Linux

These set of notes are Linux specific, check out OS page for general OS notes.

Recent / future developments

eBPF

eBPF is a revolutionary technology that allows developers to run sandboxed, high-performance programs inside the Linux kernel without changing the kernel’s source code or loading unstable modules. It is primarily used to create next-generation tools for deep system observability, security monitoring, and ultra-fast network packet processing.

Read more: eBPF

XDP (eXpress Data Path)

Closely tied to eBPF, XDP allows the kernel to process network packets directly on the network card driver before they even reach the main networking stack. This enables "bare-metal" networking speeds, allowing Linux to handle massive DDoS attacks or high-speed routing with almost zero CPU overhead.

iptables => nftables

nftables is the new packet-filtering portion of Netfilter. nft is the new userspace utility that replaces iptables, ip6tables, arptables and ebtables.

io_uring

io_uring is a high-performance Linux interface that uses shared memory ring buffers to execute asynchronous I/O with minimal system call overhead. It provides a unified, ultra-efficient way for applications to handle massive volumes of disk and network operations simultaneously.

Read more: io_uring

systemd

systemd is the standard Linux initialization system and service manager responsible for booting the operating system and managing the lifecycle of all system processes. It uses a centralized framework to handle service dependencies, parallelize startup, and manage system logs and hardware events.

Read more: systemd

cgroup v2

cgroup v2 provides a unified hierarchy for organizing processes and managing system resources like CPU, memory, and I/O with improved consistency and efficiency. It is the primary mechanism Linux uses to isolate and limit resource usage for containers and background services.

Read more: cgroup

Namespaces

While cgroups limit how much a process can use (CPU/RAM), Namespaces control what a process can see. They provide the isolation required for containers, allowing a process to have its own private network stack, process tree (PID), and mount points, essentially making it feel like it’s running on its own independent OS.

Read more: cgroup

Rust in the Linux Kernel

Starting with version 6.1, Linux officially supports Rust as a second programming language for kernel development. This is a historic shift aimed at reducing memory-safety bugs (like buffer overflows) which account for the majority of security vulnerabilities in the kernel's traditional C code.

MGLRU (Multi-Gen Least Recently Used)

Introduced recently to solve the "memory pressure" problem, MGLRU is a total redesign of how Linux decides which memory pages to swap out when RAM is full. It significantly improves performance and prevents system "lag" or "stuttering" on everything from Android phones to massive high-traffic servers.

WireGuard

Now integrated directly into the kernel, WireGuard is a modern, high-speed VPN protocol that is significantly faster and simpler than IPsec or OpenVPN. Because it lives in the kernel, it can encrypt and route traffic with extremely low latency and high security.

PipeWire

PipeWire has replaced PulseAudio and Jack as the modern standard for handling audio and video streams on Linux. It provides a low-latency, graph-based processing engine that allows professional-grade audio and secure video (for Wayland screen sharing) to work seamlessly together.

Landlock

Landlock is a new Linux Security Module (LSM) that allows unprivileged applications to sandbox themselves. It lets a developer write a program that says, "I only need to access this one folder; block me from everything else," significantly limiting the damage a hacker can do if they exploit that program.

Wayland

Wayland is the modern successor to the decades-old X11 windowing system. It eliminates "screen tearing," improves security by isolating windows from each other (so one app can't secretly log your keystrokes in another), and handles modern high-refresh-rate displays much better.

Linux Unified Key Setup

LUKS (Linux Unified Key Setup) is the industry-standard specification for disk encryption that provides a unified on-disk format and support for multiple user passphrases. It works with the kernel's dm-crypt subsystem to protect data-at-rest, ensuring that storage drives remain unreadable if the physical hardware is lost or stolen.

What is Linux-libre?

A modified version of the Linux kernel that contains no binary blobs, obfuscated code, or code under proprietary licenses.

License: GPL v2.

Linux Kernel source code

The "Upstream" source code for the Linux kernel is managed and hosted at kernel.org.

The "Source of Truth" (Git)

The absolute "upstream" is the repository maintained by Linus Torvalds. This is known as the Mainline kernel.

• Official Git URL: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
• Web Interface (cgit): git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

The GitHub Mirror

While kernel development does not happen on GitHub (the kernel team uses mailing lists), there is an official, read-only mirror. This is often the easiest place to browse the code or "star" it.

• URL: github.com/torvalds/linux

Which branch do you need?

When you visit kernel.org, you will see several categories. It is important to know which "upstream" you are looking for:

• Mainline: The "bleeding edge" where Linus Torvalds merges new features. (This is what most people mean by "Upstream").
• Stable: Versions that have been released but are still receiving bug fixes (e.g., 6.11.x).
• Longterm (LTS): Older versions maintained for years (used by Ubuntu, Debian, and Android).
• Linux-Next: The "holding area" for code that will be merged in the next release cycle.

Why is it called "Upstream"?

In the Linux world:

1. Upstream is Linus Torvalds and the core maintainers at kernel.org.
2. Downstream are the "Distros" (Red Hat, Ubuntu, Fedora, Android) who take that code, add their own wallpapers and configurations, and ship it to you.

When people say "Submit it upstream," they mean "Send your code to the official Linux mailing lists so it can be included in the official version for everyone."

"rebase"

A downstream distro may add packages and patches on top of the upstream kernel; to keep the kernel up to date, it needs to "rebase" periodically. The process:

• get a new upstream version
• repatch the in house changes
  • decide which pathces are still needed: some patches may not be necessary if they are merged to upstream
  • resolve conflicts and run tests

Each "rebase" may take months to finish.