# Tech News Digest – March 23, 2025

# Tech News Digest - 2025-03-23

When you see the robot, drink!

## Three Saturday stable kernels

**Category:** Linux  
**Tags:** Linux  
**Published:** Sat, 22 Mar 2025 20:29:38 +0000  
**TL;DR:** Here is a 2-sentence summary:

Greg Kroah-Hartman has released stable kernels 6.13.8, 6.12.20, and 6.6.84, which contain important fixes throughout the kernel tree. Users of these kernel series are advised to upgrade to take advantage of these updates.

Greg Kroah-Hartman has announced the release of the [6.13.8](https://lwn.net/Articles/1015184/), [6.12.20](https://lwn.net/Articles/1015185/), and [6.6.84](https://lwn.net/Articles/1015186/) stable kernels. Each contains a number of important fixes throughout the kernel tree; users of those series should upgrade.

\[Read more\](https://lwn.net/Articles/1015183/)

## \[$\] OSI election ends with unsatisfying results

**Category:** Linux  
**Tags:** General  
**Published:** Fri, 21 Mar 2025 21:46:10 +0000  
**TL;DR:** Here is a 2-sentence summary:

The Open Source Initiative (OSI) has announced the results of its recent board of directors election, with Ruth Suehle and McCoy Smith joining the board and Carlo Piana serving another term. However, the election has been marred by controversy, including the exclusion of three candidates who did not meet a requirement to sign the OSI board agreement after the election was already over.

The [Open Source Initiative](https://opensource.org/) (OSI) has [announced](https://opensource.org/blog/announcing-the-new-directors-of-osi-board) the results of its recent board of directors election. Ruth Suehle and McCoy Smith are new to the board, while Carlo Piana will serve another term. The results, however, seem tainted in the eyes of some participants and observers. The election has been plagued by missteps from the beginning. It has culminated with the exclusion of three candidates for failing to meet a requirement to sign the OSI board agreement, which was added after the election was over and before results were tallied or announced.

\[Read more\](https://lwn.net/Articles/1014603/)

## \[$\] The guaranteed contiguous memory allocator

**Category:** Linux  
**Tags:** Linux  
**Published:** Fri, 21 Mar 2025 17:33:53 +0000  
**TL;DR:** Here is a 2-sentence summary:

As a system's memory becomes fragmented, allocating large contiguous regions of memory becomes increasingly difficult, making it challenging to avoid situations where such allocations are necessary. The kernel's Contiguous Memory Allocator (CMA) subsystem attempts to make these allocations possible, but there are efforts underway to improve this situation with the "guaranteed contiguous memory allocator" patch set.  
As a system runs and its memory becomes fragmented, allocating large, physically contiguous regions of memory becomes increasingly difficult. Much effort over the years has gone into avoiding the need to make such allocations whenever possible, but there are times when they simply cannot be avoided. The kernel's [contiguous memory allocator](https://lwn.net/Articles/486301/) (CMA) subsystem attempts to make such allocations possible, but it has never been a perfect solution. Suren Baghdasaryan is is trying to improve that situation with the [guaranteed contiguous memory allocator patch set](https://lwn.net/ml/all/20250320173931.1583800-1-surenb@google.com), which includes work from Minchan Kim as well.  
[Read more](https://lwn.net/Articles/1015000/)

## Julien Malka proposes method for detecting XZ-like backdoors

**Category:** Linux  
**Tags:** General  
**Published:** Fri, 21 Mar 2025 16:54:21 +0000  
**TL;DR:** Here is a 2-sentence summary:

Julien Malka has proposed that NixOS use build-reproducibility checks to detect when a program's maintainer-generated tarball produces different artifacts than building from source, which would have made it harder for the XZ backdoor to be hidden. The incident highlights the importance of auditing not just the code itself, but also the surrounding materials and binaries that are often not included in public repositories.

Julien Malka has [called](https://luj.fr/blog/how-nixos-could-have-detected-xz.html) for the NixOS project to use build-reproducibility to detect when a program has a maintainer-generated tarball that results in a different artifact than building from source. There are good reasons for projects to release maintainer-generated tarballs, but since the materials included in them are usually documentation, extra build scripts, and so on, it makes sense to check that they don't influence the final build output. While this would not have stopped [last year's XZ backdoor](https://lwn.net/Articles/967866/), it would have made it harder to hide.

> People are often convinced that OSS is more trustworthy than closed-source software because the code can be audited by practitioners and security professionals in order to detect vulnerabilities or backdoors. In this instance, this procedure has been made difficult by the fact that part of the code activating the backdoor was not included in the sources available within the git repository but was instead present in the maintainer-provided tarball. While this was used to hide the backdoor out of sight of most investigating eyes, this is also an opportunity for us to improve our software supply chain security processes.

\[Read more\](https://lwn.net/Articles/1015095/)

## \[$\] Multiple memory classes for address-space isolation

**Category:** Linux  
**Tags:** Linux  
**Published:** Fri, 21 Mar 2025 16:24:22 +0000  
**TL;DR:** Here is a 2-sentence summary:

Brendan Jackman has been working on a patch set to introduce address-space isolation (ASI) to prevent future CPU vulnerabilities from leaking sensitive information. While the work is not yet ready for mainline kernel integration due to performance concerns, it will likely be discussed at the 2025 Linux Filesystem, Memory Management, and BPF Summit.

Brendan Jackman has been working to try to get ahead of the next hardware CPU vulnerability before it gets discovered. In January, he posted the second version of [a patch set](https://lwn.net/ml/all/20250110-asi-rfc-v2-v2-0-8419288bc805@google.com/) that introduces [address-space isolation](https://lwn.net/Articles/974390/) (ASI) as a way of preventing future CPU vulnerabilities from leaking important information. The core concept is to ensure that data that is not currently needed is not present in memory, so that speculative execution cannot leak it. The work is nowhere near ready to be incorporated into the mainline kernel — not least of all because it has a large performance impact in its current form — but it is likely to once again be a topic of discussion at the 2025 [Linux Filesystem, Memory Management, and BPF Summit](https://events.linuxfoundation.org/lsfmmbpf/).

\[Read more\](https://lwn.net/Articles/1014440/)