In association with heise online

Architecture code

With 2.6.36, the list of processor architectures supported by the kernel has grown and now also includes Tilera's TILEPro and TILE64 32-bit processors (for instance 1, 2, 3). Support for NVIDIA's Tegra processors, which are based on the ARM architecture, has been added to the kernel from the Android environment (for instance 1, 2, 3).

KVM now offers support of the Xsave (1, 2) and AVX (Intel Advanced Vector Extension) processor commands in guest systems. An overview of the changes to the Xen code is available in the Git-Pull requests by Jeremy Fitzhardinge and Konrad Rzeszutek Wilk. Some of them provide the foundations for code that will allow running the Linux kernel as an "initial domain" – a kind of trimmed-down Dom0 support. This code is currently being discussed on the LKML and could make it into the Linux main development branch in one of the next few versions.

Memory and thread management

The kernel developers have considerably changed and largely rewritten the Out-of-Memory (OOM) killer that shuts down processes during memory shortages so a system can continue to function (1, 2, 3). The kernel hackers have also integrated "Concurrency Managed Workqueues" to optimise the handling of kernel threads (for instance 1, documentation). This technology is designed to make the kernel more efficient in terms of resources, enhance scaling and reduce the number of kernel threads on many systems – the latter will be noted by users as it also reduces the list of kernel threads returned by "ps -A".

Security

Having tried for several years to integrate their security extension into the kernel code, the developers of AppArmor, which was made available to the open source community by Novell in 2006, have finally managed to incorporate their extension into kernel version 2.6.36 (for instance 1, 2, 3, documentation). Similar to SELinux, AppArmor can restrict applications to a set variety of actions; as a result, attackers who obtain system access, for instance, through a security hole in the server software, can only do limited damage.

Over the years numerous attempts had also been made to integrate TALPA-based Fanotify before Torvalds included it in the forthcoming version (for instance 1, 2, 3). It is based on Fsnotify, which was integrated and adapted in 2.6.31, and offers entry points which allow, for example, the integration of virus scanners that check accessed files for malicious software before delivering the files content ("on-access scan").

Just days before completion of Linux 2.6.36, the developers deactivated the Fanotify user-space interface after a few issues that may have in future, to some extent, affected the ABI were discovered (1, 2, 3). This means that, for now, Fanotify is not usable. The developers are correcting the errors behind these issues and plan to re-activate the user-space interfaces for Linux 2.6.37; it is unclear if the patches will be applied to the stable 2.6.36 kernel series.

Trimmed

The kbuild code now offers the targets "oldnoconfig", "listnewconfig", "alldefconfig", and "savedefconfig". The latter writes a configuration file called "defconfig" which only includes the options that differ from the default settings listed in the kconfig files. Using this make target, the developers have generated dozens of default configuration files for the various system and processor architectures supported by the Linux kernel to replace the previous standard configuration files. As the latter used to include all the default options also listed in the kernel's kconfig files, the related giant commit of almost 6 Mbytes removes more than two hundred thousand lines of code in the kernel sources.

The maintainers of the code for Itanium (IA64) and PowerPC support had already trimmed down their configuration files in the same way (1, 2). These changes are the main reason for the source code of 2.6.36 remaining around the same size as its its immediate predecessor – which is very unusual, as in the past few years previous kernels have grown by several hundred thousand lines with every new version. The default configuration files' slimming diet already started in 2.6.35, when the kernel developers trimmed the files for ARM systems. None of these changes affect Linux users, as "make defconfig" continues to create a basic configuration file for a system in the same way as before.

Next: Drivers

Print Version | Permalink: http://h-online.com/-1103009
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit