Linux Kernel 2.4.5 Released

John Jasen writes: "Join the kernel of the month club! Order yours now!" See the Changelog, I would link to the mirrors but I doubt they're updated yet, so just head to kernel.org.

Cool Patches!

[Ex+Machina]

Here are some patches for 2.4.X I find essential

• Alan Cox's Patches - Nice!
• Real Time Scheduler - Aside from making Linux a RTOS, it improves app performance!
• GetRewted - Similar to the Openwall pacthes for 2.2.X - NonExec stack, improved filesystem security, stealth networking, Trusted Path Execution

My personal box runs all but GetRewted. My server will run them all very soon. Enjoy!

Re:Cool Patches!

[marm]

The Real Time Scheduler does not really make Linux an RTOS because in and of itself it does not provide kernel pre-emption - the ability for the kernel to interrupt kernel-space code to deal with incoming events that _must_ be processed. This is a requirement of a 'proper' hard-RTOS because such an OS must be able to guarantee a response time, and if it cannot interrupt kernel code the OS scheduler may be stuck waiting for kernel code to return before it can go on to deal with the input. The rtsched patches do appear to integrate with MontaVista's kernel pre-emption patches however, and together they would indeed form a proper hard real-time OS.

Kernel pre-emption does not come without a price though - it can make a significant dent in overall performance, and it is tricky to implement in a clean way, and this is why kernel pre-emption will probably stay out of the mainstream kernel for the forseeable future. It also isn't necessary for 99.9% of people, who, as long as the latency, the time to respond, is on average less than a few ms, are happy. This is called 'soft' real-time and is more than adequate for any video or audio work.

Linux is actually pretty bad at soft real-time as standard, with typical latencies around the 100ms mark, which is rather worse than any version of Windows 9x or NT, and a lot lot worse than BeOS, which has latencies in the sub-5ms realm. Andrew Morton's Low-Latency patches deal with this quite nicely, taking typical latencies down to the 1.5ms mark by improving various kernel algorithms and adding a few points where the kernel can reschedule itself during long periods in kernel-space code. This represents the best latency in just about any OS that does not do hard real-time with kernel pre-emption (QNX, vxWorks etc.) and does not hit performance in the way that pre-emption patches do.
What would be very interesting is to combine the low-latency patch with the improved scheduler in the rtsched patches...

As for GetRewted patches... well, I'm not entirely convinced about the value of a non-executable stack. The problem is whether they actually do any useful good - they give a warm fuzzy feeling of security while only actually preventing a limited subset of attacks. In addition, it's in the wrong place. It's a kernel-space fix for what is really a user-space problem - and certainly I think it's better to fix problems at source than patch them up elsewhere - otherwise you end up with code spaghetti.

My own personal favourite anti-stack-smashing add-on is libsafe, originally a Bell Labs project, which overrides dangerous libc functions with its own, safe functions, either by using the LD_PRELOAD feature of ELF shared objects to protect existing binaries, or by being linked in to a binary at compile time, preferentially to the existing libc functions. In addition, version 2 of libsafe now includes protection against format-string attacks that appear to be the new scourge of unix. Of course, the best place for this protection is in libc itself, and glibc 2.2 does include some protection like this, but it is a compile-time option only, and further, is primarily designed to help developers fix overflows during program testing rather than helping sysadmins in the wild - it causes more of a performance hit than libsafe does.

Anyway - as for 2.4.5, nice to see the VM is sorting itself out - I was that close to turning my desktop machine's ext2 partitions into UFS. I think I might convert them to ReiserFS now. :)

Merging Alan

[FattMattP]

Alan Cox: further merging

I'm glad to see that we're still working hard to merge Alan Cox directly into the kernel. And news of this right after the AI post, too!

Call it what it is

[Mr.+Sketch]

Linux 2.4 Service Pack 5. I'm running Service Pack 2 just fine and I haven't really seen a reason to apply the latest Service Pack as soon as it comes out, unless the changelog mentioned a significant security fix. Otherwise, if it's not broke, don't fix it.

Annoucing this kernel version is VERY IMPORTANT !

[Rosco+P.+Coltrane]

According to David L. Kitts, well-known specialist of God's Divine Number, the phrase "Lord of Hosts" appears 245 times in the King James version of the Bible.

Furthermore, 245 is divisible by 7, and everybody knows 7 is God's Divine Number.

Don't you understand ? 245 times == kernel version 2.4.5 ??? It's OBVIOUS : God has decided that this version of Linux will be Lord of Hosts, therefore making NT and Solaris server looking like toys for pagans !

Many thanks to Michael and Slashdot for reporting such a CRUCIAL event in the history of Humanity !

"A door is what a dog is perpetually on the wrong side of" - Ogden Nash

Virtual Memory System

[Cardhore]

According to Alan Cox, the VM system seems (finally) sane now (since 2.4.4-ac10). Check out Alan's full changelog for extreme details of changes at http://www.uwsg.indiana.edu/hypermail/linux/kernel /0105.2/1618.html.