lwn.net

User namespaces provide a number of interesting challenges for the kernel. They give a user the illusion of owning the system, but must still operate within the restrictions that apply outside of the namespace. Resource limits represent one type of restriction that, it seems, is proving too restrictive for some users. This patch set from Alexey Gladkov attempts to address the problem by way of a not-entirely-obvious approach.

Version 3.9.0.0 of the GNU Radio software-defined radio system has been released. "All in all, the main breaking change for pure GRC users will consist in a few changed blocks – an incredible feat, considering the amount of shift under the hood."

Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

The 5.10.8, 5.4.90, 4.19.168, 4.14.216, 4.9.252, and 4.4.252 stable kernel updates have all been released; each contains the usual array of important fixes.

The 5.11-rc4 kernel prepatch is out for testing. "Things continue to look fairly normal for this release: 5.11-rc4 is solidly average in size, and nothing particularly scary stands out."

Daniel Stenberg writes about getting paid to work on curl — 21 years after starting the project. "I ran curl as a spare time project for decades. Over the years it became more and more common that users who submitted bug reports or asked for help about things were actually doing that during their paid work hours because they used curl in a commercial surrounding – which sometimes made the situation almost absurd. The ones who actually got paid to work with curl were asking the unpaid developers to help them out."

Security updates have been issued by Debian (flatpak, ruby-redcarpet, and wavpack), Fedora (dia, mingw-openjpeg2, and openjpeg2), Mageia (awstats, bison, cairo, kernel, kernel-linus, krb5, nvidia-current, nvidia390, php, and thunderbird), openSUSE (cobbler, firefox, kernel, libzypp, zypper, nodejs10, nodejs12, and nodejs14), Scientific Linux (thunderbird), Slackware (wavpack), SUSE (kernel, nodejs8, open-iscsi, openldap2, php7, php72, php74, slurm_20_02, and thunderbird), and Ubuntu (ampache and linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-lts-xenial).

The Linux 5.10 release included a change that is expected to significantly increase the performance of the ext4 filesystem; it goes by the name "fast commits" and introduces a new, lighter-weight journaling method. Let us look into how the feature works, who can benefit from it, and when its use may be appropriate.

Since the release of the 5.5 kernel in January 2020, there have been almost 87,000 patches from just short of 4,600 developers merged into the mainline repository. Reviewing all of those patches would be a tall order for even the most prolific of kernel developers, so decisions on patch acceptance are delegated to a long list of subsystem maintainers, each of whom takes partial or full responsibility for a specific portion of the kernel. These maintainers are documented in a file called, surprisingly, MAINTAINERS. But the MAINTAINERS file, too, must be maintained; how well does it reflect reality?

Version 6.0 of the Wine Windows not-an-emulator has been released. "This release is dedicated to the memory of Ken Thomases, who passed away just before Christmas at the age of 51. Ken was an incredibly brilliant developer, and the mastermind behind the macOS support in Wine. We all miss his skills, his patience, and his dark sense of humor." Significant features include core modules built as PE executables, an experimental Direct3D renderer, DirectShow support, a new text console, and more.

Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).

The LWN.net Weekly Edition for January 14, 2021 is available.

It may be kind of an obvious statement, but licensing terms matter in our communities. Even a misplaced word or three can be fatal for a license, which is part of the motivation for hte efforts to reduce license proliferation in free-software projects. Over the last few months, various distribution projects have been discussing changes made to the license for the Nmap network scanner; those changes seemed to be adding restrictions that would make the software non-free, though that was not the intent. But the incident does serve to show the importance of license clarity.

Tedium is running a history of the Linksys WRT54G router. "But the reason the WRT54G series has held on for so long, despite using a wireless protocol that was effectively made obsolete 12 years ago, might come down to a feature that was initially undocumented—a feature that got through amid all the complications of a big merger. Intentionally or not, the WRT54G was hiding something fundamental on the router’s firmware: Software based on Linux."

Alyssa Rosenzweig presents a progress report on the Panfrost driver for Arm Mali Midgard and Bifrost GPUs, which now provides non-conformant OpenGL ES 3.0 on Bifrost and desktop OpenGL 3.1 on Midgard. "Architecturally, Bifrost shares most of its fixed-function data structures with Midgard, but features a brand new instruction set. Our work for bringing up OpenGL ES 3.0 on Bifrost reflects this division. Some fixed-function features, like instancing and transform feedback, worked without any Bifrost-specific changes since we already did bring-up on Midgard. Other shader features, like uniform buffer objects, required "from scratch" implementations in the Bifrost compiler, a task facilitated by the compiler's maturing intermediate representation with first-class builder support. Yet other features like multiple render targets required some Bifrost-specific code while leveraging other code shared with Midgard. All in all, the work progressed much more quickly the second time around, a testament to the power of code sharing. But there is no need to limit sharing to just Panfrost GPUs; open source drivers can share code across vendors."

Arnd Bergmann stirred up a bit of a discussion with his January 8 "bring out your dead" posting, wherein he raised the idea of removing support for a long list of seemingly unloved Arm platforms — and a few non-Arm ones as well. Many of these have seen no significant work in at least six years. In a January 13 followup, he notes that several of those platforms will be spared for now due to ongoing interest. Several others, though (efm32, picoxcell, prima2, tango, u300, and zx) remain on the chopping block, and the status of another handful remains uncertain. Readers who care about old Arm platforms may want to have a look at the list now and speak up if they still need support for one of the platforms that might otherwise be deleted.

Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).

The problems with "vendoring" in packages—bundling dependencies rather than getting them from other packages—seems to crop up frequently these days. We looked at Debian's concerns about packaging Kubernetes and its myriad of Go dependencies back in October. A more recent discussion in that distribution's community looks at another famously dependency-heavy ecosystem: JavaScript libraries from the npm repository. Even C-based ecosystems are not immune to the problem, as we saw with iproute2 and libbpf back in November; the discussion of vendoring seems likely to recur over the coming years.

Stable kernels 5.10.7, 5.4.89, 4.19.167, 4.14.215, 4.9.251, and 4.4.251 have been released. They all contain important fixes and users should upgrade.

The Google Project Zero blog is carrying a six-part series exploring, in great detail, a set of sophisticated exploits discovered in the wild. "These exploit chains are designed for efficiency & flexibility through their modularity. They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks. We believe that teams of experts have designed and developed these exploit chains. We hope this blog post series provides others with an in-depth look at exploitation from a real world, mature, and presumably well-resourced actor."