lwn.net

Decades after its creation, the Linux CPU scheduler remains an area of active development; it is difficult to find a time slice to cover every interesting scheduler change. In an attempt to catch up, the time has come to round-robin through a few patches that have been circulating recently. The work at hand focuses on a new attempt at time-slice extension, the creation of a deadline server for sched_ext tasks, and keeping tasks on isolated CPUs from being surprised by LRU batching.

Security updates have been issued by AlmaLinux (emacs, java-17-openjdk, kernel, kernel-rt, microcode_ctl, python3.11-setuptools, python3.12-setuptools, and socat), Debian (gnutls28), Fedora (vim), Red Hat (java-1.8.0-ibm), Slackware (bind), SUSE (docker, erlang, erlang26, ggml-devel-5889, gnuplot, kernel, kubernetes1.27, libQt6Concurrent6, mailman3, and transfig), and Ubuntu (apache2, bind9, linux-iot, linux-lowlatency-hwe-6.11, and linux-raspi, linux-raspi-5.4).

Inside this week's LWN.net Weekly Edition:

• Front: Python JIT; Anubis; Secure Boot certificate expiration; SFrame; Exported symbols; Python packaging in Fedora.
• Briefs: Parrot 6.4; SPI report; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Version 0.50.0 of Hyprland, a compositor for Wayland, has been released. Changes include a new render-scheduling option that "can drastically improve FPS on underpowered devices, while coming at no performance or latency cost when the system is doing alright", an option to exclude applications from screen sharing, a new test suite, and more.

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

Fedora's NeuroFedora special-interest group (SIG) is considering a change of strategy when it comes to packaging Python modules. The SIG, which consists of three active members, is struggling to keep up with maintaining the hundreds of packages that it has taken on. What's more, it's not clear that the majority of packages are even being consumed by Fedora users; the group is trying to determine the right strategy to meet its goals and shed unnecessary work. If its new packaging strategy is successful, it may point the way to a more sustainable model for Linux distributions to provide value to users without trying to package everything under the sun.

Security updates have been issued by Oracle (cloud-init, emacs, firefox, glib2, go-toolset:rhel8, kernel, lz4, python-setuptools, python3.11-setuptools, python3.12-setuptools, and socat), Red Hat (fence-agents, glib2, glibc, java-17-openjdk, kernel, kernel-rt, python-setuptools, python3.11-setuptools, and python3.12-setuptools), Slackware (libxml2), SUSE (glib2, gpg2, kernel, libxml2, poppler, rmt-server, runc, stalld, and xen), and Ubuntu (jpeg-xl).

Software in the Public Interest has released its annual report for 2024. It includes reports from the long list of projects housed under the SPI umbrella, but the financial statements are not included at this time.

Loadable kernel modules require access to kernel data structures and functions to get their job done; the kernel provides this access by way of exported symbols. Almost since this mechanism was created, there have been debates over which symbols should be exported, and how. The 6.16 kernel gained a new export mechanism that limits access to symbols to specific kernel modules. That code is likely to change soon, but the addition of an enforcement mechanism has since been backed out.

Security updates have been issued by Debian (ffmpeg), Fedora (gnutls, linux-firmware, mingw-djvulibre, mingw-python-requests, and salt), Mageia (qtimageformats6), Oracle (gnome-remote-desktop, golang, kernel, libxml2, and perl-File-Find-Rule), SUSE (gstreamer-plugins-base, gstreamer-plugins-good, kernel, and protobuf), and Ubuntu (apport, glibc, gnutls28, and roundcube).

Parrot is a Debian-based distribution with an emphasis on security improvement and tools; the 6.4 release is now available. "Many tools, like Metasploit, Sliver, Caido and Empire received important updates, the Linux kernel was updated to a more recent version, and the latest LTS version of Firefox was provided with all our privacy oriented patches.".

The 6.12.38, 6.6.98, 6.1.145, and 5.15.188 stable kernel updates have been released, each contains a single AMD-related fix. "Only users of AMD x86-based processors need to upgrade, all others may skip this release".

Performance of Python programs has been a major focus of development for the language over the last five years or so; the Faster CPython project has been a big part of that effort. One of its subprojects is to add an experimental just-in-time (JIT) compiler to the language; at last year's PyCon US, project member Brandt Bucher gave an introduction to the copy-and-patch JIT compiler. At PyCon US 2025, he followed that up with a talk on "What they don't tell you about building a JIT compiler for CPython" to describe some of the things he wishes he had known when he set out to work on that project. There was something of an elephant in the room, however, in that Microsoft dropped support for the project and laid off most of its Faster CPython team a few days before the talk.

Security updates have been issued by Debian (redis and thunderbird), Fedora (cef, git, gnutls, httpd, linux-firmware, luajit, mingw-djvulibre, mingw-python-requests, perl, php, python-requests, python3.6, salt, and selenium-manager), Mageia (dpkg, firefox, gnupg2, and golang), Slackware (httpd and kernel), SUSE (afterburn, cmctl, git, go1.23, go1.24, k9s, liboqs-devel, libxml2, php8, python36, trivy, and xen), and Ubuntu (linux-xilinx-zynqmp and nix).

Linus has released 6.16-rc6 for testing; it includes a fix for a somewhat scary regression that came up over the week.

So I was flailing around blaming everybody and their pet hamster, because for a while it looked like a drm issue and then a netlink problem (it superficially coincided with separate issues with both of those subsystems).

But I did eventually figure out how to trigger it reliably and then it bisected nicely, and a couple of days have passed, and I'm feeling much better about the release again. We're back on track, and despite that little scare, I think we're in good shape.

The kernel's perf events subsystem can produce high-quality profiles, with full function-call chains, of resource usage within the kernel itself. Developers, however, often would like to see profiles of the whole system in one integrated report with, for example, call-stack information that crosses the boundary between the kernel and user space. Support for unwinding user-space call stacks in the perf events subsystem is currently inefficient at best. A long-running effort to provide reliable, user-space call-stack unwinding within the kernel, which will improve that situation considerably, appears to be reaching fruition.

The 6.15.5, 6.12.36, 6.6.96, and 6.1.143 stable kernels have been released; each contains another set of important fixes.

The pedalboard library for Python is aimed at audio processing of various sorts, from converting between formats to adding audio effects. The maintainer of pedalboard, Peter Sobot, gave a talk about audio in Python at PyCon US 2025, which was held in Pittsburgh, Pennsylvania in May. He started from the basics of digital audio and then moved into working with pedalboard. There were, as might be guessed, audio examples in the talk, along with some visual information; interested readers may want to view the YouTube video of the presentation.

Security updates have been issued by AlmaLinux (.NET 9.0, container-tools:rhel8, ghostscript, git-lfs, grafana-pcp, pandoc, perl-FCGI:0.78, ruby:2.5, ruby:3.3, tigervnc, and varnish:6), Debian (jpeg-xl and mediawiki), Fedora (darktable, guacamole-server, mingw-gdk-pixbuf, and yarnpkg), Oracle (gimp, kernel, libsoup, python-tornado, python3.12, and thunderbird), Slackware (php), SUSE (libgepub), and Ubuntu (libtpms, linux-aws-5.15, linux-intel-iot-realtime, and linux-bluefield).

Collin Richards has announced version 0.0.1 of tmux-rs, a port of the tmux terminal multiplexer to Rust.

For the [past] 6 months or so I've been quietly porting tmux from C to Rust. I've recently reached a big milestone: the code base is now 100% (unsafe) Rust. I'd like to share the process of porting the original codebase from ~67,000 lines of C code to ~81,000 lines of Rust (excluding comments and empty lines). You might be asking: why did you rewrite tmux in Rust? And yeah, I don't really have a good reason. It's a hobby project. Like gardening, but with more segfaults.

Richards says that the next goal for the project is to convert it to safe Rust. It is currently "not very difficult to get it to crash", but he wanted to share the project with other Rust fans now. The project is available on GitHub.