Announcement

Collapse
No announcement yet.

Linux 4.15-rc2 Kernel Released

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #11
    Originally posted by debianxfce View Post

    You can make a mess with git commands and they are cryptic. You did not learn to use git fully in 5 minutes. Running your services background in a gaming/multimedia pc is a waste of hw resources. That is like running daily virusscan automatically that slows your computer.
    Download git repo with kernel:
    Code:
     https://github.com/torvalds/linux.git
    Update repository:
    Code:
     git pull
    And build with usual make && make modules-install and whatnot. Unless you are doing some changes to the repository that is virtually all you need (and that is exactly what 5 minute intro to git teaches you).

    As far as second part of your comment, I distinctly said "every night".
    My scheduled jobs start at 2AM. If you are concerned about your work being slowed down by the background task all you have to do is either use lower priority (nice) or alternatively this one-liner delaying the script if the system is under any kind of load (e.g. not idle):

    Code:
    while (( $(uptime | awk '{print $(NF)}') > 0.1 )); do sleep 15m; done
    This simply delays execution of the script by 15minutes if the average system load is higher than "0.1" during span of last 15 minutes.
    Any more concerns which are easily solveable by bash one-liners???


    • Likes 2

    Comment

    • #12
      Originally posted by debianxfce View Post

      Can't you read: .config:
      "#
      # Automatically generated file; DO NOT EDIT.
      # Linux/x86_64 4.15.0-rc2 Kernel Configuration
      "

      Use the command make xconfig. It takes care of dependencies and shows them.
      Thanks, dick. I was just wondering about which settings would change.

      For those wondering, in the menu config:

      To change the timer frequency: Processor type and features ---> Timer frequency (250 HZ) -> 1000 HZ


      I'm up and running on with a non-debug 1000hz timer. Feels nice, but noticed a little lagginess at times when gaming. Going to try another value and find the sweet spot for me.

      Like puleglot said, not sure what side effects disabling debug has, if any.
      Last edited by perpetually high; 03 December 2017, 09:26 PM.
      • Likes 1

      Comment

      • #13
        Originally posted by puleglot View Post
        Note that some security features [1] depends on DEBUG_KERNEL.
        Note that DEBUG_KERNEL option doesn't actually do anything apart from making some configuration options visible (well some debug options might default to "Y" so you might end up compiling more debug code by default). This is similar to EMBEDDED and EXPERT config options.

        Anyways, easiest way to check for kernel hardening knobs is running "checksec -k" script (https://github.com/slimm609/checksec.sh).

        Code:
        tpruzina checksec # ./checksec -k

* Kernel protection information:

  Description - List the status of kernel protection mechanisms. Rather than
  inspect kernel mechanisms that may aid in the prevention of exploitation of
  userspace processes, this option lists the status of kernel configuration
  options that harden the kernel itself against attack.

  Kernel config:
  /usr/src/linux-master/.config

  Vanilla Kernel ASLR:             Full
  Protected symlinks:             Enabled
  Protected hardlinks:             Enabled
  Ipv4 reverse path filtering:           Enabled
  Ipv6 reverse path filtering:           Enabled
  Kernel heap randomization:              Enabled
  GCC stack protector support:            Enabled
  Enforce read-only kernel data:          Enabled
  Enforce read-only module data:          Enabled
  Hardened Usercopy:                      Enabled
  Hardened Usercopy Pagespan:             Enabled
  Restrict /dev/mem access:               Enabled
  Restrict /dev/kmem access:              Enabled

* X86 only:            
  Address space layout randomization:     Enabled
        • Likes 1

        Comment

        • #14
          Originally posted by caligula View Post
          How do you find the latest nvidia driver without any manual effort? Nouveau surely crashes more often than that. Apparently you don't care about new drivers and features?
          I fix it when it breaks (also I'm talking about nvidias binary driver, not nouveau). On average nvidia does monthly releases of their drivers (actually, bi-weekly releases that switch between stable/beta, but I don't care about stable) and more often than not they compile just fine. When something breaks I typically fix the problem within few minutes because due to my routine there is very few kernel commits that need to be looked at to find what changed.

          Afterwards I typically post my patches on nvidia dev forums so that other users can use their staging/rcX kernels with latest beta drivers.


          [patch] 387.22 + kernel 4.15 staging
          https://devtalk.nvidia.com/default/topic/1026566/-patch-387-22-kernel-4-15-staging
          Yet another quick and dirty patch for latest torvalds/linux tree (HEAD cf9b0772f2e410645fece13b749bd56505b998b8). There were some GPL-only symbol issues (once again in refcount stuff) that I solved by relicensing drm module to GPL so don’t use this anywhere where that could be an issue. FATAL: modpost: GPL-incompatible module nvidia-drm.ko uses GPL-only symbol ‘ex_handler_refcount’ cd ./NVIDIA-Linux-x86_64-387.22 patch -p1

          [patch] 384.69 + kernel 4.13+ (4.14 staging)
          https://devtalk.nvidia.com/default/topic/1023822/linux/-patch-384-69-kernel-4-13-4-14-staging-
          Quick and dirty patch to get the kernel module compiling with latest kernel tree and drivers. Includes relicensing modules to GPL in order to work around exported symbols so not usable in production. Built against f007cad159e99fa2acd3b2e9364fbb32ad28b971. Patch. patch -p1

          Last edited by Guest; 03 December 2017, 06:05 PM.
          • Likes 2

          Comment

          • #15
            Originally posted by timofonic View Post

            Where's that script? What distro do you use?
            1) Wrote it myself, it's not public. No point in making it public since it wouldn't work on other peoples machines without some serious modification, it relies on my custom initramfs/nvidia driver/vbox driver repo and hardcoded filesystem paths (e.g. quick and dirty solution for my setup). Looks like this (not pretty but it works "for me"):
            Code:
            #!/bin/bash

KERN_NAME="linus-master"

source /usr/src/kernel-import.sh # notify-crash, update_*

cd /usr/src/$KERN_NAME
        [[ $(git fetch) == "" ]] && exit 0 # update build not required
        git pull --commit --no-edit || notify-crash "$0 git-pull failed"
        make -j9 || notify-crash "$0 kernel compilation crashed"
        make modules_install

cd /usr/src/nvidia
        git checkout $KERN_NAME
        update_nvidia || notify-crash "$0 nvidia pull failed"
        make -j9 || notify-crash "$0 nvidia source compilation failed"
        #make modules_install
        cp *.ko /usr/src/initramfs/

cd /usr/src/vbox
        git checkout $KERN_NAME
        update_vbox || notify-crash "$0 vbox update failed"
        make -j9 || notify-crash "$0 vbox compilation failed"
        cp *.ko /usr/src/initramfs

cd /usr/src/$KERN_NAME
        make -j9 || notify-crash "$0 final build failed"
        #update nvidia userspace stuff if kernel module compilations didn't fail
        update_nvidia_userspace || notify-crash "$0 nvidia-userspace failed"
        mount -o remount,rw /boot
        mv -v /boot/EFI/Boot/${KERN_NAME} /boot/EFI/Boot/${KERN_NAME}.old
        cp -v arch/x86/boot/bzImage /boot/EFI/Boot/${KERN_NAME}
        update_efibootmgr ${KERN_NAME} /dev/sda 1 1 "\efi\boot\"
        mount -o remount,ro /boot
            Script is called 3 times with my 3 different branches in the script and is fairly straightforward (bit of shellcode in auxiliary script that fetches latest nvidia/vbox driver packages+applies any patches in their respective trees and desktop/mail notifications of failures via libnotify/mailutils/wall.

            Oh and initramfs is more or less this: https://github.com/tpruzina/tpm-luks-initramfs

            2) Gentoo
            Last edited by Guest; 03 December 2017, 06:58 PM.

            Comment

            • #16
              Seems RTL8723BS will be merged from the staging tree in 4.15. Though the bluetooth firmware blob is still unfortunately off-tree : https://github.com/lwfinger/rtl8723bs_bt

              Hopefully the driver will get backported to 4.14 (LTS).

              Comment

              • #17
                For those who don't like how slow git is then Git Virtual File System exists, it mounts the git repository as a virtual disk and files are only downloaded as they are needed. It is being developed by Microsoft (the Windows git is over 300GB) and should be merged into git at some point.

                Comment

                • #18
                  Originally posted by tpruzina View Post

                  1) Wrote it myself, it's not public. No point in making it public since it wouldn't work on other peoples machines without some serious modification, it relies on my custom initramfs/nvidia driver/vbox driver repo and hardcoded filesystem paths (e.g. quick and dirty solution for my setup). Looks like this (not pretty but it works "for me"):
                  Code:
                  #!/bin/bash

KERN_NAME="linus-master"

source /usr/src/kernel-import.sh # notify-crash, update_*

cd /usr/src/$KERN_NAME
[[ $(git fetch) == "" ]] && exit 0 # update build not required
git pull --commit --no-edit || notify-crash "$0 git-pull failed"
make -j9 || notify-crash "$0 kernel compilation crashed"
make modules_install

cd /usr/src/nvidia
git checkout $KERN_NAME
update_nvidia || notify-crash "$0 nvidia pull failed"
make -j9 || notify-crash "$0 nvidia source compilation failed"
#make modules_install
cp *.ko /usr/src/initramfs/

cd /usr/src/vbox
git checkout $KERN_NAME
update_vbox || notify-crash "$0 vbox update failed"
make -j9 || notify-crash "$0 vbox compilation failed"
cp *.ko /usr/src/initramfs

cd /usr/src/$KERN_NAME
make -j9 || notify-crash "$0 final build failed"
#update nvidia userspace stuff if kernel module compilations didn't fail
update_nvidia_userspace || notify-crash "$0 nvidia-userspace failed"
mount -o remount,rw /boot
mv -v /boot/EFI/Boot/${KERN_NAME} /boot/EFI/Boot/${KERN_NAME}.old
cp -v arch/x86/boot/bzImage /boot/EFI/Boot/${KERN_NAME}
update_efibootmgr ${KERN_NAME} /dev/sda 1 1 "\efi\boot\"
mount -o remount,ro /boot
                  Script is called 3 times with my 3 different branches in the script and is fairly straightforward (bit of shellcode in auxiliary script that fetches latest nvidia/vbox driver packages+applies any patches in their respective trees and desktop/mail notifications of failures via libnotify/mailutils/wall.

                  Oh and initramfs is more or less this: https://github.com/tpruzina/tpm-luks-initramfs

                  2) Gentoo
                  Have you thought about using DKMS?

                  Comment

                  • #19
                    Originally posted by perpetually high View Post
                    To disable debugging: Kernel hacking ---> Compile-time checks and compiler options ---> uncheck Compile the kernel with debug info
                    No, debug kernel != kernel with debug symbols

                    Comment

                    • #20
                      Originally posted by puleglot View Post
                      No, debug kernel != kernel with debug symbols
                      This is why I asked and instead got a useless response. Can you tell me which setting it is?

                      And for the record, debianxfce, default 250Hz setting is definitely better for me on my machine. YMMV.

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X