After two months of development, Linus Torvalds has released the Linux kernel 4.1. Among the most notable improvements: encryption support in Ext4 FS, a new virtual filesystem tracefs, experimental implementation of a distributed RAID 1, MPLS support, single user mode for embedded systems, PMEM block device for non-volatile memory, integration of best practices Intel GPU virtualization. Also released the Linux-libre 4.1 — modification of the Linux kernel from the Latin American Free software Foundation (FSFLA), purified from proprietary components and documentation.
Sorry for the spelling and phonetic errors in the text.
Owner and main writer of MintGuide.org is not a native English speaker.
In the new version made about 12 thousand patches from more than 1,500 developers, the patch size - 33 MB (changes have affected 10094 files, added 454027 lines of code, removed 253880 lines). About 41% of all presented in 4.1 of the changes associated with device drivers, about 21% of changes are related to the updating of the code for specific hardware architectures, 13% is associated with a network stack, 6% - filesystems and 5% c internal subsystems of the kernel. 11.2% of changes made by Intel employees, 9.2% - Red Hat, 3.7% - SUSE 3.3% - Linaro, 3.3% - IBM, 3.1% Google, 2.9% - Samsung, 2.4% - Renesas Electronics, 1.9% - Texas Instruments, 1.4% Broadcom, 1.3% - Oracle 1.3% Cisco, 1.1% - ARM.
The disk subsystem, input/output and file system
In the Ext4 file system added support for encryption of individual parts of the FS, for example, a separate directory. Encrypts only the content and file names, and metadata about the file, such as size and access rights remain visible. The encryption key is determined at the time of mounting the FS. Encryption settings can be performed through the xattr. New files or directories can be encrypted separately or automatically, in case if they are already encrypted in the directory.
Encrypted data is stored with AES-256-XTS, for file names apply AES-256-CBC. For each inode is generated your unique 512-bit key encryption that allows you to block attacks, in situations where the attacker is known to part of the encrypted content. Compared with the use of add-ons, such as dm-crypt and eCryptFS, integration support encryption directly in the driver FS, allows to achieve higher performance, use the current code to handle access rights and provide the opportunity to work with unencrypted part of the files on legacy systems.
In the subsystem of MD (RAID) added experimental ability to control the RAID 1 arrays distributed across nodes in the cluster using the DLM (Distributed Lock Manager);
The work on increase of productivity software RAID5/6 and the resynchronization process. In RAID5/6 added support for batch operations in 4K blocks. Optimized cycle operations read-modify-write for large RAID 6, containing more than 6 CDs. Provided dynamic resizing of the cache RAID 6.
Possible to use XFS as a layer OverlayFS, by adding XFS support flag RENAME_WHITEOUT. In addition, in XFS to call fallocate() added flag FALLOC_FL_INSERT_RANGE that allows applications to add a blank area in the file.
In Btrfs adds a few important corrections, which resolved the problems with the file systems, the size of more than 20 TB of files larger than 3 TB.
Added a new specialized virtual tracefs filesystem designed to facilitate access from user space to the data trace of the Linux kernel. FS by default installed in the directory /sys/kernel/debug/tracing and is used in situations where the use of debugfs is not available because of security reasons (the kernel subsystem can output via debugfs private information). Tracefs allows the administrator to receive only interface trace, without opening access to other opportunities debugfs, and provide support for the establishment of trace buffers through the use of system calls mkdir, and rmdir.
Added PMEM driver with the implementation of block devices for data storage in non-volatile memory (NVM non-volatile memory), combining the performance of RAM with the possibility of permanent storage of the content. For CPU non-volatile memory looks like a normal RAM (displayed in the space of the system memory in the form of large regions of physical memory), but the data are not lost after power cut. However, such memory is still slower than normal RAM when performing write operations. To separate non-volatile memory from the normal RAM in the first phase of support for this technology decided to introduce a new type of memory as a block device.
In Device-Mapper added a new target "dm-log", through which you can save on block device logs all operations, for example, for the purpose of debugging the file system.
Device-Mapper can now operate as a block device with a multilevel model queues (multiqueue) for the organization of multi-threaded access to data on multi-core systems and effectively use the capabilities of modern SSDS. By default this mode is disabled and requires explicit instructions in the kernel configuration parameter CONFIG_DM_MQ_DEFAULT.
Memory and system services
Added the ability to build the kernel without support for multi-user operations using the system only the root user. The opportunity is designed to create a truncated minimalistic solutions for embedded systems for every kilobyte saved memory.
Added in the last issue of the underlying infrastructure that provides a unified API for hot overlay patches for core, extended with support for the S/390 architecture.
The redesigned task scheduler tracking code load, which now does not depend on speed of CPU in the calculation generated by the workload process. The new approach gives the opportunity to make more effective decisions on load balancing in terms of non-permanent clock frequency and the use of asymmetric systems, combining different types of CPU.
Added new option to the kernel boot "efi=debug" in which displays additional debugging information when loading on systems with EFI;
For I2C bus implemented work Linux in the role of the slave controllers with support for slave-mode;
In stronghold perf added the ability to attach eBPF-handlers to the test calls inside the kernel (kprobes). Adds support for hardware tracing (PT, Processor Trace) and monitoring the quality of work cache (CQM, Cache QoS Monitoring), represented in the next generation Intel Broadwell CPU.
Virtualization and security
In the direct rendering subsystem (DRM) Manager integrated virtual graphics memory ("virtual GEM") required for the operation of the virtual graphics device that can be used for the organization's software rendering.
Added support for virtual GPU (vGPU), developed by Intel in the XenGT project that provides a solution for full virtualization of the GPU and one for the layer for interaction between the guest systems with real Intel GPU. XenGT involves maintaining a separate virtual GPU for each virtual environment, for which the fixed part is critical to ensure high performance resources real GPU. Virtual GPU allows you to use inside guest systems conventional video drivers, do not require the intervention of the hypervisor to ensure proper performance.
The subsystem Smack added a new access mode bring-up (label "b"), intended for debugging of security configurations. Mode is implemented as a compromise between the wishes of users wishing to obtain authorization regime and principled position of the author Smack. In the end, for rules added a new label "b", which in the case of a successful operation is added a detailed entry in the log, and in the event of a failure is generated the audit event.
On the MIPS architecture to the system KVM virtualization support added SIMD mode and the device for floating-point calculations. On ARM architecture in KVM added support for lookup of interrupts via the call irqfd();
For virtio subsystem presents a new driver virtio-input for the collection and forwarding of events from input devices in the virtual device.
Implementation of MPLS mechanism to route packets using multi-Protocol switching on labels;
Stack added support for IPv6 RFC 7217 (generation unchanged identity of the interface without being tied to a MAC address).
In the classification module of the network traffic cls_bpf added support for handling packages, designed in the form of extended BPF programs (eBPF). On the practical side, this innovation allows you to create custom filters traffic on the C language, and then translate them into eBPF to run in the kernel inside a virtual machine BPF. Support eBPF also added to the module act_bpf that allows changing data in packets using the new feature bpf_skb_store_bytes(). From innovation also points to the possibility of access from eBPF to custom fields of the data structures of the sockets.
For architecture ARM64 support ACPI (the need to support ACPI for ARM raised questions as to identify the ARM systems typically use the device tree mechanism).
For the MIPS architecture support added XPA-addressing, manipulating physical memory addresses up to 40 bits on 32-bit systems.
In DRM/KMS driver Nouveau added support for hardware acceleration for cards GeForce GTX 750 running with no binary firmware.
In the Radeon driver added support for multi-threaded data transfer via DisplayPort (MST, Multi-Stream Transport). Support MST is required to connect high-resolution displays (4K/5K), which are connected to the system via two DisplayPort.
Expanded capabilities of drivers for Intel graphics cards, including the transition to the use of the atomic mechanisms of control modes and is enabled for DRRS (dynamic refresh rate switching).
Reorganized sound system HD audio, which translated into a new tyre "hdaudio", simplifying device management.
In added support for Video4Linux tuner TechnoTrend TT-connect S2-4600 (DVB-S/S2 and Hauppauge HVR-955Q ATSC/QAM demodulator LG Electronics LGDT3306A, driver Xilinx.
Support SoC-IMG boards Pistachio, Marvell Armada 39x, Annapurna Labs Alpine and Xilinx ZynqMP.
Installing the Linux Kernel 4.0.5 into Linux Mint or others Ubuntu distrs:
Warning. The Linux kernel is a critical element of the system. To do the upgrade costs when one of your hardware devices is not working properly, and the new kernel may fix this problem. But at the same time installing a new kernel unnecessarily can lead to undesirable regressions, such as: no network connection, no sound or even the inability to boot the system, so install a new kernel on your own risk.
Suitable for Linux Mint 13/14/15/16/17/17.1/17.2 Elementary OS 0.2/0.3 PinguyOS 14/12 Deepin 2014.3
2. Open a terminal, copy and run one of the commands according to the architecture of your system/computer, at your own risk:
For 32-bit (single command):
cd /tmp && wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-headers-4.1.0-040100-generic_4.1.0-040100.201506220235_i386.deb http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-headers-4.1.0-040100_4.1.0-040100.201506220235_all.deb http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-image-4.1.0-040100-generic_4.1.0-040100.201506220235_i386.deb && sudo dpkg -i *.deb
cd /tmp && wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-headers-4.1.0-040100-generic_4.1.0-040100.201506220235_amd64.deb http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-headers-4.1.0-040100_4.1.0-040100.201506220235_all.deb http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-unstable/linux-image-4.1.0-040100-generic_4.1.0-040100.201506220235_amd64.deb && sudo dpkg -i *.deb
Note If you have a boot loader installed BURG, and it should be updated:
sudo apt-get purge linux-image-4.1-* linux-headers-4.1-*