The latest Linux 5.14 kernel is just around the corner and with contributions from 1,650 developers there are some interesting updates to security and performance. In particular a new way to deal with Spectre and Meltdown which gained widespread notoriety in 2018 and creating memory ranges inaccessible to anyone.
According to Sean Michael Kerner at TechCrunch:
A particular area of interest for both enterprise and cloud users is always security and to that end, Linux 5.14 will help with several new capabilities. Mike McGrath, vice president, Linux Engineering at Red Hat told TechCrunch that the kernel update includes a feature known as core scheduling, which is intended to help mitigate processor-level vulnerabilities like Spectre and Meltdown, which first surfaced in 2018. One of the ways that Linux users have had to mitigate those vulnerabilities is by disabling hyper-threading on CPUs and therefore taking a performance hit.
“More specifically, the feature helps to split trusted and untrusted tasks so that they don’t share a core, limiting the overall threat surface while keeping cloud-scale performance relatively unchanged,” McGrath explained.
It will be interesting to see folks testing this release in their labs while they re-enable hyper-threading. Would love to see some community charts, and graphs that show the before and after.
In addition to the core scheduling update, another new security update that caught my interest was memfd_secret (). I’ll be watching this one closely and wanting to hear from the community on their experience.
Attacks against Linux and other operating systems often target memory as a primary attack surface to exploit. With the new kernel, there is a capability known as memfd_secret () that will enable an application running on a Linux system to create a memory range that is inaccessible to anyone else, including the kernel.
Once released you can download the 5.14 kernel and apply it to your test servers manually. Most Linux vendors will include the updated kernel in their next release. I will likely wait for it to be included in my distro of choice.
While Linux 5.14 will be out soon, it often takes time until it is adopted inside of enterprise releases. McGrath said that Linux 5.14 will first appear in Red Hat’s Fedora community Linux distribution and will be a part of the future Red Hat Enterprise Linux 9 release. Gerald Pfeifer, CTO for enterprise Linux vendor SUSE, told TechCrunch that his company’s openSUSE Tumbleweed community release will likely include the Linux 5.14 kernel within “days” of the official release. On the enterprise side, he noted that SUSE Linux Enterprise 15 SP4, due next spring, is scheduled to come with the 5.14 kernel.
What has you excited about the Linux 5.14 kernel? Is this something you will download and test right away or will you wait for your favorite distro to include it. Let me know on Twitter and thanks for reading.