Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] P4TC hits a brick wall
P4, short for "Programming Protocol-independent Packet Processors", is a programming language aimed at networking devices; it is useful for the configuration of firewalls and complicated routing architectures. Since a lot of advanced networking is done with Linux systems, it stands to reason that there would be value in supporting P4 and, indeed, an implementation of P4 in the kernel's traffic-control subsystem was first posted by Jamal Hadi Salim at the beginning of 2023. After nearly 18 months, though, this feature has not been merged, and the chances of that happening would appear to be getting worse.
[$] Ladybird browser spreads its wings
Ladybird is an open-source project aimed at building an independent web browser, rather than yet another browser based on Chrome. It is written in C++ and licensed under a two-clause BSD license. The effort began as part of the SerenityOS project, but developer Andreas Kling announced on June 3 that he was "forking" Ladybird as a separate project and stepping away from SerenityOS to focus his attention on the browser completely. Ladybird is not ready to replace Firefox or Chrome for regular use, but it is showing great promise.
[$] Modernizing BPF for the next 10 years
BPF was first generalized beyond packet filtering more than a decade ago. In that time, it has changed a lot, becoming much more capable. Alexei Starovoitov kicked off the second day of the BPF track at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit by leading a session discussing which changes to BPF are going to come in the next ten years as it continues evolving. He proposed several ideas, including expanding the number of registers available to BPF programs, dynamic deadlock detection, and relaxing some existing limits of the verifier.
[$] A generic ring buffer for the kernel
The kernel's user-space ABI does not lack for ring buffers; they have been defined for subsystems like BPF, io_uring, perf, and tracing, for example. Naturally, each of those ring buffers is unique, with no common interface between them. The natural response to this ABI proliferation is, of course, to add yet another ring buffer as the generic option; that is the intent of this patch series from Kent Overstreet adding a new set of system calls for ring buffers.
[$] LWN.net Weekly Edition for June 6, 2024
Posted Jun 6, 2024 1:12 UTC (Thu)The LWN.net Weekly Edition for June 6, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: PostgreSQL CommitFests; Tmpfs on Debian; Pidfdfs; More LSFMM+BPF coverage.
- Briefs: Maintainers Summit CFP; F40 election; FreeBSD 14.1; Incus 6.2; KDE Eco; LyX 2.4.0; Mike Karels; New comment feature; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Measuring and improving buffered I/O
There are two types of file I/O on Linux, buffered I/O, which goes through the page cache, and direct I/O, which goes directly to the storage device. The performance of buffered I/O was reported to be a lot worse than direct I/O, especially for one specific test, in Luis Chamberlain's topic proposal for a session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit. The proposal resulted in a lengthy mailing-list discussion, which also came up in Paul McKenney's RCU session the next day; Chamberlain led a combined storage and filesystem session to discuss those results with an eye toward improving buffered I/O performance.
[$] Rethinking the PostgreSQL CommitFest model
Many years ago, the PostgreSQL project started holding regular CommitFests to help tackle the work of reviewing and committing patches in a more organized fashion. That has served the project well, but some in the project are concerned that CommitFests are no longer meeting the needs of PostgreSQL or its contributors. A lengthy discussion on the pgsql-hackers mailing list turned up a number of complaints, a few suggestions for improvement, but little consensus or momentum toward a solution.
[$] Removing GFP_NOFS
The GFP_NOFS flag is meant for kernel memory allocations that should not cause a call into the filesystems to reclaim memory because there are already locks held that can potentially cause a deadlock. The "scoped allocation" API is a better choice for filesystems to indicate that they are holding a lock, so GFP_NOFS has long been on the chopping block, though progress has been slow. In a filesystem-track session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit, Matthew Wilcox wanted to discuss how to move kernel filesystems away from the flag with the eventual goal of removing it completely.
[$] Comparing BPF performance between implementations
Alan Jowett returned for a second remote presentation at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit to compare the performance of different BPF runtimes. He showed the results of the MIT-licensed BPF microbenchmark suite he has been working on. The benchmark suite does not yet provide a good direct comparison between all platforms, so the results should be taken with a grain of salt. They do seem to indicate that there is some significant variation between implementations, especially for different types of BPF maps.
[$] Handling the NFS change attribute
The saga of the i_version field for inodes, which tracks the occurrence of changes to the data or metadata of a file, continued in a discussion at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit. In a session led by Jeff Layton, who has been doing a lot the work on changing the semantics and functioning of i_version over the years, he updated attendees on the status of the effort since a session at last year's summit. His summary was that things are "pretty much where we started last year", but the discussion this time pointed to some possible ways forward.
perl v5.40.0 released
Version 5.40.0 of the Perl language has been released. "Perl 5.40.0
represents approximately 11 months of development since Perl 5.38.0 and
contains approximately 160,000 lines of changes across 1,500 files from 75
authors
". Significant changes include a new __CLASS__
keyword, a :reader: attribute for field variables, a new
"^^" logical-XOR operator (because two of those were not enough),
moving "try/catch" out of the experimental category, and more; see
this
page for lots of details.
Security updates for Monday
Security updates have been issued by Fedora (galera and mariadb10.11), Mageia (0-plugins-base and plasma-workspace), Oracle (ruby:3.1 and ruby:3.3), Red Hat (bind, bind-dyndb-ldap, and dhcp), SUSE (apache2, glib2, libvirt, openssl-1_1, openssl-3, opera, python-Jinja2, python-requests, and squid), and Ubuntu (linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp, linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi, linux, linux-ibm, linux-lowlatency, linux-raspi, linux-aws, linux-gcp, linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5, and linux-gke, linux-ibm, linux-intel-iotg, linux-oracle).
Kernel prepatch 6.10-rc3
The 6.10-rc3 kernel prepatch is out.
"So things look good, the water is warm, please jump right in and keep
testing,
"
Linux nftables vulnerability exploited in the wild (CrowdStrike)
According to CrowdStrike, a vulnerability in the Linux kernel's nftables code that was discovered earlier this year is being actively exploited in the wild. The vulnerability allows for local privilege escalation. Most distributions have already released a fix.
As noted by the exploit developer, leveraging this POC is dependent on the kernel's unprivileged user namespaces feature accessing nf_tables. This access is enabled by default on Debian, Ubuntu and kernel capture-the-flag (CTF) distributions. An attacker can then trigger the double-free vulnerability, scan the physical memory for the kernel base address, bypass kernel address-space layout randomization (KASLR) and access the modprobe_path kernel variable with read/write privileges. After overwriting the modprobe_path, the exploit drops a root shell.
Security updates for Friday
Security updates have been issued by Mageia (libtiff), Oracle (cockpit, glibc, kernel, less, libxml2, linux-kernel, and tomcat), Red Hat (java-1.8.0-ibm, nghttp2, and ruby:3.3), Slackware (php), SUSE (go1.21, go1.22, and python-docker), and Ubuntu (aom and libvpx).
Security updates for Thursday
Security updates have been issued by AlmaLinux (cockpit, kernel, kernel-rt, libxml2, ruby:3.1, and tomcat), Debian (libarchive, pillow, and tinyproxy), Fedora (apptainer), Mageia (amavisd-new and libxml2), Oracle (edk2), Red Hat (booth, cockpit, kernel-rt, less, libxml2, nghttp2, ruby:3.1, ruby:3.3, and tomcat), Slackware (kernel), and Ubuntu (atril, bluez, frr, gdk-pixbuf, openjdk-17, openjdk-21, openjdk-8, openjdk-lts, qemu, and unixodbc).
Kali Linux 2024.2 released
Version 2024.2 of the Kali Linux penetration testing distribution has been released. This release includes an update to GNOME 46, a high-resolution (HiDPI) mode for Xfce, as well as a number of new packages such as the AutoRecon network reconnaissance tool, pspy command-line utility for snooping on Linux processes, and SploitScan tool for fetching and displaying CVE information. Kali Linux is based on Debian testing, and 2024.2 incorporates Debian's work to transition to 64-bit time_t to avoid year 2038 problems. Users with existing Kali systems should be sure to follow the documentation when upgrading.
FreeBSD 14.1 released
Version 14.1 of FreeBSD has been released. This is the second release of the 14.x stable branch. Highlights of this release include upgrades to OpenZFS 2.2.4, Clang/LLVM 18.1.5, and OpenSSH 9.7p1. FreeBSD 14.1 also features cloud-init support, sound subsystem improvements, and more. See the what's new blog post from the FreeBSD Foundation, release notes, and errata for more information.
The state of SourceHut
Drew DeVault has published an update about the state of the SourceHut software development platform and its plans for the coming months. This is the first update since the January post-mortem following a distributed denial-of-service (DDoS) attack that resulted in a prolonged outage:
As you can imagine, it has been a stressful time for us. However, I wish to stress that everything we've been dealing with is planned for in our models, both technical and financial. There is no existential threat to SourceHut. Nevertheless, we are grateful for your patience and support.
[...] We have been focusing on two things this year: provisioning and managing our infrastructure and getting as much rest as possible. Our situation has calmed down, and while we still have a lot of loose ends to attend to I'm happy to say that we're resuming a sense of normalcy here and preparing to resume our work on the features you need.
Security updates for Wednesday
Security updates have been issued by Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dotnet8.0, dwayland, fcitx-qt5, fcitx5-qt, gammaray, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qgnomeplatform, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, and qt5-qtspeech), Oracle (389-ds-base and ruby:3.1), Red Hat (389-ds-base, glibc, and kernel), SUSE (python-PyMySQL), and Ubuntu (libarchive).