Latest Half a Dozen From LWN
-
Python
-
LWN ☛ Python subinterpreters and free-threading
At PyCon 2024 in Pittsburgh, Pennsylvania, Anthony Shaw looked at the various kinds of parallelism available to Python programs. There have been two major developments on the parallel-execution front over the last few years, with the effort to provide subinterpreters, each with its own global interpreter lock (GIL), along with the work to remove the GIL entirely. In the talk, he explored the two approaches to try to give attendees a sense of how to make the right choice for their applications.
Shaw began by pointing attendees to his talk notes, which has a list of prerequisites that should be met or "you need to leave immediately". That list included multiple talks to review, some of which have been covered here (Eric Snow on subinterpreters and Brandt Bucher on a Python JIT compiler), and one that was taking place at the same time as Shaw's talk "that you need to have watched", he said to laughter. He also recommended the chapter on parallelism from his CPython Internals book and his master's thesis "if you're really, really bored".
-
LWN ☛ Custom string formatters in Python
Python has had formatted string literals (f-strings), a syntactic shorthand for building strings, since 2015. Recently, Jim Baker, Guido van Rossum, and Paul Everitt have proposed PEP 750 ("Tag Strings For Writing Domain-Specific Languages") which would generalize and expand that mechanism to provide Python library writers with additional flexibility. Reactions to the proposed change were somewhat positive, although there was a good deal of discussion of (and opposition to) the PEP's inclusion of lazy evaluation of template parameters.
-
-
BSD
-
LWN ☛ FreeBSD considers Rust in the base system
The FreeBSD Project is, for the second time this year, engaging in a long-running discussion about the possibility of including Rust in its base system. The sequel to the first discussion included some work by Alan Somers to show what it might look like to use Rust code in the base tree. Support for Rust code does not appear much closer to being included in FreeBSD's base system, but the conversation has been enlightening.
-
-
Kernel Space
-
LWN ☛ Memory-management: tiered memory, huge pages, and EROFS
The kernel's memory-management developers have been busy in recent times; it can be hard to keep up with all that has been happening in this core area. In an attempt to catch up, here is a look at recent work affecting tiered-memory systems, underutilized huge pages, and duplicated file data in the Enhanced Read-Only Filesystem (EROFS).
-
LWN ☛ Per-call-site slab caches for heap-spraying protection
One tactic often used by attackers set on compromising a system is heap spraying; in short, the attacker fills as much of the heap as possible with crafted data in the hope of getting the target system to use that data in a bad way. If heap spraying can be blocked, attackers will lose an important tool. The kernel has some heap-spraying defenses now, including the dedicated bucket allocator merged for the upcoming 6.11 release, but its author, Kees Cook, thinks that more can be done.
A heap-spraying attack can be carried out by allocating as many objects as possible and filling each with data of the attacker's choosing. If the kernel can be convinced to use that data, perhaps as the address of a function to call, then the attacker can gain control. Heap spraying is not a vulnerability itself, but it can ease the exploitation of an actual vulnerability, such as a use-after-free bug or the ability to overwrite a pointer. The kernel's kmalloc() function (along with several variants) allocates memory from the heap. Since kmalloc() is used heavily throughout the kernel, any call site that can be used for heap spraying can potentially be used to exploit a vulnerability in a distant, unrelated part of the kernel. That makes the kmalloc() heap a tempting target for attackers.
-
-
SUSE/OpenSUSE
-
LWN ☛ Modernizing openSUSE installation with Agama [Ed: The author used to head openSUSE. Conflict of interest not noted.]
Linux installers receive a disproportionate amount of attention compared to the amount of time that most users spend with them. Ideally, a user spends only a few minutes using the installer, versus years using the distribution after it is installed. Yet, the installer sets the first impression, and if it fails to do its job, little else matters. Installers also have to continually evolve to keep pace with new hardware, changes in distribution packaging (such as image-based Linux distributions), and so forth. Along those lines, the SUSE team that maintains the venerable YaST installer has decided it's time to start (almost) fresh with a new Linux installer project, called Agama, for new projects. YaST is not going away as an administration tool, but it is likely to be relieved of installer duties at some point.
-