This document aims to cover the highlights and major decisions arising from UDS Maverick that affect or concern the Ubuntu Kernel Team.
The kernel team has changed its focus for the Maverick cycle compared to the Lucid cycle. Lucid being an LTS release we really focused on stability and being conservative with our changes. With Maverick we're looking to push the bleeding edge. As many of our major work items inevitably come out of the needs of the various platform teams, the kernel team spent three full days attending sessions which required kernel team input and gathering requirements and actions from those sessions. We then had two days of kernel specific sessions. The sections below are a general overview of some of the major decisions which impact our team. Refer to our complete list of blueprints and Maverick Release Status for a thorough run down of details and work items.
Kernel Version Decision
Given the timing for Maverick's release (ie. 10.10.10) and the cadence of the upstream kernel releases, we projected the 2.6.35 upstream kernel landing around the Sept 2010 time frame. As such, we've chosen the 2.6.35 kernel for Maverick. This will bring us as close to the bleeding edge yet provide an amount of stability.
Kernel Delta Review
We reviewed the complete set of Ubuntu patches we are carrying. Each developer was assigned a set of patches to investigate and determine if we could push the patch upstream, drop the patch all together, or if we still need to carry the patch. This effort has been translated into work items in the blueprint. We also reviewed the complete set of ubuntu/ drivers as carried in the current Maverick kernel. We'll be updating iscsitarget and ndiswrapper. We're also investigating the use of union mounts as a replacement for aufs.
Kernel Config Review
We reviewed the underlying rules applied to new kernel config options as they are set. We then ran through all the kernel config options for filesystems, security, subsystems, network protocols, and new options. The blueprint includes a list of each of the reviewed configs and the values selected. Any proposed changes are seeing review on the Ubuntu kernel-team mailing list.
We reviewed our current bug management work flow and practices to establish a more efficient and effective way to manage our kernel bug volume. There was some great interaction with the launchpad team with requests to improve our bug handling. There were also good discussions regarding improvements to our kernel arsenal scripts as well as improving community interaction and wiki documentation.
We're still working to get apparmour merged upstream and are hoping to get final testing and feedback during the 2.6.35 cycle. We're now targeting the 2.6.36 merge window for mainline inclusion.
Kernel Backports for LTS releases
Limited backports of Maverick kernels will be offered for the Lucid LTS server space. We initially intend to offers these via a PPA and they will be elective installs meant for the experienced user. They will only be supported for 18mo. We also hope to coordinate with QA for re-certification efforts. For an initial preview, refer to the following thread: https://lists.ubuntu.com/archives/kernel-team/2010-May/010599.html
We're investigating if we can patch and produce kernels with paravirt-ops enabled for testing. Ideally we could then merge an EC2 pv-ops kernel into server flavor.
Kernel Enable New Firewire Stack
The focus here is to switch to the new firewrie stack as all new bug fixes, security fixes, and features will target the new stack. It appears the kernel config options are already enabled but coordination with userspace needs to take place to ensure a smooth transition. For more information, refer to the following thread: https://lists.ubuntu.com/archives/kernel-team/2010-May/010589.html
Kernel Security Hardening
We held a great session with the security team to focus on how we can be more proactive with making the kernel more secure. As a result the security team have submitted a series of patches for consideration to be carried in Maverick. These include patches for hardlink and symlink protections, ptrace protections, and adding execshield toggles to our nx-emulation patch.
This was a catch all blueprint to track any work items which don't warrant a specific spec but do require action from a member of the kernel team. This includes items like converting -virtual into it's own stand alone flavour (ie not depending on -server), cleaning up wiki pages and kernel build documentation, and debian abstraction work.