Hacker News with Generative AI: Kernel

Linux 6.15 Git Tanked Nginx HTTPS Web Server Performance (phoronix.com)
With the Linux 6.15 kernel settling down nicely, I've been testing out the current Linux Git state on more systems in looking for any performance changes. Unfortunately this week I ran into a large performance regression affecting the Nginx HTTP(S) web server. Here's a look at that problem currently affecting Linux Git.
The case of the UI thread that hung in a kernel call (microsoft.com)
A customer asked for help with a longstanding but low-frequency hang that they have never been able to figure out.
Can Linux have "transfer data structures to new kernel" rebooting like Minix? (ycombinator.com)
Or would that go against the monolithic kernel paradigm of the Linux kernel?
Linux Kernel Defence Map – Security Hardening Concepts (github.com/a13xp0p0v)
Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies
BPF from Scratch in Rust (yeet.cx)
We’re not saying yeet is the Dr. Dre of observability… but it’s been in the lab with a pen and a pad trying to get the kernel off its back.
FUSE File-Systems to Support Much Longer Filenames with Linux 6.15 (phoronix.com)
Linux 6.15 Goes Heavy on Intel and AMD x86_64 CPU Changes (phoronix.com)
Merged today for the recently-opened Linux 6.15 merge window were all of the "x86/core" changes that are particularly heavy on new feature work for both Intel and AMD x86/x86_64 processors.
Linux 6.14 Release Changelog (kernelnewbies.org)
Linux 6.14 changelog.
Google Developing "Live Update Orchestrator" New Means Live Linux Kernel Updates (phoronix.com)
While there is Kpatch, Ksplice, and other live patching solutions already in use for patching a running Linux kernel for deploying security updates without downtime, Google engineers are developing the Live Update Orchestrator as a new means of transitioning to a new updated kernel with minimal downtime.
Apple rearranged its XNU kernel with exclaves (theregister.com)
Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called "exclaves."
Fiwix: Small Unix-Like Kernel (fiwix.org)
Fiwix is an operating system kernel written from scratch, based on the UNIX architecture and fully focused on being POSIX compatible.
Geico Developing TuxTape – A New Linux Kernel Livepatching Solution (phoronix.com)
Prominent US insurance company GEICO has been working on TuxTape as a new Linux kernel livepatching toolkit.
Resistance to Rust abstractions for DMA mapping (lwn.net)
While the path toward the ability to write device drivers in Rust has been anything but smooth, steady progress has been made and that goal is close to being achieved — for some types of drivers at least. Device drivers need to be able to set up memory areas for direct memory access (DMA) transfers, though; that means Rust drivers will need a set of abstractions to interface with the kernel's DMA-mapping subsystem.
Resistance to Rust abstractions for DMA mapping (lwn.net)
While the path toward the ability to write device drivers in Rust has been anything but smooth, steady progress has been made and that goal is close to being achieved — for some types of drivers at least. Device drivers need to be able to set up memory areas for direct memory access (DMA) transfers, though; that means Rust drivers will need a set of abstractions to interface with the kernel's DMA-mapping subsystem.
Susctl CVE-2024-54507: A particularly 'sus' sysctl in the XNU kernel (jprx.io)
Every time Apple releases a new version of XNU, I run a custom suite of tests under an address sanitizer to see if I can spot any regressions, or even possibly new bugs.
Why is my CPU usage always 100%? (downtowndougbrown.com)
If you’re new to this series, I’ve been documenting the process I went through upgrading my old PXA166-based Chumby 8’s 2.6.28 Linux kernel to a modern 6.x version.
Failing Randomly: Linux Seccomp and Kernel Hacking (mejedi.dev)
Seccomp filters system calls with cBPF code. One can blacklist certain system call numbers or even make a decision based on call arguments. Both Docker and Chromium use seccomp to protect host from malicious or misbehaving programs.
Linux 6.13 Staging Clears 107k Lines of Code from Old and Unmaintained Drivers (phoronix.com)
Just a quick reminder this "Black Friday" if you would like to help show your support.
The Case for a High-Level Kernel-Bypass I/O Abstraction (irenezhang.net)
After chatting with people at HotOS, I was inspired to write this blog post summarizing my HotOS paper. At a high-level, the HotOS paper advocates for a new high-level I/O abstraction for kernel-bypass.
How to build a custom kernel for WSL in 2025 (boxofcables.dev)
Thanks to the WSL System Distro, we no longer need distro-specific instructions to build a WSL custom kernel.
Linux Kernel 6.12 Has Landed – and It's a Big One (omgubuntu.co.uk)
Linus Torvalds has announced the release of Linux kernel 6.12, and an eclectic assortment of changes contained within make it one of the most biggest kernel releases for a while.
Linux Fixes Hosts Randomly Rebooting During Virtualization with Ryzen 7000/8000 (phoronix.com)
Ahead of the Linux 6.12 kernel release expected today there is a last minute "x86/urgent" pull request.
Linux 6.12 Released with Real-Time Capabilities, Sched_Ext, AMD RDNA4 and More (phoronix.com)
As expected, minutes ago Linus Torvalds just released the Linux 6.12 kernel as stable. Linux 6.12 brings many new features, new hardware support, and is rounded out by the fact of expected to become this year's Long Term Support (LTS) kernel version.
An attempt to backdoor the kernel (2003) (lwn.net)
Someone recently made an attempt to add a local root backdoor to the Linux kernel, by making a checkin to the subsidiary CVS repository under someone else's name. Fortunately, the master repository is on Linus' computer, behind a firewall, and the automated tracking of BitKeeper, the source control system, caught the illegal change.
Intel Spots 3888.9% Performance Improvement in Linux Kernel from 1 Line of Code (phoronix.com)
Intel's Linux kernel test robot has reported a 3888.9% performance improvement in the mainline Linux kernel as of this past week.
Intel Spots a 3888% Performance Improvement in the Linux Kernel (phoronix.com)
Intel's Linux kernel test robot has reported a 3888.9% performance improvement in the mainline Linux kernel as of this past week.
x86 Early Kernel Boot Process with Microcode, ACPI Overrides, and Initrd (labcsmart.com)
In this third installment of our x86 Platforms series, following Part 2: UEFI Bootloader Management and Integration with Yocto, we’re going to explore the early kernel boot process in more depth. Specifically, we’ll cover how x86 systems handle microcode updates, ACPI table overrides, and the initrd (initial RAM disk). These elements are critical for configuring the CPU, hardware, and the system during the boot process.
SELinux bypasses (klecko.github.io)
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.
A deep dive into Linux's new mseal syscall (trailofbits.com)
If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including how it’s different from prior memory protection schemes and how it works in the kernel to protect virtual memory.
ReiserFS File-System Expected to Be Removed with Linux 6.13 (phoronix.com)
With ReiserFS having been deprecated for two years with plans to remove it in 2025, the upcoming Linux 6.13 cycle for what will be the first major kernel release of the new year and past the Linux 6.12 LTS kernel is expected to do just that... ReiserFS is set to be stripped from the mainline kernel codebase.