Kernel Issues

Posted on by

     At present, as near as I can determine there is no Linux kernel which is simultaneously:

     1) Up to date with regards to outstanding security issues.

     2) Entirely stable and functional.

     3) Performs well and doesn’t spend more time in the kernel than in userland.

     It is possible to get any two out of three of these but not all three in any one kernel at present.  5.15 proves #1 and #2. but does not provide #3 and isn’t adequate especially for busy machines like the web and mail servers.  5.18 provides #2 and #3, but not #1, and 5.19 provides #1 and #3 but not #2.  6.0.0-rc4 is looking promising but not enough testing yet to see if it’s going to be stable.

     So we are still working with developers and testing various kernels and configurations to attempt to achieve all three of these.  At present, I am running 5.19 on most non-critical servers that have shell access to customers since security is important on these and 5.18.19 on machines that have very little public exposure.  Seems like the best compromise at the time, but I will be trialing 6.0.0-rc4 on various machines.  There will be brief outages of web and mail as I reboot into this kernel to test.