Feature #10298
Upgrade to Linux 4.x
100%
Description
Tails should work on recent hardware. If we don’t do anything special, we’re stuck with Linux 3.16, missing out on the Linux kernel’s hardware support improvements.
Our preferred way to upgrade Tails to Linux 4.x would be to migrate from aufs to overlayfs (Feature #8415). We have done a lot of the needed work on our side, but before we go on we are blocked by work that must be done upstream (AppArmor support for overlayfs in the Linux kernel, aka. Bug #9045).
If this plan works in time for Tails 3.0 (Debian Stretch), fine: we’ll then have to finish porting Debian Live and Tails -specific bits to overlayfs.
If it does not, then we will have to stick to aufs, which implies building out-of-tree aufs modules ourselves (note that the support patches have been re-introduced in Debian’s Linux kernel, so that is possible now.
In any case, we will also have to deal with other new issues we’ll discover with recent kernels (see subtasks).
Subtasks
| Bug #9969: Re-enable dkms modules building with Linux 4.x | Resolved | 100 |
|||
| Feature #11511: Drop custom value for kernel.perf_event_paranoid sysctl | Resolved | 100 |
Related issues
|
Related to Tails - |
Resolved | 2016-05-18 | |
|
Related to Tails - |
Resolved | 2016-06-08 | |
|
Blocks Tails - |
Rejected | 2015-01-07 | |
|
Blocks Tails - |
Resolved | 2015-09-27 | |
|
Blocks Tails - |
Resolved | 2016-03-24 | |
|
Blocks Tails - |
Resolved | 2014-12-25 |
History
#1 Updated by intrigeri 2015-09-28 06:51:33
- related to
Feature #8415: Migrate from aufs to overlayfs added
#2 Updated by intrigeri 2015-09-28 06:52:53
- Description updated
#3 Updated by intrigeri 2016-01-05 16:59:38
- blocks
Feature #7649: Include a grsecurity-patched kernel added
#4 Updated by intrigeri 2016-01-17 04:00:07
- blocks
Bug #10289: Tails based on Debian Stretch added
#5 Updated by intrigeri 2016-03-24 20:12:57
- blocks
Feature #11281: Enable kASLR added
#6 Updated by intrigeri 2016-05-18 08:29:55
- related to
Bug #11441: Stretch's X.Org cannot start with Linux 3.16's qxl added
#7 Updated by intrigeri 2016-05-23 12:01:33
- related to
Feature #11421: Change kernel.perf_event_paranoid sysctl to 2 added
#8 Updated by intrigeri 2016-06-03 23:21:12
- Description updated
#9 Updated by Dr_Whax 2016-06-04 21:27:27
- blocks
Feature #11511: Drop custom value for kernel.perf_event_paranoid sysctl added
#10 Updated by intrigeri 2016-06-06 04:59:00
- blocked by deleted (
Feature #11511: Drop custom value for kernel.perf_event_paranoid sysctl
#11 Updated by intrigeri 2016-06-06 05:00:55
- related to deleted (
Feature #11421: Change kernel.perf_event_paranoid sysctl to 2
#12 Updated by intrigeri 2016-06-07 09:15:09
- Description updated
#13 Updated by intrigeri 2016-06-08 03:44:21
- Feature Branch set to feature/10298-linux-4.x-aufs
Here’s a branch that builds and includes the out-of-tree aufs modules. It seems to boot fine (except with QXL) both on 32-bit and 64-bit (virtual) CPUs but I didn’t test any further. It shares some of the issues of feature/8415-overlayfs but at least it supports AppArmor, and should require little additional porting work, that also would be needed with overlayfs anyway (see subtasks). Let’s see what Jenkins thinks of it.
#14 Updated by intrigeri 2016-06-08 08:53:18
- blocks
Bug #8485: Consider including an x86 kernel with SMP support added
#15 Updated by intrigeri 2016-06-08 09:04:01
- Description updated
#16 Updated by intrigeri 2016-06-09 08:13:20
- Status changed from Confirmed to In Progress
#17 Updated by intrigeri 2016-06-10 11:58:13
- related to
Bug #11518: Linux 4.x QXL 64-bit kernel modesetting breaks 32-bit X.Org added
#18 Updated by intrigeri 2016-06-10 12:13:17
- Target version changed from 2016 to Tails_2.6
- QA Check set to Ready for QA
I’ve seen all test suite scenarios pass, Jenkins doesn’t particularly dislike it, and I see no blockers left. anonym, how about merging this for 2.6?
#19 Updated by anonym 2016-06-14 05:54:14
- Assignee changed from anonym to intrigeri
- QA Check changed from Ready for QA to Dev Needed
When I built this branch (merged into devel) I ran out of space (RAM) when creating the ISO image (at 97.5%) and genisoimage was OOM killed. I guess you used defaultcomp, which still should work, as opposed to gzipcomp, which I used. IMHO branches should remain buildable with gzipcomp since it makes the review’n’merge work less tedious. Bumping BUILD_SPACE_REQUIREMENT by 128 fixes it, which I was ready to do myself so I could merge this now…
… which I’d like to do and actually was ready to, because this branch is otherwise great and I have no remarks, except that it breaks vboxvideo in a 32-bit VirtualBox VM (64-bit is still ok). Boot stops at:
[ OK ] Started GNOME Display Manager.
If I login as root in a different VT I can see this in the Xorg log after the vboxvideo X driver is ~loaded:
[...]
(II) vboxvideo: kernel driver found, not loading.
(EE) No devices detected.
[...]
If I remove the /etc/X11/xorg.conf.d file created by live-{boot,config} (or whatever) which has a section that (force) loads the vboxvideo Xorg driver, and restart Xorg, then everything works as expected (e.g. VirtualBox’s auto-resolution feature). Xorg will then use the fbdevhw Xorg driver, which is the correct thing when the vboxvideo kernel driver is loaded.
So, it would seem to me that we could fix this if we prevent the /etc/X11/xorg.conf.d file from being created by live-{boot,config} (or whatever).
(Note: on 64-bit we still want the vboxbideo Xorg driver since we don’t have the kernel driver, but it will be properly autodetected by Xorg without the /etc/X11/xorg.conf.d file, so good riddance. :))
So, in conclusion, please:
- bump Vagrant’s
BUILD_SPACE_REQUIREMENTby 128 or so, and make sure that this branch builds withgzipcomp, and - prevent the
/etc/X11/xorg.conf.dfile (that (force) loads thevboxvideodriver) from being created bylive-{boot,config}(or whatever).
#20 Updated by cypherpunks 2016-06-25 05:51:26
When we get 4.x, we’ll also be stuck with unprivileged USERNS (which cannot be disabled with anything other than a custom kernel). Are we going to do anything about that? Since we’re not using grsecurity yet, we’re going to be stuck with all the horrible bugs that unprivileged USERNS pumps out on a regular basis, like these two from just today: http://www.openwall.com/lists/oss-security/2016/06/24/5
#21 Updated by intrigeri 2016-06-25 07:05:39
> When we get 4.x, we’ll also be stuck with unprivileged USERNS (which cannot be disabled with anything other than a custom kernel).
Indeed, these have a long history of security issues. https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch is applied to the Debian 4.x kernel. If we used this sysctl to disable unprivileged CLONE_NEWUSER, would this address your concern?
#22 Updated by cypherpunks 2016-07-09 01:24:43
intrigeri wrote:
> Indeed, these have a long history of security issues. https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch is applied to the Debian 4.x kernel. If we used this sysctl to disable unprivileged CLONE_NEWUSER, would this address your concern?
Yeah, a lot better than nothing!
#23 Updated by intrigeri 2016-07-15 05:06:54
> When I built this branch (merged into devel) I ran out of space (RAM) when creating the ISO image (at 97.5%) and genisoimage was OOM killed. I guess you used defaultcomp, which still should work, as opposed to gzipcomp, which I used. IMHO branches should remain buildable with gzipcomp since it makes the review’n’merge work less tedious.
Sorry about that. I used gzipcomp as usual, and it works fine for me here, so I’m not quite sure why it doesn’t for you. I’ll bump BUILD_SPACE_REQUIREMENT anyway :)
> … which I’d like to do and actually was ready to, because this branch is otherwise great and I have no remarks, except that it breaks vboxvideo in a 32-bit VirtualBox VM (64-bit is still ok). Boot stops at:
Thanks for the detailed analysis! It seems to me that you found a bug in live-config, that should be fixed in there instead of merely workaround’ed on our side, so I’ve reported it. Meanwhile, I’ll patch out the faulty code via config/chroot_local-patches/. In doubt, I’ll only drop the bits that force the video driver, but I’ll leave the ones about vboxmouse in place. I’d appreciate if you could test it again (both 32-bit and 64-bit) and check if there’s anything wrong with the input devices. Then I’ll upstream the patch :)
> So, in conclusion, please:
Sure! I’m on it.
#24 Updated by intrigeri 2016-07-16 05:01:20
Status: update the code according to anonym’s review, running the full test suite. Then we’ll need another review and more testing on VirtualBox as requested above.
#25 Updated by intrigeri 2016-07-16 08:45:23
- Assignee changed from intrigeri to anonym
- QA Check changed from Dev Needed to Ready for QA
I’ve seen all tests pass (except Bug #11571) so please review, re-do the VirtualBox tests, and merge :)
#26 Updated by intrigeri 2016-08-01 07:35:55
I’d like to ease reviewing for the 2.6 RM, and to get automated tests running about the combination of all these changes ASAP in the 2.6 dev cycle. So, I’ve merged this work, along with the other major branches I’m proposing for 2.6, into the feature/from-intrigeri-for-2.6 integration branch (Jenkins builds and tests.
#27 Updated by intrigeri 2016-08-19 12:00:50
Test ISO: http://nightly.tails.boum.org/build_Tails_ISO_feature-from-intrigeri-for-2.6/lastSuccessful/archive/
#28 Updated by anonym 2016-08-23 08:28:07
- Status changed from In Progress to Fix committed
- Assignee deleted (
anonym) - QA Check changed from Ready for QA to Pass
#29 Updated by itiamo 2016-08-28 04:10:05
This build confirmed working on my GeForce 940MX GPU, ThinkPad T460p laptop.
#30 Updated by anonym 2016-09-20 16:47:23
- Status changed from Fix committed to Resolved
#31 Updated by intrigeri 2017-01-01 11:27:20
- related to deleted (
Feature #8415: Migrate from aufs to overlayfs