Perhaps you are the dog's bollocks when it comes to IT security but I note that your firm were not involved in this disclosure or were you? Bergmann mentioned in passing that the FR-V and M32R architectures both prior to the beginning of the Git era have been marked as being orphaned and should eventually be considered for removal.

IMO It's simply a matter of time with Spectre, and the timing attacks that it's based on, before we get the remote exploit that makes it the single biggest threat to computing.

Thus, when advice in a best practices document becomes wrong e. Upcoming kernel releases are likely to remove support for a number of unloved architectures and, in an unrelated move, the removal of support for some older compilers.

Such on-chip flash memory also might be a few times slower than on-chip RAM. The plan that emerged from this discussion is to remove score, unicore, metag, frv, and m32r in the 4.

No wonder why it is so hard to obtain a light kernel. Since you tagged this ubuntu, I'll suggest you use a slimmer distro, you'll gain a great deal more space.

However, it is possible that the driver needs to be probed first so that it can enable corresponding SLIMbus device. The earliest practical compiler to build the kernel would appear to be 4. Shrinking the kernel with an axe Posted Feb 15, But here we're talking about virtual trees that can be regrown with a make command.

I am being very pedantic with this point, I know. A prominent characteristic of tiny microcontrollers is an amount of on-chip flash memory that is typically a few times larger than the on-chip RAM.

It is like cutting a limb from a tree; every sub-branch and leaf on it obviously won't be connected to the tree anymore and will fall to the ground. Maintaining, evolving, testing of tree Linux kernel code is known to be exhausting - especially when done unpaid or under-paid on one's free time, as happens to most FLOSS maintainers. Of course, Gentoo's main downfall is also its flexibility.

Perhaps we could introduce a minimal serial driver that doesn't implement TTY at all, and just provides a trivial character device. A generic device is a device providing application functionality.

Kernel module carving Many kernel drivers start by allocating memory and registering stuff; then they sit there waiting until something they're responsible for happens, if ever. Let's apply the following hack to our kernel to get the compiler to simply remove every system call: There no point in having a slimmer kernel for that laptop, unless you have a specific reason.

The first article provided a short rationale for this topic, and covered link-time garbage collection.

Please, keep up with it! Let's have a look: You may be a clever person but there is always someone else that is better than you and our colleagues here will include some of them - they may point out the flaw in your reasoning. Please submit a patch to make this the default in tinyconfig. In a discussion in early February, Bergmann noted that the oldest version known to work is 4.

Since then, the maintainers for that architecture have moved on and no longer contribute changes to the kernel.

  2. As a result, almost every kernel release has been larger than its predecessor.
  3. There are also many cases in which everything that you worry about is running as root, though these are less likely to run on a core with speculative execution.
  5. Please, keep up with it!
So it's by no means obvious that everyone should be using a complier that supports retpolines. This is rather disappointing.

Thus, the term best practice has been rendered an extremely strong signal of an empty resonant cavity in the place where a brain should be, and questions that mention the phrase get closed. It also depends on your security model Posted Mar 3, 0: I have a small NAS here a KuroBox HD, that is a powerpc machine that only has 64MB of memory and not only the kernel is getting bigger all the time even with equivalent configurations, but the userspace is getting larger each time.

Gentoo's main selling point is its flexibility. Nobody has yet made a decision on what the true minimum version of GCC needed to build the kernel will be so, for now, the documentation retains the fictional 3.

We need to keep in mind that only the very first exploits have rolled on these and because Spectre is fundamental to the design of almost all modern processors it's going to be the bug that continues to give for a very long time.

Still, this can be used as a starting point for yet more aggressive code modularization and axing. Let's move to more involved approaches now, using explicit kernel configuration tweaking: At that point, though, according to Bergmann, it would make sense to make the minimum version be 4.

Why is module support so counter-productive? That will certainly change someday. Not often, but some things are clearly best practice. What individual users or groups should do is to signal their interest to their vendor. Spectre works even without breaking any process.

Shrinking the kernel with an axe Posted Feb, 3: Are you carrying software that's not used in your product?

Can we get rid of some of that KB of filesystem infrastructure when there is no need for a full-fledged filesystem support in our tiny system? Branches connected to the trunk won't be trimmed.

It is especially good at figuring out that some functions end up never being called; their removal means that even more functions end up not being called, and so on along the call graph down to the leaf functions. Here are a few examples our user space certainly can live without: This architecture was a research project at Peking University.

The kernel, unlike user-space programs that typically have only one entry point, is different as it has multiple entry points. The control channel is used for various control functions such as bus management, configuration and status updates.

Bergmann, however, as is his way, took a rather wider view of things: Too bad the effort to include minitty got blocked, IMHO these days nobody still needs the full-scale TTY subsystem with its code base. Some of them designate data rather than code, but they create a dependency link just the same. It also depends on your security model Posted Feb 27, It has been some time, though, since anybody has actually succeeded in building a kernel with a compiler that old.

That means 3, additional entry points that can no longer optimize away. That doesn't carry the ridiculous implication that this practice is best for all time, the best ever, rah rah!

But how can individual users, or scattered groups thereof, efficiently signal their interest for e. I do often see that phrase elsewhere rather a lot and I generally use it as a litmus test for possible but unlikely guide to solution of the problem at hand, which is a bit sad. The kernel configuration system already provides some options to enable or disable support for some system calls.

It also depends on your security model Posted Mar 3, 6: Somebody may need to add asm goto support to LLVM in the near future. The Meta architecture was added to the 3. The way I see it, a best practice documents general conventions that are a good idea to follow as you describe.

