Tag Archives: Kernel

WireGuard Released For macOS, WireGuard Windows Coming & Linux Kernel Bits Still Pending


SECURITY --

The initial version of the WireGuard open-source secure VPN tunnel is now available for macOS, following the WireGuard for iOS port a few months prior. But sadly on the Linux front, the kernel bits still have yet to be mainlined.

WireGuard lead developer Jason Donenfeld announced the release of WireGuard for macOS on Saturday along with the cooperation of other developers. This macOS port is built from the same sources as their iOS app and integrates into Apple’s networking stack.

In the announcement about WireGuard for macOS, Donenfeld commented that the Windows client is still on its way but is taking a while due to writing a new TUN driver for Windows 7 and newer. This new driver should be safer and faster than the current OpenVPN TUN driver for Windows.

On the Linux kernel front for the long-awaited mainlining of the WireGuard kernel bits, there is unfortunately nothing new to report. It doesn’t look like WireGuard will be merged for Linux 5.1 as the code has yet to be staged in net-next. When I asked Donenfeld about it on Saturday, he said he expects to have a new revision of those patches available for review soon and that work is happening behind the scenes.

Those unfamiliar with this very promising, open-source secure VPN tunnel software can learn more at WireGuard.com.


Asm-goto Support Added To LLVM, Helping Out Clang’ing Kernel Efforts


LLVM --

LLVM has merged its support finally for supporting “asm goto” with this inline Assembly support needed for building the Linux x86/x86_64 kernel.

The LLVM asm-goto support was merged over the weekend while patches are pending against Clang to add the necessary bits to the C/C++ compiler front-end.

This satisfies a eight year old bug / feature request for handling “asm goto” by LLVM. This addition is notable since it’s now one less barrier for being able to build the mainline Linux kernel off a vanilla LLVM/Clang compiler on x86_64 as an alternative to GCC. Unfortunately, some items still need to be addressed in reaching this mainline support goal.

The formal LLVMLinux effort that had been active in prior years for getting the mainline Linux kernel and Clang building support squared away has stalled, but fortunately others are involved in seeing this support through. In particular, Google has been particularly active recently with their engineers working on Clang’ing the kernel.

There’s been interest in years for being able to compile the Linux kernel with LLVM/Clang in order to benefit from LLVM’s often faster build times, the various sanitizers and other tooling that’s built up around LLVM, compiler portability helps with code testing / portability, some vendors preferring LLVM/Clang due to its more liberal license over GCC, and other technical advantages in having more than one compiler that can tackle the code-base. Hopefully in 2019 we can finally see this goal fully realized for Linux x86_64 and AArch64.


Linux Kernel Continues To Offer Mitigation for… » Linux Magazine


Usually, you want to mitigate all possible vulnerabilities unless we are talking about Meltdown and Spectre which are a class or family of dozens of vulnerabilities. But what sysadmins hate more than these vulnerabilities are mitigations offered to these vulnerabilities. Some of these mitigations have a massive impact on performance, while not offering any significant protection.

Gauging the pros and cons, sysadmins have gone as far as asking the Linux kernel community to give them an option to disable these mitigations. The Linux kernel community always listens.

Linux Kernel 4.15 added the ability for sysadmins to disable the kernel’s built-in mitigations for the Spectre v2 vulnerability, then Linux Kernel 4.17 offered the option to disable all mitigations for Spectre v4 and now Linux Kernel 4.19 allows admins to disable mitigations for Spectre v1.

You may or may not trust NSA, but they have a very decent guide on GitHub to help keep up with all Spectre related vulnerabilities.



Source link

Linux 5.0-rc5 Released: This Kernel Release Is Calming Down Nicely


LINUX KERNEL --

Linus Torvalds just issued the fifth weekly release candidate for the upcoming Linux 5.0 kernel.

Being five weeks past the feature merge window, the kernel changes at this stage are all about bug and regression fixing. Linux 5.0-rc5 brings a variety of fixes from enabling generic PCIe by default for RISC-V to better handling of AMD CPU microcode versions to networking and various ARM64 fixes.

Torvalds commented about 5.0-rc5:

I’m happy to report that things seem to be calming down nicely, and rc5 is noticeably smaller than previous rc’s. Let’s hope the trend continues.

About a third of the changes are to drivers (networking, rdma, scsi, block, misc), with the rest being spread out all over (tooling, networking, filesystems, arch updates, core kernel..)

Nothing looks particularly worrisome, so assuming the trend holds, we look to be on track for a fairly normal release cycle despite the early hiccups due to the holidays.

As for what’s changed in Linux 5.0, see our kernel feature overview. If Linux 5.0 continues settling down nicely, the stable 5.0 kernel release should be available around month’s end.


Linux 5.0-rc4 Kernel Released – “Everything Looks Ok”


LINUX KERNEL --

Linus Torvalds has returned from his trek to LCA 2019 and released the Linux 5.0-rc4 kernel.

Being mid-way through the release cycle, it’s starting to calm down a bit but Torvalds is hoping with next week’s 5.0-rc5 that it will really start winding down. Linus wrote of this week’s happenings, “Nothing particularly stands out…Size-wise, rc4 has a bit more commits that the last few releases have had at this point, but it’s not even remotely a new record size, and not all that much of an outlier anyway. I _do_ hope that things will start to calm down for rc5 onwards…All the other statistics look pretty normal too…So everything looks ok.”

If things do further wind down quickly, the official Linux 5.0 kernel will be out in four or potentially five weeks. See our Linux 5.0 feature overview to learn more about this next major release to the Linux kernel that is bringing AMD FreeSync, new hardware support, and much more.