lwn.net

LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
업데이트: 1시간 54분 지남
A statement on the UMN mess
Speaking for the Linux Foundation Technical Advisory Board, Kees Cook has
posted a brief statement on the controversy
over patches submitted from the University of Minnesota.
The LF Technical Advisory Board is taking a look at the history of UMN's contributions and their associated research projects. At present, it seems the vast majority of patches have been in good faith, but we're continuing to review the work. Several public conversations have already started around our expectations of contributors.
Stay tuned for more.
Ubuntu 21.04 released
The Ubuntu
21.04 distribution release is available. "Today, Canonical
released Ubuntu 21.04 with native Microsoft Active Directory integration,
Wayland graphics by default, and a Flutter application development
SDK. Separately, Canonical and Microsoft announced performance optimization
and joint support for Microsoft SQL Server on Ubuntu."
[$] Toward signed BPF programs
The kernel's BPF virtual machine is versatile;
it is possible to load BPF programs into the kernel to carry out
a large (and growing) set of tasks. The growing body of BPF code can
reasonably be
thought of as kernel code in its own right. But, while the kernel can
check signatures on loadable modules and prevent the loading of modules
that are not properly signed, there is no such mechanism for BPF programs;
any sufficiently privileged process can load any program that will pass the
verifier. One might think that adding this checking for BPF would be
straightforward, but that subsystem has some unique characteristics that
make things more challenging than one might expect. There may be a
solution in the works, though; fittingly, it works by loading yet another BPF
program.
Security updates for Thursday
Security updates have been issued by Debian (thunderbird and wordpress), Fedora (curl, firefox, mediawiki, mingw-binutils, os-autoinst, and rpm-ostree), Oracle (java-1.8.0-openjdk and java-11-openjdk), SUSE (kernel, pcp, and tomcat6), and Ubuntu (linux, linux-aws, linux-gke-5.3, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem-5.6, linux-raspi2-5.3, linux-snapdragon).
[$] LWN.net Weekly Edition for April 22, 2021
The LWN.net Weekly Edition for April 22, 2021 is available.
[$] Intentionally buggy commits for fame—and papers
A buggy patch
posted to the linux-kernel mailing list in early April was apparently the
last
straw for Greg Kroah-Hartman as it led to the planned reversion of a whole slew of
commits with one thing in common: their origin at the University of
Minnesota (UMN). The patch to the NFSv4 authorization mechanism was duly
questioned by two NFS developers, but it is
not an honest mistake; according to Kroah-Hartman, there has been an attack
of sorts underway as part of some academic research at the university. In
order to be sure that these intentional bugs, many with security
implications, do not continue to haunt Linux, he is working
on reverting commits that came from email addresses with the
umn.edu domain.
Three stable kernels
Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, php-pear, wordpress, and zabbix), Oracle (java-1.8.0-openjdk and java-11-openjdk), Red Hat (java-1.8.0-openjdk, java-11-openjdk, kernel, and kpatch-patch), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (seamonkey), SUSE (apache-commons-io, ImageMagick, kvm, ruby2.5, and sudo), and Ubuntu (edk2, libcaca, ntp, and ruby2.3, ruby2.5, ruby2.7).
[$] Rust heads into the kernel?
In a lengthy
message to the linux-kernel mailing list, Miguel Ojeda "introduced" the
Rust for Linux project. It
was likely not the first time that most kernel developers had heard of the
effort; there was an extensive discussion
of the project at the 2020 Linux Plumbers
Conference, for example. It has also been raised
before on the list. Now, the project is looking for feedback from
the kernel community about its plans, thus the RFC posting on April 14.
In the trenches with Thomas Gleixner (Linux.com)
Linux.com has published an
interview with Thomas Gleixner with a focus on the realtime preemption
work. "The approach to funding these kinds of projects reminds me of the Mikado Game, which is popular in Europe, where the first player who picks up the stick and disturbs the pile often is the one who loses.
That’s puzzling to me, especially as many companies build key products
depending on these technologies and seem to take the availability and
sustainability for granted up to the point where such a project fails, or
people stop working on it due to lack of funding. Such companies should
seriously consider supporting the funding of the Real-Time project."
Security updates for Tuesday
Security updates have been issued by Debian (xorg-server), Fedora (CImg, gmic, leptonica, mingw-binutils, mingw-glib2, mingw-leptonica, mingw-python3, nodejs, and seamonkey), openSUSE (irssi, kernel, nextcloud-desktop, python-django-registration, and thunderbird), Red Hat (389-ds:1.4, kernel, kernel-rt, perl, and pki-core:10.6), SUSE (kernel, sudo, and xen), and Ubuntu (clamav and openslp-dfsg).
[$] Btrfs on zoned block devices
Zoned
block devices have some unfamiliar characteristics that result from
compromises made in the name of higher storage density. They are divided
into zones, some or all of which do not support random access for write
operations. Instead, these "sequential" zones can only be written in
order, from the first block to the last. This constraint poses a new
challenge for filesystems, which are normally designed with the assumption
that storage blocks can be written in any order. It is thus not surprising
that zoned-device support in mainstream filesystems in Linux has been slow
in coming; that is changing, though, with the addition
of support for zoned block devices to Btrfs in Linux 5.12.
OpenSSH 8.6 released
OpenSSH 8.6 is now available. The "ssh-rsa" signature scheme, which uses
the SHA-1 hash algorithm, will be disabled by default in the near
future. "Note that the deactivation of "ssh-rsa" signatures does not
necessarily require cessation of use for RSA keys. In the SSH protocol,
keys may be capable of signing using multiple algorithms. In particular,
"ssh-rsa" keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default."
Firefox 88.0 and 78.10 ESR
Firefox 88 has been released. New
features include support for PDF forms with embedded JavaScript and smooth
pinch-zooming using a touchpad, and better protection against cross-site
privacy leaks. See this
article for more information on how Firefox 88 combats window.name
privacy abuses.
Firefox 78.10 ESR contains various fixes for stability, functionality, and security.
Security updates for Monday
Security updates have been issued by CentOS (nettle, squid, and thunderbird), Debian (libebml, python-bleach, and python2.7), Fedora (batik, gnuchess, kernel-headers, kernel-tools, ruby, singularity, and xorg-x11-server), Mageia (clamav, kernel, kernel-linus, and python3), openSUSE (chromium, fluidsynth, opensc, python-bleach, and wpa_supplicant), Oracle (gnutls and nettle), Red Hat (dpdk, gnutls and nettle, mariadb:10.3 and mariadb-devel:10.3, and redhat-ds:11), and SUSE (kernel, qemu, and xen).
Kernel prepatch 5.12-rc8
In the end, Linus decided to hold the 5.12 release for one more week and
put out 5.12-rc8 instead. "Ok, so it's been _fairly_ calm this past week, but it hasn't been the
kind of dead calm I would have taken to mean 'no rc8 necessary'.
So here we are, with an extra rc to make sure things are all settled
down."
LLVM 12.0.0 released
Version 12.0.0 of the LLVM compiler suite is out. This appears to be a
release with a lot of incremental improvements rather than large headline
features; see the various sets of release notes in the announcement for
details.
Debian's election results
The Debian project has voted strongly to
retain Jonathan Carter as the project leader. On that other little
nagging issue, the project has voted not to
issue a statement regarding Richard Stallman's return to the Free
Software Foundation board of directors. This, too, was a relatively strong
result over the other options. Details can be found on the specific pages
for the project
leader and general
resolution ballots.
A whole bunch of stable kernels
[$] Running code within another process's address space
One of the key resources that defines a process is its address space — the
set of mappings that determines what any specific memory address means
within that process. An address space is normally private
to the process it belongs to, but there are situations where one process
needs to make changes to another process's memory; an interactive debugger
would be one case in point. The ptrace()
system call makes such changes possible, but it is slow and not always easy
to use, so there has been a longstanding quest for better alternatives.
One possibility, process_vm_exec()
from Andrei Vagin, was recently posted for review.