lwn-net
feeds.twtxt.netNo description provided.
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, cockpit, firefox, flatpak, httpd, kernel, and kernel-rt), Debian (kernel, kitty, lemonldap-ng, nagios4, python-flask-httpauth, and roundcube), Fedora (CImg, gmic, haveged, jpegxl, kernel, libpng, mapserver, mingw-qt6-qtsvg, openbao, perl-Sereal, perl-Sereal-Decoder, perl-Sereal-Encoder, and podofo), Mageia (bind, graphicsmagick, microcode, nginx, packages, perl-Catalyst-Plugin-Authentication, perl-HTTP-Daemon, perl-IO-Compr … ⌘ Read more
Rust 1.96.0 released
Version\
1.96.0 of the Rust programming language has been released. Changes
include a new set of Copy-implementing Range types,
assertions with pattern matching, a number of stabilized APIs, and two
Cargo vulnerability fixes. ⌘ Read more
Górny: why Gentoo?
Gentoo developer Michał Górny has written a lengthy\
article explaining the philosophy and purpose of the Gentoo Linux
distribution, in response to a\
thread on Mastodon:
Gentoo is a source-first distribution, which means the primary
method of installing software is to build it from source. Of course,
that doesn’t mean manually building stuff, following some kind of
how-to: finding all t … ⌘ Read more
[$] Policies for merging new filesystems
In a filesystem-track session at the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, Amir Goldstein wanted to
discuss his proposed\
documentation on adding new filesystems to the kernel. There are a
number of unmaintained and untestable filesystems already in the kernel,
which are a burden to VFS-layer developers who are trying to make sweeping
changes, suc … ⌘ Read more
IBM’s “Project Lightwell”
IBM has sent out a\
press release touting a claimed $5 billion investment into an
operation called Project Lightwell:
Project Lightwell will establish a trusted enterprise clearinghouse
combined with a global force of engineers to identify and fix
vulnerabilities at scale. The clearinghouse will serve as a
security coordination layer, using advanced AI capabilities to
val … ⌘ Read more
[$] Separating memory descriptors from struct page
The kernel’s memory-management subsystem is currently partway through a
multi-year project to replace the page structure (which represents
a page of physical memory) with memory\
descriptors. At the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, Vishal Moola ran a
fast-paced session in the memory-management track to describe the current
state of that work and wha … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, glibc, gnutls, kernel, libexif, mysql8.4, postgresql16, postgresql18, python3.14, ruby:3.3, and ruby:4.0), Debian (krb5, roundcube, starlette, unbound, and varnish), Fedora (kernel, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, perl-Imager, poppler, python-uv-build, rrdtool, rust-astral-tokio-tar, rust-astral_async_http … ⌘ Read more
[$] LWN.net Weekly Edition for May 28, 2026
Inside this week’s LWN.net Weekly Edition:
Front: Dirk and Linus talk; BPF and GCC; private memory modes; BPF page-cache policies; major page faults; LLM kernel review; tiered-memory support; transparent huge pages; page mappings; Model Openness Tool.
Briefs: Stenberg security stress; GTK PDF problems; Morton 2004 keynote; OpenBSD 7.9; Bambu’s AGPLv3 violations; Quotes; …
[Announcements](https://lwn.net/Ar … ⌘ Read more
Interview session with Jonathan Corbet
The Linux Foundation will be hosting a\
live interview with LWN co-founder Jonathan Corbet. The event will
take place on Tuesday, June 2 at 8:00AM Pacific daylight time (UTC-7).
Registration is open for those who would like to attend. ⌘ Read more
[$] MOT: a tool to fight openwashing in AI
Many large language models (LLMs) are described as open source, but
if one looks a bit deeper it turns out that is not actually so; the
model may be free to download, it may be “ open weight”, but it
does not fit the Open Source\
Initiative (OSI) Open Source\
Definition (OSD). Assessing the actual openness of models is not
easy, as Arnaud Le Hors explained in his talk about the [Model Openness T … ⌘ Read more
Andrew Morton’s 2004 OLS keynote
I recently presented a brief tribute to Andrew Morton at the 2026 Linux Storage, Filesystem, Memory\
Management, and BPF Summit; it included a suggestion that reading (or
re-reading) his 2004 Ottawa Linux Symposium keynote would be instructive.
This talk, given immediately after the Kernel\
Summit session that decided to fundamentally change the kernel’s
development model, tells a lot about how the kernel project got to where … ⌘ Read more
[$] Further progress toward removing the page map count
The mapcount field was created to track the number of mappings
(page-table entries) that refer to the given page. Among other things, a
mapcount of zero means that the page has no references and can be
reclaimed. Maintaining mapcount has become increasingly
challenging and expensive as the memory-management system has grown in
complexity, so Hildenbrand has been looking for ways to get rid of it.
This session was, he said, maybe one of the last times he will have to
bring … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (bind, buildah, compat-libtiff3, compat-openssl11, containernetworking-plugins, crun, delve, dnsmasq, dovecot, edk2, firefox, freeipmi, gdk-pixbuf2, giflib, git-lfs, glib2, go-fdo-client, go-fdo-server, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, iputils, jq, kernel, krb5, libcap, LibRaw, libsndfile, libsoup, libsoup3, libssh, libtiff, libvirt, linux-sgx, … ⌘ Read more
Arias: Human proof for FOSS contributions
Rodrigo Arias Mallo, maintainer of the Dillo web browser, has written a
blog post
with a proposal on one way to ensure that a contribution is written by
a human and not AI; he suggests asking new contributors to record
their programming session using asciinema.
In the same way that LLMs generate patches, they can also generate
the asciinema recordings themselves. Then, the contributors c … ⌘ Read more
Stenberg: The pressure
Curl maintainer Daniel Stenberg writes about\
the stress of keeping up with the current flood of security reports.
This is a never-before seen or experienced pressure on the curl
project and its security team members. An avalanche of high
priority work that trumps all other things in the project that is
primarily mental because we certainly could ignore them all if we
wanted, but we feel a responsibility, we have a conscience and we
are p … ⌘ Read more
[$] Better automatic management of transparent huge pages
Huge pages can improve performance by increasing translation lookaside
buffer (TLB) utilization and reducing memory-management overhead.
Transparent huge pages (THPs) are supposed to make huge-page usage,
well, transparent, Nico Pache said at the beginning of his session in the
memory-management track of the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit. That transparency has
never worked as well as many wo … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (postorius and spip), Fedora (bind, bind-dyndb-ldap, linux-firmware, tor, and unbound), Mageia (ffmpeg, nginx, perl-Imager, and tigervnc, x11-server, x11-server-xwayland), Oracle (firefox and kernel), Red Hat (buildah, git-lfs, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, opentelemetry-collector, osbuild-composer, podman, rhc, rhc-wo … ⌘ Read more
[$] Reviewing kernel patches with LLMs
In a plenary session at
the
2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, the state of patch
review using large language models (LLMs) was discussed. It is a topic that has been swirling around in the
kernel community for much of the year. The plenary, which was led by Roman
Gushchin, Chris Mason, Josef Bacik, and Sasha Levin, resulted in a quite bit
of discussion, so much that a second fil … ⌘ Read more
Comprehensive Response to Bambu’s AGPLv3 Violations (Software Freedom Conservancy)
The Software Freedom Conservancy (SFC)
published a news\
item on May 18 about its response to violations of the AGPLv3 by Bambu
Lab in its 3D printers. The company has not provided the source code to
its modifications to a 3D “slicer” program that was released under the
AGPLv3 and it has also threatened Paweł Jarczak who created … ⌘ Read more
[$] Tier-aware memory-controller limits
Joshua Hahn began his session in the memory-management track of the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit by saying that the memory
controller for control groups is intended to provide resource allocation,
accounting, and protection from interference by other tasks. But
it was not really designed for tiered-memory systems; he is looking for a
way to improve that situation. ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (atril, evince, gnutls28, haproxy, haveged, jq, kernel, krb5, libgcrypt20, nodejs, and thunderbird), Fedora (aw-server-rust, awatcher, bind, bind-dyndb-ldap, chromium, composer, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, evince, firefox, httpd, kernel, nodejs-aw-webui, nss, perl-Apache-Session-Browseable, pie, python-pulp-glue, python-requests, and python3.15), Slackware (kernel), SUSE (apptainer, chromium, cockpit, dnsmasq, … ⌘ Read more
[$] Dirk and Linus discuss AI and kernel development
Linus Torvalds does not enjoy giving talks, but he does consent to
the occasional on-stage conversation with Dirk Hohndel at Linux
Foundation events. The pair held the 30th of their fire-less fireside
chats during a keynote session on May 20, at the 2026 Open\
Source Summit North America. Topics included 3D printing, guitar
pedals, the recent 7.1-rc4 release of the kernel, and Torvalds’s
complicated relationshi … ⌘ Read more
Kernel prepatch 7.1-rc5
The 7.1-rc5 kernel prepatch is out for
testing. Quoth Linus:
I’m not entirely happy about it - most of this is totally trivial
stuff to random drivers, which obviously makes it all less scary,
but at the same time I’m really not convinced the churn is worth it
at rc5 time. These things are “fixes”, sure, but at the same time a
lot of them are simply so irrelevant that I think they’d be better
off in a linux-next tree and get merged during the merge window. … ⌘ Read more
A large set of stable kernel updates
The 7.0.10,
6.18.33,
6.12.91,
6.6.141,
6.1.174,
5.15.208, and
5.10.257
stable kernel updates have all been released. The first four are huge
(the 7.0.10\
review version had … ⌘ Read more
[$] Custom page-cache policies with BPF
The kernel’s page cache is charged with maintaining pages (or, more
correctly, folios) containing copies of
data from files in the filesystem; its performance has a big effect on the
performance of the system as a whole. One of the key decisions the kernel
must make is when to evict folios from the page cache. At the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, Tal Zussman ran a
memory-ma … ⌘ Read more
[$] Toward better handling of major page faults
A major page fault occurs when a process attempts to access a page that is
not currently present in RAM; satisfying such faults usually involves I/O, and can thus take some time. When many threads
sharing an address space are generating page faults, the result can be
significant lock contention while that I/O
takes place. During the memory-management track at the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, Barry Son … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox), Debian (chromium, nss, openvpn, and thunderbird), Fedora (cockpit, kernel, and linux-firmware), Oracle (gdk-pixbuf2, kernel, and libsndfile), SUSE (container-suseconnect, cpp-httplib, dnsmasq, firefox, glibc, GraphicsMagick, java-1_8_0-openj9, kernel, mozjs115, php8, python-urllib3, rekor, rootlesskit, rsync, tiff, ucode-intel, util-linux, and xz), and Ubuntu (bind9, bubblewrap, libarchive, linux-intel-iot-realtime, postgre … ⌘ Read more
Vulnerabilities in various GTK-based PDF readers
Michael Catanzaro has disclosed a\
command-injection vulnerability affecting a number of GTK-based PDF
readers; exploits included:
They contain a script for building malicious polyglot PDFs that are
simultaneously both valid PDF files and also valid ELF
binaries. When the user opens the PDF in the PDF viewer and clicks
on a malicious link embedded in the PDF, the PDF abuses the command
inject … ⌘ Read more
[$] BPF support in GCC 16 and beyond
José Marchesi and the GCC-BPF developers opened the BPF track at the 2026
Linux Storage,\
Filesystem, Memory-management, and BPF Summit
with a 90-minute summary of what has changed for GCC’s BPF support in the past year.
This kind of session has become something of a tradition. There were similar
updates in
2025 and
2024. This time around, GCC seems to be closing in on
feature p … ⌘ Read more
OpenBSD 7.9 released
The OpenBSD 7.9 release is
out, right on schedule. There is the usual long list of new features,
including improved architecture support, CPU scheduling on heterogeneous
systems, the ability to hibernate a suspended system after a configurable
delay, socket splicing, a
__pledge_open()
system call giving special access to the C library, and much more. See the
announcement and [the full\
changelog]( … ⌘ Read more
[$] Support for private memory nodes
Gregory Price started his session in the memory-management track of the
2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit by saying that, in
current kernels, if a NUMA node has memory, the assumption is that anybody can
make use of it. He is trying to implement the opposite policy — to make
some memory off-limits for all processes except those designed specifically
to use it. The session was used to present his goals and to discuss h … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libsndfile), Debian (bind9, evince, firefox-esr, openjpeg2, pdns, and rsync), Fedora (erlang-cowlib, evince, expat, firefox, kernel, mingw-expat, mysql8.0, mysql8.4, nss, opencryptoki, pgadmin4, proftpd, python-django5, python-django6, python-dotenv, rsync, rust-nu, rustup, and strongswan), Oracle (nginx, nginx:1.24, ruby, ruby:3.3, and squid), Slackware (bind and rsync), SUSE (buildah, distribution, distributi … ⌘ Read more
[$] LWN.net Weekly Edition for May 21, 2026
Inside this week’s LWN.net Weekly Edition:
Front: OpenSUSE site age restrictions; Lots of LSFMM+BPF coverage; The tenth OpenPGP email summit.
Briefs: Firefox 151.0; pgBackRest funding; RIP Peter G. Neumann; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
[$] What is to be done about MGLRU?
“Reclaim” is the task of finding memory that can be taken away from its
current user and put to better uses within the system; it is a core part of
the memory-management picture. The addition of the multi-generational LRU (MGLRU) was meant to
provide a better reclaim implementation than the “traditional LRU” that
preceded it, but MGLRU has complicated the situation instead. No fewer than
three memory-management-track sessions at the 2026 [Linux Storage,\
Filesyst … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, libpng, nginx, nginx:1.24, ruby, and ruby:3.3), Debian (gnutls28 and linux-6.1), Fedora (dnsmasq, kernel, keylime-agent-rust, perl-Net-CIDR-Lite, python-pysam, python-urllib3, rust-cargo-vendor-filterer, rust-ingredients, rust-oo7-cli, rust-rpki, rust-sevctl, and rust-tealdeer), Mageia (bind), Oracle (bind, giflib, gimp:2.8, kernel, libpng, rsync, ruby, and vim), Slackware (haveged and mozilla), SUSE (cockpit, dnsmasq, e … ⌘ Read more
[$] The tenth OpenPGP email summit
The OpenPGP Email Summit is
an annual meeting for those who work on encrypted email and related
topics. The tenth\
installment of this meeting took place in March 2026 and the minutes
have now been published. As usual, a wide range of topics were
discussed. Highlights included support for post-quantum cryptography
(PQC) with multiple actors planning roll … ⌘ Read more
Firefox 151.0 released
Version\
151.0 of the Firefox browser has been released. Significant changes
include the ability to clear and restart a private-browsing session, better
fingerprinting protection, control over the apparent location when using the
Firefox VPN, and more. ⌘ Read more
[$] openSUSE “terms of site” raise complaints about age restrictions
Many people in the Linux community began using the operating system—and
contributing to open source—at a tender age, often well before
their 16th birthday. Thus, a recent change in openSUSE’s terms of site (ToS)
that required users of the project’s web site to be “at least 16
years of age or the age of majority” in their jurisdiction has
raised objections. The terms have since been modified, though users
must still have paren … ⌘ Read more
[$] In search of faster this_cpu operations
The kernel’s this_cpu\
operations are meant to speed access to per-CPU variables. They are
more optimal on some CPUs than others, though. During a
memory-management-track session at the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, Yang Shi proposed a
fundamental, and somewhat controversial, change to how these operations
work in order to provide better performance on … ⌘ Read more
[$] What’s brewing in CXL
Compute\
Express Link (CXL) is a technology intended to enable the provision of
“memory nodes” in data centers that provide (possibly shared) memory to
nearby CPUs. It has, Dan Williams said at the beginning of his
memory-management-track session on the topic at the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit, “been making
memory-management problems worse since 2021”. He used the sessi … ⌘ Read more
[$] Improving the per-CPU memory allocator
There are many places in the kernel where performance can be improved by
using per-CPU data. But, as it turns out, the kernel’s allocator for
per-CPU data has some performance problems of its own. Harry Yoo led a
session in the memory-management track of the 2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit to explore ways to
address those problems and accelerate the allocation and initialization of
per-CPU data. ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (libpng and nginx), Debian (erlang, netatalk, and nginx), Fedora (mod_md and SDL2_image), Mageia (perl-libwww-perl, perl-HTTP-Message, perl-WWW-Mechanize-Cached, perl-File-XDG, perl-Path-Tiny, perl-YAML-Syck, postgresql15, and rclone), SUSE (agama, alloy, cacti, cloud-init, dnsmasq, emacs, firefox, glibc, go1.25, go1.26, google-cloud-sap-agent, google-guest-agent, ibus-rime, librime, imagemagick, kernel, libsndfile, nginx, ongres-scram, … ⌘ Read more
pgBackRest will continue
In April, David Steele, maintainer of the popular pgBackRest backup and restore project for
PostgreSQL, announced that he had archived\
the project and it would no longer be maintained due to lack of
sponsorship. On May 18, he announced
that a number of sponsors have stepped forward to ensure its continued
development:
Over the last few weeks, a coalition of sponso … ⌘ Read more
[$] Swap tables, flash-friendly swap, swap_ops, and more
The kernel’s swap subsystem is charged with managing anonymous pages in
secondary storage when those pages are (hopefully) not being used and the
memory they occupy is needed elsewhere. This long-unloved subsystem has
seen a resurgence of developer interest in recent times, so it is not
surprising that it was the topic of three separate sessions in the
memory-management track at the
2026 [Linux Storage,\
Filesystem, Memory Management, and BPF Summit](https://events.linuxfoundat … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (freerdp, gimp:2.8, jq, kernel, and rsync), Debian (chromium, ffmpeg, firewalld, kernel, nginx, openjpeg2, openssh, php7.4, and redis), Fedora (apptainer, chromium, coturn, dnsmasq, firefox, kernel, libgit2_1.8, libmetal, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, open-amp, perl-Net-CIDR-Lite, pgbouncer, pypy, python-jupytext, python-uv-build … ⌘ Read more
Kernel prepatch 7.1-rc4
The 7.1-rc4 kernel prepatch is out for
testing.
Some of the documentation updates might be worth highlighting: the
continued flood of AI reports has basically made the security list
almost entirely unmanageable, with enormous duplication due to
different people finding the same things with the same
tools. People spend all their time just forwarding things to the
right people or saying “that was already fixed a week/month ago”
and pointing to the public … ⌘ Read more
RIP Peter G. Neuman
We have received\
word that Peter G. Neuman, who, among many other things, ran the RISKS Digest for decades, has
passed away. He will be much missed. ⌘ Read more
Some weekend stable kernel updates
The 7.0.9,
6.18.32,
6.12.90, and
6.6.140 stable kernels have been released.
Each contains yet another set of important fixes. ⌘ Read more
[$] Controlling memory-management with BPF
Roman Gushchin began his session in the memory-management track of the
2026 Linux Storage,\
Filesystem, Memory Management, and BPF Summit by saying that the
community has seen a lot of proposals adding BPF-based interfaces for
memory management. None of them have made their way into the mainline,
though. He wanted to explore the ways in which BPF might be helpful and
the obstacles that have kept BPF-based solutions out so far. This session
was … ⌘ Read more
Seven new stable kernels with patches for CVE-2026-46333
Greg Kroah-Hartman has announced the 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256 stable kernels. These kernels
contain a patch for [CVE-2026-46333](https://lwn.net/ml/all/2026051554-CVE-2026-46333-662a … ⌘ Read more