July 15, 2018 at 15:26Linux kernel 4.18: what is preparing for the upcoming release
Recently, in our blog, we talked about the Linux kernel 4.17 release and its main features. In this post we will talk about version 4.18, which will be released in August.
We will talk about what will be done and what has already been implemented under the cut. / photo Christopher Michel CC
On July 8, Linus Torvalds with a community development team released a test release of 4.18-rc4 kernel. According to Linus, if everything continues to be fine, Linux kernel 4.18 will be released sometime in August.
The new kernel will receive functions aimed at further improving stability and reducing the code base. In total, due to the removal of obsolete elements, 4.18 already “felt better” per 100 thousand lines of code, compared to 4.17.
Linux kernel 4.18 is waiting for a number of other improvements . Further, about some of them.
The developers have taken seriously energy efficiency:
Note that the promised improvements in the operation of the P-State controller for systems with Intel Skylake aimed at improving the performance of I / O tasks will not be in this release. Most likely, they will appear in version 4.19. A complete list of power management updates (though for rc-1) can be found in lkml .
This problem has been solved since 2008: then the first patch set with the mount () function was released. Work is currently underway to allow non-privileged users to safely mount file systems using the FUSE mechanism. This should protect the kernel from potential vulnerabilities.
However, as developer Dave Chinner notes , there is still more work to be done to eliminate the risks of unauthorized privilege escalations when automatically mounting a file system (for example, from USB).
The API allows you to read data from a TCP channel without copying it between the kernel and user space. Usually, the kernel “ does not know ” which packets will be downloaded via the network interface, therefore it is not able to determine in advance the recipient of the packet received by the buffer. In the case of zero copy, buffers will “bind” to user space after a packet arrives and is associated with an open socket. According to the developers, the whole process will become simpler and more predictable.
Its task is to allow code that runs in user space to manage packages more efficiently , that is, use as few hardware resources as possible.
Bpfilter is a new packet filtering mechanism based on the BPF virtual machine. The essence of his work is that he allows you to create BPF programs that can be “tied” to points along the path of the network packet and, if necessary, perform filtering.
BPF allows you to write rules for firewalls in C, which can be a good help for developers. The code itself will be verified by the BPF verifier, which will add an additional “layer” of security for the entire system.
In the post about release 4.17, we mentioned problem Y2038 - alleged software failures due to the presentation of the POSIX standard time that will occur on January 19 of the mentioned year. To solve this problem, developers add fixes for a number of systems in each update. For example, update 4.15 included fixes for adding timestamps for the TOMOYO security module, as well as a new time counter function that allows it to be reset.
In release 4.18, developers continue to deal with COMPAT interfaces. They consolidated the SySV UAPI headers for the IPC messaging method and converted SySV IPC to the new COMPAT_32BIT_TIME mechanism.
/ a photoChristopher Michel CC
In version 4.18, they decided not to include the Bcachefs, Reiser4, and NOVA file systems, as well as support for the WireGuard VPN tunnel. These things, according to developers, are not yet ready to become part of the kernel. Also, the BUS1 subsystem and the OpenChrome VIA DRM driver remained behind.
All this we may see in 4.19 or 5.0. As for 4.18, then, as already noted, it will be released somewhere in the early to mid-August.
Our core business is providing cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
A couple of articles on the topic from our blog on Habré:
We will talk about what will be done and what has already been implemented under the cut. / photo Christopher Michel CC
What will happen in 4.18
On July 8, Linus Torvalds with a community development team released a test release of 4.18-rc4 kernel. According to Linus, if everything continues to be fine, Linux kernel 4.18 will be released sometime in August.
The new kernel will receive functions aimed at further improving stability and reducing the code base. In total, due to the removal of obsolete elements, 4.18 already “felt better” per 100 thousand lines of code, compared to 4.17.
Linux kernel 4.18 is waiting for a number of other improvements . Further, about some of them.
Optimized power management for the entire system
The developers have taken seriously energy efficiency:
- improved iowait indicators for Schedutil - regulator CPUFreq, which uses CPU scheduling data to determine the optimum operating frequency;
- also improved the iowait boost mode in the CPUFreq Schedutil driver;
- Added CPUFreq driver for Qualcomm Kryo;
Note that the promised improvements in the operation of the P-State controller for systems with Intel Skylake aimed at improving the performance of I / O tasks will not be in this release. Most likely, they will appear in version 4.19. A complete list of power management updates (though for rc-1) can be found in lkml .
File System Mount Security Improvements
This problem has been solved since 2008: then the first patch set with the mount () function was released. Work is currently underway to allow non-privileged users to safely mount file systems using the FUSE mechanism. This should protect the kernel from potential vulnerabilities.
However, as developer Dave Chinner notes , there is still more work to be done to eliminate the risks of unauthorized privilege escalations when automatically mounting a file system (for example, from USB).
Added support for transferring TCP data using zero copy
The API allows you to read data from a TCP channel without copying it between the kernel and user space. Usually, the kernel “ does not know ” which packets will be downloaded via the network interface, therefore it is not able to determine in advance the recipient of the packet received by the buffer. In the case of zero copy, buffers will “bind” to user space after a packet arrives and is associated with an open socket. According to the developers, the whole process will become simpler and more predictable.
AF_XDP Subsystem Accelerates Networking
Its task is to allow code that runs in user space to manage packages more efficiently , that is, use as few hardware resources as possible.
Bpfilter - the basis for creating a new generation of kernel firewalls
Bpfilter is a new packet filtering mechanism based on the BPF virtual machine. The essence of his work is that he allows you to create BPF programs that can be “tied” to points along the path of the network packet and, if necessary, perform filtering.
BPF allows you to write rules for firewalls in C, which can be a good help for developers. The code itself will be verified by the BPF verifier, which will add an additional “layer” of security for the entire system.
Work continues on issue 2038
In the post about release 4.17, we mentioned problem Y2038 - alleged software failures due to the presentation of the POSIX standard time that will occur on January 19 of the mentioned year. To solve this problem, developers add fixes for a number of systems in each update. For example, update 4.15 included fixes for adding timestamps for the TOMOYO security module, as well as a new time counter function that allows it to be reset.
In release 4.18, developers continue to deal with COMPAT interfaces. They consolidated the SySV UAPI headers for the IPC messaging method and converted SySV IPC to the new COMPAT_32BIT_TIME mechanism.
/ a photoChristopher Michel CC
What is not included in the release yet
In version 4.18, they decided not to include the Bcachefs, Reiser4, and NOVA file systems, as well as support for the WireGuard VPN tunnel. These things, according to developers, are not yet ready to become part of the kernel. Also, the BUS1 subsystem and the OpenChrome VIA DRM driver remained behind.
All this we may see in 4.19 or 5.0. As for 4.18, then, as already noted, it will be released somewhere in the early to mid-August.
Our core business is providing cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
A couple of articles on the topic from our blog on Habré: