February 16, 2018

Linux Weather Forecast

july-pass-3042793_1920.jpg

Linux forecast
Linux "chief meteorologist" Jonathan Corbet shares the current conditions for Linux kernel development.

Welcome to the Linux Weather Forecast

This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distributions sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments below. 

Forecast Summaries

Current conditions: the 4.15 kernel was finally released on January 28, after the longest development cycle in several years. Some of the headline features in this release include:

  • There is finally a CPU scheduler controller for the new control-group subsystem, bringing a long story to a happy ending.
  • The live-patching mechanism has gained support for shadow variables and the ability to run a code hook when an object is patched. Both of these features will make it possible to create live patches for more types of fixes.
  • Initial support for the RISC-V CPU architecture has been merged.
  • There is support for AMD's Secure Encrypted Virtualization feature, which can be used to keep virtual machines secure from each other and from the host system.
  • The MAP_SYNC mechanism will support high-performance access to persistent memory arrays from user space.
  • A large internal timer API transition improves kernel security and illustrates the sort of hardening work that is being done continuously in the kernel community.

Of course, the other significant news is that 4.15 includes mitigations for the Meltdown and Spectre hardware vulnerabilities. Getting there required a great deal of around-the-clock work from a broad set of kernel developers; these vulnerabilities are also the reason for the unusually long development cycle.

See this article for a summary of the state of those protections at the time of the 4.15 release, and this article to catch up to the current state of affairs. Anybody concerned about these vulnerabilities should ensure that they are running an updated kernel and keep it updated to pick up new protections as they are added.

All told, 14,866 changesets from over 1,700 developers were merged during the 4.15 development cycle. Those developers represented over 231 companies. See this article for a look at where the changes for 4.15 came from.

Short-term forecast: the 4.16 kernel can be expected on April 1 or 8. The merge window for this release has closed; some of the more significant features that have been added for this release include:

  • Initial support for the Jailhouse hypervisor has been added. Jailhouse is particularly well suited (or will be once it's complete) for safety-critical and hard realtime workloads.

  • Support for zoned block devices has been improved.

  • Overlay filesystems can now be exported over NFS.

  • The KVM virtualization subsystem now supports AMD's "Secure Encrypted Virtualization" feature.

  • A number of security-oriented changes have been merged. These include usercopy whitelisting and mitigations for Spectre variant 1.

The 4.16 kernel is in the stabilzation phase now, and should not see the addition of any more features.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Click Here!