lwn.net

Block I/O performance can be one of the determining factors for the performance of a system as a whole, especially on systems with slower drives. The need to optimize I/O patterns has led to the development of a long series of I/O schedulers over the years; one of the most recent of those is BFQ, which was merged during the 4.12 development cycle. BFQ incorporates an impressive set of heuristics designed to improve interactive performance, but it has, thus far, seen relatively little uptake in deployed systems. An attempt to make BFQ the default I/O scheduler for some types of storage devices has raised some interesting questions, though, on how such decisions should be made.

Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).

Beyond just encrypting messages, and thus providing secrecy, the OpenPGP standard also enables digitally signing messages to authenticate the sender. Email applications and plugins usually verify these signatures automatically and will show whether an email contains a valid signature. However, with a surprisingly simple attack, it's often possible to fool users by faking — or spoofing — the indication of a valid signature using HTML email.

Here's a Linux Journal article from one of the creators of the Tutanota encrypted email client. "That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS. Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising."

Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

The LWN.net Weekly Edition for October 11, 2018 is available.

The Android Developers Blog describes the control-flow integrity work that is shipping on the Pixel 3 handset. "LLVM's CFI implementation adds a check before each indirect branch to confirm that the target address points to a valid function with a correct signature. This prevents an indirect branch from jumping to an arbitrary code location and even limits the functions that can be called. As C compilers do not enforce similar restrictions on indirect branches, there were several CFI violations due to function type declaration mismatches even in the core kernel that we have addressed in our CFI patch sets for kernels 4.9 and 4.14."

At the 2018 X.Org Developers Conference, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU for QEMU. He looked at the project's history along with what has happened with it over the last year or so. As is usual in a status update talk, he finished with some thoughts about future plans for virgl. For the last year, Tournier has been working on virgl for Collabora.

Microsoft has announced that it has joined the Open Invention Network (OIN). "We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs."

Stable kernels 4.18.13, 4.14.75, 4.9.132, and 4.4.160 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

Continuous integration (CI) has become increasingly prevalent in open-source projects over the last few years. Intel has been active in building CI systems for graphics, both for the kernel side and for the Mesa-based user-space side of the equation. Mark Janes and Clayton Craft gave a presentation on Intel's Mesa CI system at the 2018 X.Org Developers Conference (XDC), which was held in A Coruña, Spain in late September. The Mesa CI system is one of the earliest successful CI initiatives in open source that he knows of, Janes said. It is a core component of Mesa development, especially at Intel.

Brendan Gregg introduces the bpftrace tracing tool. "bpftrace was created as an even higher-level front end for custom ad-hoc tracing, and can serve a similar role as DTrace. We've been adding bpftrace features as we need them, not just because DTrace had them. I can think of over a dozen things that DTrace can do that bpftrace currently cannot, including custom aggregation printing, shell arguments, translators, sizeof(), speculative tracing, and forced panics."

Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon).

PCI Express hotplug has been supported in Linux for fourteen years. The code, which is aging, is currently undergoing a transformation to fit the needs of contemporary applications such as hot-swappable flash drives in data centers and power-manageable Thunderbolt controllers in laptops. Time for a roundup.

Nadav Amit decided to dig into why some small kernel functions were not being inlined by GCC; the result is a detailed investigation into how these things can go wrong. "Ignoring the assembly shenanigans that this code uses, we can see that in practice it generates a single ud2 instruction. However, the compiler considers this code to be 'big' and consequently oftentimes does not inline functions that use WARN() or similar functions. The reason turns to be the newline characters (marked as '\n' above). The kernel compiler, GCC, is unaware to the code size that will be generated by the inline assembly. It therefore tries to estimate its size based on newline characters and statement separators (';' on x86)."

Security updates have been issued by Debian (adplug, git, php-horde, php-horde-core, and php-horde-kronolith), Fedora (firefox, liblouis, libmad, mediawiki, opensc, php-horde-horde, php-horde-Horde-Core, php-horde-kronolith, and rust), Gentoo (imagemagick, openssh, and sox), openSUSE (ghostscript, gitolite, java-1_8_0-openjdk, kernel, php5, php7, python, thunderbird, tomcat, and unzip), Red Hat (firefox and rh-haproxy18-haproxy), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, qpdf, soundtouch, and texlive).

The 4.19-rc7 kernel prepatch is out. "Given the current rate of change, and looking at the travel/conference schedule happening this month, it seems like we will be having a -rc8 just to be sure 4.19 is solid as well as not having to be in the middle of a merge window during a conference week."

The release of 4.19-rc6 on September 30 is an indication that the 4.19 development cycle is heading toward its conclusion. Naturally, that means it's time to have a look at where the contributions for this cycle came from. The upheavals currently playing out in the kernel community do not show at this level, but there are some new faces to be seen in the top contributors this time around.

It would be reasonable to expect doing nothing to be an easy, simple task for a kernel, but it isn't. At Kernel Recipes 2018, Rafael Wysocki discussed what CPUs do when they don't have anything to do, how the kernel handles this, problems inherent in the current strategy, and how his recent rework of the kernel's idle loop has improved power consumption on systems that aren't doing anything.