In association with heise online

ACPI

Maintainer Len Brown has summarised the changes to the ACPI code in his main Git-Pull request. The ACPI Platform Error Interface (APEI) now reports certain error information via printk, which makes the information appear in the normal kernel messages that are called via dmesg, as requested by several kernel hackers.

The developers have removed the Procfs files for enabling and disabling video outputs. As previously threatened, the code for providing the /proc/acpi/processor/*/throttle files, used to control the throttling levels of processors, has suffered the same fate. Throttling was long considered a power management feature – however, in the vast majority of cases (and especially with modern processors), manually enabling overheat protection ultimately led to increased power consumption because the processor required more time to complete its tasks and was no longer able to enter the deep sleep modes.

Security

From 2.6.38, the crypto subsystem will offer an API whose relevance was initially questioned by Torvalds and which allows the hash and skcipher functions to be accessed from the userspace. The aesni-intel driver for using Intel's "AES New Instructions (NI)" is now also available in 32-bit mode. As a result, various benchmarks listed in the commit comment work more than twice as fast; in passing, the modification also makes the x86-64 implementation run a little faster. Furthermore, the driver was given an optimised implementation for the AES-GCM algorithm that is specified in RFC4106.

Another patch for 2.6.38 adds the %pK printk format specifier and the kptr_restrict sysctl. The latter can be used to control whether the kernel will hide memory addresses marked as $pK in /proc or kernel message outputs when requested by unprivileged users – this is designed to hamper attempted intrusions or privilege escalations, as these details allow various conclusions to be drawn about the kernel's internal code. Besides the CAP_SYS_ADMIN there is now the CAP_SYSLOG capabilitywhich can be used to give root users in a container the right to see the kernel buffer but not to clear it ("dmesg -c") (1, 2, 3).

The kernel's "key ring service" key management infrastructure can now handle "trusted and encrypted keys" – the former can only be used with a TPM that won't unseal the keys if a system is deemed to be compromised. Details about these capabilities can be found in the commit comments (1, 2), in the appropriate documentation, and in an article published on LWN.net last autumn.

Tracing

The Radeon driver and the RCU code now offer numerous new trace points for performing detailed process analyses. In various places, the developers have added further new trace points or interfaces that are relevant for analysis tools such as Powertop; details can be found in the power events API documentation, integrated with 2.6.38, which also describes some of the older interfaces that have now become obsolete.

The new TRACE_EVENT_FLAGS macro allows special flags to be set for trace points. The kernel now allows normal users to use any trace point marked with the TRACE_EVENT_FL_CAP_ANY flag, which was introduced in this context; all syscall trace points have been flagged this way in 2.6.38 (1, 2).

In brief

  • The version .38 kernel comes with a library for decompressing XZ, a format developed from LZMA and known for its high levels of compression. This library is the basis not only for SquashFS, which now also offers XZ, but also for code that allows the kernel to unpack any parts of itself and of the initial ram disks (initrds) that were compressed with XZ (1, 2).
  • The CONFIG_EMBEDDED kernel configuration option was initially intended to hide from normal users various configuration settings that are mainly relevant in the embedded area. Since it now also contains numerous options for other areas of use, the kernel hackers have renamed it CONFIG_EXPERT.
  • The TINY_PREEMPT_RCU variant of the RCU (Read Copy Update) code now supports priority boosting, which is relevant in real-time environments.
  • If a module contains version details, these can now also be retrieved via sysfs.
  • From 2.6.38, the /proc/consoles file reveals the consoles that are known to the system, and their capabilities.
  • On x86 systems, the .38 kernel will use the No Execute (NX) functions of modern processors to protect kernel data and modules; find background information about this on LWN.net. Furthermore, the kernel itself can now activate the EVP or XD protection available with Intel CPUs if the BIOS has disabled it – analyses revealed that in almost 10 per-cent of inspected Ubuntu systems, the NX function was disabled because of an incorrect BIOS setup.
  • The developers made numerous further improvements and adjustments to the tracing infrastructure, which is still young and developing fast. For instance, they renamed the "trace" sub-command of perf "script". TRACE_EVENT_CONDITIONAL() now allows trace points to be disabled individually so that they don't fire during an analysis – which minimises the impact on performance and reduces the amount of data collected.
  • The device tree blobs used, for instance, by the PPC architecture can now be linked into the kernel image.
  • The kernel now also uses device trees to support OLPCs with x86 CPUs.
  • As always, the developers have added code to support various further hardware components that are based on ARM cores – such as the Buffalo Linkstation Live v3 (LS-CHL) NAS, the AM3517/05 CRANE board and the PXA955 handheld platform, which is also know as SAARB.
  • The PPC code now offers "some support" for the POWER7+.
  • The kernel hackers have extended the Oprofile code to support several functions of AMD's Bulldozer.

The developers have also added various further userland tools to the tools/ directory in the Linux sources:

  • Originally called autotest, the ktest.pl script helps with distributing and testing kernels on different systems (for example 1, 2, 3 ).
  • Turbostat provides information on the processor speeds and power saving states used by X86 processors; it also indicates whether the CPU switches to the highest speeds via turbo boost.
  • Another new addition to the kernel is x86_energy_perf_policy, a userspace utility which provides modern Intel processors with information that helps them find the optimum balance between energy efficiency and performance.
  • The kernel hackers have moved to the tool directory the slabinfo program, which returns various internal kernel memory management details.
  • A kernel extension and two userspace programs, vhost_test and virtio_test, now allow developers to test several VirtIO and Vhost functions (1, 2).

Next: Minor Gems

Print Version | Permalink: http://h-online.com/-1202216
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit