Vue lecture

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.

Min: sched_ext: scheduler architecture and interfaces

Changwoo Min has posted an introduction to writing custom schedulers with sched_ext.

In a particular situation, when each scheduling policy needs its specific action, the core kernel scheduler calls an operation defined in struct sched_class. For example, when the core kernel scheduler needs to select a task to be scheduled, it calls the sched_class.pick_next_task(rq) callback of a concrete scheduling policy. When a task becomes runnable, the core kernel scheduler calls sched_class.enqueue(rq, p, flags) so the concrete scheduling policy enqueues task p to run queue rq. When a task's runtime state needs to be updated, the core kernel scheduler calls sched_class.update_curr(rq).

[$] The GhostBSD in the machine

GhostBSD is a desktop-oriented operating system based on FreeBSD and the MATE Desktop Environment. The goal of the project is to lower the barrier to entry of using FreeBSD on a desktop or laptop system, and it largely succeeds at this. While it has a few rough edges that make it hard to recommend for the average desktop user, it is a fine choice for users who want a desktop with FreeBSD underpinnings such as the Z File System (ZFS), and the Ports (source) and Packages (binary) software collections.

Security updates for Monday

Security updates have been issued by AlmaLinux (ipa and libreswan), Debian (netty), Fedora (python-PyMySQL, tomcat, and webkitgtk), Gentoo (Flatpak, GLib, JHead, LZ4, and RDoc), Mageia (thunderbird), Oracle (nghttp2 and thunderbird), Red Hat (dnsmasq, libreswan, pki-core, and python3.11), Slackware (emacs), SUSE (gnome-settings-daemon, libarchive, qpdf, vte, and wget), and Ubuntu (libhibernate3-java).

Emacs 29.4 released

Version 29.4 of the Emacs editor has been released. This is "an emergency bugfix release" fixing a vulnerability that can cause the editor to execute arbitrary shell code in Org mode. Anybody who runs Emacs on untrusted files — including those using Gnus or one of the Emacs mail modes — should be looking to update. For those who cannot update, a pair of messages from Russ Allbery and Florian Weimer investigates how to disable the Org-mode evaluation, a task that is seemingly more complicated than it should be.

Kernel prepatch 6.10-rc5

The 6.10-rc5 kernel prepatch is out for testing. "So far, the 6.10 release cycle has been fairly calm, and rc5 continues that trend. Let's hope things stay that way."

Larry Finger RIP

The linux-wireless mailing list carries the terse notice that longtime networking developer Larry Finger passed away on June 21. The LWN Kernel Source Database shows that Finger contributed to 94 releases in the (Git era) kernel history, starting with 2.6.16 — 1,464 commits in total. He will be missed.

[$] Rust for filesystems

At the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit, Wedson Almeida Filho and Kent Overstreet led a combined storage and filesystem session on using Rust for Linux filesystems. Back in December 2023, Almeida had posted an RFC patch set with some Rust abstractions for filesystems, which resulted in some disagreement over the approach. On the same mid-May day as the session, he posted a second version of the RFC patches, which he wanted to discuss along with other Rust-related topics.

Security updates for Friday

Security updates have been issued by AlmaLinux (firefox, ghostscript, idm:DL1, and thunderbird), Debian (php8.2 and putty), Mageia (chromium-browser-stable), Oracle (ghostscript and thunderbird), Red Hat (thunderbird), and SUSE (containerd, kernel, php-composer2, podofo, python-cryptography, and rmt-server).

Tor Browser 13.5 released

Version 13.5 of the privacy-focused Tor browser has been released.

Regular readers of our release posts will know that for the past two years we've been gradually increasing our capacity to not only maintain, but bring tangible improvements to Tor Browser for Android. In that respect, Tor Browser 13.5 feels like a milestone: in addition to the dozens of bug fixes and minor improvements noted in the changelog below, this release features major changes to Android's connection experience in preparation for the future addition of Connection Assist, including full access to Settings before connecting and a new, permanent home for Tor logs.

The release also features desktop user-interface improvements and enhanced fingerprinting protection.

[$] A capability set for user namespaces

User namespaces in Linux create an environment in which all privileges are granted, but their effect is contained within the namespace; they have become an important tool for the implementation of containers. They have also become a significant source of worries for people who do not like the increased attack surface they create for the kernel. Various attempts have been made to restrict that attack surface over the years; the latest is user namespace capabilities, posted by Jonathan Calmels.

[$] Updates to pahole

Arnaldo Carvalho de Melo spoke at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit about his work on Poke-a-hole (pahole), a program that has expanded greatly over the years, but which was relevant to the BPF track because it produces BPF Type Format (BTF) information from DWARF debugging information. He covered some small changes to the program, and then went into detail about the new support for data-type profiling. His slides include several examples.

Security updates for Thursday

Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3).

[$] How free software hijacked Philip Hazel's life

Philip Hazel was 51 when he began the Exim message transfer agent (MTA) project in 1995, which led to the Perl-Compatible Regular Expressions (PCRE) project in 1998. At 80, he's maintained PCRE, and its successor PCRE2, for more than 27 years. For those doing the math, that's a year longer than LWN has been in publication. Exim maintenance was handed off around the time of his retirement in 2007. Now, he is ready to hand off PCRE2 as well, if a successor can be found.

Mate 1.28 released

Version 1.28 of the MATE Desktop has been released.

MATE 1.28 has made significant strides in updating the codebase, including the removal of deprecated libraries and ensuring compatibility with the latest GTK versions. One of the most notable improvements is the enhanced support for Wayland, bringing us closer to a fully native MATE-Wayland experience. Several components have been updated to work seamlessly with Wayland, ensuring a more integrated and responsive desktop environment.

See the announcement for a full list of improvements and bug fixes.

Libgcrypt 1.11.0 released

Version 1.11.0 of Libgcrypt, a general-purpose library of cryptographic building blocks, has been released by the GnuPG project:

This release starts a new stable branch of Libgcrypt with full API and ABI compatibility to the 1.10 series. Over the last years Jussi Kivilinna put again a lot of work into speeding up the algorithms for many commonly used CPUs. Niibe-san implemented new APIs and algorithms and also integrated quantum-resistant encryption algorithms.

[$] Capturing stack traces asynchronously with BPF

Andrii Nakryiko led a session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit giving a look into the APIs for capturing stack traces using BPF, and how the APIs could be made more useful. BPF programs can capture the current stack trace of a running process, including the portion in the kernel during execution of a system call, which can be useful for diagnosing performance problems, among other things. But there are substantial problems with the existing API.

[$] How kernel CVE numbers are assigned

It has been four months since Greg Kroah-Hartman and MITRE announced that the Linux kernel project had become its own CVE Numbering Authority (CNA). Since then, the Linux CNA Team has developed workflows and mechanisms to help manage the various tasks associated with this challenge. There does however, appear to be a lack of understanding among community members of the processes and rules the team have been working within. The principal aim of this article, written by a member of the Linux kernel CNA team, is to clarify how the team works and how kernel CVE numbers are assigned.
❌