In association with heise online

Architecture

Starting with Linux 3.3, turning on the "EFI_STUB" configuration option will allow x86 kernels to be created that can directly be launched by EFI without the use of a boot loader. It is now default on x86 systems for the kernel to emulate the processing feature of vsyscall, an interface inherited from vDSO that programs can use to make syscalls; this should improve security and was actually planned for an earlier kernel version but had to be delayed because of some problems. Another new feature in Linux 3.3 is basic support for ACPI 5.0, which only recently became an official specification and is therefore not yet seen on any systems (1, 2, 3, and others).

The ARM code now uses the large physical address extension (LPAE) (1, 2, 3, and others), with which operating systems on 32-bit ARM v7 cores offering LPAE can access more than 4 GB of RAM. The ARM code now supports the audit subsystem and provides basic support for NVIDIA's Tegra 3 SoC (system on a chip) (1, 2, and others).

The code for the S390 architecture can now access up to 64 TB of RAM; previously, the limit was 3.8 TB. The M68knommu architecture now supports the MMU (memory management unit) included in some fourth-generation Coldfire processors. Version 3.3 marks the first time that the Linux kernel supports the C6X architecture, used by a few of the more simple single and multi-core DSPs (digital signal processors) from Texas Instruments (1, and others).

The "Coming in 3.3" series

The Kernel Log can already share an overview of the most important new features of Linux 3.3, expected in mid-March, since the kernel hackers have integrated all the major changes in the first two development weeks. Hence the 3.3 kernel is currently in its stabilisation phase, in which the kernel developers avoid big changes and focus on fixing bugs.

The articles on the changes and additions will discuss the kernel's various functional areas one by one:

An upcoming article will cover the kernel's hardware drivers.

Security

The kernel gained a library based on GnuPG code for calculations with MPI (multi-precision integers) (1, 2, 3, 4). The IMA (integrity measurement architecture) and EVM (extended verification module) kernel technologies for protecting against attacks can use this library to review RSA signatures and thereby test files' integrity (1, 2, 3, 4, 5). While 3.3 was being developed, patches were also discussed that would use this infrastructure to sign kernel modules as well, but the developers still have some disagreements about several aspects of this approach.

Among other changes in the crypto subsystem, some encryption and signature algorithms have been improved:

Miscellaneous

  • Thanks to a few changes in the kernel code for ASPM (active state power management), Linux 3.3 now uses PCIe power conservation technology even if there are certain inconsistencies between how the BIOS configures the hardware and what the BIOS reports to the kernel about the support for ASPM. A few weeks after this was changed in Linux 3.3, kernel developers also added it to the 3.0.20 and 3.2.5 kernel versions released in February.
  • Improvements to the IOMMU infrastructure include support for the second version of AMD's IOMMU implementation and the ability to manage memory pages of varying sizes. The IOMMU code also gained some basic functions for grouping and securely isolating devices, particularly interesting features for VFIO (Virtual Function I/O), which is still in development. According to the documentation, VFIO will not only replace the functions for passing on hardware components to KVM guests but aims to also inherit the UIO userspace driver framework, since VFIO offers more possibilities for such drivers; an article on LWN.net provides more information on VFIO.
  • John Stultz contributed a script for combining files with kernel configuration options into a ".config". Many distributions use such scripts to build their kernel. However, Fedora kernel developer Josh Boyer pointed out that the script included in Linux 3.3 needed more than 25 minutes in a test scenario to complete a task that the script used in Fedora only took 47 seconds to complete; even after some optimisation, the new script still needed more than three minutes.
  • Every new kernel version of the main development branch includes hundreds of changes that the Kernel Log generally does not mention, since they fix problems that only occur on certain systems or with less typical configurations. One example of such changes are two commits (1, 2) that the kernel uses on the Dell Studio 1557 and the Thinkpad SL510 to automatically activate a workaround that, alternatively, gets activated by using the "pci=nocrs" kernel parameter; thanks to this, systems should reliably wake up from the ACPI "S3/suspend to ram" mode, even if the user has never heard of this parameter and doesn't set it. Owners of these systems can thank a bug report for inspiring these fixes. Every new version of the main development branch includes similar changes in other areas – especially audio drivers – that allow the kernel to automatically implement certain workarounds. In these cases, too, basic users have often pointed out the necessary parameters to the developers, who then identified the affected systems and created patches to ensure that the kernel automatically does everything correctly.

Next: Minor Gems - Infrastructure

Print Version | Permalink: http://h-online.com/-1463482
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit