LSK Features

All feature branches can be found as [v3.18|v4.1|v4.4]/topic/feature_name - some features are present upstream in newer kernels so do not have separate topic branches for those versions.

Privileged Access Never (PAN)

ARM v8.1 adds support for a PAN (Privileged Access Never) bit that could allow userspace to never be accessible from the kernel.


Devices supporting OPPs must set their "operating-points-v2" property with phandle to a OPP table in their DT node. The OPP core will use this phandle to find the operating points for the device. Devices may want to choose OPP tables at runtime and so can provide a list of phandles here. But only one of them should be chosen at runtime. This must be accompanied by a corresponding "operating-points-names" property, to uniquely identify the OPP tables.


Today, power management on Linux is implemented by different subsystems that work in a largely un-coordinated manner. This makes platform adaptation difficult and tuning complex. ARM and Linaro are jointly developing “Energy Aware Scheduling”, a technique that improves power management on Linux by making it more central and easier to tune. This will improve mainline Linux support for advanced multicore SoC’s that power current and future mobile devices and other consumer products.


Current kernels have support for the IOMMU-DMA layer and use this to enable devices connected via IOMMUs to get appropriate DMA operations automatically. This makes system integration of IOMMU systems easier, especially when development is targeted at upstream.

Cgroup writeback

cgroup writeback support allows systems to use cgroups to control the allocation of I/O bandwidth to the various tasks being performed in the system, allowing the system to manage the performance of the system to ensure that the right things get prioritized.


Kernel Address Space Layout Randomization (KASLR) attempts to provide some defence in depth against attacks on the kernel by randomizing the locations at which the kernel is loaded, making it harder to write ode to exploit the kernel. Supporting this also has some nice effects in improving the kernel infrastructure for supporting flexible load addresses, making firmware interfacing easier.

DM-crypt performance

Dm-crypt provides a mechanism for encrypting block devices, allowing entire filesystems to be encrypted for secure storage. This feature has been present in the Linux kernel for a considerable time and usage at Qualcomm with their vendor kernel has shown some that with modern hardware there are substantial performance overheads relative to native device access, much more than would be expected to follow simply from the overhead of the cryptography operations, especially in the read path. This backport picked the upstream performance fix on dm-crypt.


The goal of this card is full PCIe support on arm64 platfforms in the LSK. In order to support this some missing pieces need to be backported. In particular, full support for PCI Message Signalled Interrupts (MSI) is missing, but is in the process of being added upstream (as of Aug 2015.) This support includes PCI and IRQ core updates, as well as updates to the irqchip drivers for GICv2 and GICv3.


PSCI 1.0 provides a number of enhancements to the initial PSCI spec, most notably support for OS initiated system suspend. In order to allow systems using the LSK to take advantage of these enhancements backport the PSCI 1.0 support from mainline to the LSK.


A Device Tree's overlay purpose is to modify the kernel's live tree, and have the modification affecting the state of the the kernel in a way that is reflecting the changes. Since the kernel mainly deals with devices, any new device node that result in an active device should have it created while if the device node is either disabled or removed all together, the affected device should be deregistered.


Coresight - HW Assisted Tracing on ARM. Coresight is an umbrella of technologies allowing for the debugging of ARM based SoC. It includes solutions for JTAG and HW assisted tracing.


ARM has developed Intelligent Power Allocation (IPA) as an improved Linux thermal control solution for advanced SoC's, to provide optimal performance and temperature control of a complex SoC. IPA has been accepted into mainline in Linux-4.2 and later and is fully opensource. This feature branch is origin/v4.1/topic/thermal


vDSOs (virtual dynamically linked shared objects) are a Linux kernel mechanism for exporting a carefully selected set of kernel space routines to user space applications so that applications can call these kernel space routines in-process, without incurring the performance penalty of a context switch that is inherent when calling these same kernel space routines by means of the system call interface Putting the vDSO code page in read-only memory as well to avoid bad kernel write to full root.


OP-TEE is an Open Source TEE and is the result of collaboration work between STMicroelectronics and Linaro Security Working Group. It contains the complete stack from normal world client API's (optee_client), the Linux kernel TEE driver (optee_linuxdriver), the Trusted OS + the secure monitor (optee_os) and the test suite (xtest).


Kernel Address sanitizer (KASan) is a dynamic memory error detector. It provides fast and comprehensive solution for finding use-after-free and out-of-bounds bugs. KASAN uses compile-time instrumentation for checking every memory access, therefore GCC > v4.9.2 required. v4.9.2 almost works, but has issues with putting symbol aliases into the wrong section, which breaks kasan instrumentation of globals.

Suspend-to-disk/Hibernate on ARM64

Providing hibernation support for ARM64 provides several advantages: * Zero power consumption sleep * Snapshot boot ability It based on kvm cpu hotplug feature.

Devfreq cooling

This feature introduces the generic devfreq device cooling in generic thermal framework. The devfreq devices are used ad cooling device to reduce the overheating temperature. The device can change its frequency in the range of the frequency table in device tree file according to cooling level.

PAX UserCopy

PAX_USERCOPY is a feature in the grsecurity patch set which hardens copy_to_user() and copy_from_user() with a range of extra checks which make it much harder to exploit it, improving the security of systems.

lsk/features (last modified 2016-09-13 03:43:21)