Linux Kernel News - November 2013
Mainline Release (Linus's tree) News
3.13-rc2 has been released on November 29th. This release candidate includes several small bug fixes. Please read the 3.13-rc2 release announcement.
3.13-rc1 was released on November 22nd with usual mix of patches, 55% drivers, 8% architecture code, 9% network updates, and the rest is spread out (fs, headers, tools, documentation). The nftables, multi-queue block layer, and the odd Little-endian PowerPC support are some of the features. You can find the 3.13-rc1 release announcement. Please read Little-endian PowerPC for more information.
3.12 was released on November 7th 2013. This release adds support for offline deduplication in Btrfs, automatic GPU switching in laptops with dual GPUs, a performance boost for AMD Radeon graphics, better RAID-5 multicore performance, improved handling of out-of-memory situations, improved VFS path name resolution scalability, improvements to the timerless multitasking mode, separate mode setting and rendering device nodes in the graphics DRM layer, improved locking performance for virtualized guests, XFS directory recursion scalability improvements, IPC scalability improvements, tty layer locking improvements, new drivers and many small improvements. Please find the full list of 3.12 changes for details.
Stable release News
As of this writing the latest stable releases are as follows:
|Stable 3.12||3.12.3||Not announced|
|Stable 3.11||3.11.10||EOL November 29 2013|
|Longterm 3.10||3.10.22||September 2015|
|Longterm 3.4||3.4.72||October 2014|
|Longterm 3.0||3.0.101||EOL October 22 2013|
|Longterm 3.0||3.0.101||EOL October 22 2013|
|Extended stable 3.11.y.z||184.108.40.206||Extended Stable|
|Extended stable 3.8.y.z||220.127.116.11||Extended Stable|
|Extended stable 3.5.y.z||18.104.22.168||Extended Stable|
If you ever wondered how these stable releases are managed and how often a new release comes out, here is more detail: Active kernel releases
Linux RT stable releases_ are numerous. Please checkout linux-stable-rt.git for their latest versions.
Linux 3.11.y.z extended stable support has been announced. The Ubuntu kernel team is picking up 3.11.10 stable maintenance to continue support for Ubuntu 13.10 "Saucy Salamander". The Ubuntu kernel team will provide the extended stable support for the Linux 3.11 kernel until August 2014 as a third party effort maintained on Canonical's infrastructure.
Where can you find all git trees for Linux releases?
|Stable releases (all)||git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git|
|Linux RT releases||git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git|
|Extended stable releases||git://kernel.ubuntu.com/ubuntu/linux.git|
|Bleeding edge linux-next||git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git|
3.13 release adds a new network packet filtering framework. This new nftables framework is slated to replace IP-tables and provides a backward compatibility layer allows continued use of IP-tables/IP6-tables with no changes to syntax over nftables framework.
The nftables is designed to leverage the existing Netfilter infrastructure hooks, the connection tracking system, the user space queuing component and the logging subsystem. It consists of a kernel component, a set of libraries, and a user space utility.
The nftables kernel component runs a pseudo-state machine bytecode compiled from the rule-set provided by the user. The nftables user space utility generates the bytecode and transfers it to the kernel, using the nftables Netlink's API. With this approach, the user space is the brain that interprets and user specified rule-set and translates them into executable steps for the kernel to run. As a result, it is easier to add support for new protocols without needing to change the kernel to add support for new protocols. Further more, the ability to track connections is very useful in supporting features that depend on taking actions based on flow and connection information.
It is always desirable to reduce kernel complexity and maintain backwards compatibility with the existing IPtables feature. All and all very nice feature. Unix veterans will see the similarity between the nftables design and Berkeley Packet Filters (BPF). Please refer to the Nftables project page and Nftables quick howto more information on this topic.
Linux 3.12 adds Offline data deduplication support to Btrfs
Deduplication is an intelligent compression method that eliminates duplicate or redundant information, thereby reducing storage needs. Btrfs has been enhanced to support offline data deduplication in 3.12. The deduplication can be triggered by an userspace software in a controlled manner by system administrator. The filesystem needs to be mounted and active for the deduplication to work. Online support that runs automatically while processes write the data will be added in future releases. This feature can reduce storage needs in some workloads, virtualized server is an example of one such workload with several VM-s running similar copies of operating systems and software. Please refer to Btrfs Gets Performance Improvements In Linux 3.12.
Smack lock security mode 3.13
Linux file locking does not follow the same rules as other mechanisms. Even though it is a write operation a process can set a read lock on files which it has open only for read access. Two programs with read access to a file can use read locks to communicate. This is not acceptable in a Mandatory Access Control environment. Smack treats setting a read lock as the write operation that it is. Unfortunately, many programs assume that setting a read lock is a read operation. This confusion leads to complex application programs that have to work-around it in the Smack environment. A new access mode (lock) to address was introduced in 3.13 to address this problem.
A process with lock access to a file can set a read lock. A process with write access to a file can set a read lock or a write lock. This prevents a situation where processes are granted write access just so they can set read locks. Please find more information on this and other 3.13 changes to Security sub-system at Smack: Implement lock security mode and Security subsystem updates for 3.13.
As a general note, the next up is the rest of the 3.13 integration cycles and the release of 3.13 itself in about 4 - 6 weeks. 3.14 development is underway. CPUFreq work, moving AT91 to Common Clock Framework, fwserial changes that include adding build configuration options which control how many fwserial devices can exist per adapter and in total, and posix cpu timers cleanups have been submitted so far for 3.14.
nftables is something that will impact and benefit various products and solutions that use IPtables. As an example, DroidWall (Android Firewall) solution is based on IPtables at the moment, both the kernel and user space components. As nftables replaces IPtables, this will change. As I mentioned earlier, nftables kernel implementation is backwards compatible and IPtables syntax can still be used, however overtime IPtables based solutions will evolve to take advantage of nftables.
Btrfs deduplication feature helps reduce storage needs in Cloud and Virtualization solutions.
Smack lock security mode should help simplify applications that use this framework.
Shuah Khan is a Senior Linux Kernel Developer at Samsung's Open Source Group.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide