Linus Torvalds released version 4.15 of the Linux Kernel on Sunday, again, and for a second version in a row, a week later than scheduled. The culprits for the late release were the Meltdown and Spectre bugs, as these two vulnerabilities forced developers to submit major patches well into what should have been the last cycle. Torvalds was not comfortable rushing the release, so he gave it another week.
Unsurprisingly, the first big bunch of patches worth mentioning were those designed to sidestep Meltdown and Spectre. To avoid Meltdown, a problem that affects Intel chips, developers have implemented Page Table Isolation (PTI) for the x86 architecture. If for any reason you want to turn this off, you can use the
pti=off kernel boot option.
Spectre v2 affects both Intel and AMD chips and, to avoid it, the kernel now comes with the retpoline mechanism. Retpoline requires a version of GCC that supports the
-mindirect-branch=thunk-extern functionality. As with PTI, the Spectre-inhibiting mechanism can be turned of. To do so, use the
spectre_v2=off option at boot time. Although developers are working to address Spectre v1, at the moment of writing there is still not a solution, so there is no patch for this bug in 4.15.
The solution for Meltdown on ARM has also been pushed to the next development cycle, but there is a remedy for the bug on PowerPC with the RFI flush of L1-D cachefeature included in this release.
An interesting side affect of all of the above is that new kernels now come with a /sys/devices/system/cpu/vulnerabilities/ virtual directory. This directory shows the vulnerabilities affecting your CPU and the remedies being currently applied.
The issues with buggy chips (and the manufacturers that keep things like this secret) has revived the call for the development of viable open source alternatives. This brings us to the partial support for RISC-V chips that has now been merged into the mainline kernel. RISC-V is an open instruction set architecture that allows manufacturers to create their own implementation of RISC-V chips, and it has resulted in several open sourced chips. While RISC-V chips are currently used mainly in embedded devices, powering things like smart hard disks or Arduino-like development boards, RISC-V proponents argue that the architecture is also well-suited for use on personal computers and even in multi-node supercomputers.
The support for RISC-V, as mentioned above, is still incomplete, and includes the architecture code but no device drivers. This means that, although a Linux kernel will run on RISC-V, there is no significant way to actually interact with the underlying hardware. That said, RISC-V is not vulnerable to any of the bugs that have dogged other closed architectures, and development for its support is progressing at a brisk pace, as the RISC-V Foundation has the support of some of the industries biggest heavyweights.
Other stuff that’s new in kernel 4.15
Torvalds has often declared he likes things boring. Fortunately for him, he says, apart from the Spectre and Meltdown messes, most of the other things that happened in 4.15 were very much run of the mill, such as incremental improvements for drivers, support for new devices, and so on. However, there were a few more things worth pointing out:
- AMD got support for Secure Encrypted Virtualization. This allows the kernel to fence off the memory a virtual machine is using by encrypting it. The encrypted memory can only be decrypted by the virtual machine that is using it. Not even the hypervisor can see inside it. This means that data being worked on by VMs in the cloud, for example, is safe from being spied on by any other process outside the VM.
- AMD GPUs get a substantial boost thanks to the inclusion of display code. This gives mainline support to Radeon RX Vega and Raven Ridge cards and also implements HDMI/DP audio for AMD cards.
- Raspberry Pi aficionados will be glad to know that the 7” touchscreen is now natively supported, which is guaranteed to lead to hundreds of fun projects.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.