lwn.net

Kernel.org manager Konstantin Ryabitsev describes the Git signed-push functionality, which is now supported by the kernel.org system. "To help hedge against this problem, git provides developers a way to sign their actual pushes, as a means to attest 'yes, I actually did intend to push these commits into this ref in this repository on this server, and here's my PGP signature to prove it.'" Among other things, these signatures can be preserved in a commit transparency log, which is also now provided by kernel.org.

Alyssa Rosenzweig reports on the progress of the Panfrost driver. "Since our previous update on Panfrost, the open source stack for Arm's Mali Midgard and Bifrost GPUs, we've focused on taking our driver from its reverse-engineered origins on Midgard to a mature stack. We've overhauled both the Gallium driver and the backend compiler, and as a result, Mesa 20.3 -- scheduled for release at the end-of-the-month -- will feature some Bifrost support out-of-the-box."

Security updates have been issued by Debian (blueman and wordpress), Fedora (fastd, kernel, and samba), Gentoo (bluez, fossil, kpmcore, libssh, and opendmarc), openSUSE (claws-mail and icinga2), and Ubuntu (blueman).

For those who are following along with Linus Walleij's detailed writeup of how the 32-bit Arm bootstrap process works, he has posted two new installments (part 1, part 2) on what happens once virtual memory is enabled. "This init task is task 0. It is not identical to task 1, which will be the init process. That is a completely different task that gets forked in userspace later on. This task is only about providing context for the kernel itself, and a point for the first task (task 1) to fork from. The kernel is very dependent on context as we shall see, and that is why its thread/task information and even the stack pointer for this 'task zero' is hardcoded into the kernel like this. This 'zero task' does not even appear to userspace if you type ps aux, it is hidden inside the kernel."

Overclocking the processor — running it above its specified maximum frequency to increase performance — is a familiar operation for many readers. Sometimes, however, it is necessary to go the other direction and decrease a processor's operating power point by lowering its voltage to avoid overheating. Recently, Jason Donenfeld submitted a short patch removing a warning emitted by the kernel when user space accesses special processor registers that allow this "undervolting" on x86 processors. It caused a long discussion that might result in a kernel interface to allow users to safely control their processor's voltage.

The net today carries the sad news that Dan Kohn has passed away. Among other things, Dan played a huge role in the establishment of the Linux Foundation and a number of its initiatives, including the Cloud Native Computing Foundation and LF Public Health. He will be missed.

Security updates have been issued by Debian (cimg, junit4, kernel, openldap, qtsvg-opensource-src, spice, spice-gtk, tzdata, and wireshark), Fedora (firefox, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), openSUSE (apache2, binutils, libvirt, lout, pacemaker, pagure, phpMyAdmin, samba, sane-backends, singularity, spice, spice-gtk, thunderbird, nspr, tomcat, virt-bootstrap, and xen), SUSE (graphviz, liblouis, and samba), and Ubuntu (samba).

The second 5.10 kernel prepatch is out for testing. "Despite the size, I don't get the feeling that there's anything really odd going on, and so far the release seems to be going smoothly. But please test, that's how we find problems."

The 5.9.3, 5.8.18, and 5.4.74 stable kernel updates are out; each contains another set of important fixes.

Linux distributors are in the business of integrating software from multiple sources, packaging the result, and making it available to their users. It has long been true that some projects are easier to package than others. The Debian technical committee (TC) is currently being asked to make a decision in a dispute over how an especially hard-to-package project — Kubernetes — should be handled. Regardless of the eventual outcome, this disagreement clearly shows how the packaging model used by Linux distributors is increasingly mismatched to how software is often developed in the 2020s; what should replace that model is rather less clear, though.

Security updates have been issued by Debian (dompurify.js, libsndfile, and openjdk-8), Fedora (python2), Mageia (tomcat), openSUSE (lout, pagure, php7, singularity, and tensorflow2), SUSE (graphviz, libvirt, pacemaker, python-Jinja2, samba, spice, spice-gtk, thunderbird and mozilla-nspr, xen, and zstd), and Ubuntu (fastd).

The kernel's tracing infrastructure is designed to be fast and to interfere as little as possible with the normal operation of the system. One consequence of this requirement is that the code that runs when a tracepoint is hit cannot sleep; otherwise execution of the tracepoint could add an arbitrary delay to the execution of the real work the kernel should be doing. There are times, though, that the ability to sleep within a tracepoint would be handy, delays notwithstanding. The sleepable tracepoints patch set from Michael Jeanson sets the stage to make it possible for (some) tracepoint handlers to take a nap while performing their tasks — but stops short of completing the job for now.

Greg Kroah-Hartman has announced the release of seven new stable kernels: 5.9.2, 5.8.17, 5.4.73, 4.19.153, 4.14.203, 4.9.241, and 4.4.241. These are extremely large updates, with important fixes throughout the tree. Users of these kernel series should upgrade.

Security updates have been issued by Debian (linux-4.19), Fedora (tcpreplay, xen, and yubihsm-shell), SUSE (pacemaker), and Ubuntu (gosa and pam-python).

The LWN.net Weekly Edition for October 29, 2020 is available.

Python has keyword arguments for functions that is a useful (and popular) feature; it can make reading the code more clear and eliminate the possibility of passing arguments in the wrong order. Python can also index an object in various ways to refer to a subset or an aspect of the object. Bringing the idea of keywords to indexing would provide a way to get the clarity benefit for indexing operations; doing so has been discussed in Python circles for a long time. Some renewed interest, in the form of lengthy discussions on the python-ideas mailing list and a new Python enhancement proposal (PEP), look like they just might take keyword indexing over the finish line.

Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).

Address-space isolation is the technique of removing a range of memory from one or more address spaces as a way of preventing accidental or malicious access to that memory. Since the disclosure of the Meltdown and Spectre vulnerabilities, the kernel has used one form of address-space isolation to make kernel memory completely inaccessible to user-space processes, for example. There has been a steady level of interest in using similar techniques to protect memory in other contexts; two patches implementing new isolation mechanisms are getting closer to being ready for merging into the mainline kernel.

Security updates have been issued by Debian (thunderbird), Fedora (createrepo_c, dnf-plugins-core, dnf-plugins-extras, librepo, livecd-tools, and pdns-recursor), openSUSE (firefox and mailman), Oracle (firefox), Red Hat (chromium-browser, java-1.8.0-openjdk, and Satellite 6.8), Scientific Linux (java-1.8.0-openjdk), SUSE (libvirt), and Ubuntu (blueman, firefox, mysql-5.7, mysql-8.0, php7.4, and ruby-kramdown).

The Fedora 33 release is now available in a variety of editions, including the newly promoted IoT edition. "No matter what variant of Fedora you use, you’re getting the latest the open source world has to offer. Following our 'First' foundation, we’ve updated key programming language and system library packages, including Python 3.9, Ruby on Rails 6.0, and Perl 5.32. In Fedora KDE, we’ve followed the work in Fedora 32 Workstation and enabled the EarlyOOM service by default to improve the user experience in low-memory situations. To make the default Fedora experience better, we’ve set nano as the default editor." A number of the more significant Fedora 33 changes were covered here in June.