lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 48분 41초 지남

Cook: security things in Linux v5.2

금, 2019/07/19 - 5:30오전
Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. "While the SLUB and SLAB allocator freelists have been randomized for a while now, the overarching page allocator itself wasn’t. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle)."

[$] Kernel analysis with bpftrace

금, 2019/07/19 - 3:35오전
At the 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) Brendan Gregg gave a keynote on BPF observability that included a kernel issue he had debugged on Netflix production servers using bpftrace. In this article, he provides a crash course on bpftrace for kernel developers—to help them more easily analyze their code.

Subscribers can read on for a look at kernel analysis using bpftrace from the upcoming weekly edition.


Security updates for Thursday

목, 2019/07/18 - 10:45오후
Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

[$] LWN.net Weekly Edition for July 18, 2019

목, 2019/07/18 - 9:14오전
The LWN.net Weekly Edition for July 18, 2019 is available.

[$] What's coming in Python 3.8

목, 2019/07/18 - 2:44오전
The Python 3.8 beta cycle is already underway, with Python 3.8.0b1 released on June 4, followed by the second beta on July 4. That means that Python 3.8 is feature complete at this point, which makes it a good time to see what will be part of it when the final release is made. That is currently scheduled for October, so users don't have that long to wait to start using those new features.

[$] Fedora, GNOME Software, and snap

목, 2019/07/18 - 12:10오전
A question about the future of package distribution is at the heart of a disagreement about the snap plugin for the GNOME Software application in Fedora. In a Fedora devel mailing list thread, Richard Hughes raised multiple issues about the plugin and the direction that he sees Canonical taking with snaps for Ubuntu. He plans to remove support for the plugin for GNOME Software in Fedora 31.

Security updates for Wednesday

수, 2019/07/17 - 11:45오후
Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack).

Security updates for Tuesday

화, 2019/07/16 - 11:54오후
Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

LXD 3.15 released

화, 2019/07/16 - 12:22오전
The LXD team has announced the release of LXD 3.15. "One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go."

[$] Who's afraid of a big bad optimizing compiler?

화, 2019/07/16 - 12:10오전
Our increasingly aggressive modern compilers produce increasingly surprising code optimizations. Some of these optimizations might be especially surprising to developers who assume that each plain C-language load or store will always result in an assembly-language load or store. Although this article is written for Linux kernel developers, many of these scenarios also apply to other concurrent code bases, keeping in mind that "concurrent code bases" also includes single-threaded code bases that use interrupts or signals.

Security updates for Monday

월, 2019/07/15 - 11:57오후
Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).

Three new stable kernels

월, 2019/07/15 - 6:54오전
Greg Kroah-Hartman has announced the release of the 5.2.1, 5.1.18, and 4.19.59 stable kernels. As is usual, they contain important fixes throughout the tree; users of those series should upgrade.

[$] 5.3 Merge window, part 1

토, 2019/07/13 - 5:51오전
As of this writing, exactly 6,666 non-merge changesets have been pulled into the mainline repository for the 5.3 development cycle. The merge window has thus just begun, there is still quite a bit in the way of interesting changes to look at. Read on for a list of what has been merged so far.

What is Silverblue? (Fedora Magazine)

토, 2019/07/13 - 2:45오전
Fedora Magazine has posted an introduction to the Silverblue distribution. "One of the main benefits is security. The base operating system is mounted as read-only, and thus cannot be modified by malicious software. The only way to alter the system is through the rpm-ostree utility. Another benefit is robustness. It’s nearly impossible for a regular user to get the OS to the state when it doesn’t boot or doesn’t work properly after accidentally or unintentionally removing some system library."

Security updates for Friday

금, 2019/07/12 - 10:17오후
Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).

[$] Bcachefs gets closer

금, 2019/07/12 - 2:33오전
When it comes to new filesystems for Linux, patience is certainly a virtue. Btrfs took years to mature and, according to some, still isn't ready yet. Tux3 has kept users waiting since at least 2008; as of 2018 its developer still said that it was progressing. By these measures, bcachefs is a relative youngster, having been first announced a mere four years ago. Development of this next-generation filesystem continues, and bcachefs developer Kent Overstreet recently proclaimed his desire to "get this sucker merged", but there are some obstacles to overcome still.

Conway: Infinite work is less work

목, 2019/07/11 - 10:54오후
Damian Conway writes about the power of infinite sequences in Perl 6.

The sequence of primes is just the sequence of positive integers, filtered (with a .grep) to keep only the ones that are prime. And, of course, Perl 6 already has a prime number tester: the built-in &is-prime function. The sequence of primes never changes, so we can declare it as a constant: constant p = [ (1..∞).grep( &is-prime ) ]; Now we need to extract just the strong and weak primes.


Security updates for Thursday

목, 2019/07/11 - 10:52오후
Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).

[$] LWN.net Weekly Edition for July 11, 2019

목, 2019/07/11 - 9:12오전
The LWN.net Weekly Edition for July 11, 2019 is available.

[$] The third Operating-System-Directed Power-Management summit

목, 2019/07/11 - 5:39오전

The third edition of the Operating-System-Directed Power-Management (OSPM) summit was held May 20-22 at the ReTiS Lab of the Scuola Superiore Sant'Anna in Pisa, Italy. The summit is organized to collaborate on ways to reduce the energy consumption of Linux systems, while still meeting performance and other goals. It is attended by scheduler, power-management, and other kernel developers, as well as academics, industry representatives, and others interested in the topics.

As with previous years (2018 and 2017), LWN is happy to be able to bring our readers some extensive writeups of the talks and discussions that went on at OSPM. Subscribers can read on for the start of the writeups from the summit, which were authored by a long list of the participants.