October 25, 2016

Linux 4.7 Set to Boost Live Patching, Security and Power Management

  • May 25, 2016
  • By Sean Michael Kerner

We're just about at the end of the two week merge cycle for the Linux 4.7 kernel and many of the subsystem maintainers have sent Linus Torvalds their git pull requests.

Jiri Kosina's live patching tree adds some new features to make the technology less architecture specific. There is also the addition of live patching documentation as well. The first live patching code landed back in the Linux 4.0 timeframe and has been incrementally improving ever since.

Rafael Wysocki's sent Torvalds a long list of power management updates to be included in Linux 4.7 including:

Stable-candidate cpuidle fix to make it check the right variable
   when deciding whether or not to enable interrupts on the local CPU
   so as to avoid enabling iterrupts too early in some cases if the
   system has both coupled and per-core idle states (Daniel Lezcano).

 - Stable-candidate PM core fix to make it handle failures at the
   "late suspend" stage of device suspend consistently for all
   devices regardless of whether or not async suspend/resume is
   enabled for them (Rafael Wysocki).

 - Cleanups in the cpufreq core, the schedutil governor and the
   intel_pstate driver (Rafael Wysocki, Pankaj Gupta, Viresh Kumar).

Ingo Molnar sent in a few scheduler fixes and miscellaneous list of x86 fixes including  EFI, entry code, pkeys and MPX fixes, TASK_SIZE cleanups and a tsc frequency table fix.

On the security front James Morris sent in his list of security fixes including a new Linux Security Module (LSM)

A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via dm-verity). This is disabled by default but can be configured to be enabled by default (don't do this if you don't know what you're doing).

As is always the case in any Linux merge window there is always a last minute rush too, so I'd expect to see some other goodness get pulled in before rc1 debuts this Sunday.

Sean Michael Kerner is a senior editor at Linux Planet and InternetNews.com. Follow him on Twitter @TechJournalist

Sitemap | Contact Us