Language Selection

English French German Italian Portuguese Spanish

Latest LWN Articles About Linux (Paywall Has Just Expired)

Filed under
Linux
  • SPDX identifiers in the kernel

    Observers of the kernel's commit stream or mailing lists will have seen a certain amount of traffic referring to the addition of SPDX license identifiers to kernel source files. For many, this may be their first encounter with SPDX. But the SPDX effort has been going on for some years; this article describes SPDX, along with why and how the kernel community intends to use it.

    On its face, compliance with licenses like the GPL seems like a straightforward task. But it quickly becomes complicated for a company that is shipping a wide range of software, in various versions, in a whole set of different products. Compliance problems often come about not because a given company wants to flout a license, but instead because that company has lost track of which licenses it needs to comply with and for which versions of which software. SPDX has its roots in an effort that began in 2009 to help companies get a handle on what their compliance obligations actually are.

    It can be surprisingly hard to determine which licenses apply to a given repository full of software. The kernel's COPYING file states that it can be distributed under the terms of version 2 of the GNU General Public License. But many of the source files within the kernel tell a different story; some are BSD licensed, and many are dual-licensed. Some carry an exception to make it clear that user-space programs are not a derived product of the kernel. Occasionally, files with GPL-incompatible licenses have been found (and fixed).

  • 4.15 Merge window part 1

    When he released 4.14, Linus Torvalds warned that the 4.15 merge window might be shorter than usual due to the US Thanksgiving holiday. Subsystem maintainers would appear to have heard him; as of this writing, over 8,800 non-merge changesets have been pulled into the mainline since the opening of the 4.15 merge window. Read on for a summary of the most interesting changes found in that first set of patches.

  • 4.15 Merge window part 2

    Despite the warnings that the 4.15 merge window could be either longer or shorter than usual, the 4.15-rc1 prepatch came out right on schedule on November 26. Anybody who was expecting a quiet development cycle this time around is in for a surprise, though; 12,599 non-merge changesets were pulled into the mainline during the 4.15 merge window, 1,000 more than were seen in the 4.14 merge window. The first 8,800 of those changes were covered in this summary; what follows is a look at what came after.

  • BPF-based error injection for the kernel

    Diligent developers do their best to anticipate things that can go wrong and write appropriate error-handling code. Unfortunately, error-handling code is especially hard to test and, as a result, often goes untested; the code meant to deal with errors, in other words, is likely to contain errors itself. One way of finding those bugs is to inject errors into a running system and watching how it responds; the kernel may soon have a new mechanism for doing this sort of injection.

    As an example of error handling in the kernel, consider memory allocations. There are few tasks that can be performed in kernel space without allocating memory to work with. Memory allocation operations can fail (in theory, at least), so any code that contains a call to a function like kmalloc() must check the returned pointer and do the right thing if the requested memory was not actually allocated. But kmalloc() almost never fails in a running kernel, so testing the failure-handling paths is hard. It is probably fair to say that a large percentage of allocation-failure paths in the kernel have never been executed; some of those are certainly wrong.

  • Tools for porting drivers

    Out-of-tree drivers are a maintenance headache, since customers may want to use them in newer kernels. But even those drivers that get merged into the mainline may need to be backported at times. Coccinelle developer Julia Lawall introduced the audience at Open Source Summit Europe to some new tools that can help make both forward-porting and backporting drivers easier.

    She opened her talk by noting that she was presenting step one in her plans, she hoped to be able to report on step two next year some time. The problem she is trying to address is that the Linux kernel keeps moving on. A vendor might create a driver for the 4.4 kernel but, over the next six months, the kernel will have moved ahead by another two versions. There are lots of changes with each new kernel, including API changes that require driver changes to keep up.

    That means that vendors need to continually do maintenance on their drivers unless they get them upstream, where they will get forward-ported by the community. But the reverse problem is there as well: once a device becomes popular, customers may start asking for it to run with older kernels too. That means backporting.

More in Tux Machines

Finally: Historic Eudora email code goes open source

The source code to the Eudora email client is being released by the Computer History Museum, after five years of discussion with the IP owner, Qualcomm. The Mac software was well loved by early internet adopters and power users, with versions appearing for Palm, Newton and Windows. At one time, the brand was so synonymous with email that Lycos used Eudora to brand its own webmail service. As the Mountain View, California museum has noted, "It’s hard to overstate Eudora’s popularity in the mid-1990s." Read more Also: The Computer History Museum Just Made Eudora Open Source

Android Leftovers

Security Leftovers, Mostly 'Spectre' and 'Meltdown' Related

  • More Meltdown/Spectre Variants
  • Spectre V2 & Meltdown Linux Fixes Might Get Disabled For Atom N270 & Other In-Order CPUs
    There's a suggestion/proposal to disable the Spectre Variant Two and Meltdown mitigation by default with the Linux kernel for in-order CPUs. If you have an old netbook still in use or the other once popular devices powered by the Intel Atom N270 or other in-order processors, there may be some reprieve when upgrading kernels in the future to get the Spectre/Meltdown mitigation disabled by default since these CPUs aren't vulnerable to attack but having the mitigation in place can be costly performance-wise.
  • Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs
    Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed.
  • New Variant Of Spectre And Meltdown CPU Flaw Found; Fix Affects Performance
  • Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw
    Canonical released the first kernel security update for its Ubuntu 18.04 LTS (Bionic Beaver) operating system to fix a security issue that affects this release of Ubuntu and its derivatives. As you can imagine, the kernel security update patches the Ubuntu 18.04 LTS (Bionic Beaver) operating system against the recently disclosed Speculative Store Buffer Bypass (SSBB) side-channel vulnerability, also known as Spectre Variant 4 or CVE-2018-3639, which could let a local attacker expose sensitive information in vulnerable systems.
  • RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability
    As promised earlier this week, Red Hat released software mitigations for all of its affected products against the recently disclosed Spectre Variant 4 security vulnerability that also affects its derivatives, including CentOS Linux. On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat's products and its derivatives, such as CentOS Linux.

LXQt 0.13 Desktop Environment Officially Released, It's Coming to Lubuntu 18.10

For starters, all of LXQt's components are now ready to be built against the recently released Qt 5.11 application framework, and out-of-source-builds are now mandatory. LXQt 0.13.0 also disabled the menu-cached functionality, making it optional from now on in both the panel and runner, thus preventing memory leaks and avoiding any issues that may occur when shutting down or restarting LXQt. Read more