KernelNewbies:

Linux 4.15 has been released on 28 Jan 2018.

Summary: Besides the latest code to deal with Meltdown/Spectre, this release includes modesetting and advanced display features for the amdgpu driver; improved power management support of systems with SATA Aggressive Link Power Management; a port for the open RISC-V CPUs; initial support for virtualized memory encryption in AMD CPUs; support for the Intel User Mode Instruction Prevention feature; support of the CPU controller in cgroups v2; a new mmap(2) flag to allow direct writes to persistent memory managed by filesystems; and many new drivers and other improvements.

1. Coolest features

1.1. Meltdown/Spectre

This release contains the latest code to deal with Meltdown/Spectre, a security problem you probably have never heard of. Page Table Isolation to address Meltdown is supported for x86/Intel CPUs (it can be disabled with the pti=off kernel boot option); there is also the retpoline mechanism to mitigate spectre v2 (which affects both Intel and AMD), it requires a GCC version supporting the -mindirect-branch=thunk-extern functionality and it can be turned off with boot option spectre_v2=off (if you don't have such compiler, there will be a minimal retpoline mitigation that only exists in the kernel code written in assembly) The PowerPC architecture is also affected by Meltdown on many CPU models, and can prevent those attacks with a "RFI flush of L1-D cache" feature included in this release. ARM is also affected by meltdown, but patches for it are not included in this release. Spectre v1 is not addressed in this version.

A /sys/devices/system/cpu/vulnerabilities/ directory has been added that will show the vulnerabilities affecting your CPU and the mitigations being currently applied.

Code: PTI merge, commit, commit, commit, merge; retpoline commit, commit; powerpc RFI flush commit, commit, commit, commit

1.2. Modesetting and much better display support in the AMD amdgpu driver

This release finally includes the "display code" (132k LoC) that has been missing for a long time from the amdgpu driver - a new driver that AMD made for modern graphics hardware. It provides atomic modesetting support for DCE8 (CIK), DCE10 (Tonga, Fiji), DCE11 (CZ, ST, Polaris), DCE12 (vega10), and DCN1 (RV) including HDMI and DP audio, DP MST, and many other advanced display features. This display code has been enabled by default for Vega10 and Raven; pre-vega10 parts can be enabled via module parameter (amdgpu.dc=1), but are not enabled by default in this release because of stability concerns.

Code: merge

For many, many years, there has been a problem with Linux and modern systems that have ALPM (Aggressive Link Power Management) in their SATA AHCI controllers (eg. Haswell, Broadwell, Skylake). Because of the obscurity and lack of documentation of the feature (and because playing with this feature was scary, because it easily caused data corruption), Linux has been unable to properly implement ALPM support for years. Lack of ALPM support prevents the system from entering in deep power saving states, which means a much worse battery life for Linux users on systems with ALPM.

In this release, a patch has been merged that implements a better default behaviour for ALPM without corrupting your data, and this means that Linux users with ALPM will see an improved battery life: a T440s test laptop saves 0.9-1.2W when idle with this patch.

Related link: Hans de Goede post

Related link: Matthew Garret post

Code: commit

1.4. New architecture: RISC-V

This release includes the main parts of the port to RISC-V CPUs. RISC-V is an open instruction set architecture that, unlike proprietary CPUs, can be freely used for any purpose, permitting anyone to design, manufacture and sell RISC-V chips and software.

The port is definitely a work in progress. While builds and boots, it's a bit hard to actually see anything happen because there are no device drivers yet.

Code: merge

1.5. Support for AMD Secure Encrypted Virtualization

Linux 4.14 already added support for AMD Secure Memory Encryption, a feature that allows encrypts memory when written to RAM, and automatically decrypts it when read, thus protecting the contents of DRAM from physical attacks on the system.

This release adds initial support for Secure Encrypted Virtualization, which integrates the memory encryption support in the AMD-V virtualization architecture to support encrypted virtual machines - virtual machines that have their memory secured such that only the guest itself has access to unencrypted version, which protects them from other virtual machines and even the hypervisor itself. Secure Encrypted Virtualization is particularly applicable to cloud computing where virtual machines need not fully trust the hypervisor and administrator of their host system. This release adds the changes necessary in a guest OS for Secure Encrypted Memory; changes required to create and manage SEV guests by a host will be merged in next releases.

See: From KVM forum, AMD's Virtualization Memory Encryption

See: AMD memory encryption whitepaper

Code: commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit

1.6. Support the User-Mode Instruction Prevention Intel Security feature

This release adds support for a Intel CPU feature called "User Mode Instruction Prevention". When enabled, this feature disables certain instructions such as SGDT, SLDT, SIDT, SMSW and STR, from being executed in user mode, which reduces the tools available to craft some type of privilege escalation attacks. Because of emulators such as WineHQ and DOSEMU2, in virtual-8086 and protected modes, sgdt, sidt and smsw are emulated; str and sldt are not emulated (no emulation is done for user-space long mode processes).

Code: commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit

1.7. Better CPU usage restrictions with the CPU resource controller for cgroupv2

Control groups with "unified hierarchy", or cgroup v2, was implemented in 2.6.24 and declared stable in 4.5. The individual resource controllers had to be ported in order to work with this new approach. The biggest missing item was the CPU resource controller, which is used to control the usage of CPU by a group of tasks. The merge of the CPU controller, however, required first addressing some funcionality in the cgroupv2 design, specifically the "thread mode", merged in 4.14, which supports hierarchical resource distribution across the threads of a group. After all that work, this release finally brings a cgroupv2-ready CPU controller.

Recommended LWN article: A milestone for control groups

Code: commit, commit

1.8. New MAP_SYNC mmap(2) flag to allow direct writes to persistent memory managed by filesystems

This release introduces MAP_SYNC and MAP_SHARED_VALIDATE flags to mmap(2), a mechanism that implements synchronous page faults for DAX mappings to make flushing of DAX mappings possible from userspace so that they can be flushed on finer than page granularity and also avoid the overhead of a syscall. It arranges for any filesystem metadata updates that may be required to satisfy a write fault to also be flushed ("on disk") before the kernel returns to userspace from the fault handler. Effectively every write-fault that dirties metadata completes an fsync() before returning from the fault handler. The new MAP_SHARED_VALIDATE mapping type guarantees that the MAP_SYNC flag is validated as supported by the filesystem's mmap() implementation.

Recommended LWN article: Two more approaches to persistent-memory writes

Code: commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit, commit

2. Core

3. File systems

4. Memory management

5. Block layer

6. Tracing and perf

7. Virtualization

8. Cryptography

9. Security

10. Networking

Note: If you are interested in Linux networking, it is recommended to take a look at LWN's reports on Netconf 2017 and Netdev 2.2

11. Architectures

12. Drivers

12.1. Graphics

12.2. Storage

12.3. Drivers in the Staging area

12.4. Networking

12.5. Audio

12.6. Tablets, touch screens, keyboards, mouses

12.7. TV tuners, webcams, video capturers

12.8. Universal Serial Bus (USB)

12.9. Serial Peripheral Interface (SPI)

12.10. Serial

12.11. ACPI, EFI, cpufreq, thermal, Power Management

12.12. Real Time Clock (RTC)

12.13. Voltage, current regulators, power capping, power supply

12.14. Pin Controllers (pinctrl)

12.15. Multi Media Card (MMC)

12.16. Memory Technology Devices (MTD)

12.17. Industrial I/O (iio)

12.18. Multi Function Devices (MFD)

12.19. Pulse-Width Modulation (PWM)

12.20. Inter-Integrated Circuit (I2C)

12.21. Hardware monitoring (hwmon)

12.22. General Purpose I/O (gpio)

12.23. Leds

12.24. DMA engines

12.25. Hardware Random Number Generator (hwrng)

12.26. Cryptography hardware acceleration

12.27. PCI

12.28. Non-Transparent Bridge (NTB)

12.29. Clock

12.30. Various

13. List of merges

14. Other news sites

KernelNewbies: Linux_4.15 (last edited 2018-04-16 09:28:59 by Morot)