lwn.net

Linus has released the 5.19 kernel.

On a personal note, the most interesting part here is that I did the release (and am writing this) on an arm64 laptop. It's something I've been waiting for for a _loong_ time, and it's finally reality, thanks to the Asahi team. We've had arm64 hardware around running Linux for a long time, but none of it has really been usable as a development platform until now.

He also notes that the next kernel is likely to be 6.0.

Significant features in 5.19 include Arm Scalable Matrix Extension support, a number of io_uring improvements, BIG TCP support, numerous random-number generator improvements, support for AMD's Secure Nested Paging and Intel's Trusted Domain Extensions mechanisms, support for the Loongson "LoongArch" CPU architecture, a new proactive reclaim mechanism, and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.19 page for more information.

Version 21 of the Ubuntu-based Linux Mint distribution is out; it is available in the Cinnamon, MATE, and Xfce flavors. This is a long-term-support release that will receive updates until 2027.

Jakub Kicinski provides an overview of some changes to the in-kernel TLS implementation coming in the next development cycle:

The first implementation of kTLS was designed in the good old days of TLS 1.2. When TLS 1.3 came into the picture the interest in kTLS had slightly diminished and the implementation, although functional, was rather simple and did not retain all the benefits. This post covers developments in the Linux 5.20 implementation of TLS which claws back the performance lost moving to TLS 1.3.

Greg Kroah-Hartman has announced the release of the 5.18.15, 5.15.58, 5.10.134, 5.4.208, 4.19.254, 4.14.290, and 4.9.325 stable kernels. As usual, these kernels contain important fixes throughout the tree. Note that the Retbleed mitigations have not been backported any further back than the 5.10.x series at this point.

As a general rule, virtualization mechanisms are designed to provide strong isolation between a host and the guest systems that it runs. The guests are not trusted, and their ability to access or influence anything outside of their virtual machines must be tightly controlled. So a patch series allowing guests to execute arbitrary system calls in the host context might be expected to be the cause of significantly elevated eyebrows across the net. Andrei Vagin has posted such a series with the expected results.

Security updates have been issued by Fedora (xorg-x11-server and xorg-x11-server-Xwayland), SUSE (aws-iam-authenticator, ldb, samba, libguestfs, samba, and u-boot), and Ubuntu (firefox, intel-microcode, libtirpc, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-gcp-5.4, linux-gke-5.4, mysql-5.7, and mysql-5.7, mysql-8.0).

The relatively new io_uring subsystem has changed the way asynchronous I/O is done on Linux systems and improved performance significantly. It has also, however, begun to run up a record of disagreements with the kernel's security community. A recent discussion about security hooks for the new uring_cmd mechanism shows how easily requirements can be overlooked in a complex system with no overall supervision.

Security updates have been issued by Debian (firefox-esr), Fedora (chromium, gnupg1, java-17-openjdk, osmo, and podman), Oracle (grafana and java-17-openjdk), Red Hat (389-ds:1.4, container-tools:rhel8, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, pandoc, squid, and squid:4), Slackware (samba), and SUSE (crash, mariadb, pcre2, python-M2Crypto, virtualbox, and xen).

The LWN.net Weekly Edition for July 28, 2022 is available.

While GUADEC, the GNOME community's annual conference, has always been held in Europe (or online-only) since it began in 2000, this year's edition was held in North America, specifically in Guadalajara, México, July 20-25. Rob McQueen gave a talk on the first day of the conference about providing solutions that bring some level of digital safety and autonomy to users—and how GNOME can help make that happen. McQueen is the CEO of the Endless OS Foundation, which is an organization geared toward those goals; he was also recently reelected as the president of the GNOME Foundation board of directors.

Daniel Vetter offers some advice for developers of locking schemes in the kernel.

Validating locking by hand against all the other locking designs and nesting rules the kernel has overall is nigh impossible, extremely slow, something only few people can do with any chance of success and hence in almost all cases a complete waste of time. We need tools to automate this, and in the Linux kernel this is lockdep.

Therefore if lockdep doesn’t understand your locking design your design is at fault, not lockdep. Adjust accordingly.

Nicholas Nethercote marks the 20th anniversary of the Valgrind 1.0 release.

It’s both delightful and surreal to see that Valgrind is still in wide use today. Julian [Seward’s] original goal was to raise the bar when it came to correctness for C and C++ programs. This has clearly been a huge success. Memcheck has found countless bugs in countless programs, and is a standard part of the testing setup for many of them.

Security updates have been issued by Debian (kernel and openjdk-17), Fedora (ceph, lua, and moodle), Oracle (java-1.8.0-openjdk), Red Hat (grafana), SUSE (git, kernel, libxml2, nodejs16, and squid), and Ubuntu (imagemagick, protobuf-c, and vim).

Docker has transformed the way many people develop and deploy software. It wasn't the first implementation of containers on Linux, but Docker's ideas about how containers should be structured and managed were different from its predecessors. Those ideas matured into industry standards, and an ecosystem of software has grown around them. Docker continues to be a major player in the ecosystem, but it is no longer the only whale in the sea — Red Hat has also done a lot of work on container tools, and alternative implementations are now available for many of Docker's offerings.

Security updates have been issued by Debian (spip), Mageia (libtiff and logrotate), Oracle (java-1.8.0-openjdk and java-11-openjdk), SUSE (gpg2, logrotate, and phpPgAdmin), and Ubuntu (python-bottle).

The Creative Commons CC0 license is essentially a public-domain declaration (or as close as is possible in jurisdictions that lack a public domain). The Fedora project has allowed the distribution of code under this license, but, as announced by Richard Fontana, that policy is changing and CC0 will no longer be allowed for code:

The reason for the change: Over a long period of time a consensus has been building in FOSS that licenses that preclude any form of patent licensing or patent forbearance cannot be considered FOSS. CC0 has a clause that says: "No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document."

Existing CC0-licensed packages may be grandfathered in, but that evidently has not yet been decided.

A 64-bit pointer can address a lot of memory — far more than just about any application could ever need. As a result, there are bits within that pointer that are not really needed to address memory, and which might be put to other needs. Storing a few bits of metadata within a pointer is a common enough use case that multiple architectures are adding support for it at the hardware level. Intel is no exception; support for its "Linear Address Masking" (LAM) feature has been slowly making its way toward the mainline kernel.

Security updates have been issued by Debian (chromium, djangorestframework, gsasl, and openjdk-11), Fedora (giflib, openssl, python-ujson, and xen), Mageia (virtualbox), SUSE (git, gpg2, java-1_7_1-ibm, java-1_8_0-ibm, java-1_8_0-openjdk, mozilla-nspr, mozilla-nss, mozilla-nss, python-M2Crypto, and s390-tools), and Ubuntu (php8.1).

The Debian project, Debian.ch, and Software in the Public Interest recently filed a WIPO action to take control of the "debian.community" domain name, which has been used by Daniel Pocock to attack the Debian project and its members. Red Hat had made a similar attempt to take control of WeMakeFedora.org earlier this year, but that attempt failed. The Debian action succeeded, though; on July 19, WIPO decided in favor of the action and ordered the domain name transferred. That domain name can no longer be used, but the attacks seem certain to continue.

The 5.19-rc8 kernel prepatch is out for testing. "There's nothing really surprising in here - a few smaller fixups for the retbleed mess as expected, and the usual random one-liners elsewhere."