Linux-Kongress: Corbet Presents New Kernel 2.6.27

After more than three months development time and 10,600 changesets, over 1,100 developers from around 150 enterprises have come up with the latest Linux release. Some changes bring new capabilities to the kernel that make it more reliable and help users find errors. HP, for example, provides block layer integrity checking that features checksumming of data to protect against corruption. A number of high-end SCSI disks are already providing for this kind of integrity checking in the hardware.

The new ftrace mechanism helps users troubleshoot functions in the kernel. More targeted to developers, extended file descriptors enable better control in system calls of the API, including whether they should be inherited by child processes. This capability is appropriate for time-critical, multithreaded applications. It was already implemented with the open() call, but was extended to other calls such as socket(). New syscall functions were thereby added, but with the API otherwise unchanged.

Multiqueue networking allows network cards to more efficiently deal with variously prioritized packets, especially useful for high-end nodes carrying high-bandwidth video or VoIP data. Users should look forward to video camera support in the gspca driver in the kernel that would reflect favorably in some webcams. Along with JFFS2, Yaffs and Logfs, the UBI file system (UBIFS) was added that developers optimized for the OS and flash drives.

In the course of general kernel development, says Corbet in his keynote, Linux developers have been adopting the linux-next git tree, after some initial misgivings. The repository is proposed to unburden those of Andrew Morton and, eventually, Linus Torvalds. Corbet is generally satisfied with the ratio of new features to error corrections,even while the regression rate is slightly increasing over time. Though there are presently around 150 open bugs, according to Corbet, these relate mostly to uncommon configurations.

Corbet also addressed some kernel "oopses," although small in number, such as those involving the proprietary fireglx drivers. The list of the five most active kernel enterprises stayed pretty much unchanged: Red Hat, at 12%, is still in first place, followed by IBM (7%), Novell (6%), Intel (5%) and Parallels (2%). Only a fourth of the code originated from developers outside the enterprise sphere.

In the realm of security Corbet was cautiously optimistic, but made it clear that the proof was in the pudding. The CVE Identifiers list included 38 security vulnerabilities for the kernel from January through August, although Corbet identifies only a few as very relevant. He admitted that kernel developers don't explicitly worry too much about security, but that the development model allows fast enough reaction times for reported vulnerabilities. When in doubt, and considering that the classic UNIX DAC model of read/write/execute might be insufficient, he emphasizes that support can still come from one of five different security frameworks (SELinux, AppArmour, SMACK, TOMOYO or fanotify).

The keynotes for the two-day conference are available free per streaming video from Linux Magazine. The presentations and slides will be featured on the Linux Magazine Online website in the coming weeks.