User:Pietinger/Experimental/Kernel Upgrade from 6.10 to 6.11

From Gentoo Wiki
Jump to:navigation Jump to:search

Kernel Upgrade from 6.10 to 6.11

Normally I do not recommend switching to a new major version of the kernel immediately, but to wait for two, three or four minor versions first. This time I did the upgrade immediately because of a new security feature (SLAB_BUCKETS). Please read more about "Hardening the kernel against heap-spraying attacks" in: https://lwn.net/Articles/965837/

Notes for 6.11

A good overview of everything new in 6.11 can be found here:

Upgrade

I took over all default values with <return> when I did the make oldconfig. Here is a possible list (I have left out - as always - all new modules for some new hardware; if you have one of them, enable it):

1.
Legacy cgroup v1 memory controller (MEMCG_V1) [N/y/?] (NEW)
2.
Support allocation from separate kmalloc buckets (SLAB_BUCKETS) [Y/n/?] (NEW)
3.
Meta Platforms devices (NET_VENDOR_META) [Y/n/?] (NEW) n
4.
GPIO Virtual User Testing Module (GPIO_VIRTUSER) [N/y/?] (NEW)
5.
Power Sequencing support (POWER_SEQUENCING) [N/y/?] (NEW)
6.
Enable GPU hang replay userspace API (DRM_I915_REPLAY_GPU_HANGS_API) [N/y/?] (NEW)
7.
LED Input events trigger (LEDS_TRIGGER_INPUT_EVENTS) [N/y/?] (NEW)
8.
Allow /proc/pid/mem access override
> 1. Traditional /proc/pid/mem behavior (PROC_MEM_ALWAYS_FORCE) (NEW)
  2. Require active ptrace() use for access override (PROC_MEM_FORCE_PTRACE) (NEW)
  3. Never (PROC_MEM_NO_FORCE) (NEW)
choice[1-3?]: 3

Remarks

1. We only get this question because we have already activated CGROUPS. Take the default.

2. Take the default and SAY YES HERE. There is a discrepancy between the default here and the default setting when you install with the default .config from make defconfig. But I have also updated my article for a new installation =>

https://wiki.gentoo.org/index.php?title=User:Pietinger/Experimental/Manual_Configuring_Current_Kernel&curid=357012&diff=1312102&oldid=1311070

3. If you have such hardware.

4. No. Just no. I dont need it and I dont want it (Selects: DEBUG_FS [=n] && CONFIGFS_FS [=n] && IRQ_WORK [=y])

5. Only interesting if you have a Qualcomm WCN Bluetooth/WLAN chipset.

6. Take the default.

7. If you have such hardware.

8. You will get this question only if you upgrade to 6.11.3 (or higher). Choose the default 1 if you want do some debugging with gdb. Choose 3 if you want a more secure kernel. Read more about in: https://www.phoronix.com/news/Linux-6.11-Tightens-Mem-Access