Linux Kernel News - November 2013

Mainline Release (Linus's tree) News

3.13-rc2 has been released on November 29th. This release candidate includes several small bug fixes. Please read the 3.13-rc2 release announcement.

3.13-rc1 was released on November 22nd with usual mix of patches, 55% drivers, 8% architecture code, 9% network updates, and the rest is spread out (fs, headers, tools, documentation). The nftables, multi-queue block layer, and the odd Little-endian PowerPC support are some of the features. You can find the 3.13-rc1 release announcement. Please read Little-endian PowerPC for more information.

3.12 was released on November 7th 2013. This release adds support for offline deduplication in Btrfs, automatic GPU switching in laptops with dual GPUs, a performance boost for AMD Radeon graphics, better RAID-5 multicore performance, improved handling of out-of-memory situations, improved VFS path name resolution scalability, improvements to the timerless multitasking mode, separate mode setting and rendering device nodes in the graphics DRM layer, improved locking performance for virtualized guests, XFS directory recursion scalability improvements, IPC scalability improvements, tty layer locking improvements, new drivers and many small improvements. Please find the full list of 3.12 changes for details.

Stable release News

As of this writing the latest stable releases are as follows:

ReleaseVersionProjected EOL
Stable 3.123.12.3Not announced
Stable 3.113.11.10EOL November 29 2013
Longterm 3.103.10.22September 2015
Longterm 3.43.4.72October 2014
Longterm 3.23.2.532016
Longterm 3.03.0.101EOL October 22 2013
Longterm 3.03.0.101EOL October 22 2013
Longterm 2.6.342.6.34.14 mid-2013
Longterm 2.6.322.6.32.61 mid-2014
Extended stable 3.11.y.z3.11.10.1Extended Stable
Extended stable 3.8.y.z3.8.13.13Extended Stable
Extended stable 3.5.y.z3.5.7.27Extended Stable

If you ever wondered how these stable releases are managed and how often a new release comes out, here is more detail: Active kernel releases

Linux RT

Linux RT stable releases_ are numerous. Please checkout linux-stable-rt.git for their latest versions.

Extended stable

Linux 3.11.y.z extended stable support has been announced. The Ubuntu kernel team is picking up 3.11.10 stable maintenance to continue support for Ubuntu 13.10 "Saucy Salamander". The Ubuntu kernel team will provide the extended stable support for the Linux 3.11 kernel until August 2014 as a third party effort maintained on Canonical's infrastructure.

Where can you find all git trees for Linux releases?

Linux ReleaseGit
Mainlinegit://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Stable releases (all)git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
Linux RT releasesgit://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git
Extended stable releasesgit://kernel.ubuntu.com/ubuntu/linux.git
Bleeding edge linux-nextgit://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git

nftables

3.13 release adds a new network packet filtering framework. This new nftables framework is slated to replace IP-tables and provides a backward compatibility layer allows continued use of IP-tables/IP6-tables with no changes to syntax over nftables framework.

The nftables is designed to leverage the existing Netfilter infrastructure hooks, the connection tracking system, the user space queuing component and the logging subsystem. It consists of a kernel component, a set of libraries, and a user space utility.

The nftables kernel component runs a pseudo-state machine bytecode compiled from the rule-set provided by the user. The nftables user space utility generates the bytecode and transfers it to the kernel, using the nftables Netlink's API. With this approach, the user space is the brain that interprets and user specified rule-set and translates them into executable steps for the kernel to run. As a result, it is easier to add support for new protocols without needing to change the kernel to add support for new protocols. Further more, the ability to track connections is very useful in supporting features that depend on taking actions based on flow and connection information.

It is always desirable to reduce kernel complexity and maintain backwards compatibility with the existing IPtables feature. All and all very nice feature. Unix veterans will see the similarity between the nftables design and Berkeley Packet Filters (BPF). Please refer to the Nftables project page and Nftables quick howto more information on this topic.

Linux 3.12 adds Offline data deduplication support to Btrfs

Deduplication is an intelligent compression method that eliminates duplicate or redundant information, thereby reducing storage needs. Btrfs has been enhanced to support offline data deduplication in 3.12. The deduplication can be triggered by an userspace software in a controlled manner by system administrator. The filesystem needs to be mounted and active for the deduplication to work. Online support that runs automatically while processes write the data will be added in future releases. This feature can reduce storage needs in some workloads, virtualized server is an example of one such workload with several VM-s running similar copies of operating systems and software. Please refer to Btrfs Gets Performance Improvements In Linux 3.12.

Smack lock security mode 3.13

Linux file locking does not follow the same rules as other mechanisms. Even though it is a write operation a process can set a read lock on files which it has open only for read access. Two programs with read access to a file can use read locks to communicate. This is not acceptable in a Mandatory Access Control environment. Smack treats setting a read lock as the write operation that it is. Unfortunately, many programs assume that setting a read lock is a read operation. This confusion leads to complex application programs that have to work-around it in the Smack environment. A new access mode (lock) to address was introduced in 3.13 to address this problem.

A process with lock access to a file can set a read lock. A process with write access to a file can set a read lock or a write lock. This prevents a situation where processes are granted write access just so they can set read locks. Please find more information on this and other 3.13 changes to Security sub-system at Smack: Implement lock security mode and Security subsystem updates for 3.13.

Final Thoughts

As a general note, the next up is the rest of the 3.13 integration cycles and the release of 3.13 itself in about 4 - 6 weeks. 3.14 development is underway. CPUFreq work, moving AT91 to Common Clock Framework, fwserial changes that include adding build configuration options which control how many fwserial devices can exist per adapter and in total, and posix cpu timers cleanups have been submitted so far for 3.14.

nftables is something that will impact and benefit various products and solutions that use IPtables. As an example, DroidWall (Android Firewall) solution is based on IPtables at the moment, both the kernel and user space components. As nftables replaces IPtables, this will change. As I mentioned earlier, nftables kernel implementation is backwards compatible and IPtables syntax can still be used, however overtime IPtables based solutions will evolve to take advantage of nftables.

Btrfs deduplication feature helps reduce storage needs in Cloud and Virtualization solutions.

Smack lock security mode should help simplify applications that use this framework.

Load Disqus comments