libnbd), Mageia (dcmtk, krb5, libcdio, and openssh), Oracle (golang, openssh, pki-core, and qemu-kvm), Red Hat (openssh), SUSE (apache2-mod_auth_openidc, emacs, go1.21, go1.22, krb5, openCryptoki, and openssh), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield,
linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux, linux-gcp, linux-gcp-6.5, linux-laptop, linux-nvidia-6.5,
linux-raspi, linux, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-xilinx-zynqmp, linux, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-aws, linux-aws-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5,
linux-starfive, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle,
linux-oracle-5.15, linux-azure, linux-azure, linux-azure-6.5, linux-bluefield, linux-iot, linux-gcp, linux-intel, linux-hwe-5.15, and php7.0 and php7.2).

Post Syndicated from jake original https://lwn.net/Articles/980330/

There are a handful of extensions to the “new” mount API that Christian
Brauner wanted to discuss as part of a filesystem session at
the
2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit. In the session, though,
the only one that he got to was a followup to last year’s discussion on mount-operation monitoring.
There is a need for user-space programs to be able to follow mount
operations (e.g. mount and unmount) that happen in the system, especially
for tools like container
managers or systemd.

Post Syndicated from jake original https://lwn.net/Articles/979522/

In 2016, Oliver Smith reached a point of frustration with the short
lifespan of updates for his Android phone. Taking matters into his own
hands, he began developing postmarketOS, a Linux distribution for
mobile phones. Eight years later, the core team and
trusted contributors have grown to twenty individuals, while the latest
release, v24.06,
now shows support for over 250 devices. Although postmarketOS isn’t
usable as a day-to-day phone operating system on all of them, it can also enable repurposing devices into compact servers or kiosk machines.

Post Syndicated from jake original https://lwn.net/Articles/979166/

Eric Sandeen led a filesystem-track session at
the
2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit on completing the
conversion of the existing kernel filesystems to use the mount API that was added for the 5.2 kernel in 2019. That API is
invariably called the “new” API, which it is when compared to the
venerable mount()
system call, but it has been available for five years or so at this point
without really pushing its predecessor aside. Sandeen wanted to discuss
the status of the conversion process and some other questions surrounding
the new API.

Post Syndicated from jake original https://lwn.net/Articles/979520/

Security updates have been issued by AlmaLinux (ipa and libreswan), Debian (netty), Fedora (python-PyMySQL, tomcat, and webkitgtk), Gentoo (Flatpak, GLib, JHead, LZ4, and RDoc), Mageia (thunderbird), Oracle (nghttp2 and thunderbird), Red Hat (dnsmasq, libreswan, pki-core, and python3.11), Slackware (emacs), SUSE (gnome-settings-daemon, libarchive, qpdf, vte, and wget), and Ubuntu (libhibernate3-java).

Post Syndicated from jake original https://lwn.net/Articles/978738/

At the
2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit, Wedson Almeida Filho and
Kent Overstreet led a combined storage and filesystem session on using Rust
for Linux filesystems. Back in December 2023, Almeida had posted
an RFC patch set with
some Rust abstractions for filesystems, which resulted in some disagreement over the approach. On the
same mid-May day as the session, he posted
a second version of the RFC patches, which he wanted to discuss along with
other Rust-related topics.

Post Syndicated from jake original https://lwn.net/Articles/979153/

Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3).

Post Syndicated from jake original https://lwn.net/Articles/977855/

One of the big-ticket items for the upcoming Python 3.13 release is an experimental just-in-time (JIT) compiler for the language;
the other is, of course, the removal of the
global interpreter lock (GIL), which is also an experiment. Brandt
Bucher is a member of the Faster CPython project, which is
working on making the reference implementation of the language faster via a
variety of techniques. Last year at PyCon, he gave a talk about the specializing adaptive
interpreter; at PyCon 2024 in Pittsburgh, he described the work he and others have been doing
to add a copy-and-patch JIT compiler to CPython.

Post Syndicated from jake original https://lwn.net/Articles/978709/

Security updates have been issued by AlmaLinux (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, libreoffice, podman, python-idna, rpm-ostree, and ruby), Debian (atril, chromium, ffmpeg, libndp, libvpx, nano, plasma-workspace, pymongo, roundcube, sendmail, and thunderbird), Fedora (booth and thunderbird), Mageia (aom, atril, libvpx, nano, nss, firefox, and vte), Red Hat (linux-firmware), SUSE (bind, booth, mariadb, openssl-1_1, php7, php8, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-fde, linux-azure, linux-gke, and linux-nvidia-6.5).

Post Syndicated from jake original https://lwn.net/Articles/977720/

Redirecting execution flow is a common malware
technique that can be used to compromise operating systems. To protect from such attacks,
the chip makers of leading architectures like x86 and arm64 have implemented
control-flow-integrity (CFI) extensions, though they need system
software support to function. At the Linux
Security Summit North America, RISC-V kernel developer Deepak Gupta described the CFI
protections for that architecture and invited community input on the
kernel support for them.

Post Syndicated from jake original https://lwn.net/Articles/978291/

Security updates have been issued by Debian (firefox-esr), Fedora (nginx-mod-modsecurity, php, and tomcat), Mageia (strongswan), Oracle (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, firefox, gdk-pixbuf2, idm:DL1, ipa, kernel, libreoffice, podman, rpm-ostree, and thunderbird), Red Hat (dnsmasq and nghttp2), Slackware (mozilla), SUSE (curl, firefox, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, openssl-3, and python-Pillow), and Ubuntu (libmatio, libndp, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4,
linux-xilinx-zynqmp, linux-oem-6.5, and virtuoso-opensource).

Post Syndicated from jake original https://lwn.net/Articles/977486/

VFS maintainer Christian Brauner led a discussion about the possibility of
selectively dropping the contents of the page cache for a filesystem in a
session at the
2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit. As he described in his
topic
proposal, the use case that started him down this path comes from
GNOME, which wants to be able to safely suspend access to an encrypted home
directory. While it is known to kernel
developers, it is surprising to others that reads from encrypted
filesystems that have been suspended will succeed if the data to be read
still exists in the
page cache.

Post Syndicated from jake original https://lwn.net/Articles/977789/

Security updates have been issued by Fedora (galera and mariadb10.11), Mageia (0-plugins-base and plasma-workspace), Oracle (ruby:3.1 and ruby:3.3), Red Hat (bind, bind-dyndb-ldap, and dhcp), SUSE (apache2, glib2, libvirt, openssl-1_1, openssl-3, opera, python-Jinja2, python-requests, and squid), and Ubuntu (linux, linux-gcp, linux-gcp-5.15, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp, linux, linux-gcp, linux-gcp-6.5, linux-lowlatency,
linux-lowlatency-hwe-6.5, linux-raspi, linux, linux-ibm, linux-lowlatency, linux-raspi, linux-aws, linux-gcp, linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5, and linux-gke, linux-ibm, linux-intel-iotg, linux-oracle).

Post Syndicated from jake original https://lwn.net/Articles/977442/

Security updates have been issued by AlmaLinux (cockpit, kernel, kernel-rt, libxml2, ruby:3.1, and tomcat), Debian (libarchive, pillow, and tinyproxy), Fedora (apptainer), Mageia (amavisd-new and libxml2), Oracle (edk2), Red Hat (booth, cockpit, kernel-rt, less, libxml2, nghttp2, ruby:3.1, ruby:3.3, and tomcat), Slackware (kernel), and Ubuntu (atril, bluez, frr, gdk-pixbuf, openjdk-17, openjdk-21, openjdk-8, openjdk-lts, qemu, and unixodbc).

Post Syndicated from jake original https://lwn.net/Articles/976856/

There are two types of file I/O on Linux, buffered I/O, which goes through
the page cache, and direct I/O, which goes directly to the storage device.
The performance of buffered I/O was reported to be a lot worse than direct
I/O, especially for one specific test, in Luis Chamberlain’s
topic
proposal for a session at the 2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit.
The proposal resulted in a lengthy mailing-list discussion,
which also came up in Paul McKenney’s RCU session the next
day; Chamberlain led a
combined storage and filesystem session to discuss those results with an
eye toward improving buffered I/O performance.

Post Syndicated from jake original https://lwn.net/Articles/976355/

The GFP_NOFS flag is meant for kernel memory allocations that
should not cause a call into the filesystems to reclaim memory because there are
already locks held that can potentially cause a deadlock. The “scoped
allocation” API is a better choice for filesystems to indicate that they
are holding a lock, so GFP_NOFS has long been on the chopping block, though
progress has been slow. In a filesystem-track session at
the 2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit, Matthew Wilcox wanted to
discuss how to move kernel filesystems away from the flag with the eventual
goal of removing it completely.

Post Syndicated from jake original https://lwn.net/Articles/975863/

The saga of the i_version field for inodes, which tracks the
occurrence of changes
to the data or metadata of a file, continued in a discussion at the 2024 Linux Storage,
Filesystem, Memory Management, and BPF Summit. In a session led by
Jeff Layton, who has been doing a lot the work on changing the semantics and functioning of
i_version over the years, he updated attendees on the status of the effort since a session at last year’s summit. His summary
was that things are
“pretty much where we started last year”, but the discussion this time
pointed to some possible ways forward.

Post Syndicated from jake original https://lwn.net/Articles/976782/

Security updates have been issued by AlmaLinux (python39:3.9 and python39-devel:3.9 and ruby:3.0), Debian (chromium, gst-plugins-base1.0, and kernel), Fedora (chromium, glances, glycin-loaders, gnome-tour, helix, helvum, kitty, libarchive, libipuz, librsvg2, loupe, maturin, ntpd-rs, plasma-workspace, and a huge list of Rust-based packages due to a “mini-mass-rebuild” that updated the toolchain to Rust 1.78 and picked up fixes for various pieces), Mageia (gifsicle, netatalk, openssl, python-jinja2, and unbound), Red Hat (kernel and kernel-rt), SUSE (bind, glibc, gstreamer-plugins-base, squid, and tiff), and Ubuntu (glibc).

Post Syndicated from jake original https://lwn.net/Articles/975444/

A discussion of extensions to the statx()
system call comes up frequently at the Linux Storage,
Filesystem, Memory Management, and BPF Summit; this year’s edition was
no exception. Kent Overstreet led the first filesystem-only session at the
summit on querying information about filesystems that have subvolumes and
snapshots. While it was billed as a discussion on statx()
additions, it ranged more widely over new APIs needed for modern filesystems.

Post Syndicated from jake original https://lwn.net/Articles/976007/

Greg Kroah-Hartman has announced the release of the 6.9.3 and 6.8.12 stable kernels. As usual, they contain
lots of important fixes throughout the tree. Note that 6.8.12 is the end
of the line for the 6.8.x stable kernel series.