lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 19분 지남

Carpenter: Writing the Ultimate Locking Check

수, 2020/05/27 - 5:04오전
Here's a detailed blog entry from Dan Carpenter on adding improved lock checking to the smatch static-analysis tool. "When Smatch gained the ability to do cross function analysis in 2010, I knew that I had to re-write the locking check to take advantage of the new cross function analysis feature. When you combine cross function analysis with top of the line flow analysis available and in depth knowledge of kernel locks then the result is the Ultimate Locking Check! Unfortunately, I have a tendency towards procrastination and it took me a decade to get around to it, but it is done now. This blog will step through how the locking analysis works."

[$] Testing in Go: philosophy and tools

수, 2020/05/27 - 3:35오전
The Go programming language comes with tools for writing and running tests: the standard library's testing package, and the go test command to run test suites. Like the language itself, Go's philosophy for writing tests is minimalist: use the lightweight testing package along with helper functions written in plain Go. The idea is that tests are just code, and since a Go developer already knows how to write Go using its abstractions and types, there's no need to learn a quirky domain-specific language for writing tests.

Security updates for Tuesday

화, 2020/05/26 - 11:42오후
Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat).

GoboLinux 017 released

화, 2020/05/26 - 12:37오전
Version 017 of the decidedly non-traditional GoboLinux distribution has been released. "This release introduces a simplified model for recipe management and contribution that's fully integrated with the Compile build tool. The recipe tree is now a plain Git repository managed via GitHub cloned into your /Data/Compile/Recipes directory and used by the GoboLinux Compile tool directly."

[$] Hibernation in the cloud

화, 2020/05/26 - 12:26오전
Hibernation is normally thought of as a laptop feature — and an old and obsolete laptop feature at that. One does not normally consider it to be relevant in cloud settings. But, at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Andrea Righi argued that there may actually be a place for hibernation on cloud-based systems if it can be made to work reliably.

Security updates for Monday

화, 2020/05/26 - 12:07오전
Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, libvpx, libxml2, nextcloud, openconnect, openexr, opera, pdns-recursor, python, python-rpyc, and tomcat), and SUSE (salt, tomcat6, and zstd).

Kernel prepatch 5.7-rc7

월, 2020/05/25 - 8:59오전
The 5.7-rc7 kernel prepatch is out. "So it looks like I was worried for nothing last rc. Of course, anything can still change, but everything _looks_ all set for a regular release scheduled for next weekend. Knock wood."

[$] Imbalance detection and fairness in the CPU scheduler

토, 2020/05/23 - 4:26오전
The kernel's CPU scheduler is good at distributing tasks across a multiprocessor system, but does it do so fairly? If some tasks get a lot more CPU time than others, the result is likely to be unhappy users. Vincent Guittot ran a session at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM) looking into this issue, with a focus on detecting load imbalances between CPUs and what to do with a workload that cannot be balanced.

[$] The deadline scheduler and CPU idle states

금, 2020/05/22 - 10:42오후
As Rafael Wysocki conceded at the beginning of a session at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), the combination of the deadline scheduling class with CPU idle states might seem a little strange. Deadline scheduling is used in realtime settings, where introducing latency by idling the CPU tends to be frowned upon. But there are reasons to think that these two technologies might just be made to work together.

Security updates for Friday

금, 2020/05/22 - 10:23오후
Security updates have been issued by CentOS (firefox, ipmitool, kernel, squid, and thunderbird), Debian (pdns-recursor), Fedora (php and ruby), Red Hat (dotnet and dotnet3.1), SUSE (dom4j, dovecot23, memcached, and tomcat), and Ubuntu (clamav, libvirt, and qemu).

[$] Saving frequency scaling in the data center

금, 2020/05/22 - 2:04오전
Frequency scaling — adjusting a CPU's operating frequency to save power when the workload demands are low — is common practice across systems supported by Linux. It is, however, viewed with some suspicion in data-center settings, where power consumption is less of a concern and there is a strong emphasis on getting the most performance out of the hardware. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Giovanni Gherdovich worried that frequency scaling may be about to go extinct in data centers; he made a plea for improving its behavior for such workloads while there is still time.

[$] The pseudo cpuidle driver

목, 2020/05/21 - 11:19오후
The purpose of a cpuidle governor is to decide which idle state a CPU should go into when it has no useful work to do; the cpuidle driver then actually puts the CPU into that state. But, at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Abhishek Goel presented a new cpuidle driver that doesn't actually change the processor's power state at all. Such a driver will clearly save no power, but it can be quite useful as a tool for evaluating and debugging cpuidle policies.

GNOME resolves Rothschild patent suit

목, 2020/05/21 - 11:18오후
The patent suit filed against the GNOME Foundation last September has now been resolved. "In this walk-away settlement, GNOME receives a release and covenant not to be sued for any patent held by Rothschild Patent Imaging. Further, both Rothschild Patent Imaging and Leigh Rothschild are granting a release and covenant to any software that is released under an existing Open Source Initiative approved license (and subsequent versions thereof), including for the entire Rothschild portfolio of patents, to the extent such software forms a material part of the infringement allegation." There is no mention of what the foundation had to give — if anything — for this settlement,

A review of open-source software supply chain attacks

목, 2020/05/21 - 11:13오후
Here's a preprint paper from Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier looking at attacks on language-specific repositories. "Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. This paper presents a dataset of 174 malicious software packages that were used in real-world attacks on open source software supply chains, and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed. The paper also presents two general attack trees to provide a structured overview about techniques to inject malicious code into the dependency tree of downstream users, and to execute such code at different times and under different conditions."

Security updates for Thursday

목, 2020/05/21 - 11:12오후
Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ).

[$] LWN.net Weekly Edition for May 21, 2020

목, 2020/05/21 - 10:16오전
The LWN.net Weekly Edition for May 21, 2020 is available.

[$] The PEPs of Python 3.9

목, 2020/05/21 - 6:40오전
With the release of Python 3.9.0b1, the first of four planned betas for the development cycle, Python 3.9 is now feature-complete. There is still plenty to do in terms of testing and stabilization before the October final release. The release announcement lists a half-dozen Python Enhancement Proposals (PEPs) that were accepted for 3.9. We have looked at some of those PEPs along the way; there are some updates on those. It seems like a good time to fill in some of the gaps on what will be coming in Python 3.9

Stable kernel updates

목, 2020/05/21 - 2:35오전
Stable kernels 5.6.14, 5.4.42, 4.19.124, 4.14.181, 4.9.224, and 4.4.224 have been released with important fixes. Users should upgrade.

A remote code execution vulnerability in qmail

목, 2020/05/21 - 1:43오전
Just in case anybody out there is still using qmail: a remote code execution vulnerability has just been disclosed. Its CVE number is CVE-2005-1513 because, as it turns out, the problem was reported 15 years ago but the fix was refused by the maintainer. "As a proof of concept, we developed a reliable, local and remote exploit against Debian's qmail package in its default configuration. This proof of concept requires 4GB of disk space and 8GB of memory, and allows an attacker to execute arbitrary shell commands as any user, except root (and a few system users who do not own their home directory)."

[$] Bao: a lightweight static partitioning hypervisor

수, 2020/05/20 - 11:30오후
Developers of safety-critical systems tend to avoid Linux kernels for a number of fairly obvious reasons; Linux simply was not developed with that sort of use case in mind. There are increasingly compelling reasons to use Linux in such systems, though, leading to a search for the best way to do so safely. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), José Martins described Bao, a minimal hypervisor aimed at safety-critical deployments.