What's in the Fedora Core 2 kernel

Fedora Core 2 is scheduled to ship in just over one month. This distribution will be a high-profile deployment of the 2.6 kernel. Red Hat has often shipped highly-patched kernels, and there have been occasional criticisms that the company's kernels are so divergent from the mainline that they are incompatible with other Linux systems. Since we have been messing with the second Fedora Core 2 test release anyway, it seemed like a good time to look and see what sort of kernel it includes. To that end, we pulled down a copy of 2.6.5-1-321 from Arjan van de Ven's directory.

As it turns out, the number of patches contained in this kernel is relatively small. That is not entirely surprising; vendor kernel patch lists tend to get longer as the current development kernel progresses; some vendors, at least, have a tendency to backport features from the development tree. There is no development tree currently, so there is nothing to backport.

That said, the first patch is a big one: it's the full 2.6.5-mc1 tree from Andrew Morton. Now that the merge candidate patches are finding their way into 2.6.6-pre, Red Hat will not need to apply that particular patch itself.

The 2.6.6 kernel will feature an option (on by default) to use 4KB kernel stacks on the i386 architecture. The Fedora kernel has that patch, of course; it also includes a separate patch which takes away the option of using the traditional 8KB stacks. This change has upset some Fedora test users; the 4KB stacks break certain proprietary device drivers (e.g. nVidia) and some users of those drivers would prefer to have the ability to build a kernel that supports them. Red Hat seems determined to follow this path, however, on the assumption that nVidia will fix its drivers (and the general attitude that breaking binary modules is a low-priority problem at best).

Then, there are patches which are true Red Hat stuff. These include "exec shield," which makes buffer overflow attacks harder by enforcing no-execute permissions; the 4G/4G patch which provides expanded 32-bit virtual address spaces to both user space and the kernel; and TUX, the kernel-based high-performance web server. There is also an SELinux/security module patch which allows the kernel to bypass permission checks when creating sockets internally; this one changes the security module interface.

Then, there are various cleanup and safety patches. For example, gcc 3.4 supports a "warn_unused_result" attribute on functions; the compiler will complain when code calls a function marked with this attribute and fails to check the return value. The Red Hat kernel applies that attribute to a few functions (copy_from_user(), pci_enable_device(), etc.) to trap places where the proper checks are not made. Various functions which use too much kernel stack space have been fixed up. There is a patch which fixes some remaining sleep_on() calls and warns about others. The driver for /dev/mem has been fixed to disallow access to most of main memory. And there is a driver for a "crash" device which provides direct read access to main memory, seemingly for use by a crash dump utility.

Finally, there is a small set of bug fixes and patches to ease the build process on various architectures. Overall, the Fedora kernel suggests that, in Red Hat's view, not a whole lot needs to be added to the 2.6 kernel (the upcoming 2.6.6 version, at least) for it to be ready for wide use.

---

(Log in to post comments)