Linux 4.7

by on July 29th, 2016

Linux 4.7 kernel has been released. Here’s a recap of some of the biggest features.
Radeon RX 480 “Polaris” open-source support. With Linux 4.7 there is all the initial AMDGPU DRM support needed for firing up the RX 480, which can be used in conjunction with the latest Mesa, linux-firmware, and LLVM for having quite suitable open-source support for this newly launched graphics processor.
A number of new ARM platforms are now supported.
The Schedutil governor for the CPUFreq scaling driver is new and holds potential for making better CPU frequency scaling decisions based upon scheduler utilization data.
Async discard is now supported by the core block code.
Support for various Corsair and ASUS keyboards, among other new peripheral support in Linux 4.7.
The Microsoft Xbox One Elite Controller is now supported by the mainline Linux kernel.
Top features of 4.7:
– Support for Radeon RX480 GPUs
– Parallel directory lookups
– New ‘schedutil” frequency governor
– Histograms of events in ftrace
– perf trace calls stack
– Allow BPF programs to attach to tracepoints
– EFI ‘Capsule’ firmware updates
– Support for creating virtual USB Device Controllers in USB/IP
– Android’s sync_file fencing mechanism considered stable
– LoadPin, a security module to restrict the origin of kernel modules
Have a look at the full changelog.

Linux 4.6

by on May 20th, 2016

Linux 4.6 kernel is out.
Now we finally have mainline support for a number of new ARM SoCs and platforms/boards.
There are various Radeon and AMDGPU improvements to make the open-source AMD graphics driver stack more stable and robust.
Initial NVIDIA GeForce GTX 900 “Maxwell” open-source support. While Pascal is days away from shipping, with Linux 4.6 there is finally 3D/acceleration support for Maxwell when grabbing NVIDIA’s signed firmware blobs they’ve made available. Before getting too excited, the support isn’t as mature as Kepler and they don’t yet have any re-clocking support for being able to provide good performance.
Runtime AHCI power management for greater power savings has been added to this release.
There’s also Dell and Alienware laptop support improvements, including for the popular Dell XPS 13 Skylake laptop.
Many sources of information will probably point out that this kernel release has new and better security features. Not everyone will take this piece of news for granted.
This is the “press release” of these new features with an interview of Greg Kroah-Hartman.
And this is a post from Brad Spengler, the creator and maintainer of GrSecurity in response of that PR.
I’ll let you make up your own mind on this topic.
Top features of 4.6:
– USB 3.1 SuperSpeedPlus (10 Gbps) support
– Improve the reliability of the Out Of Memory task killer
– Support for Intel memory protection keys
– OrangeFS, a new distributed file system
– Kernel Connection Multiplexor, a facility for accelerating application layer protocols
– 802.1AE MAC-level encryption (MACsec)
– BATMAN V protocol
– dma-buf: new ioctl to manage cache coherency between CPU and GPU
– OCFS2 online inode checker
– Support for cgroup namespaces
– Add support for the pNFS SCSI layout
Read the full changelog.

Linux 4.5

by on March 18th, 2016

Linux 4.5 is out. Let’s see its prominent features.
A new tool called UBSAN checks a running kernel for various types of undefined behaviour that can lead to obscure bugs.
The new CONFIG_IO_STRICT_DEVMEM option, which blocks access to memory (via /dev/mem) claimed by device drivers, turned out to break booting on some systems, so it is now off by default.
The ARM multiplatform work that aims to build a single ARM kernel that can boot on a wide variety of processors has reached an important milestone with the merging of work to bring a number of minor platforms into the fold. This branch is the culmination of 5 years of effort to bring the ARMv6 and ARMv7 platforms together such that they can all be enabled and boot the same kernel.
The filesystems in user space (FUSE) subsystem has added support for the SEEK_HOLE and SEEK_DATA options to the lseek() system call.
The epoll_ctl() system call supports a new flag, EPOLLEXCLUSIVE, that causes epoll_wait() to only wake one process when a file descriptor becomes ready. See this article for a description of this option and the use case for it.
Direct-access (“DAX”) mappings now work properly with the msync() and fsync() system calls.
The ext4 filesystem has gained “project quota” support, wherein dispersed files can be assigned to the same “project” and given their own quota. The feature is rigorously undocumented, but some information be found in the header of this patch posting.
The implementation of the XFS XFS_IOC_FSSETXATTR and XFS_IOC_FSGETXATTR ioctl() commands has been moved up to the virtual filesystem level, and an implementation for the ext4 filesystem has been added. This operation, also severely undocumented, allows the querying (and setting) of various file attributes, including immutability, whether writes should always be synchronous, exclusion from backups, and more. See the defines near the top of this commit for the list of supported attributes.
The Ceph filesystem now has support for asynchronous I/O.
So the top features of this release are:
– Copy offloading with new copy_file_range(2) system call
– Experimental PowerPlay supports brings high performance to the amdgpu driver
– Btrfs free space handling scalability improvements
– Support for GCC’s Undefined Behavior Sanitizer
– Forwarded Error Correction support in the device-mapper’s verity target
– Add MADV_FREE flag to madvise(2)
– Better epoll multithread scalability
– cgroup unified hierarchy is considered stable
– Performance improvements for SO_REUSEPORT UDP sockets
– Proper control of socket memory usage in the memory controller
Read the full changelog.

Linux 4.4

by on January 12th, 2016

A new long time support linux kernel has been released. Let’s see its new feature.
This release introduces support of Direct I/O and asynchronous I/O for the loop block device. The advantages to use direct I/O and AI/O on read/write loop’s backing file are:
– double cache is avoided due to Direct I/O which reduces memory usage a lot;
– unlike user space direct I/O there isn’t cost of pinning pages;
– avoids context switches in some cases because concurrent submissions can be avoided.
The virtio-gpu driver now allows the virtualization guest to use the capabilities of the host GPU to accelerate 3D rendering. In practice, this means that a virtualized linux guest can run a opengl game while using the GPU acceleration capabilities of the host. This also requires running QEMU 2.5.
LightNVM adds support for Open-Channel SSDs, devices that share responsibilities with the operating system in order to implement and maintain features that typical SSDs keep strictly in firmware. LightNVM is a specification that gives support to Open-channel SSDs. LightNVM allows the host to manage data placement, garbage collection, and parallelism. Device specific responsibilities such as bad block management, FTL extensions to support atomic I/Os, or metadata persistence are still handled by the device.
In this release, and as a result from an effort that started two years ago, the TCP implementation has been refactored to make the TCP listener fast path completely lockless. During tests, a server was able to process 3,500,000 SYN packets per second on one listener and still have available CPU cycles – about 2 to 3 order of magnitude what it was possible before. SO_REUSEPORT has also been extended to add proper CPU/NUMA affinities, so that heavy duty TCP servers can get proper siloing thanks to multi-queues NICs.
This release also adds journalled RAID 5 support to the MD (RAID/LVM) layer and basic support for polling for specific I/O to complete, which can improve latency and throughput in very fast devices.
As always a very wide changes in drivers has been made. Check the full changelog.

Linux 4.3

by on November 7th, 2015

Straight to the new features of this kernel.
On the processors support there are new ARM SoC support and ARMv8.1 functionality is now integrated. Many updates in the power management of many drivers and Xen new features.
On the filesystems part the EXT3 driver has been removed and support for existing EXT3 filesystems will be handled by the EXT4 driver. There was some debate whether to nuke the EXT3 driver but in the end it was proved that EXT4 can reliably handle EXT3 filesystems without breaking compatibility
Many other fixes for EXT4, XFS, F2FS and Btrfs.
In the Graphics part there are many Intel changes and the Intel Skylake Graphics “Gen9” are enabled by default.
Initial support for the AMD R9 Fury “Fiji” graphics processors has been merged. However, this initial support doesn’t yet have any re-clocking / power management so the performance remains quite slow for now. You’ll also need to be on Mesa 11.0+ for using the AMDGPU accelerated graphics.
A big rework of the Nouveau DRM driver has been done for NVIDIA graphics support. There’s also been some re-clocking improvements for select GPUs and other changes.
OpenGL 3.3 support for VMware has been included. With the Linux VMWgfx kernel driver plus Mesa 11.0+, when using VMware Workstation 12 there will now be OpenGL 3.3 support exposed to Linux guest VMs rather than OpenGL 2.1.
As always various input driver were updated.

Linux 4.2

by on September 7th, 2015

Here are some of the more interesting changes of this kernel version.
The Linux security module stacking patches have been merged, finally giving the kernel the ability to combine security modules in a generic manner.
A new packet classifier called “Flower” has been added. With Flower, “you will be able to classify packets based on a configurable combination of packet keys and masks.” This classifier appears to be entirely lacking in documentation, unfortunately.
A driver for GENEVE (Generic Network Virtualization Encapsulation) tunnels has been added to the networking subsystem.
The netfilter subsystem has gained support for ingress-time packet classification.
Unix-domain sockets now support the splice() system call.
Support for the delay-gradient congestion-control algorithm has been merged.
The F2FS filesystem has gained support for a number of features including per-file encryption.
The control group writeback patches have been merged. This work allows for better control of data writeback within control groups, fixing an area that has not worked well for a long time.
The thermal control subsystem has a new power-allocator governor, designed to divide power among heat sources while keeping the overall temperature of the system within bounds.
The XFS filesystem has gained the ability to directly access persistent-memory devices via the DAX interface.
The CIFS filesystem can now handle (in an experimental mode) version 3.1.1 of the SMB protocol.
As always there is a long list of newly supported hardware. Have a look at the changelog.

Linux 4.1

by on June 28th, 2015

As you may have already known the headline features in this release include support for encrypted ext4 filesystems, the persistent memory block driver and the ACPI support for the ARM64 architecture.
This 4.1 release will also be a LTS release, but there is more…
If you are an owner of certain classes of Intel hardware (Intel Core i7 5960X Haswell-E CPU and Iris Graphics) you could notice better performance under this new kernel and in some cases, better battery life.
The newly-published patches for ext4 encryption support are coming out of Google and intended to land in the next major release of Android.
The block core improvements were focused on improving the multi-queue block layer (blk-mq). This code was added to Linux 3.13 and can lead to better disk performance with lower latencies by balancing the I/O workload across multiple CPU cores and also supporting multiple hardware queues. Since Linux 3.13, blk-mq has got into great shape and is delivering great performance.
After months of work the Intel-developed PMEM, the simple persistent-memory driver, has been merged improving the kernel’s support for large, non-volatile RAM devices. PMEM is a new block device driver for persistent non-volatile memory space that is mapped to the system’s physical memory space as large physical memory regions.
The ACPI work on ARM64 architecture allows for initializing CPUs, interrupt controller, and timers via ACPI tables while the memory information and rest are passed via EFI.
There has been a lot of other improvements and for more details have a look at the full changelog.

Suricata 2.0.8 for Debian

by on May 10th, 2015

A security update has been released for Suricata IDS/IPS and here you can have your debian wheezy package (you can download it directly or you can configure my repository and suricata will be upgraded easily).
There are also a few bug fixes in this version that you can review reading the full changelog.
I’ve been testing 2.0.8 for a while and I don’t see any issue for the moment.

Debian 8 “Jessie”

by on May 2nd, 2015

After two years of development we finally have a new Debian stable release: Jessie!
Jessie consists of more than 43000 ready-to-use software packages, built from nearly 20100 source packages.
A total of ten architectures are supported: 32-bit PC / Intel IA-32 (i386), 64-bit PC / Intel EM64T / x86-64 (amd64), Motorola/IBM PowerPC (powerpc for older hardware and ppc64el for the new 64-bit (little-endian)), MIPS (mips (big-endian) and mipsel (little-endian)), IBM S/390 (64-bit s390x) and for ARM, armel and armhf for old and new 32-bit hardware, plus arm64 for the new 64-bit AArch64 architecture.
This makes Debian a universal operating system, one of the oldest among linux distributions and one of the widest used.
Jessie ships with a new default init system, systemd, but the sysvinit init system is still available.
The UEFI support introduced in Wheezy has also been greatly improved in Jessie. This includes support for UEFI on 32-bit systems and for 64-bit kernels with 32-bit UEFI firmware.
This release includes numerous updated software packages, such as:
Apache 2.4.10
Asterisk 11.13.1
GIMP 2.8.14
an updated version of the GNOME desktop environment 3.14
GNU Compiler Collection 4.9.2
Icedove 31.6.0 (an unbranded version of Mozilla Thunderbird)
Iceweasel 31.6.0esr (an unbranded version of Mozilla Firefox)
KDE Plasma Workspaces and KDE Applications 4.14.2
LibreOffice 4.3.3
Linux 3.16.7-ckt9
MariaDB 10.0.16 and MySQL 5.5.42
Nagios 3.5.1
OpenJDK 7u75
Perl 5.20.2
PHP 5.6.7
PostgreSQL 9.4.1
Python 2.7.9 and 3.4.2
Samba 4.1.17
Tomcat 7.0.56 and 8.0.14
Xen Hypervisor 4.4.1
the Xfce 4.10 desktop environment
For more detailed information you can read the full announcement.

Linux 4.0

by on April 18th, 2015

Attention folks we have a major release of linux!
Well if the numbers say something to you then you can consider this a major release but in reality it’s just… numbers!
This linux release is supposed to be a stable release, the commit log and the changes are not so big and a lot of new stuff have waited the opening of the merge window for 4.1 (and it seems it’s going to be huge).
The most significant new feature is the foundation code for live kernel patching, which allows critical bugs to be fixed on production servers without rebooting the kernel. This feature represents years of collaboration between the kGraft and Kpatch initiatives from SUSE and Red Hat, respectively.
In addition to the various drivers added and the bug fixes here is a short list of the main new features:
– Intel Quark SoC x86 platform support and many new ARM platform support;
– improvements for XFS, Btrfs and VirtIO 1.0 support for virtual devices;
– dm-crypt encryption mechanism scalability improvements;
– addition of lazytime, a file system mount option that improves system performance;
– kernel address sanitizer for detecting memory issues in the kernel;
– new DRM drivers and other improvements.
Don’t forget to have a look at the changelog.