[WOLK-announce] [ANNOUNCE] WOLK v4.15s FINAL - Server Edition (aka get the 2.6 feeling with 2.4 :p)
Brought to you by:
hight0wer
From: Marc-Christian P. <m....@wo...> - 2004-06-29 13:37:04
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, so, here we go, FINAL v4.15. This is the 15th maintenance update for WOLK4.0. It's a _huge_ maintenance update, fixing lots of VM bugs :) I cannot count the VM bugs any longer. I stopped counting after I've found and fixed 6 of them or so :p To give some numbers: This fixed VM is now ~100% improved to earlier WOLKs. Imho this is now the best 2.4-WOLK ever. Special thanks to Stephan Eisvogel and Cory Visi for sending fixes! - ------------------------------------------------------------------------ I encourage _all_ 2.4-WOLK users to update to v4.15s! It fixes all known security issues up to 29th June 2004 (today). - ------------------------------------------------------------------------ Notes: - ------ 1.: I'll update to Openswan 2 as soon there is/are some fixing Kernel 2.2 support in Openswan 2. I have to use an IPsec stack which are in all of my 2.2 and 2.4 kernels. 2.: If someone finds a non-compilable thing, one beer for him/her ;) 3.: If you have a SuSE 3.3.1* gcc compiler and experience unresolved symbols, remove the following: ---------------------------------------------------------- # Enable unit-at-a-time mode when possible. It shrinks the # kernel considerably. CFLAGS += $(call check_gcc,-funit-at-a-time,) ---------------------------------------------------------- from arch/i386/Makefile and try again. Maybe someone wants to sponsor my work to do a 2.4-WOLK with 2.4.26? Broken-out patches for 2.4-WOLK can be released also ;p - ---------------------------------------------------------------------------- If you wonder why this update is so huge, there's a simple reason. One very big customer of my company sponsored this work. They needed alot of stuff which is all in now. They also required _not to_ release this to the public but that's a no-go for me. I had big trouble with them but hey, this is GPL. - ---------------------------------------------------------------------------- So here the important things ... Changelog from v4.14s -> v4.15s - ------------------------------- o added: grsecurity v2.0.1 as an replacement patch you have to apply manually to use v2.0.1 instead of v1.9.15. Please use gradm2 from ./gradm2 directory and make sure, /dev/grsec has minor number 11 instead of 10 (default) o added: IPv6: Mobility Support (MIPv6) (Workstation Addons) o added: Bootsplash v3.0.9 (Workstation Addons) o added: SuperMount v1.2.11a (Workstation Addons) o added: show extra info to all ipfw log lines length of TCP & data / UDP as well as IP length prints TCP ACK and SEQ numbers in addition to IP ids prints all TCP flags set (Syn, Ack, Fin, Urg, etc) o added: 3.5GB user address space patch (it's mainly a re-add) but in a working way now :p o added: mapped base (it's mainly a re-add too) o added: Loop-AES v2.1a o added: Loop Cyphers: Blowfish, twofish, serpent v2.0g o added: Ethernet Link Aggregation (veth) v0.6.3 If you don't know what this is, you'll never need this! Anyway, works in production with a SysKonnect SK-9844 SX Dual NIC on 2 machines routing ~1000 connections per second and this works damn well! :) o added: Redundancy of Link Segment (lt) v0.8.4 If you don't know what this is, you'll never need this! o added: TCP RFC2385 MD5 support o added: TCP Westwood support o added: grsecurity2 backport: Audit text relocations logging o added: grsecurity2 backport: Show PaX flags in /proc/<pid>/status o added: Openwall backport: Destroy shared memory segments not in use o added: IPsec over IPv4 tunneling driver o added: "echo off >/proc/modules" stops ability to load and unload modules until reboot. o added: Introduce CONFIG_HIGHPTE as Kernel 2.6 has o added: Due to popular request: Laptop-mode from 2.4 mainline o added: Intel PRO/Wireless 2100 (IPW2100) v0.42 James: Is it possible that you can _finally_ fix the Makefile upstream? ;) o added: Network disk block device (NWD) support v1.4 o added: sysctl: vm_anon_lru, vm_vfs_scan_ratio, vm_cache_scan_ratio, vm_passes and vm_gfp_debug. These are some VM tweaks from mainline and/or -aa. They fit perfectly into 2.4-rmap to have full control over the VM. The defaults should be all well tuned, but ... (YMMV ;) o added: finally: UML-SKAS3 (/proc/mm) host support Note: If you use PaX Segmentation based non-exec pages, you have to 'chpax -s' your UML binary. o added: finally: UML /dev/anon support o added: enhance sysrq-m output (Show memory) o added: show memory if we go OOM o added: Vmalloc* /proc/meminfo output o added: WARN_ON() from 2.6 o added: sysctl interface for coredump creation info via syslog(3) and register dump when a process coredumps. kernel/core_creation_info and kernel/core_register_dump, both default to 0 (disabled). Were in wolk before but enabled per default, tho only the first. o added: mlock support (Oracle likes this) o added: grsecurity resource logging sysctl (resource_logging) and log in audit group only o added: Extended Attributes v0.8.71 for ext2/ext3/reiserfs/nfs/nfsd o added: Posix ACL v0.8.71 for ext2/ext3/reiserfs/jfs/nfs/nfsd o added: Security Attributes v0.8.71 for ext2/ext3/reiserfs o added: Config option for /dev/raw/raw* o added: Introduce /proc/sys/kernel: stackwarn and stackdefer If stack usage is over stackwarn, report it If stack usage is over stackdefer, defer it to ksoftirqd o added: BIC-TCP backport from 2.6 o added: TCP Vegas backport from 2.6 o added: 3ware 9xxx SATA-RAID support v2.24.00.006fw o added: A holy cool VM tuning knob. It was intended by me as drop behind but ended as something completely different. Annoyed by i/o pauses during heavy disk i/o? Annoyed by mouse beeing sluggish during heavy disk i/o? Annoyed by not beeing able to play UT2004 while disk i/o? Then this is for _you_. "echo 1 >/proc/sys/vm/vm_magic" and be happy! Extra bonus: ~ 10-20 mb/s more disk i/o throughput! -lck: Shit your pants _now_ :p ... No silly workarounds needed anymore. No need to force the user to use a queue of 32. Muahahaaha. o fixed: oops output was completely fucked up. o fixed: CAN-2004-0495: Al Viro's sparse fixes o fixed: removed silly /proc/sys/net/ipv4/ip_conntrack_max. This is Netfilter stuff so it has to be in /proc/sys/net/ipv4/netfilter/ o fixed: horribly outdated Documentation/sysctl/vm.txt. It was something 2.4.0'ish or so. Even documented rmap tunables and more. Marcelo shits his pants to apply this to 2.4.27. o fixed: pageattr cache flushing on P4 o fixed: ext2/ext3: use-before-uninitialized value in ext3(2)_find_ goal o fixed: ext3: htree memory leak and compile time warning o fixed: NFS was slow in UDP. Now doubled the throughput. o fixed: NFS did not work with TCP. Works now. o fixed: lm-sensors did not work when grsecurity was disabled o fixed: i2c compile problems o fixed: IMQ: "dead-loop on netdevice imq" issue o fixed: information leak in the XFS filesystem code o fixed: holy braindead /proc/sys/dev/rtc/max-user-freq of beeing 64 all the time. Now if you select at least Pentium 3 or AMD Duron, it defaults to 1024 which makes more sense. o fixed: C1 halt disconnect problem on nForce2 systems actually I had a fix in for a long time, but this seems nicer. o fixed: renamed silly kernel.allow_setid_core to core_allow_setid o fixed: H-FSC packet scheduler compile error o fixed: wrap around of netdevice statistics. Now 64-bit :p o fixed: double POOL_SIZE for highmem bounce pages if memory pools are on o fixed: grsecurity missed preempt checks. Now safe, even on SMP :p o fixed: CONFIG_HIGHIO defaults to on if Highmem selected and removed config option for High I/O. People did not select it and complained about bad performance, so force it from now on! o fixed: damn holy braindamaged FS menu structure. I can't see it! o fixed: external module load with >= gcc v3.3.3 o fixed: potential memory access to free memory in /proc handling o fixed: potential memory leak in devpts o fixed: oom parent killer: missed RMAP bits, missed locking bits o fixed: e1000: fix probable security hole o fixed: RMAP: inode reclaiming with highmem o fixed: RMAP: smp deadlock in inode reclaiming code o fixed: RMAP: thinko in mm/rmap.c (doh :() o fixed: RMAP: more thinkos by me in early 4.0s stages hello? Are you all silly or just no interrest? ;) o fixed: RMAP: yet more errors in page reclaim logic. HELLO?!! if I've had found one more I'd rewrote that from scratch! Holla die Waldfee :p o fixed: RMAP: some braindamaged VM performance/behaviour NOTE: RMAP is braindead all over the place and it's not fixable neither by me nor by Rik van Riel nor by anyone at Redhat who use rmap as their main VM in their flagship Enterprise Linux. If you are interested in the braindamage of rmap just read https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=89226. Be sure to stop laughing after 10 minutes or you're gonna be dead. There is absolutely no wonder why rmap is beeing removed _again_ from a mainline kernel (early 2.4 and now early 2.6). I really hope rmap will never ever get any chance back into any mainline kernel in this century. Thanks. Anyway, now it's at least 100% better than anything before. Still braindead, but hey ... o fixed: /proc/slabinfo: 'dm io' has to be 'dm_io' o fixed: /proc/slabinfo: 'eventpoll epi' has to be 'eventpoll_epi' o fixed: /proc/slabinfo: 'eventpoll pwq' has to be 'eventpoll_pwq' o fixed: /proc/slabinfo: 'async poll table' has to be 'async_poll_table' o fixed: because of the 4 above, slabtop(1) works now :p o fixed: SMP deadlock in smp-timers-not-deadlocking (hahaha ;) o fixed: ext3/quota deadlock o fixed: scheduler: sched_yield_scale to 0 for desktop tweaks for better interactivity. KDE does not like it for example. You can still change this via /proc if you don't use KDE and/or OpenOffice. Can userspace apps get a fix please? o fixed: quota v1 and v2 missing module license o fixed: workaround rmap vs. PaX segmexec highmem 'my init gets killed' problem :p - It's so simple. o fixed: PaX: large file mapping bug introduced by vma mirroring o fixed: wrong dependences for grsecurity/PaX configure system o fixed: memory pools goes crazy sometimes. Backported 2.6 fixes o updated: Broadcom BCM5700 driver v7.1.22 o updated: AIC7xxx v6.3.9 / AIC79xx v2.0.12 (v2004-05-22) o updated: IBM ServeRAID v7.00.15 (New driver series) o updated: RAID code (up to 2.4.27-rc2) o updated: Netfilter code (up to 2.4.27-rc2) o updated: EVMS v2.3.4 o updated: Device Mapper (LVM2) v4.1.1-ioctl (2004-04-07) o updated: Bonding v2.5.0 o updated: XFS (up to 2.4.27-rc2) o updated: JFS v1.1.6 (up to 2.4.27-rc2) o updated: CryptoAPI (up to 2.4.27-rc2) o updated: PPP Microsoft encryption/compression (MPPE/MPPC) v0.99 o updated: libata (S-ATA support via SCSI layer) same as 2.4.27-pre4 + ICH5/ICH6 o updated: Intel e100 driver v2.3.40 o updated: Intel e1000 driver v5.2.51 o updated: Broadcom Tigon3 (tg3) v3.6 o updated: SysKonnect SK-98xx driver v6.24 o updated: Realtek 8139cp v1.1 o updated: SiS 900 v1.08.06 o updated: Sundance v1.01+LK1.09a o updated: 3com 3c59x vLK1.1.18-ac o updated: LSI MegaRAID (driver series v2.10.6) o updated: Dazuko v2.0.2 o updated: DRBD v0.6.12 o updated: shfs v0.35 o updated: Openswan v1.0.6 o updated: HTB v3.16 o updated: grsecurity v1.9.15 o removed: bogus highmem tweaks. Added better one. o removed: shm largepage from -aa. Did not work at all. Anyone wants to port HugeTLBfs from RH? Intel ignores me completely via email. They _have_ HugeTLBfs for IA32 for recent kernels !!!! o removed: vserver ctx17: Too old, no one maintains this, so if you want to use it, make a patch with a new vserver patch. o removed: CryptoLOOP (jari edition) o removed: _very_ old loop twofish, replaced with new one. o removed: scheduler tunables. We now have best defaults, so get rid of it. Instead we now have a boot parameter named "desktop". Boot with it and you get the desktop tweaks. Leave it out and you get the server tweaks. Anyway, you can still change max-timeslice and min-timeslice. Now we are equal with 2.6-WOLK. md5sums: - -------- 906f6babb633b8bc07925506dc2ee4b0 linux-2.4.20-wolk4.15-fullkernel.tar.bz2 9c2af17177625d9012bfb41aea749e6d linux-2.4.20-wolk4.15-fullkernel.tar.gz 9288e5f01df7fae699a0a87069e35c83 linux-2.4.20-wolk4.15s.patch.bz2 9f81e2b525b8ac1c0ad4adae911d131a linux-2.4.20-wolk4.15s.patch.gz 956720b9adf2dfdbae7083b54000fde2 linux-2.4.20-wolk4.14s-to-4.15s.patch.bz2 40d359edce3910001f3fb35e4136cdad linux-2.4.20-wolk4.14s-to-4.15s.patch.gz - -- Kind regards Marc-Christian Petersen http://sourceforge.net/projects/wolk PGP/GnuPG Key: 1024D/569DE2E3DB441A16 Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16 Key available at http://pgp.mit.edu. Encrypted e-mail preferred -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: !! No Risk - No Fun !! - Try to crack this ;-) iD8DBQFA4W5HVp3i49tEGhYRAuu3AJ9Nls1B3qOiYUhV3hyy+74MA0q5qACeJkOI CjFnn6b7URFlUphW4ofy5Ak= =XV7b -----END PGP SIGNATURE----- |