Update to 4.2.0
Hey guys and girls,
I hope everyone started well in the new week. Here´s the next release and it´s a rather big one with lots of under the hood improvements.
We already had all the changes in from the October security patch release released, due to merging linux-stable stable and kernel/common in advance.
The kernel is now at 5.10.146 way ahead of the stock kernel. To further emphasize the importance of this. About 90% of kernel security issues are solved in linux stable. While I didn´t check the actual number myself, I´d have estimated about the same (80-90%) before actually reading the slides from @arter97 presentation.
What also needs to be kept in mind is that a big part of those security issues are resolved in linux-stable sometimes months ago before those patches end up in a monthly security patch. Additionally to that the security patches are about 3 months behind the discovery of those vulnerabilities.
Amongst linux-stable upstream there are a few other not minor updates in this kernel.
Clang
The kernel is now compiled with the latest prebuilt Clang from Google. This was quite a journey as this is a pretty big update to clang. This is quite experimental to be on googles side of a "bleeding" edge compiler, but after fixing several issues that originated from the new compiler it ran stable for over 2 weeks.
There´s a potential for CFI failures that originates from that new Clang rather than a "real attack", due to the changes in clang.
Short reminder what CFI actually does: Control flow integrity (CFI) is a security mechanism that disallows changes to the original control flow graph of a compiled binary, making it significantly harder to perform such attacks.
A typical crash (that´s not wanted and originates from compiler changes rather than an actual attack, which is already resolved of course ) would look like the following: Open camera app, due to compiler changes CFI is accidentally tripped every time this code is executed.
I think we catched all of these newly CFI failures and everything is nice and stable. In case you discover such a behaviour please send me the contents of sys/fs/pstore, once the phone booted back up.
There´s always the possibility of a "real" attack in which CFI will crash the phone, before the attacker can compromise the phone. That´s why keeping subsystems updated is important.
Powerhal
The powerhal was retuned due to changes to the scheduler introduced. It should work even better now, regarding efficiency and performance. Of course I try to tune it also to my personal needs, while trying to keep it working for all workloads. The changes are not drastic, so please don´t post after several hours you see drastic differences.
Other improvements
Several other improvements from kernel/common (for higher branches than 5.10) and linux-main were backported to this branch so we can benefit from those improvements. For details please check my git.
I´d like to write all of this with more detail, but at the moment I lack the time to do so.
Kernel is compiled for stable A13, not A13 QPR Beta!
I wish everyone a nice day.
If you´re one of the unfortunate ones that suffer from the device is corrupt bug on pixel 6 series please take a look at the FAQ at the beginning of this thread it contains a solution. The issue is probably caused by a bug that affects pixel 6 devices and has nothing to do with magisk or a kernel, it just happens to get triggered when using any of those.
Changelog:
- Linux-Stable bumped to 5.10.146
- kernel is compiled with latest prebuilt google clang 15.0.2
- improvements from linux-mainline
- updates from kernel/common to several subsystems
- tweak powerhal for improved performance/efficiency
Download:
Attached to release post as AFH is currently down.
I´ll push to AFH once it´s back up.
www.androidfilehost.com
If you´re coming from another kernel restore stock boot.img, dtbo.img, vendor_boot.img and vendor_dlkm.img before flashing. Thank you.
I wish everybody a great day/evening!
Have fun, enjoy the kernel and your phone.
If you like my work please consider a donation.
Donations are not mandatory but very welcome.
If you like my work and want to buy me a coffee/green tea: http://paypal.me/freak07
Hey guys and girls,
I hope everyone started well in the new week. Here´s the next release and it´s a rather big one with lots of under the hood improvements.
We already had all the changes in from the October security patch release released, due to merging linux-stable stable and kernel/common in advance.
The kernel is now at 5.10.146 way ahead of the stock kernel. To further emphasize the importance of this. About 90% of kernel security issues are solved in linux stable. While I didn´t check the actual number myself, I´d have estimated about the same (80-90%) before actually reading the slides from @arter97 presentation.
What also needs to be kept in mind is that a big part of those security issues are resolved in linux-stable sometimes months ago before those patches end up in a monthly security patch. Additionally to that the security patches are about 3 months behind the discovery of those vulnerabilities.
Amongst linux-stable upstream there are a few other not minor updates in this kernel.
Clang
The kernel is now compiled with the latest prebuilt Clang from Google. This was quite a journey as this is a pretty big update to clang. This is quite experimental to be on googles side of a "bleeding" edge compiler, but after fixing several issues that originated from the new compiler it ran stable for over 2 weeks.
There´s a potential for CFI failures that originates from that new Clang rather than a "real attack", due to the changes in clang.
Short reminder what CFI actually does: Control flow integrity (CFI) is a security mechanism that disallows changes to the original control flow graph of a compiled binary, making it significantly harder to perform such attacks.
A typical crash (that´s not wanted and originates from compiler changes rather than an actual attack, which is already resolved of course ) would look like the following: Open camera app, due to compiler changes CFI is accidentally tripped every time this code is executed.
I think we catched all of these newly CFI failures and everything is nice and stable. In case you discover such a behaviour please send me the contents of sys/fs/pstore, once the phone booted back up.
There´s always the possibility of a "real" attack in which CFI will crash the phone, before the attacker can compromise the phone. That´s why keeping subsystems updated is important.
Powerhal
The powerhal was retuned due to changes to the scheduler introduced. It should work even better now, regarding efficiency and performance. Of course I try to tune it also to my personal needs, while trying to keep it working for all workloads. The changes are not drastic, so please don´t post after several hours you see drastic differences.
Other improvements
Several other improvements from kernel/common (for higher branches than 5.10) and linux-main were backported to this branch so we can benefit from those improvements. For details please check my git.
I´d like to write all of this with more detail, but at the moment I lack the time to do so.
Kernel is compiled for stable A13, not A13 QPR Beta!
I wish everyone a nice day.
If you´re one of the unfortunate ones that suffer from the device is corrupt bug on pixel 6 series please take a look at the FAQ at the beginning of this thread it contains a solution. The issue is probably caused by a bug that affects pixel 6 devices and has nothing to do with magisk or a kernel, it just happens to get triggered when using any of those.
Changelog:
- Linux-Stable bumped to 5.10.146
- kernel is compiled with latest prebuilt google clang 15.0.2
- improvements from linux-mainline
- locking subsystem
- memory management
- more details please check github
- updates from kernel/common to several subsystems
- tweak powerhal for improved performance/efficiency
Download:
Attached to release post as AFH is currently down.
I´ll push to AFH once it´s back up.
Downloads for : -Android- Generic Device/Other | AndroidFileHost.com | Download GApps, Roms, Kernels, Themes, Firmware and more. Free file hosting for all Android developers.
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
If you´re coming from another kernel restore stock boot.img, dtbo.img, vendor_boot.img and vendor_dlkm.img before flashing. Thank you.
I wish everybody a great day/evening!
Have fun, enjoy the kernel and your phone.
If you like my work please consider a donation.
Donations are not mandatory but very welcome.
If you like my work and want to buy me a coffee/green tea: http://paypal.me/freak07
