Linux kernel 4.18: what is preparing the upcoming release
Recently, in our blog, we talked about the release of Linux kernel 4.17 and its main features. In this post we will talk about version 4.18, which will be released in August.
We will tell about what will be done and what has already been implemented under the cut.
/ photo by Christopher Michel CC
')
On July 8, Linus Torvalds and the development team from the community released a test release of the 4.18-rc4 kernel. According to Linus, if everything goes well, the Linux kernel 4.18 will be released sometime in August.
The new core will receive functions aimed at further improving the stability of work and reducing the code base. In total, due to the removal of obsolete elements, 4.18 has already “relieved” by 100 thousand lines of code, compared to 4.17.
Linux kernel 4.18 is waiting for a number of other improvements . Further, about some of them.
The developers have seriously taken up energy efficiency:
Note that the promised improvements in the P-State controller for systems with Intel Skylake, aimed at improving the performance of I / O tasks, will not be in this release. Most likely, they will appear in version 4.19. A complete list of power management updates (for rc-1, though) can be found at lkml .
This problem has been solved since 2008: then the first patch set with the mount () function was released. Work is underway to allow non-privileged users to safely mount file systems using the FUSE mechanism. This should protect the kernel from potential vulnerabilities.
However, as noted by developer Dave Chinner, the exclusion of the risks of unauthorized privilege escalation during automatic file system mounting (for example, from USB) has yet to be further worked.
The API allows you to read data from the TCP channel without copying it between the kernel and user space. Typically, the kernel does not “ know ” which packets will be loaded through the network interface, so it is not able to determine in advance the recipient of the packet received by the buffer. In the case of zero copy, the buffers will be “tied up” to the user space after the packet arrives and is associated with an open socket. According to the developers, the whole process will become more simple and predictable.
Its task is to allow code running in user space to manage packages more efficiently , that is, to use as little hardware resources as possible.
Bpfilter is a new packet filtering mechanism based on the BPF virtual machine. The essence of its work is that it allows you to create BPF programs that can be “tied” to points along the path of a network packet and, if necessary, perform filtering.
BPF allows you to write rules for firewalls in C, which can be a good help for developers. The code itself will be checked by the BPF verifier, which will add an additional “layer” of security for the entire system.
In the post about release 4.17, we mentioned the problem of Y2038 - the alleged failures in software due to the presentation of time according to the POSIX standard, which will occur on January 19 of the year. To solve this problem, developers add fixes for a number of systems in each update. For example, update 4.15 included fixes for adding time stamps for the TOMOYO security module, as well as a new feature for the time counter, which allows it to “reset”.
In release 4.18, developers continue to deal with COMPAT interfaces. They consolidated the SySV UAPI headers for the IPC messaging method and converted the SySV IPC into a new COMPAT_32BIT_TIME mechanism.
/ photo by Christopher Michel CC
In version 4.18, we decided not to include the Bcachefs, Reiser4 and NOVA file systems, as well as support for the WireGuard VPN tunnel. These things, according to the developers, are not yet ready to become part of the core. Also, "overboard" remained the BUS1 subsystem and the OpenChrome VIA DRM driver.
All this we may see in 4.19 or 5.0. As for 4.18, then, as already noted, it will be released somewhere in the beginning-mid-August.
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
A couple of articles on the topic from our blog on Habré:
We will tell about what will be done and what has already been implemented under the cut.
/ photo by Christopher Michel CC
')
What will happen in 4.18
On July 8, Linus Torvalds and the development team from the community released a test release of the 4.18-rc4 kernel. According to Linus, if everything goes well, the Linux kernel 4.18 will be released sometime in August.
The new core will receive functions aimed at further improving the stability of work and reducing the code base. In total, due to the removal of obsolete elements, 4.18 has already “relieved” by 100 thousand lines of code, compared to 4.17.
Linux kernel 4.18 is waiting for a number of other improvements . Further, about some of them.
Optimized power management for the entire system
The developers have seriously taken up energy efficiency:
- Improved iowait for Schedutil, the CPUFreq controller, which uses data from the processor's scheduler to determine its optimal operating frequency;
- the performance of the “boost mode” (boost mode) iowait in the CPUFreq Schedutil driver has also been improved;
- added a CPUFreq driver for Qualcomm Kryo;
Note that the promised improvements in the P-State controller for systems with Intel Skylake, aimed at improving the performance of I / O tasks, will not be in this release. Most likely, they will appear in version 4.19. A complete list of power management updates (for rc-1, though) can be found at lkml .
Security improvements for file system mounts
This problem has been solved since 2008: then the first patch set with the mount () function was released. Work is underway to allow non-privileged users to safely mount file systems using the FUSE mechanism. This should protect the kernel from potential vulnerabilities.
However, as noted by developer Dave Chinner, the exclusion of the risks of unauthorized privilege escalation during automatic file system mounting (for example, from USB) has yet to be further worked.
Added support for TCP data transfer using zero copy
The API allows you to read data from the TCP channel without copying it between the kernel and user space. Typically, the kernel does not “ know ” which packets will be loaded through the network interface, so it is not able to determine in advance the recipient of the packet received by the buffer. In the case of zero copy, the buffers will be “tied up” to the user space after the packet arrives and is associated with an open socket. According to the developers, the whole process will become more simple and predictable.
The AF_XDP subsystem will speed up networking
Its task is to allow code running in user space to manage packages more efficiently , that is, to use as little hardware resources as possible.
Bpfilter - the basis for creating new generation kernel firewalls
Bpfilter is a new packet filtering mechanism based on the BPF virtual machine. The essence of its work is that it allows you to create BPF programs that can be “tied” to points along the path of a network packet and, if necessary, perform filtering.
BPF allows you to write rules for firewalls in C, which can be a good help for developers. The code itself will be checked by the BPF verifier, which will add an additional “layer” of security for the entire system.
Work continues on problem 2038
In the post about release 4.17, we mentioned the problem of Y2038 - the alleged failures in software due to the presentation of time according to the POSIX standard, which will occur on January 19 of the year. To solve this problem, developers add fixes for a number of systems in each update. For example, update 4.15 included fixes for adding time stamps for the TOMOYO security module, as well as a new feature for the time counter, which allows it to “reset”.
In release 4.18, developers continue to deal with COMPAT interfaces. They consolidated the SySV UAPI headers for the IPC messaging method and converted the SySV IPC into a new COMPAT_32BIT_TIME mechanism.
/ photo by Christopher Michel CC
What has not yet been released
In version 4.18, we decided not to include the Bcachefs, Reiser4 and NOVA file systems, as well as support for the WireGuard VPN tunnel. These things, according to the developers, are not yet ready to become part of the core. Also, "overboard" remained the BUS1 subsystem and the OpenChrome VIA DRM driver.
All this we may see in 4.19 or 5.0. As for 4.18, then, as already noted, it will be released somewhere in the beginning-mid-August.
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
A couple of articles on the topic from our blog on Habré:
Source: https://habr.com/ru/post/417155/
All Articles