[WOLK-announce] [ANNOUNCE] WOLK v4.15s FINAL - Server Edition (aka get the 2.6 feeling with 2.4 :p)
Brought to you by:
hight0wer
Menu
▾
▴
[WOLK-announce] [ANNOUNCE] WOLK v4.15s FINAL - Server Edition (aka get the 2.6 feeling with 2.4 :p)
|
From: Marc-Christian P. <m....@wo...> - 2004-06-29 13:37:04
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
so, here we go, FINAL v4.15. This is the 15th maintenance update for
WOLK4.0. It's a _huge_ maintenance update, fixing lots of VM bugs :)
I cannot count the VM bugs any longer. I stopped counting after I've
found and fixed 6 of them or so :p
To give some numbers: This fixed VM is now ~100% improved to earlier WOLKs.
Imho this is now the best 2.4-WOLK ever.
Special thanks to Stephan Eisvogel and Cory Visi for sending fixes!
- ------------------------------------------------------------------------
I encourage _all_ 2.4-WOLK users to update to v4.15s! It fixes all known
security issues up to 29th June 2004 (today).
- ------------------------------------------------------------------------
Notes:
- ------
1.: I'll update to Openswan 2 as soon there is/are some fixing Kernel
2.2 support in Openswan 2. I have to use an IPsec stack which are
in all of my 2.2 and 2.4 kernels.
2.: If someone finds a non-compilable thing, one beer for him/her ;)
3.: If you have a SuSE 3.3.1* gcc compiler and experience unresolved
symbols, remove the following:
----------------------------------------------------------
# Enable unit-at-a-time mode when possible. It shrinks the
# kernel considerably.
CFLAGS += $(call check_gcc,-funit-at-a-time,)
----------------------------------------------------------
from arch/i386/Makefile and try again.
Maybe someone wants to sponsor my work to do a 2.4-WOLK with 2.4.26?
Broken-out patches for 2.4-WOLK can be released also ;p
- ----------------------------------------------------------------------------
If you wonder why this update is so huge, there's a simple reason. One very
big customer of my company sponsored this work. They needed alot of stuff
which is all in now. They also required _not to_ release this to the public
but that's a no-go for me. I had big trouble with them but hey, this is GPL.
- ----------------------------------------------------------------------------
So here the important things ...
Changelog from v4.14s -> v4.15s
- -------------------------------
o added: grsecurity v2.0.1 as an replacement patch you have to apply
manually to use v2.0.1 instead of v1.9.15. Please use
gradm2 from ./gradm2 directory and make sure, /dev/grsec
has minor number 11 instead of 10 (default)
o added: IPv6: Mobility Support (MIPv6) (Workstation Addons)
o added: Bootsplash v3.0.9 (Workstation Addons)
o added: SuperMount v1.2.11a (Workstation Addons)
o added: show extra info to all ipfw log lines
length of TCP & data / UDP as well as IP length
prints TCP ACK and SEQ numbers in addition to IP ids
prints all TCP flags set (Syn, Ack, Fin, Urg, etc)
o added: 3.5GB user address space patch (it's mainly a re-add)
but in a working way now :p
o added: mapped base (it's mainly a re-add too)
o added: Loop-AES v2.1a
o added: Loop Cyphers: Blowfish, twofish, serpent v2.0g
o added: Ethernet Link Aggregation (veth) v0.6.3
If you don't know what this is, you'll never need this!
Anyway, works in production with a SysKonnect SK-9844 SX
Dual NIC on 2 machines routing ~1000 connections per
second and this works damn well! :)
o added: Redundancy of Link Segment (lt) v0.8.4
If you don't know what this is, you'll never need this!
o added: TCP RFC2385 MD5 support
o added: TCP Westwood support
o added: grsecurity2 backport: Audit text relocations logging
o added: grsecurity2 backport: Show PaX flags in /proc/<pid>/status
o added: Openwall backport: Destroy shared memory segments not in use
o added: IPsec over IPv4 tunneling driver
o added: "echo off >/proc/modules" stops ability to load
and unload modules until reboot.
o added: Introduce CONFIG_HIGHPTE as Kernel 2.6 has
o added: Due to popular request: Laptop-mode from 2.4 mainline
o added: Intel PRO/Wireless 2100 (IPW2100) v0.42
James: Is it possible that you can _finally_
fix the Makefile upstream? ;)
o added: Network disk block device (NWD) support v1.4
o added: sysctl: vm_anon_lru, vm_vfs_scan_ratio, vm_cache_scan_ratio,
vm_passes and vm_gfp_debug. These are some VM tweaks from
mainline and/or -aa. They fit perfectly into 2.4-rmap to
have full control over the VM. The defaults should be all
well tuned, but ... (YMMV ;)
o added: finally: UML-SKAS3 (/proc/mm) host support
Note: If you use PaX Segmentation based non-exec pages,
you have to 'chpax -s' your UML binary.
o added: finally: UML /dev/anon support
o added: enhance sysrq-m output (Show memory)
o added: show memory if we go OOM
o added: Vmalloc* /proc/meminfo output
o added: WARN_ON() from 2.6
o added: sysctl interface for coredump creation info via syslog(3)
and register dump when a process coredumps.
kernel/core_creation_info and kernel/core_register_dump,
both default to 0 (disabled). Were in wolk before but
enabled per default, tho only the first.
o added: mlock support (Oracle likes this)
o added: grsecurity resource logging sysctl (resource_logging) and log
in audit group only
o added: Extended Attributes v0.8.71 for ext2/ext3/reiserfs/nfs/nfsd
o added: Posix ACL v0.8.71 for ext2/ext3/reiserfs/jfs/nfs/nfsd
o added: Security Attributes v0.8.71 for ext2/ext3/reiserfs
o added: Config option for /dev/raw/raw*
o added: Introduce /proc/sys/kernel: stackwarn and stackdefer
If stack usage is over stackwarn, report it
If stack usage is over stackdefer, defer it to ksoftirqd
o added: BIC-TCP backport from 2.6
o added: TCP Vegas backport from 2.6
o added: 3ware 9xxx SATA-RAID support v2.24.00.006fw
o added: A holy cool VM tuning knob. It was intended by me as drop
behind but ended as something completely different.
Annoyed by i/o pauses during heavy disk i/o?
Annoyed by mouse beeing sluggish during heavy disk i/o?
Annoyed by not beeing able to play UT2004 while disk i/o?
Then this is for _you_.
"echo 1 >/proc/sys/vm/vm_magic" and be happy!
Extra bonus: ~ 10-20 mb/s more disk i/o throughput!
-lck: Shit your pants _now_ :p ...
No silly workarounds needed anymore. No need to force
the user to use a queue of 32. Muahahaaha.
o fixed: oops output was completely fucked up.
o fixed: CAN-2004-0495: Al Viro's sparse fixes
o fixed: removed silly /proc/sys/net/ipv4/ip_conntrack_max. This is
Netfilter stuff so it has to be in
/proc/sys/net/ipv4/netfilter/
o fixed: horribly outdated Documentation/sysctl/vm.txt. It was
something 2.4.0'ish or so. Even documented rmap tunables
and more. Marcelo shits his pants to apply this to 2.4.27.
o fixed: pageattr cache flushing on P4
o fixed: ext2/ext3: use-before-uninitialized value in ext3(2)_find_ goal
o fixed: ext3: htree memory leak and compile time warning
o fixed: NFS was slow in UDP. Now doubled the throughput.
o fixed: NFS did not work with TCP. Works now.
o fixed: lm-sensors did not work when grsecurity was disabled
o fixed: i2c compile problems
o fixed: IMQ: "dead-loop on netdevice imq" issue
o fixed: information leak in the XFS filesystem code
o fixed: holy braindead /proc/sys/dev/rtc/max-user-freq of beeing 64 all
the time. Now if you select at least Pentium 3 or AMD Duron,
it defaults to 1024 which makes more sense.
o fixed: C1 halt disconnect problem on nForce2 systems
actually I had a fix in for a long time, but this seems nicer.
o fixed: renamed silly kernel.allow_setid_core to core_allow_setid
o fixed: H-FSC packet scheduler compile error
o fixed: wrap around of netdevice statistics. Now 64-bit :p
o fixed: double POOL_SIZE for highmem bounce pages if memory pools are on
o fixed: grsecurity missed preempt checks. Now safe, even on SMP :p
o fixed: CONFIG_HIGHIO defaults to on if Highmem selected and removed
config option for High I/O. People did not select it and
complained about bad performance, so force it from now on!
o fixed: damn holy braindamaged FS menu structure. I can't see it!
o fixed: external module load with >= gcc v3.3.3
o fixed: potential memory access to free memory in /proc handling
o fixed: potential memory leak in devpts
o fixed: oom parent killer: missed RMAP bits, missed locking bits
o fixed: e1000: fix probable security hole
o fixed: RMAP: inode reclaiming with highmem
o fixed: RMAP: smp deadlock in inode reclaiming code
o fixed: RMAP: thinko in mm/rmap.c (doh :()
o fixed: RMAP: more thinkos by me in early 4.0s stages
hello? Are you all silly or just no interrest? ;)
o fixed: RMAP: yet more errors in page reclaim logic. HELLO?!!
if I've had found one more I'd rewrote that from scratch!
Holla die Waldfee :p
o fixed: RMAP: some braindamaged VM performance/behaviour
NOTE: RMAP is braindead all over the place and it's not
fixable neither by me nor by Rik van Riel nor by anyone at
Redhat who use rmap as their main VM in their flagship
Enterprise Linux. If you are interested in the braindamage
of rmap just read
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=89226.
Be sure to stop laughing after 10 minutes or you're gonna
be dead. There is absolutely no wonder why rmap is beeing
removed _again_ from a mainline kernel (early 2.4 and now
early 2.6). I really hope rmap will never ever get any
chance back into any mainline kernel in this century.
Thanks. Anyway, now it's at least 100% better than anything
before. Still braindead, but hey ...
o fixed: /proc/slabinfo: 'dm io' has to be 'dm_io'
o fixed: /proc/slabinfo: 'eventpoll epi' has to be 'eventpoll_epi'
o fixed: /proc/slabinfo: 'eventpoll pwq' has to be 'eventpoll_pwq'
o fixed: /proc/slabinfo: 'async poll table' has to be 'async_poll_table'
o fixed: because of the 4 above, slabtop(1) works now :p
o fixed: SMP deadlock in smp-timers-not-deadlocking (hahaha ;)
o fixed: ext3/quota deadlock
o fixed: scheduler: sched_yield_scale to 0 for desktop tweaks
for better interactivity. KDE does not like it for example.
You can still change this via /proc if you don't use KDE
and/or OpenOffice. Can userspace apps get a fix please?
o fixed: quota v1 and v2 missing module license
o fixed: workaround rmap vs. PaX segmexec highmem
'my init gets killed' problem :p - It's so simple.
o fixed: PaX: large file mapping bug introduced by vma mirroring
o fixed: wrong dependences for grsecurity/PaX configure system
o fixed: memory pools goes crazy sometimes. Backported 2.6 fixes
o updated: Broadcom BCM5700 driver v7.1.22
o updated: AIC7xxx v6.3.9 / AIC79xx v2.0.12 (v2004-05-22)
o updated: IBM ServeRAID v7.00.15 (New driver series)
o updated: RAID code (up to 2.4.27-rc2)
o updated: Netfilter code (up to 2.4.27-rc2)
o updated: EVMS v2.3.4
o updated: Device Mapper (LVM2) v4.1.1-ioctl (2004-04-07)
o updated: Bonding v2.5.0
o updated: XFS (up to 2.4.27-rc2)
o updated: JFS v1.1.6 (up to 2.4.27-rc2)
o updated: CryptoAPI (up to 2.4.27-rc2)
o updated: PPP Microsoft encryption/compression (MPPE/MPPC) v0.99
o updated: libata (S-ATA support via SCSI layer)
same as 2.4.27-pre4 + ICH5/ICH6
o updated: Intel e100 driver v2.3.40
o updated: Intel e1000 driver v5.2.51
o updated: Broadcom Tigon3 (tg3) v3.6
o updated: SysKonnect SK-98xx driver v6.24
o updated: Realtek 8139cp v1.1
o updated: SiS 900 v1.08.06
o updated: Sundance v1.01+LK1.09a
o updated: 3com 3c59x vLK1.1.18-ac
o updated: LSI MegaRAID (driver series v2.10.6)
o updated: Dazuko v2.0.2
o updated: DRBD v0.6.12
o updated: shfs v0.35
o updated: Openswan v1.0.6
o updated: HTB v3.16
o updated: grsecurity v1.9.15
o removed: bogus highmem tweaks. Added better one.
o removed: shm largepage from -aa. Did not work at all. Anyone wants
to port HugeTLBfs from RH? Intel ignores me completely
via email. They _have_ HugeTLBfs for IA32 for recent
kernels !!!!
o removed: vserver ctx17: Too old, no one maintains this, so if you
want to use it, make a patch with a new vserver patch.
o removed: CryptoLOOP (jari edition)
o removed: _very_ old loop twofish, replaced with new one.
o removed: scheduler tunables. We now have best defaults, so get rid
of it. Instead we now have a boot parameter named
"desktop". Boot with it and you get the desktop tweaks.
Leave it out and you get the server tweaks. Anyway, you
can still change max-timeslice and min-timeslice. Now
we are equal with 2.6-WOLK.
md5sums:
- --------
906f6babb633b8bc07925506dc2ee4b0 linux-2.4.20-wolk4.15-fullkernel.tar.bz2
9c2af17177625d9012bfb41aea749e6d linux-2.4.20-wolk4.15-fullkernel.tar.gz
9288e5f01df7fae699a0a87069e35c83 linux-2.4.20-wolk4.15s.patch.bz2
9f81e2b525b8ac1c0ad4adae911d131a linux-2.4.20-wolk4.15s.patch.gz
956720b9adf2dfdbae7083b54000fde2 linux-2.4.20-wolk4.14s-to-4.15s.patch.bz2
40d359edce3910001f3fb35e4136cdad linux-2.4.20-wolk4.14s-to-4.15s.patch.gz
- --
Kind regards
Marc-Christian Petersen
http://sourceforge.net/projects/wolk
PGP/GnuPG Key: 1024D/569DE2E3DB441A16
Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16
Key available at http://pgp.mit.edu. Encrypted e-mail preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: !! No Risk - No Fun !! - Try to crack this ;-)
iD8DBQFA4W5HVp3i49tEGhYRAuu3AJ9Nls1B3qOiYUhV3hyy+74MA0q5qACeJkOI
CjFnn6b7URFlUphW4ofy5Ak=
=XV7b
-----END PGP SIGNATURE-----
|