Linux Weekly News

Writeback for filesystems is the process of flushing the "dirty" (written) data in the page cache to storage. At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Anuj Gupta led a combined storage and filesystem session on some work that has been done to parallelize the writeback process. Some of the performance problems that have been seen with the existing single-threaded writeback came up in a session at last year's summit, where the idea of doing writeback in parallel was discussed.

Security updates have been issued by AlmaLinux (kernel), Debian (chromium, gst-plugins-bad1.0, node-tar-fs, and ublock-origin), Gentoo (Emacs, File-Find-Rule, GStreamer, GStreamer Plugins, GTK+ 3, LibreOffice, Node.js, OpenImageIO, Python, PyPy, Qt, X.Org X server, XWayland, and YAML-LibYAML), Mageia (mariadb and roundcubemail), Red Hat (go-toolset:rhel8, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, libxml2, libxslt, mod_security, nodejs:20, and perl-FCGI:0.78), Slackware (mozilla), SUSE (docker, docker-compose, iputils, kernel, libsoup, open-vm-tools, rabbitmq-server, rabbitmq-server313, wget, and yelp), and Ubuntu (libsoup2.4 and webkit2gtk).

Inside this week's LWN.net Weekly Edition:

• Front: Nyxt; Cyber Resilience Act; Unwanted file descriptors; Core-dump API; 6.16 Merge window; Uniprocessor configurations; Smatch; FUSE zero-copy; iov_iter; Fedora documentation.
• Briefs: Android tracking; /e/OS 3.0; FreeBSD laptops; Ubuntu X11 support; Netdev 0x19; OIN anniversary; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Smatch is a GPL-licensed static-analysis tool for C that has a lot of specialized checks for the kernel. Smatch has been used in the kernel for more than 20 years; Dan Carpenter, its primary author, decided last year that some details of its plugin system were due for a rewrite. He spoke at Linaro Connect 2025 about his work on Smatch, the changes to its implementation, and how those changes enabled him to easily add additional checks for locking bugs in the kernel.

The "Local Mess" GitHub repository is dedicated to the disclosure of an Android tracking exploit used by (at least) Meta and Yandex.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs.

This backdoor, the use of which has evidently stopped since its disclosure, allow tracking of users across sites regardless of cookie policies or use of incognito browser modes.

Security updates have been issued by AlmaLinux (glibc, grafana, kernel-rt, libjpeg-turbo, libxslt, and thunderbird), Debian (curl), Fedora (dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, gammaray, kddockwidgets, kwin, LabPlot, libqtxdg, nheko, plasma-integration, python-pyqt6, python-pyside6, qt-creator, roundcubemail, zeal, and a large number of qt6 packages), Oracle (firefox, glibc, grafana, kernel, libxslt, perl-FCGI, python3.12-cryptography, thunderbird, and zlib), SUSE (glib2, libjxl, libsoup2, nbdkit, nodejs22, perl-Crypt-OpenSSL-RSA, perl-YAML-LibYAML, python3, tomcat, and transfig), and Ubuntu (dotnet8, dotnet9 and samba).

Jean Baptiste Lallement, a member of Canonical's desktop team, has announced that Ubuntu will drop support for GNOME on X11 in the 25.10 ("Questing Quokka") release set for October. GNOME plans to remove X11 support in GNOME 49, which is scheduled for September, so Ubuntu is looking to be proactive:

Ubuntu 25.10 is the last interim release before our next LTS (Ubuntu 26.04). By moving now, we give developers and users a full cycle to adapt before the next LTS, align with GNOME 49 and reduce fragmentation while simplifying our support matrix heading into the LTS.

Fedora decided in early May to drop X11 support for GNOME in Fedora 43, which is also due in October.

The iov_iter interface is used to describe and iterate through buffers in the kernel. David Howells led a combined storage and filesystem session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss ways to improve iov_iter. His topic proposal listed a few different ideas including replacing some iov_iter types and possibly allowing mixed types in chains of iov_iter entries; he would like to make the interface itself and the uses of iov_iter in the kernel better.

The Linux kernel famously scales from the smallest of systems to massive servers with thousands of CPUs. It was not always that way, though; the initial version of the kernel could only manage a single processor. That limitation was lifted, obviously, but single-processor machines have always been treated specially in the scheduler. That longstanding situation may soon come to an end, though, if this patch series from Ingo Molnar makes it upstream.

The Open Invention Network (OIN) is celebrating its 20th anniversary.

The central feature of the OIN community is a patent cross-license that covers core Open Source functionality and expands in parallel with the growth of Open Source technology. As growth in Open Source has accelerated, OIN has proactively expanded the scope of the OIN license's benefit by including more than 4,500 software components and platforms in its Linux System definition, which comprises the list of Open Source code and associated functionality in OIN's patent cross-license.

LWN's first look at OIN was this article by Pamela Jones in late 2005.

The 6.15.2, 6.14.11, and 6.12.33 stable kernel updates have been released; each contains a relatively small set of important fixes.

Note that this is the end of the line for the 6.14.x updates; Greg Kroah-Hartman explains the timing of this move:

If you notice, this has happened a bit more "early" than previous end-of-life announcements. Normally, after -rc1 is out there is a TON of stable patches happening due to the changes that come into the merge-window that were marked for stable backports but didn't get into Linus's release before -final. As some people have objected to this large influx being added to a stable kernel that is just about to go end-of-life, let's try marking this end-of-life a bit earlier to see how it goes.

Security updates have been issued by Debian (python-django), Fedora (krb5), Mageia (cockpit, golang, kernel, and kernel-linus), SUSE (augeas, go1.23, go1.24, iputils, libwebp, transfig, and xen), and Ubuntu (amd64-microcode, apport, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-raspi, systemd, and tomcat).

The 6.16 merge window closed on June 8, as expected, containing 12,899 non-merge commits. This is slightly more than the 6.15 merge window, but well in line with expectations. 7,353 of those were merged after the summary of the first half of the merge window was written. More detailed statistics can be found in the LWN kernel source database.

At Flock, Fedora's annual developer conference, held in Prague from June 5 to June 8, two members of the Fedora documentation team, Petr Bokoč and Peter Boy, led a session on the state of Fedora documentation. The pair covered a brief history of the project's documentation since the days of Fedora Core 1, challenges the documentation team faces, as well as plans to improve Fedora's documentation by enticing more people to contribute.

The FreeBSD Foundation has announced a report for work completed in April to improve FreeBSD support for laptops. This includes installer updates, improved suspend/resume behavior, as well as progress on a port of Linux 6.7 and 6.8 graphics drivers to drm-kmod. A roadmap for the FreeBSD laptop work is also available.

Security updates have been issued by AlmaLinux (golang, nodejs22, thunderbird, and varnish), Debian (gimp, modsecurity-apache, python-tornado, and roundcube), Fedora (chromium, coreutils, fcgi, ghostscript, krb5, libvpx, mingw-gstreamer1-plugins-bad-free, mingw-libsoup, mod_security, and samba), Mageia (php-adodb, systemd, and tomcat), Red Hat (buildah, firefox, glibc, grafana, kernel, libsoup, libxslt, mod_security, perl-FCGI, podman, python-tornado, and skopeo), Slackware (libvpx), and SUSE (helm-mirror, iputils, and libraw).

Linus has released 6.16-rc1 and closed the merge window for this release.

I think we had a fairly normal merge window, although I did get the feeling that there were a few more "late straggler" pull requests than usual. Not to a huge degree, but there was definitely an upward bump at the end of the second week.

But on the whole, all the stats look pretty normal.

Nyxt is an unusual web browser that tries to answer the question, "what if Emacs was a good web browser?". Nyxt is not an Emacs package, but a full web browser written in Common Lisp and available under the BSD three-clause license. Its target audience is developers who want a browser that is keyboard-driven and extensible; Nyxt is also developed for Linux first, rather than Linux being an afterthought or just a sliver of its audience. The philosophy (as described in its FAQ) behind the project is that users should be able to customize all of the browser's functionality.

The Netdev 0x19 conference was held in Zagreb, Croatia from March 10 through March 13. The organizers announced today that the videos and slides for all sessions are now online. Topics from the conference include IRQ suspension, the future of SO_TIMESTAMPING, remote TCP connection offloading, and more.

The 6.16 kernel will include a number of changes to how the kernel handles the processing of core dumps for crashed processes. Christian Brauner explained his reasons for doing this work as: "Because I'm a clown and also I had it with all the CVEs because we provide a **** API for userspace". The handling of core dumps has indeed been a constant source of vulnerabilities; with luck, the 6.16 work will result in rather fewer of them in the future.