Dropping i386 non-PAE as a supported kernel flavour in Precise Pangolin
tim.gardner at canonical.com
Mon Nov 28 21:48:21 UTC 2011
On 11/28/2011 11:44 AM, Kees Cook wrote:
> On Mon, Nov 28, 2011 at 09:40:53AM -0700, Tim Gardner wrote:
>> non-pae has a ginormous and ugly NX emulation patch
> This is about dropping non-PAE support, not dropping non-NX support. The NX
> emulation patch must remain in the kernel since a large number of systems
> have PAE but not NX.
> You can see this in the table here:
> Dropping non-PAE just eliminates the top line in that table. NX-emu will
> still be needed.
I guess you are correct. I naively assumed that execute-disable was
introduced with PAE in the Pentium Pro series. However, it did not
appear in Intel CPUs until Pentium 4 (approx Q1 2005). AMD had it from
the beginning in the Athlon series.
>> that has consumed substantial maintenance resources in the past,
> I'm also curious about this claim, as you've expressed to me in the past
> that carrying it has been surprisingly trivial. In fact, since I'm the one
> maintaining it these days, it's actually going to require 0 resources from
> Canonical. ;)
I did say "in the past". I remember encountering several issues with the
early implementation, as well as maintenance hassles while 32 and 64 bit
arch support was converging. I would characterize the NX emulation patch
as deeply intrusive, arguably one of the more complex patches against
the core of Linux that we carry.
Its a moot point given the model gap between PAE and NX introduction.
>> The kernel team has limited resources. Obviously I want to apply
>> what resources we have to the problems that affect the most
>> important platforms. Furthermore, I anticipate new ARM flavours in
>> the coming months which will take up any slack afforded by the loss
>> of non-PAE.
> I'm curious why pushing non-PAE to universe and leaving it in the main
> linux source package is a burden? Then people using non-PAE get automatic
> security updates without any hassle on anyone's part. This is what the
> Ubuntu Security Team manager wants:
> as well as the Ubuntu Platform Team manager wants:
> I'm not convinced there's enough evidence to say that dropping it from the
> main linux source package will actually save any time at all.
Dropping this flavour saves 5 minutes per build on a 4-way 80 thread
server, which for some of the team can add up to quite a bit of time
over the course of a day. Its one less variant that needs to be tested
in Q/A, and its one less flavour we have to mess with in our meta and
Tim Gardner tim.gardner at canonical.com
More information about the ubuntu-devel