Jon Masters keeps up with all the latest happenings in the Linux kernel, so you don’t have to.
Linus Torvalds announced Linux 6.8, noting that the development cycle had been calm over the trailing couple of weeks, “just as it should be”. The new kernel includes many performance enhancements under the bonnet. Among these are support for variable (multi) sized Transparent Huge Pages (THP), meaning that the kernel can now automatically handle memory using much larger pages while allowing multiple different huge page sizes, as opposed to the old-school approach of boot time selection (this is something that certain large workloads, such as databases, will enjoy). The new kernel also removes support for the venerable SLAB memory allocator, long since replaced by SLUB. An allocator manages ‘arenas’ of memory for easier data structure allocation.
More user-visible changes include support for Intel’s Trusted Domain eXtensions (TDX) Confidential Compute (CoCo), at least on the host side. This means that (on suitable Intel hardware) 6.8 users can spin up encrypted guest VMs that are resistant to attack from a malicious hypervisor. Other architectures are in the process of gaining CoCo support. Another interesting change is the merging of an experimental driver with initial support for Intel’s Xe graphics. This driver can be used on Tiger Lake and newer platforms, and is slated to become the successor to the i915 driver. For now, you must explicitly enable it.
Linux becomes its own CNA
One of the most interesting developments came in an email from Greg Kroah-Hartman (Greg K-H), in which he casually observed via a documentation patch, “The Linux kernel project now has the ability to assign CVEs to fixed issues, so document the process and how individual developers can get a CVE if one is not automatically assigned for their fixes.” CVEs, or Common Vulnerabilities and Exposures, along with an associated CVSS scoring process is the industry standard for managing security vulnerabilities and tracking fixes to significant problems. CVE numbers can be issued by CVE Numbering Authorities (CNAs), of which Linux is now one, meaning that other entities can no longer issue CVEs against Linux.
The upstream patch adding the Linux CNA is opinionated, noting “Over time, CVE numbers were very often assigned in inappropriate ways and for inappropria
