<!DOCTYPE html> <html lang="en"> <head><title>Welcome to LWN.net [LWN.net]</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"> <META NAME="robots" CONTENT="noai, noimageai"> <link rel="icon" href="https://static.lwn.net/images/favicon.png" type="image/png"> <link rel="alternate" type="application/rss+xml" title="LWN.net headlines" href="https://lwn.net/headlines/rss"> <link rel="stylesheet" href="/CSS/lwn"> <link rel="stylesheet" href="/CSS/nosub"> <script type="text/javascript">var p="http",d="static";if(document.location.protocol=="https:"){p+="s";d="engine";}var z=document.createElement("script");z.type="text/javascript";z.async=true;z.src=p+"://"+d+".adzerk.net/ados.js";var s=document.getElementsByTagName("script")[0];s.parentNode.insertBefore(z,s);</script> <script type="text/javascript"> var ados_keywords = ados_keywords || []; if( location.protocol=='https:' ) { ados_keywords.push('T:SSL'); } else { ados_keywords.push('T:HTTP'); } var ados = ados || {}; ados.run = ados.run || []; ados.run.push(function() { ados_add_placement(4669, 20979, "azk13321_leaderboard", 4).setZone(16026); ados_add_placement(4669, 20979, "azk93271_right_zone", [5,10,6]).setZone(16027); ados_add_placement(4669, 20979, "azk31017_tracking", 20).setZone(20995); ados_keywords.push('S:Homepage'); ados_setKeywords(ados_keywords.join(', ')); ados_load(); });</script> </head> <body> <a name="t"></a> <div id="menu"><a href="/"><img src="https://static.lwn.net/images/logo/barepenguin-70.png" class="logo" border="0" alt="LWN.net Logo"> <span class="logo">LWN<br>.net</span> <span class="logobl">News from the source</span></a> <a href="/"><img src="https://static.lwn.net/images/lcorner-ss.png" class="sslogo" border="0" alt="LWN"></a><div class="navmenu-container"> <ul class="navmenu"> <li><a class="navmenu" href="#t"><b>Content</b></a><ul><li><a href="/current/">Weekly Edition</a></li><li><a href="/Archives/">Archives</a></li><li><a href="/Search/">Search</a></li><li><a href="/Kernel/">Kernel</a></li><li><a href="/Security/">Security</a></li><li><a href="/Calendar/">Events calendar</a></li><li><a href="/Comments/unread">Unread comments</a></li><li><hr></li><li><a href="/op/FAQ.lwn">LWN FAQ</a></li><li><a href="/op/AuthorGuide.lwn">Write for us</a></li></ul></li> </ul></div> </div> <!-- menu --> <div class="not-handset" style="margin-left: 10.5em; display: block;"> <div class="not-print"> <div id="azk13321_leaderboard"></div> </div> </div> <div class="topnav-container"> <div class="not-handset"><form action="https://lwn.net/Login/" method="post" name="loginform" class="loginform"> <label><b>User:</b> <input type="text" name="uname" value="" size="8" id="uc" /></label> <label><b>Password:</b> <input type="password" name="pword" size="8" id="pc" /></label> <input type="hidden" name="target" value="//" /> <input type="submit" name="submit" value="Log in" /></form> | <form action="https://lwn.net/subscribe/" method="post" class="loginform"> <input type="submit" name="submit" value="Subscribe" /> </form> | <form action="https://lwn.net/Login/newaccount" method="post" class="loginform"> <input type="submit" name="submit" value="Register" /> </form> </div> <div class="handset-only"> <a href="/subscribe/"><b>Subscribe</b></a> / <a href="/Login/"><b>Log in</b></a> / <a href="/Login/newaccount"><b>New account</b></a> </div> </div><div class="maincolumn flexcol"> <div class="middlecolumn"> <div class="PageHeadline"> <h1>Welcome to LWN.net</h1> </div> <div class="ArticleText"> <blockquote style="margin-top: 0"> LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See <a href="/op/FAQ.lwn">the LWN FAQ</a> for more information, and please consider <a href="/subscribe/Info">subscribing</a> to gain full access and support our activities. </blockquote> <p> <div class="FPBox"><div class="FPLeft"> <h2 class="Headline">[<span class="Subscription">$</span>] An update on torn-write protection</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 9, 2025 15:26 UTC (Wed) by jake</span> <p> In a combined storage and filesystem track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit, John Garry continued the theme of "untorn" (or atomic) writes that started in <a href="/Articles/1016015/">the previous session</a>. It was also an update on where things have gone for untorn writes since his <a href="/Articles/974578/">session at last year's summit</a>. Beyond that, he looked at some of the plans and challenges for the feature in the future. <p> <a href="/Articles/1016406/">Full Story</a> (<a href="/Articles/1016406/#Comments">comments: 2</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Debian Project Leader election 2025 edition</h2> <div class="BlurbListing"> <span class="Smaller">[Distributions] Posted Apr 9, 2025 14:58 UTC (Wed) by jzb</span> <p> <p>Four candidates have stepped up to run in the <a href="https://www.debian.org/vote/2025/vote_001">2025 Debian Project Leader</a> (DPL) election. <a href="https://www.debian.org/vote/2025/platforms/tille">Andreas Tille</a>, who is in his first term as DPL, is running again. <a href="https://www.debian.org/vote/2025/platforms/srud">Sruthi Chandran</a>, <a href="https://www.debian.org/vote/2025/platforms/locutusofborg">Gianfranco Costamagna</a>, and <a href="https://www.debian.org/vote/2025/platforms/jak">Julian Andres Klode</a> are the other candidates running for a chance to serve a term as DPL. The campaigning phase ended on April&nbsp;5, and Debian members began voting on April&nbsp;6. Voting ends on April&nbsp;19. This year, the campaign period has been lively and sometimes contentious, touching on problems with Debian team delegations and finances.</p> <p> <a href="/Articles/1016107/">Full Story</a> (<a href="/Articles/1016107/#Comments">comments: 7</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] A new type of spinlock for the BPF subsystem</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 9, 2025 14:33 UTC (Wed) by daroc</span> <p> <p> The 6.15 merge window saw the inclusion of a new type of lock for BPF programs: a resilient queued spinlock that Kumar Kartikeya Dwivedi has been working on for some time. Eventually, he hopes to convert all of the spinlocks currently used in the BPF subsystem to his new lock. He gave a remote presentation about the design of the lock at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF summit. </p> <p> <a href="/Articles/1016674/">Full Story</a> (<a href="/Articles/1016674/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Improving hot-page detection and promotion</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 9, 2025 13:47 UTC (Wed) by corbet</span> <p> Tiered-memory systems feature multiple types of memory with varying performance characteristics; on such systems, good performance depends on keeping the most frequently used data in the fastest memory. Identifying that data and placing it properly is a challenge that has kept developers busy for years. Bharata Rao, presenting remotely during a memory-management-track session at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, led a discussion on <a href="/Articles/1014220/#hotpage">a potential solution</a> he has recently posted; Raghavendra K&nbsp;T was also named on <a href="/ml/linux-mm/20250123105721.424117-1-raghavendra.kt@amd.com/">the session proposal</a>. It seems likely, based on the discussion, that developers working in this area will not run out of problems anytime soon. <p> <a href="/Articles/1016519/">Full Story</a> (<a href="/Articles/1016519/#Comments">comments: 4</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Two approaches to better kernel samepage merging</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 9, 2025 13:45 UTC (Wed) by corbet</span> <p> The <a href="https://docs.kernel.org/admin-guide/mm/ksm.html">kernel samepage merging (KSM)</a> subsystem works by finding pages in memory with the same contents, then replacing the duplicated copies with a single, shared copy. KSM can improve memory utilization in a system, but has some problems as well. In two memory-management-track sessions at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, Mathieu Desnoyers and Sourav Panda proposed improvements to KSM to make it work better for specific use cases. <p> <a href="/Articles/1016426/">Full Story</a> (<a href="/Articles/1016426/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Taking notes with Joplin</h2> <div class="BlurbListing"> <span class="Smaller">[Development] Posted Apr 8, 2025 15:17 UTC (Tue) by azathoth</span> <p> <p><a href="https://joplinapp.org/">Joplin</a> is an open-source note-taking application designed to handle taking many kinds of notes, whether it is managing code snippets, writing documentation, jotting down lecture notes, or drafting a novel. Joplin has Markdown support, a plugin system for extensibility, and accepts multimedia content, allowing users to attach images, videos, and audio files to their notes. It can provide synchronization of content across devices using end-to-end encryption, or users can opt to stick to local storage only. Joplin even offers a <a href="https://joplinapp.org/help/apps/terminal/">command-line version</a> for terminal-based usage. <a href="https://joplinapp.org/news/20250114-release-3-2/">Joplin 3.2</a>, the most recent feature release, brought long-awaited multi-window support, multi-column layouts, enhanced accessibility, and theme detection.</p> <p> <a href="/Articles/1016400/">Full Story</a> (<a href="/Articles/1016400/#Comments">comments: 2</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Using large folios for text areas</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 8, 2025 13:57 UTC (Tue) by corbet</span> <p> Quite a bit of work has been done in recent years to allow the kernel to make more use of large folios. That progress has not yet reached the handling of text (executable code) areas, though. During the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, Ryan Roberts ran a session on how that situation might be improved. It would be a relatively small and contained operation, but can give a measurable performance improvement. <p> <a href="/Articles/1016416/">Full Story</a> (<a href="/Articles/1016416/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Per-CPU memory for user space</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 8, 2025 13:37 UTC (Tue) by corbet</span> <p> The kernel makes extensive use of per-CPU data as a way to avoid contention between processors and improve scalability. Using the same technique in user space is harder, though, since there is little control over which CPU a process may be running on at any given time. That hasn't stopped Mathieu Desnoyers from trying, though; in the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, he presented a proposal for how user-space per-CPU memory could work. <p> <a href="/Articles/1016408/">Full Story</a> (<a href="/Articles/1016408/#Comments">comments: 2</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] An update on pahole</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 7, 2025 21:01 UTC (Mon) by daroc</span> <p> <p> Pahole (originally "Poke-a-hole") is a Swiss Army knife for exploring and editing debug information. Pahole is also currently involved in the kernel's build process to rearrange the information produced by various compilers into a form useful to the BPF verifier, although there are plans to render it unnecessary. Pahole maintainer Arnaldo Carvalho de Melo shared some status updates about the project at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. Interested readers can find his slides <a href="http://vger.kernel.org/~acme/prez/lsfmm-bpf-2025/">here</a>. </p> <p> <a href="/Articles/1016243/">Full Story</a> (<a href="/Articles/1016243/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">[<span class="Subscription">$</span>] Three ways to rework the swap subsystem</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 7, 2025 15:01 UTC (Mon) by corbet</span> <p> The kernel's swap subsystem is complex and highly optimized — though not always optimized for today's workloads. In three adjacent sessions during the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, Kairui Song, Nhat Pham, and Usama Arif all talked about some of the problems that they are trying to solve in the Linux swap subsystem. In the first two cases, the solutions take the form of an additional layer of indirection in the kernel's swap map; the third, which enables swap-in of large folios, may or may not be worthwhile in the end. <p> <a href="/Articles/1016136/">Full Story</a> (<a href="/Articles/1016136/#Comments">comments: 14</a>) <p> </div> </div> <div class="FPRight"> <h2 class="Headline">Hardening the Firefox frontend</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 9, 2025 18:00 UTC (Wed) by jzb</span> <p> <p>Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have published an <a href="https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html">article</a> on the Firefox Security team's <span class="nobreak"><a href="https://attackanddefense.dev/">Attack &amp; Defense</a></span> blog that explains recent work to harden Firefox's frontend code.</p> <blockquote class="bq"> We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox. </blockquote> <p> <a href="/Articles/1016978/#Comments">Comments (none posted)</a> <p> </div> <h2 class="Headline">OpenSSH 10.0 released</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 9, 2025 13:18 UTC (Wed) by jzb</span> <p> <p><a href="https://www.openssh.com/releasenotes.html#10.0p1">OpenSSH 10.0</a> has been released. Support for the DSA signature algorithm, which was disabled by default beginning in 2015, has been removed. Other notable changes include using the <span class="nobreak">post-quantum</span> algorithm <a href="https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03#name-mlkem768x25519-sha256">mlkem768x25519-sha256</a> for key agreement by default, support for systemd-style socket activation in <a href="https://www.openssh.com/portable.html">Portable OpenSSH</a>, and moving code for user authentication from the <tt>sshd-session</tt> binary to the new <tt>ssh-auth</tt> binary:</p> <blockquote class="bq"> Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary. </blockquote> <p>The release notes also warn that "<q>software that naively matches versions using patterns like "OpenSSH_1*"</q>" may be confused by the new version number.</p> <p> <a href="/Articles/1016924/#Comments">Comments (1 posted)</a> <p> </div> <h2 class="Headline">Security updates for Wednesday</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 9, 2025 13:01 UTC (Wed) by jzb</span> <p> Security updates have been issued by <b>Debian</b> (lemonldap-ng, libbssolv-perl, and phpmyadmin), <b>Fedora</b> (augeas, mariadb10.11, and thunderbird), <b>Oracle</b> (gimp, libxslt, python3.11, python3.12, tomcat, and xorg-x11-server), <b>Red Hat</b> (expat, grafana, opentelemetry-collector, and webkit2gtk3), <b>SUSE</b> (azure-cli-core, doomsday, kernel, and poppler), and <b>Ubuntu</b> (dotnet8, dotnet9, erlang, and poppler). <p> <a href="/Articles/1016923/">Full Story</a> (<a href="/Articles/1016923/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">OpenSSL 3.5.0 released</h2> <div class="BlurbListing"> <span class="Smaller">[Development] Posted Apr 8, 2025 19:13 UTC (Tue) by jzb</span> <p> <p><a href="https://github.com/openssl/openssl/releases/tag/openssl-3.5.0">Version 3.5.0</a> of OpenSSL has been released. This release adds support for server-side QUIC (<a href="https://datatracker.ietf.org/doc/html/rfc9000">RFC 9000</a>), a new configuration option (<tt>no-tls-deprecated-ec</tt>) that disables support for TLS groups deprecated in <a href="https://www.rfc-editor.org/rfc/rfc8422">RFC 8422</a>, and more.</p> <p> <a href="/Articles/1016851/">Comments (1 posted)</a> <p> </div> <h2 class="Headline">FreeDOS 1.4 released</h2> <div class="BlurbListing"> <span class="Smaller">[Distributions] Posted Apr 8, 2025 17:54 UTC (Tue) by jzb</span> <p> <p><a href="https://www.freedos.org/download/announce.html">Version 1.4</a> of <a href="https://www.freedos.org/">FreeDOS</a> has been released. This is the first stable release since 2022, and includes improvements to the Fdisk hard-disk-management program, and reliability updates for the mTCP set of TCP/IP applications for DOS.</p> <blockquote class="bq"> <p>This version was much smoother because Jerome Shidel, our distribution manager, had an idea after FreeDOS 1.3 that we could have a rolling test release that collected all of the changes that people make over time. Previous to this, each new FreeDOS distribution (like 1.0, 1.1, 1.2, and 1.3) required bundling up packages into a "release candidate," and we would go through several iterations of updating the release candidates.</p> <p>Jerome's method of building the FreeDOS distribution made it easier to automate a test release, which we decided to update every month. As the test releases accumulated enough changes to warrant a release, we could then make the next test release a "release candidate" which would iterate to the next version of the FreeDOS distribution. Since 2022, we've released monthly test releases. Thanks Jerome!</p> </blockquote> <p>LWN <a href="https://lwn.net/Articles/979780/">covered</a> FreeDOS last year for its 30th anniversary.</p> <p> <a href="/Articles/1016849/#Comments">Comments (none posted)</a> <p> </div> <h2 class="Headline">Security updates for Tuesday</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 8, 2025 13:35 UTC (Tue) by corbet</span> <p> Security updates have been issued by <b>AlmaLinux</b> (gimp, libxslt, python3.11, python3.12, and tomcat), <b>Debian</b> (ghostscript and libnet-easytcp-perl), <b>Fedora</b> (openvpn, perl-Data-Entropy, and webkitgtk), <b>Red Hat</b> (python-jinja2), <b>SUSE</b> (giflib, pam, and xen), and <b>Ubuntu</b> (apache2, binutils, expat, fis-gtm, linux-azure, linux-azure-6.8, linux-nvidia-lowlatency, linux-azure, linux-azure-fde, linux-azure-5.15, linux-azure-fde-5.15, linux-azure-fips, linux-gcp-fips, linux-hwe-5.4, linux-nvidia, linux-nvidia-tegra-igx, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and vim). <p> <a href="/Articles/1016774/">Full Story</a> (<a href="/Articles/1016774/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">Fifty Years of Open Source Software Supply Chain Security (Queue)</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 7, 2025 19:56 UTC (Mon) by corbet</span> <p> ACM Queue <a href="https://queue.acm.org/detail.cfm?id=3722542">looks at the security problem</a> in the light of a report on Multics security that was published in 1974. <p> <blockquote class="bq"> We are all struggling with a massive shift that has happened in the past 10 or 20 years in the software industry. For decades, software reuse was only a lofty goal. Now it's very real. Modern programming environments such as Go, Node, and Rust have made it trivial to reuse work by others, but our instincts about responsible behaviors have not yet adapted to this new reality. <p> The fact that the 1974 Multics review anticipated many of the problems we face today is evidence that these problems are fundamental and have no easy answers. We must work to make continuous improvements to open source software supply chain security, making attacks more and more difficult and expensive. </blockquote> <p> <a href="/Articles/1016715/#Comments">Comments (9 posted)</a> <p> </div> <h2 class="Headline">Five new stable kernels</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 7, 2025 13:48 UTC (Mon) by jake</span> <p> The <a href="/Articles/1016665/">6.14.1</a>, <a href="/Articles/1016666/">6.13.10</a>, <a href="/Articles/1016667/">6.12.22</a>, <a href="/Articles/1016668/">6.6.86</a>, and <a href="/Articles/1016669/">6.1.133</a> stable kernels have all been released. They contain a relatively small collection of important fixes across the kernel tree. <p> <a href="/Articles/1016664/">Comments (none posted)</a> <p> </div> <h2 class="Headline">Security updates for Monday</h2> <div class="BlurbListing"> <span class="Smaller">[Security] Posted Apr 7, 2025 13:42 UTC (Mon) by jake</span> <p> Security updates have been issued by <b>Debian</b> (abseil, atop, jetty9, ruby-saml, tomcat10, trafficserver, xz-utils, and zfs-linux), <b>Fedora</b> (chromium, condor, containernetworking-plugins, cri-tools1.29, crosswords-puzzle-sets-xword-dl, exim, ghostscript, matrix-synapse, upx, varnish, and yarnpkg), <b>Gentoo</b> (XZ Utils), <b>Mageia</b> (augeas, corosync, nss &amp; firefox, and thunderbird), <b>Oracle</b> (container-tools:ol8, firefox, freetype, and kernel), <b>Red Hat</b> (firefox), <b>SUSE</b> (chromium, gn, firefox-esr, go1.23-1.23.8, go1.24, go1.24-1.24.2, google-guest-agent, govulncheck-vulndb, gsl, python311-ecdsa, thunderbird, and webkit2gtk3), and <b>Ubuntu</b> (kamailio, libdbd-mysql-perl, linux-nvidia, linux-nvidia-6.8, and tomcat9). <p> <a href="/Articles/1016663/">Full Story</a> (<a href="/Articles/1016663/#Comments">comments: none</a>) <p> </div> <h2 class="Headline">Kernel prepatch 6.15-rc1</h2> <div class="BlurbListing"> <span class="Smaller">[Kernel] Posted Apr 6, 2025 23:09 UTC (Sun) by corbet</span> <p> Linus has <a href="/Articles/1016576/">released 6.15-rc1</a> and closed the merge window for this release. "<q>As expected, this was one of the bigger merge windows, almost certainly just because we had some pent-up development due to the previous releases being impacted by the holiday season. That said, while it's bigger than normal, it's not some kind of record-breaking thing.</q>". In the end, 12.633 non-merge changesets were pulled into the mainline during this merge window. <p> <a href="/Articles/1016577/">Comments (none posted)</a> <p> </div> </div> </div> <p><a href="/Articles/?offset=10">--&gt; More news items</a> </div> <!-- ArticleText --> </div> <!-- middlecolumn --> <div class="rightcol not-print"> <div id="azk93271_right_zone"></div> </div> </div> <!-- maincolumn --> <br clear="all"> <center> <P> <span class="ReallySmall"> Copyright &copy; 2025, Eklektix, Inc.<BR> Comments and public postings are copyrighted by their creators.<br> Linux is a registered trademark of Linus Torvalds<br> </span> </center> </body></html>