lwn.net

Here's a blog post from "Brent" on how PHP deserves another look. "Today I want to look at the bright side: let's focus on the things that have changed and ways to write clean and maintainable PHP code. I want to ask you to set aside any prejudice for just a few minutes. Afterwards you're free to think exactly the same about PHP as you did before. Though chances are you will be surprised by some of the improvements made to PHP in the last few years."

A new filesystem aimed at sharing host filesystems with KVM guests, virtio-fs, was the topic of a session led by Miklos Szeredi at the 2019 Linux Storage, Filesystem, and Memory-Management Summit. The existing solution, which is based on the 9P filesystem from Plan 9, has some shortcomings, he said. Virtio-fs is a prototype that uses the Filesystem in Userspace (FUSE) interface.

This round of kernel updates address a speculative-execution vulnerability found in all Intel processors made since 2011. Greg Kroah-Hartman says in the 5.1.2 kernel patch: "Note, this release, and the other stable releases that are all being released right now at the same time, just went out all contain patches that have only seen the "public eye" for about 5 minutes. So be forwarned, they might break things, they might not build, but hopefully they fix things. Odds are we will be fixing a number of small things in this area for the next few weeks as things shake out on real hardware and workloads." In addition to 5.1.2, stable kernels 5.0.16, 4.19.43, 4.14.119, and 4.9.176 are available. More information may be found in the Xen security advisory and this new in-kernel documentation.

The curtain has finally been lifted on the latest set of speculative-execution vulnerabilities. This one has the delightful name of ZombieLoad; it is also known as "microarchitectural data sampling", but what's the fun in that? Various x86 processors stash data into hidden buffers that can, in some cases, be revealed via speculative execution. Exploits appear to be relatively hard. See this page from the kernel documentation for a fairly detailed description of the problem, and this page for mitigation information.

The fifth and final article in Adrian Ratiu's series on eBPF delves into userspace tracing. "In our previous parts we focused on tracing the Linux kernel, for which the eBPF-based projects are, in our humble opinion, the most safe, widely available and useful methods (eBPF is fully upstreamed in Linux, guarantees a stable ABI, comes enabled by default in almost all distributions and integrates with all other tracing mechanisms). It has really become a no-brainer choice for kernel work. However, up until now, talking in-depth about userspace tracing was deliberately avoided because it merits special treatment, hence this full part 5 article devoted to it."

The planning process for the 2019 Linux Kernel and Maintainer's Summits (Lisbon, Portugal, September 9 to 12) has begun. If you have a topic that you would like to see discussed at either event, now is the time to send in a proposal to the ksummit-discuss list; click below for the details.

Trond Myklebust and Bruce Fields led a session on some topics of interest in the NFS world at the 2019 Linux Storage, Filesystem, and Memory-Management Summit. Myklebust discussed the intersection of NFS and containers, as well adding TLS support to NFS. Fields also had some container changes to discuss, along with a grab bag of other areas that need attention.

Security updates have been issued by CentOS (flatpak, ghostscript, and python-jinja2), Debian (cups-filters, imagemagick, qt4-x11, and samba), Fedora (httpd and wpa_supplicant), openSUSE (freeradius-server, nmap, python-Jinja2, signing-party, and webkit2gtk3), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Scientific Linux (python-jinja2), SUSE (cf-cli, java-1_8_0-openjdk, and libxslt), and Ubuntu (isc-dhcp, openjdk-8, openjdk-lts, samba, and VCFtools).

In the filesystems track at the 2019 Linux Storage, Filesystem, and Memory-Management Summit, Ted Ts'o led a discussion about an inode flag to indicate DAX files, which is meant to be applied to files that should be directly accessed without going through the page cache. XFS has such a flag, but ext4 and other filesystems do not. The semantics of what the flag would mean are not clear to Ts'o (and probably others), so the intent of the discussion was to try to nail those down.

Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, rh-ruby24-ruby, rh-ruby25-ruby, and thunderbird), SUSE (389-ds, bzip2, ImageMagick, jakarta-commons-fileupload, java-1_8_0-openjdk, pacemaker, python-Django1, samba, and sqlite3), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).

The latest set of stable kernel updates consists of 5.1.1, 5.0.15, 4.19.42, 4.14.118, and 4.9.175. Each contains the usual set of important fixes.

When he released the 5.1 kernel, Linus Torvalds noted that he had a family event happening in the middle of the 5.2 merge window and that he would be offline for a few days in the middle. He appears to be trying to make up for lost time before it happens: over 8,300 non-merge changesets have found their way into the mainline in the first four days. As always, there is a wide variety of work happening all over the kernel tree.

Security updates have been issued by Debian (bind9, postgresql-9.6, qemu, and symfony), Fedora (kernel, kernel-tools, mod_cluster, rubygem-actioncable, rubygem-actionmailer, rubygem-actionpack, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), openSUSE (wireshark), Red Hat (freeradius), Scientific Linux (freeradius), and Ubuntu (bind9 and wpa).

Eric Rescorla has written a detailed summary of how the Firefox add-on fiasco happened, how it was addressed, and how a repeat might be avoided. "First, we should have a much better way of tracking the status of everything in Firefox that is a potential time bomb and making sure that we don’t find ourselves in a situation where one goes off unexpectedly. We’re still working out the details here, but at minimum we need to inventory everything of this nature."

The 2019 Linux Storage, Filesystem, and Memory-Management Summit differed somewhat from its predecessors in that it contained a fourth track dedicated to the BPF virtual machine. LWN was unable to attend most of those sessions, but a couple of BPF-related talks were a part of the broader program. Among those was a plenary talk by Dave Miller, described as "a wholistic view" of why BPF is successful, its current state, and where things are going.

Security updates have been issued by Fedora (drupal7, exiv2, filezilla, and libfilezilla), openSUSE (gnutls, GraphicsMagick, hostinfo, supportutils, and ovmf), Scientific Linux (flatpak and ghostscript), SUSE (mutt and samba), and Ubuntu (Monit).

The LWN.net Weekly Edition for May 9, 2019 is available.

The idea of "inheritance" is something that most students learn about early on when they are studying object-oriented programming (OOP). But one of the seminal books about OOP recommends favoring "composition" over inheritance. Ariel Ortiz came to PyCon in Cleveland, Ohio to describe the composition pattern and to explain the tradeoffs between using it and inheritance.

Computer memory architecture is growing more complex over time, with different types of memory attached to a CPU via a number of paths. The kernel development community is duly working to make this memory available to user space in an equally diverse set of ways. Two sessions at the 2019 Linux Storage, Filesystem, and Memory-Management Summit presented possible mechanisms and APIs to allow programs to work with the types of memory they need.

Christoph Lameter has spent years improving Linux for high-performance computing tasks. During the memory-management track of the 2019 Linux Storage, Filesystem, and Memory-Management Summit, he talked about the problem of keeping up with a 400Gb/s network interface. At that speed, there simply is no time for the system to get its work done. Some ways of improving the situation are in sight, but it's a hard problem overall and, despite some progress, the situation is getting worse.