The Linux kernel is a free and open-source
, Unix-like operating system kernel
It was conceived and created in 1991 by Linus Torvalds
for his i386
-based PC, and it was soon adopted as the kernel for the GNU operating system
which was created as a free
replacement for UNIX
Since then, it has spawned a plethora of operating system distributions
, commonly also called Linux
Linux is deployed on a wide variety of computing systems, such as embedded device
s, mobile device
s (including its use in the Android
operating system), personal computer
, and supercomputer
It can be tailored for specific architectures and for several usage scenarios using a family of simple commands (that is, without the need of manually editing its source code before compilation);
privileged users can also fine-tune kernel parameters at runtime.
Most of the Linux kernel code is written using the GNU
extensions of GCC
to the standard C programming language
and with the use of architecture specific instructions (ISA
). This produces a highly optimized executable (vmlinux
) with respect to utilization of memory space and task execution times.
Day-to-day development discussions take place on the Linux kernel mailing list
(LKML). Changes are tracked using the version control system git
, which was created by Torvalds as a bespoke replacement for BitKeeper
. Linux as a whole is released under the GNU General Public License
version 2 (GPLv2),
but it also contains several files under other compatible licenses,
and an ad hoc exemption for the user space API header files
In April 1991, Linus Torvalds
, at the time a 21-year-old computer science
student at the University of Helsinki
, started working on some simple ideas for an operating system. He started with a task switcher
in Intel 80386 assembly language
and a terminal driver
. On 25 August 1991, Torvalds posted the following to ''comp.os.minix'', a newsgroup
On 17 September 1991, Torvalds prepared version 0.01 of Linux and put on the "ftp.funet.fi" – FTP server of the Finnish University and Research Network (FUNET
). It was not even executable since its code still needed Minix for compilation and play.
On 5 October 1991, Torvalds announced the first "official" version of Linux, version 0.02.
At this point, Linux was able to run Bash, GCC, and some other GNU utilities:
After that, many people contributed code to the project, including some developers from the MINIX
community. At the time, the GNU Project
had created many of the components required for a free operating system, but its own kernel, GNU Hurd
, was incomplete and unavailable. The Berkeley Software Distribution
had not yet freed itself from legal encumbrances
. Despite the limited functionality of the early versions, Linux rapidly gained developers and users.
Torvalds assigned version 0 to the kernel to indicate that it was mainly for testing and not intended for productive use.
Version 0.11, released in December 1991, was the first self-hosted
Linux, for it could be compiled by a computer running the same kernel.
When Torvalds released version 0.12 in February 1992, he adopted the GNU General Public License
version 2 (GPLv2) over his previous self-drafted license, which had not permitted commercial redistribution.
In contrast to Unix
, all source files
of Linux are freely available, including device drivers
The initial success of Linux was driven by programmers and testers across the world. With the support of the POSIX
APIs, through the libC that, whether needed, acts as an entry point to the kernel address space, Linux could run software and applications that had been developed for Unix.
On 19 January 1992, the first post to the new newsgroup ''alt.os.linux'' was submitted.
On 31 March 1992, the newsgroup was renamed ''comp.os.linux''.
The fact that Linux is a monolithic kernel
rather than a microkernel
was the topic of a debate between Andrew S. Tanenbaum
, the creator of MINIX, and Torvalds.
The Tanenbaum–Torvalds debate
started in 1992 on the Usenet
group ''comp.os.minix'' as a general discussion about kernel architectures.
Linux version 0.95 was the first to be capable of running the X Window System
In March 1994, Linux 1.0.0 was released with 176,250 lines of code.
It was the first version suitable for use in production environments
It started a versioning system for the kernel with three or four numbers separated by dots where the first represented the ''major'' release, the second was the ''minor release'', and the third was the ''revision.''
At that time odd-numbered ''minor'' releases were for development and tests, whilst even numbered ''minor'' releases were for production. The optional fourth digit indicated a set of patches to a ''revision.''
Development releases were indicated with ''-rc'' ("release candidate") suffix.
The current version numbering is slightly different from the above. The even vs. odd numbering has been dropped and a specific ''major'' version is now indicated by the first two numbers, taken as a whole. While the time-frame is open for the development of the next ''major'', the -rcN suffix is used to identify the n'th ''release candidate'' for the next version.
For example, the release of the version 4.16 was preceded by seven 4.16-rcN (from -rc1 to -rc7). Once a stable release is made, its maintenance is passed off to the “stable team". Occasional updates to stable releases are identified by a three numbering scheme (e.g., 4.13.1, 4.13.2, ..., 4.13.16).
After version 1.3 of the kernel, Torvalds decided that Linux had evolved enough to warrant a new ''major'' number, so he released version 2.0.0 in June 1996.
The series included 41 releases. The major feature of 2.0 was support for symmetric multiprocessing
(SMP) and support for more types of processors.
Starting with version 2.0, Linux is configurable for selecting specific hardware targets and for enabling architecture specific features and optimizations.
The ''make *config'' family of commands of ''kbuild'' are used to enable and configure thousands of options for building ad hoc kernel executables (vmlinux
) and loadable modules.
Version 2.2, released on 20 January 1999,
improved locking granularity and SMP management, added m68k
, and other 64-bit platforms support.
Furthermore, it added new file systems
In 1999, IBM published its patches to the Linux 2.2.13 code for the support of the S/390
Version 2.4.0, released on 4 January 2001,
contained support for ISA Plug and Play
, and PC Card
s. Linux 2.4 added support for the Pentium 4
(the latter introduced the ia64
ISA that was jointly developed by Intel and Hewlett-Packard to supersede the older PA-RISC
), and for the newer 64-bit MIPS
Development for 2.4.''x'' changed a bit in that more features were made available throughout the duration of the series, including support for Bluetooth
, Logical Volume Manager
(LVM) version 1, RAID
Version 2.6.0 was released on 17 December 2003.
The development for 2.6.''x'' changed further towards including new features throughout the duration of the series. Among the changes that have been made in the 2.6 series are: integration of µClinux
into the mainline kernel sources, PAE
support, support for several new lines of CPUs
, integration of Advanced Linux Sound Architecture (ALSA) into the mainline kernel sources, support for up to 232
users (up from 216
), support for up to 229
process IDs (64-bit only, 32-bit arches still limited to 215
substantially increased the number of device types and the number of devices of each type, improved 64-bit
support, support for file system
s which support file sizes of up to 16 terabyte
s, in-kernel preemption
, support for the Native POSIX Thread Library
(NPTL), User-mode Linux
integration into the mainline kernel sources, SELinux
integration into the mainline kernel sources, InfiniBand
support, and considerably more.
Also notable are the addition of a wide selection of file systems starting with the 2.6.''x'' releases: now the kernel supports a large number of file systems, some that have been designed for Linux, like ext3
and others that are native of other operating systems like JFS
, Minix, Xenix
, System V
, and MS-DOS
In 2005 the ''stable team'' was formed as a response to the lack of a kernel tree where people could work on bug fixes
, and it would keep updating ''stable'' versions.
In February 2008 the ''linux-next'' tree was created to serve as a place where patches aimed to be merged during the next development cycle gathered.
Several subsystem maintainers also adopted the suffix ''-next'' for trees containing code which they mean to submit for inclusion in the next release cycle. , the in-development version of Linux is held in an unstable branch named ''linux-next''.
Linux used to be maintained without the help of an automated source code management
system until, in 2002, development switched to BitKeeper
. It was freely available for Linux developers but it was not free software
. In 2005, because of efforts to reverse-engineer
it, the company which owned the software revoked the support of the Linux community. In response, Torvalds and others wrote Git
. The new system was written within weeks, and in two months the first official kernel made using it was released.
Details on the history of the 2.6 kernel series can be found in the ChangeLog files on the 2.6 kernel series source code release area of kernel.org
The 20th anniversary of Linux was celebrated by Torvalds in July 2011 with the release of the 3.0.0 kernel version.
As 2.6 has been the version number for 8 years, a new ''uname26'' personality that reports 3.x as 2.6.40+x had to be added to the kernel so that old programs would work.
Version 3.0 was released on 22 July 2011.
On 30 May 2011, Torvalds announced that the big change was "NOTHING. Absolutely nothing." and asked, "...let's make sure we really make the next release not just an all new shiny number, but a good kernel too."
After the expected 6–7 weeks of the development process, it would be released near the 20th anniversary of Linux.
On 11 December 2012, Torvalds decided to reduce kernel complexity by removing support for i386
processors, making the 3.7 kernel series the last one still supporting the original processor.
The same series unified support for the ARM
Version 3.11, released on 2 September 2013,
adds many new features such as new flag for to reduce temporary file vulnerabilities, experimental AMD Radeon
dynamic power management, low-latency network polling, and zswap
(compressed swap cache).
The numbering change from 2.6.39 to 3.0, and from 3.19 to 4.0, involved no meaningful technical differentiation. The major version number was increased to avoid large minor numbers.
Stable 3.x.y kernels were released until 3.19 in February 2015.
In April 2015, Torvalds released kernel version 4.0.
By February 2015, Linux had received contributions from nearly 12,000 programmers from more than 1,200 companies, including some of the world's largest software and hardware vendors.
Version 4.1 of Linux, released in June 2015, contains over 19.5 million lines of code contributed by almost 14,000 programmers.
A total of 1,991 developers, of whom 334 are first collaborators, added more than 553,000 lines of code to version 5.8, breaking the record previously held by version 4.9.
According to the Stack Overflow’s annual Developer Survey of 2019, more than the 53% of all respondents have developed software for Linux OS
and about 27% for Android
although only about 25% develop with Linux-based operating systems.
Most websites run on Linux-based operating systems
and all of the world's 500 most powerful supercomputers
use some kind of OS based on Linux.
bundle the kernel with system software
(e.g., the GNU C Library
, and others Unix utilities
) and a wide selection of application software
, but their usage share
in desktops is low in comparison to other operating systems.
, which accounts for the majority of the installed base
of all operating systems for mobile devices,
is responsible for the rising usage of the Linux kernel,
together with its wide use in a large variety of embedded devices
Architecture and features
Linux is a monolithic kernel
with a modular design (e.g., it can insert and remove loadable kernel modules
at runtime), supporting most features once only available in closed source kernels of non-free operating systems. The rest of the article makes use of the UNIX and Unix-like operating systems convention on the official manual pages
. The numbers that follow the name of commands, interfaces, and other features, have the purpose of specifying the section (i.e., the type of the OS' component or feature) they belong to (e.g., refers to a system call, while refers to a userspace library wrapper):
* concurrent computing
and (with the availability of enough CPU cores for tasks that are ready to run) even true parallel execution
of many processes
at once (each of them having one or more threads of execution
) on SMP
* selection and configuration of hundreds of kernel features and drivers (using one of the family of commands, before running compilation),
modification of kernel parameters before booting
(usually by inserting instructions into the lines of the GRUB2
menu), and fine tuning of kernel behavior at run-time (using the interface to );
* configuration (again using the commands) and run-time modifications of the policies
(via , , and the family of syscalls) of the task schedulers
that allow preemptive multitasking
(both in user mode
and, since the 2.6 series, in kernel mode
); the Completely Fair Scheduler (CFS)
is the default scheduler of Linux since 2007 and it uses a red-black tree
which can search, insert and delete process information (task struct
) with O(log n) time complexity
, where ''n'' is the number of runnable tasks;
* advanced memory management
with paged virtual memory
* inter-process communication
s and synchronization
* a virtual filesystem
on top of several concrete filesystems (ext4
, and many more);
* configurable I/O schedulers,
syscall that manipulates the underlying device parameters of special files (it is a non standard system call, since arguments, returns, and semantics depends on the device driver in question), support for POSIX asynchronous I/O
(however, because they scale poorly with multithreaded applications, a family of Linux specific I/O system calls (
) had to be created for the management of asynchronous I/O contexts suitable for concurrently processing);
* OS-level virtualization
and hardware-assisted virtualization
, and using QEMU
for hardware emulation);
On the Xen hypervisor, the Linux kernel provides support to build Linux distributions (such as openSuSE Leap and many others) that work as ''Dom0'', that are virtual machine host servers that provide the management environment for the user's virtual machines (''DomU'').
* security mechanisms for discretionary
and mandatory access control
(SELinux, AppArmor, POSIX ACLs
, and others);
* several types of layered communication protocol
s (including the Internet protocol suite
s and kernel extensions run in kernel space
in many CPU architectures
), with full access to the hardware, although some exceptions run in user space
, for example, filesystems based on FUSE
/CUSE, and parts of UIO.
The graphics system
most people use with Linux does not run within the kernel. Unlike standard monolithic kernels, device drivers are easily configured as modules
, and loaded or unloaded while the system is running and can also be pre-empted under certain conditions in order to handle hardware interrupt
s correctly and to better support symmetric multiprocessing
By choice, Linux has no stable device driver application binary interface
Linux typically makes use of memory protection
and virtual memory
and can also handle non-uniform memory access
however the project has absorbed μClinux
which also makes it possible to run Linux on microcontroller
s without virtual memory.
The hardware is represented in the file hierarchy. User applications interact with device drivers via entries in the or directories.
Processes information as well are mapped to the file system through the directory.
Linux is a clone of UNIX, and aims towards POSIX
and Single UNIX Specification
The kernel also provides system calls and other interfaces that are Linux-specific. In order to be included in the official kernel, the code must comply with a set of licensing rules.
The Linux Application binary interface
(ABI) between the kernel and the user space has four degrees of stability (stable, testing, obsolete, removed);
however, the system call
s are expected to never change in order to not break the userspace
programs that rely on them.
Loadable kernel module
s (LKMs), by design, cannot rely on a stable ABI.
Therefore they must always be recompiled whenever a new kernel executable is installed in a system, otherwise they will not be loaded. In-tree drivers that are configured to become an integral part of the kernel executable (vmlinux
) are statically linked by the building process.
There is also no guarantee of stability of source-level in-kernel API
and, because of this, device driver
s code, as well as the code of any other kernel subsystem, must be kept updated with kernel evolution. Any developer who makes an API change is required to fix any code that breaks as the result of their change.
The set of the Linux kernel API
that regards the interfaces exposed to user applications is fundamentally composed of UNIX and Linux-specific system call
A system call is an entry point into the Linux kernel.
For example, among the Linux-specific ones there is the family of the system calls.
Most extensions must be enabled by defining the
in a header file
or when the user-land code is being compiled.
System calls can only be invoked by using assembly instructions which enable the transition from unprivileged user space to privileged kernel space in ring 0
. For this reason, the C standard library
(libC) acts as a wrapper to most Linux system calls, by exposing C functions that, only whether it is needed,
can transparently enter into the kernel which will execute on behalf of the calling process.
For those system calls not exposed by libC, e.g. the ''fast userspace mutex'' (futex
the library provides a function called which can be used to explicitly invoke them.
(e.g., the sysfs
filesystems) and special file
, and many others) constitute another layer of interface to kernel data structures representing hardware or logical (software) devices.
Because of the differences existing between the hundreds of various implementations of the Linux OS, executable objects, even though they are compiled, assembled, and linked for running on a specific hardware architecture (that is, they use the ISA
of the target hardware), often cannot run on different Linux Distributions. This issue is mainly due to distribution-specific configurations and a set of patches applied to the code of the Linux kernel, differences in system libraries, services (daemons), filesystem hierarchies, and environment variables.
The main standard concerning application and binary compatibility of Linux distributions is the Linux Standard Base
However, the LSB goes beyond what concerns the Linux kernel, because it also defines the desktop specifications, the X libraries and Qt that have little to do with it.
The LSB version 5 is built upon several standards and drafts (POSIX, SUS, X/Open, File System Hierarchy
(FHS), and others).
The parts of the LSB largely relevant to the kernel are the ''General ABI'' (gABI),
especially the System V ABI
and the Executable and Linking Format
and the ''Processor Specific ABI'' (psABI), for example the ''Core Specification for X86-64.''
The standard ABI for how x86_64 user programs invoke system calls is to load the syscall number into the ''rax'' register, and the other parameters into ''rdi'', ''rsi'', ''rdx'', ''r10'', ''r8'', and ''r9'', and finally to put the ''syscall'' assembly instruction in the code.
There are several kernel internal APIs utilized between the different subsystems. Some are available only within the kernel subsystems, while a somewhat limited set of in-kernel symbols (i.e., variables, data structures, and functions) is exposed also to dynamically loadable modules (e.g., device drivers loaded on demand) whether they're exported with the and macros
(the latter reserved to modules released under a GPL-compatible license).
Linux provides in-kernel APIs that manipulate data structures (e.g., linked list
s, radix tree
) or perform common routines (e.g., copy data from and to user space, allocate memory, print lines to the system log, and so on) that have remained stable at least since Linux version 2.6.
In-kernel APIs include libraries of low-level common services used by device drivers:
Interfaces and libATA
respectively, a peer-to-peer packet based communication protocol for storage devices attached to USB, SATA, SAS, Fibre Channel, FireWire, ATAPI device,
and an in-kernel library to support
TA host controllers and devices.
* Direct Rendering Manager
(DRM) and Kernel Mode Setting
(KMS) for interfacing with GPUs and supporting the needs of modern 3D-accelerated video hardware,
and for setting screen resolution, color depth and refresh rate
) for sharing buffers for hardware direct memory access across multiple device drivers and subsystems
for video capture hardware
* Advanced Linux Sound Architecture
(ALSA) for sound cards
* New API
for network interface controller
for wireless network interface controllers
The Linux developers choose not to maintain a stable in-kernel ABI.
Modules compiled for a specific version of the kernel cannot be loaded into another version without being re-compiled, assuming that the source level in-kernel API has remained the same, otherwise also the module code must be modified accordingly.
Processes and threads
Linux creates processes by means of the or by the newer
system calls. Depending on the given parameters, the new entity can share most or none of the resources of the caller. These syscalls can create new entities ranging from new independent processes (each having a special identifier called ''TGID'' within the ''task_struct'' data structure in kernel space, although that same identifier is called ''PID'' in userspace), to new threads of execution within the calling process (by using the parameter). In this latter case the new entity owns the same ''TGID'' of the calling process and consequently has also the same ''PID'' in userspace.
If the executable is dynamically linked to shared libraries, a dynamic linker
(for ELF objects, it is typically ) is used to find and load the needed objects, prepare the program to run and then run it.
The Native POSIX Thread Library
, simply known as the NPTL,
provides the standard POSIX threads interface (''pthreads'') to userspace
Whenever a new thread is created using the pthread_create(3) POSIX interface,
the family of system calls must also be given the address of the function that the new thread must jump to. The Linux kernel provides the (acronym for "Fast user-space mutexes") mechanisms for fast user-space locking and synchronization;
the majority of the operations are performed in userspace but it may be necessary to communicate with the kernel using the system call.
A very special category of threads is the so-called ''kernel threads''. They must not be confused with the above-mentioned threads of execution of the user's processes. Kernel threads exist only in kernel space and their only purpose is to concurrently run kernel tasks.
Differently, whenever an independent process is created, the syscalls return exactly to the next instruction of the same program, concurrently in ''parent'' process and in ''child's'' one (i.e., one program, two processes). Different return values (one per process) enable the program to know in which of the two processes it is currently executing. Programs need this information because the child process, a few steps after process duplication, usually invokes the system call (possibly via the family of wrapper functions in glibC) and replace the program that is currently being run by the calling process with a new program, with newly initialized stack, heap, and (initialized and uninitialized) data segments.
When it is done, it results in two processes that run two different programs.
Depending on the effective user id
(''euid''), and on the effective group id
(''egid''), a process running with user zero privileges (''root'', the system administrator, owns the identifier 0) can perform everything (e.g., kill all the other processes or recursively wipe out whole filesystems), instead non zero user processes cannot. divides the privileges traditionally associated with superuser into distinct units, which can be independently enabled and disabled by the parent process or dropped by the child itself.
Scheduling and preemption
Linux enables different scheduling classes and policies.
By default the kernel uses a scheduler mechanism called the Completely Fair Scheduler
(CFS) introduced in the 2.6.23 version of the kernel.
Internally this default-scheduler class is defined in a macro of a C header as
. In other POSIX kernels, a similar policy known as
allocates CPU timeslices (i.e, it assigns absolute slices of the processor time depending on either predetermined or dynamically computed priority of each process). The Linux CFS does away with absolute timeslices and assigns a fair proportion of CPU time, as a function of parameters like the total number of runnable processes and the time they have already run; this function also takes into account a kind of weight that depends on their relative priorities (nice values).
The kernel also contains two POSIX-compliant
real-time scheduling classes named
), both of which take precedence over the default class.
An additional scheduling policy known as
, implementing the earliest deadline first algorithm
(EDF), was added in kernel version 3.14, released on 30 March 2014.
takes precedence over all the other scheduling classes.
Linux provides both ''user preemption'' as well as full ''kernel preemption''.
Preemption reduces latency
, increases responsiveness,
and makes Linux more suitable for desktop and real-time
With user preemption, the kernel scheduler can replace the current process with the execution of a context switch
to a different one that therefore acquires the computing resources for running (CPU, memory, and more). It makes it according to the CFS
algorithm (in particular, it uses a variable called for sorting processes), to the active scheduler policy and to the processes relative priorities. With kernel preemption, the kernel can preempt itself when an interrupt handler returns, when kernel tasks block, and whenever a subsystem explicitly calls the schedule() function.
The Linux kernel patch
enables full preemption of critical sections, interrupt handlers, and "interrupt disable" code sequences.
Partial integration of the real-time Linux patches brought the above mentioned functionality to the kernel mainline.
Concurrency and synchronization
The kernel has different causes of concurrency (e.g., interrupts, bottom halves, preemption of kernel and users tasks, symmetrical multiprocessing).
For protecting critical regions (sections of code that must be executed atomically), shared memory locations (like global variable
s and other data structures with global scope), and regions of memory that are asynchronously modifiable by hardware (e.g., having the C
volatile type qualifier
), Linux provides a large set of tools. They consist of atomic types
(which can only be manipulated by a set of specific operators), spinlock
and lockless algorithms
Most lock-less algorithms are built on top of memory barrier
s for the purpose of enforcing memory ordering
and prevent undesired side effects due to compiler's optimizations
The management of the interrupt
s, although it could be seen as a single job, is divided in two separate parts. This split in two is due to the different time constraints and to the synchronization needs of the tasks whose the management is composed of. The first part is made up of an asyncronous interrupt service routine
that in Linux is known as the ''top half'', while the second part is carried out by one of three types of the so-called ''bottom halves'' (''softirq'', ''tasklets,'' and ''work queues'').
Linux interrupts service routines can be nested (i.e., a new IRQ can trap into a high priority ISR that preempts any other lower priority ISRs).
Memory management in Linux is a complex topic. First of all, the kernel is not pageable (i.e., it is always resident in physical memory and cannot be swapped to the disk). In the kernel there is no memory protection (no ''SIGSEGV'' signals, unlike in userspace), therefore memory violations lead to instability and system crashes.
,_a_consumer_device_running_Linux.html" style="text-decoration: none;"class="mw-redirect" title="digital video recorder">DVR, a consumer device running Linux">digital video recorder">DVR, a consumer device running Linux
While not originally designed to be portable
Linux is now one of the most widely ported operating system kernels, running on a diverse range of systems from the ARM architecture
to IBM z/Architecture mainframe computer
s. The first port was performed on the Motorola 68000
platform. The modifications to the kernel were so fundamental that Torvalds viewed the Motorola version as a fork
and a "Linux-like operating system".
However, that moved Torvalds to lead a major restructure of the code to facilitate porting to more computing architectures. The first Linux that, in a single source tree, had code for more than i386 alone, supported the DEC Alpha AXP
Linux runs as the main operating system on IBM
; , all of the world's 500 fastest supercomputers
run some operating system based on the Linux kernel,
a big change from 1998 when the first Linux supercomputer got added to the list.
Linux has also been ported to various handheld devices such as Apple's iPhone
3G and iPod
In 2007, the LKDDb project has been started to build a comprehensive database of hardware and protocols known by Linux kernels.
The database is built automatically by static analysis of the kernel sources. Later in 2014 the Linux Hardware project was launched to automatically collect a database of all tested hardware configurations with the help of users of various Linux distributions.
Rebootless updates can even be applied to the kernel by using live patching
technologies such as Ksplice
. Minimalistic foundations for live kernel patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on 12 April 2015. Those foundations, known as ''livepatch'' and based primarily on the kernel's ftrace
functionality, form a common core capable of supporting hot patching by both kGraft and kpatch, by providing an application programming interface
(API) for kernel modules that contain hot patches and an application binary interface
(ABI) for the userspace management utilities. However, the common core included into Linux kernel 4.0 supports only the x86
architecture and does not provide any mechanisms for ensuring function
-level consistency while the hot patches are applied. , there is ongoing work on porting kpatch and kGraft to the common live patching core provided by the Linux kernel mainline.
Kernel bugs present potential security issues. For example, they may allow for privilege escalation
or create denial-of-service attack
vectors. Over the years, numerous bugs affecting system security were found and fixed.
New features are frequently implemented to improve the kernel's security.
Capabilities(7) have already been introduced in the section about the processes and threads. Android makes use of them and systemd
gives administrators detailed control over the capabilities of processes.
Linux offers a wealth of mechanisms to reduce kernel attack surface and improve security which are collectively known as the Linux Security Modules
They comprise the Security-Enhanced Linux
(SELinux) module, whose code has been originally developed and then released to the public by the NSA
among others. SELinux is now actively developed and maintained on GitHub
SELinux and AppArmor provide support to access control security policies, including mandatory access control
(MAC), though they profoundly differ in complexity and scope.
Another security feature is the Seccomp BPF (SECure COMPuting with Berkeley Packet Filters) which works by filtering parameters and reducing the set of system calls available to user-land applications.
Critics have accused kernel developers of covering up security flaws or at least not announcing them; in 2008, Linus Torvalds responded to this with the following:
Linux distributions typically release security updates to fix vulnerabilities in the Linux kernel. Many offer long-term support
releases that receive security updates for a certain Linux kernel version for an extended period of time.
The community of Linux kernel developers comprises about 5000-6000 members. According to the "2017 State of Linux Kernel Development", a study issued by the Linux Foundation, covering the commits for the releases 4.8 to 4.13, about 1500 developers were contributing from about 200-250 companies on average. The top 30 developers contributed a little more than 16% of the code. As of companies, the top contributors are Intel (13.1%) and Red Hat (7.2%), Linaro (5.6%), IBM (4.1%), the second and fifth places are held by the 'none' (8.2%) and 'unknown' (4.1%) categories.
Source code management
The Linux development community uses Git
to manage the source code
. Git users clone the latest version of Torvalds' tree with
and keep it up to date using .
Contributions are submitted as patches, in the form of text messages on the LKML (and often also on other mailing lists dedicated to particular subsystems). The patches must conform to a set of rules and to a formal language that, among other things, describes which lines of code are to be deleted and what others are to be added to the specified files. These patches can be automatically processed so that system administrators can apply them in order to make just some changes to the code or to incrementally upgrade to the next version.
Linux is distributed also in GNU zip
(gzip) and bzip2
Submitting code to the kernel
A developer who wants to change the Linux kernel starts with developing and testing that change. Depending on how significant the change is and how many subsystems it modifies, the change will either be submitted as a single patch or in multiple patches of source code
. In case of a single subsystem that is maintained by a single maintainer, these patches are sent as e-mails to the maintainer of the subsystem with the appropriate mailing list in Cc. The maintainer and the readers of the mailing list will review the patches and provide feedback. Once the review process has finished the subsystem maintainer accepts the patches in the relevant Git
kernel tree. If the changes to the Linux kernel are bug fixes that are considered important enough, a pull request for the patches will be sent to Torvalds within a few days. Otherwise, a pull request will be sent to Torvalds during the next merge window. The merge window usually lasts two weeks and starts immediately after the release of the previous kernel version.
The Git kernel source tree names all developers who have contributed to the Linux kernel in the ''Credits'' directory and all subsystem maintainers are listed in ''Maintainers''.
Programming language and coding style
Linux is written in a special C programming language
supported by GCC
, a compiler that extends in many ways the C standard, for example using inline sections of code
written in the assembly language
(in GCC's "AT&T-style" syntax) of the target architecture. Since 2002 all the code must adhere to the 21 rules comprising the ''Linux Kernel Coding Style.''
The GNU Compiler Collection
(GCC or GNU cc) is the default compiler
for the mainline Linux sources and it is invoked by a utility called make
. Then, the GNU Assembler
(more often called GAS or GNU as) outputs the object file
s from the GCC generated assembly
code. Finally, the GNU Linker
(GNU ld) is used to produce a statically linked executable kernel file called . Both and are part of GNU Binary Utilities
(binutils). The above-mentioned tools are collectively known as the GNU toolchain
GCC was for a long time the only compiler capable of correctly building Linux. In 2004, Intel
claimed to have modified the kernel so that its C compiler
was also capable of compiling it.
There was another such reported success in 2009, with a modified 2.6.22 version.
Since 2010, effort has been underway to build Linux with Clang
, an alternative compiler for the C language;
as of 12 April 2014, the official kernel could almost be compiled by Clang.
The project dedicated to this effort is named ''LLVMLinux'' after the LLVM
compiler infrastructure upon which Clang is built.
LLVMLinux does not aim to fork either Linux or the LLVM, therefore it is a meta-project composed of patches that are eventually submitted to the upstream projects. By enabling Linux to be compiled by Clang, developers may benefit from shorter compilation times.
In 2017, developers completed upstreaming patches to support building the Linux kernel with Clang
in the 4.15 release, having backported
support for X86-64
to the 4.4, 4.9, and 4.14 branches of the stable kernel tree. Google's Pixel 2
shipped with the first Clang
though patches for Pixel (1st generation)
2018 saw ChromeOS
move to building kernels with Clang
while Android (operating system)
's linker LLD
required for kernel builds in 2019. Google
moved its production kernel used throughout its datacenters to being built with Clang
Today, the ClangBuiltLinux
' group coordinates fixes to both Linux
to ensure compatibility, both composed of members from ''LLVMLinux'' and having upstreamed patches from ''LLVMLinux''.
Bugs involving the Linux Kernel can be difficult to troubleshoot, this is because of the kernel's interaction with userspace and hardware; and also because they might be caused from a wider range of reasons compared to those of user programs. A few examples of the underlying causes are semantic errors in code, misuse of synchronization primitives and incorrect hardware management.
A report of a non-fatal bug in the kernel is called an "oops
"; such deviations from correct behavior of the Linux kernel may allow continued operation with compromised reliability.
A critical and fatal error is reported via the function. It prints a message and then halts the kernel.
One of the most common techniques used to find out bugs in code is ''debugging by printing''. For this purpose Linux provides an in-kernel API called which stores messages in a circular buffer. The system call is used for reading and/or clearing the kernel message ring buffer and for setting the maximum ''log level'' of the messages to be sent to the console (i.e., one of the eight parameters of , which tell the severity of the condition reported); usually it is invoked via the glibC wrapper .
Kernel messages are also exported to userland through the ''/dev/kmsg'' interface
reads that interface and by default append the messages to ).
Another fundamental technique for debugging a running kernel is tracing. The ''ftrace
'' mechanism is a Linux internal tracer; it is used for monitoring and debugging Linux at runtime and it can also analyze user space latencies due to kernel misbehavior.
Furthermore, ''ftrace'' allows users to trace Linux at boot-time.
''kprobes'' and ''kretprobes'' can break (like debuggers in userspace) into Linux and non-disruptively collect information.
''kprobes'' can be inserted into code at (almost) any address, while kretprobes work at function return. ''uprobes'' have similar purposes but they also have some differences in usage and implementation.
Linux can be debugged in much the same way as userspace programs. KGDB requires an additional machine that runs GDB
and that is connected to the target to be debugged using a serial cable
The Linux kernel project integrates new code on a rolling basis. Software checked into the project must work and compile
without error. For each kernel subsystem there is a maintainer who is responsible for reviewing patches against the kernel code standards and keeps a queue of patches that can be submitted to Linus Torvalds within a merge window of several weeks. Patches are merged by Torvalds into the source code of the prior stable Linux kernel release, creating the ''-rc'' release candidate for the next stable kernel. Once the merge window is closed only fixes to the new code in the development release are accepted. The ''-rc'' development release of the kernel goes through regression tests
and once it is judged to be stable by Torvalds and the kernel subsystem maintainers a new Linux kernel is released and the development process starts all over again.
Developers who feel treated unfairly can report this to the Linux Foundation
's Technical Advisory Board.
In July 2013, the maintainer of the USB 3.0 driver Sarah Sharp
asked Torvalds to address the abusive commentary in the kernel development community. In 2014, Sharp backed out of Linux kernel development, saying that "The focus on technical excellence, in combination with overloaded maintainers, and people with different cultural and social norms, means that Linux kernel maintainers are often blunt, rude, or brutal to get their job done".
At the linux.conf.au (LCA) conference in 2018, developers expressed the view that the culture of the community has gotten much better in the past few years. Daniel Vetter, the maintainer of the Intel drm/i915 graphics kernel driver, commented that the "rather violent language and discussion" in the kernel community has decreased or disappeared.
Laurent Pinchart asked developers for feedback on their experience with the kernel community at the 2017 Embedded Linux Conference Europe. The issues brought up were discussed a few days later at the Maintainers Summit. Concerns over the lack of consistency in how maintainers responded to patches submitted by developers were echoed by Shuah Khan
, the maintainer of the kernel self-test framework. Torvalds contended that there would never be consistency in the handling of patches because different kernel subsystems have, over time, adopted different development processes. Therefore, it was agreed upon that each kernel subsystem maintainer would document the rules for patch acceptance.
There are certain communities that develop kernels based on the official Linux. Some interesting bits of code from these ''forks'' (i.e., a slang term meaning "derived projects") that include Linux-libre
, Compute Node Linux
, and User-Mode Linux
(UML) have been merged into the mainline.
Some operating systems developed for mobile phones initially used heavily modified versions of Linux, including Google Android
, Firefox OS
, HP webOS
, Nokia Maemo
and Jolla Sailfish OS
. In 2010, the Linux community criticised Google for effectively starting its own kernel tree:
Today Android uses a slightly customized Linux
where changes are implemented in device drivers so that little or no change to the core kernel code is required. Android developers also submit patches to the official Linux that finally can boot the Android operating system. For example, a Nexus 7
can boot and run the mainline Linux.
At a 2001 presentation at the Computer History Museum
, Linus Torvalds
had this to say in response to a question about distributions of Linux using precisely the same kernel sources or not:
Development community conflicts
There have been several notable conflicts among Linux kernel developers. Examples of such conflicts are:
* In July 2007, Con Kolivas
announced that he would cease developing for the Linux kernel.
* In July 2009, Alan Cox
quit his role as the TTY
layer maintainer after disagreement with Linus Torvalds
* In December 2010, there was a discussion between Linux SCSI maintainer James Bottomley and SCST maintainer Vladislav Bolkhovitin about which SCSI target stack should be included in the Linux kernel.
This made some Linux users upset.
* In June 2012, Torvalds made it very clear that he did not agree with NVIDIA releasing its drivers as closed.
* In April 2014, Torvalds banned Kay Sievers
from submitting patches to the Linux kernel for failing to deal with bugs
that caused systemd
to negatively interact with the kernel.
* In October 2014, Lennart Poettering
accused Torvalds of tolerating the rough discussion style on Linux kernel related mailing lists and of being a bad role model.
* In March 2015, Christoph Hellwig filed a lawsuit against VMware for infringement of the copyright on the Linux kernel.
Linus Torvalds made it clear that he did not agree with this and similar initiatives by calling lawyers a festering disease.
Prominent Linux kernel developers have been aware of the importance of avoiding conflicts between developers.
For a long time there was no code of conduct for kernel developers due to opposition by Linus Torvalds
However, a Linux Kernel ''Code of Conflict'' was introduced on 8 March 2015.
It was replaced on 16 September 2018 by a new ''Code of Conduct'' based on the Contributor Covenant
. This coincided with a public apology by Torvalds and a brief break from kernel development.
On 30 November 2018, complying with the ''Code of Conduct'', Jarkko Sakkinen of Intel sent out patches replacing instances of "fuck" appearing in source code comments with suitable versions focused on the word 'hug'.
, the 5.11 release of the Linux kernel had around 30.34 million lines of code, roughly 14% of the code is part of the "core" (arch, kernel and mm directories) while 60% is drivers.
Estimated cost to redevelop
The cost to redevelop the Linux kernel version 2.6.0 in a traditional proprietary development setting has been estimated to be US$612 million (€467M, £394M) in 2004 prices using the COCOMO
person-month estimation model.
In 2006, a study funded by the European Union put the redevelopment cost of kernel version 2.6.8 higher, at €882M ($1.14bn, £744M).
This topic was revisited in October 2008 by Amanda McPherson, Brian Proffitt, and Ron Hale-Evans. Using David A. Wheeler's methodology, they estimated redevelopment of the 2.6.25 kernel now costs $1.3bn (part of a total $10.8bn to redevelop Fedora 9).
Again, Garcia-Garcia and Alonso de Magdaleno from University of Oviedo (Spain) estimate that the value annually added to kernel was about €100M between 2005 and 2007 and €225M in 2008, it would cost also more than €1bn (about $1.4bn as of February 2010) to develop in the European Union.
, using then-current LOC
(lines of code) of a 2.6.x Linux kernel and wage numbers with David A. Wheeler's calculations it would cost approximately $3bn (about €2.2bn) to redevelop the Linux kernel as it keeps getting bigger. An updated calculation , using then-current 20,088,609 LOC (lines of code) for the 4.14.14 Linux kernel and the current US National average programmer salary of $75,506 show it would cost approximately $14,725,449,000 dollars (£11,191,341,000) to rewrite the existing code.
Maintenance and long-term support
The latest kernel version and older kernel versions are maintained separately. Most latest kernel releases were supervised by Linus Torvalds.
Current versions are released by Greg Kroah-Hartman
The Linux kernel developer community maintains a stable kernel by applying fixes for software bug
s that have been discovered during the development of the subsequent stable kernel. Therefore, www.kernel.org will always list two stable kernels. The next stable Linux kernel is now released only 8 to 12 weeks later. Therefore, the Linux kernel maintainers have designated some stable kernel releases as ''longterm'', these long-term support
Linux kernels are updated with bug fixes for two or more years.
In November 2019 there were five longterm Linux kernels: 4.19.84, 4.14.154, 4.9.201, 4.4.201 and 3.16.76.
The full list of releases is at Linux kernel version history
Relation with Linux distributions
Most Linux users run a kernel supplied by their Linux distribution
. Some distributions ship the "vanilla" or "stable" kernels. However, several Linux distribution vendors (such as Red Hat
) maintain another set of Linux kernel branches which are integrated into their products. These are usually updated at a slower pace compared to the "vanilla" branch, and they usually include all fixes from the relevant "stable" branch, but at the same time they can also add support for drivers or features which had not been released in the "vanilla" version the distribution vendor started basing their branch from.
GPLv2 licensing terms
Initially, Torvalds released Linux under a license which forbade any commercial use.
This was changed in version 0.12 by a switch to the GNU General Public License
version 2 (GPLv2).
This license allows distribution and sale of possibly modified and unmodified versions of Linux but requires that all those copies be released under the same license and be accompanied by the complete corresponding source code.
Torvalds has described licensing Linux under the GPLv2 as the "best thing I ever did".
The Linux kernel is licensed explicitly only under version 2 of the GPL,
without offering the licensee the option to choose "any later version", which is a common GPL extension. The official git branch of Torvalds contains documentation that explains the kernel development process to people who want to work with the community and contribute code; it clearly states that "ny
contributions which are not covered by a PLv2
compatible license will not be accepted into the kernel.".
There was considerable debate about how easily the license could be changed to use later GPL versions (including version 3), and whether this change is even desirable.
Torvalds himself specifically indicated upon the release of version 2.4.0 that his own code is released only under version 2.
However, the terms of the GPL state that if no version is specified, then any version may be used,
and Alan Cox
pointed out that very few other Linux contributors had specified a particular version of the GPL.
In September 2006, a survey of 29 key kernel programmers indicated that 28 preferred GPLv2 to the then-current GPLv3 draft. Torvalds commented, "I think a number of outsiders... believed that I personally was just the odd man out because I've been so publicly not a huge fan of the GPLv3."
This group of high-profile kernel developers, including Torvalds, Greg Kroah-Hartman
and Andrew Morton
, commented on mass media about their objections to the GPLv3.
They referred to clauses regarding DRM
, patents, "additional restrictions" and warned a Balkanisation
of the "Open Source Universe" by the GPLv3.
Linus Torvalds, who decided not to adopt the GPLv3 for the Linux kernel, reiterated his criticism even years later.
Loadable kernel modules
It is debated whether some loadable kernel module
s (LKMs) are to be considered derivative work
s under copyright law, and thereby whether or not they fall under the terms of the GPL.
In accordance with the license rules, LKMs using only a public subset of the kernel interfaces
are non-derived works, thus Linux gives system administrators the mechanisms to load out-of-tree binary objects into the kernel address space.
There are some out-of-tree loadable modules that make legitimate use of the ''dma_buf'' kernel feature.
GPL compliant code can certainly use it. However, a different possible use case would be Nvidia Optimus
that pairs a fast GPU with an Intel integrated GPU, where the Nvidia GPU writes into the Intel
framebuffer when it is active. But, Nvidia cannot use this infrastructure because it necessitates bypassing a rule that can only be used by LKMs that are also GPL.
replied on LKML
, rejecting a request from one of their engineers to remove this technical enforcement from the API.
Torvalds clearly stated on the LKML that "
claim that binary-only kernel modules ARE derivative "by default"'".
On the other hand, Torvalds has also said that "ne
gray area in particular is something like a driver that was originally written for another operating system (i.e., clearly not a derived work of Linux in origin). THAT is a gray area, and _that_ is the area where I personally believe that some modules may be considered to not be derived works simply because they weren't designed for Linux and don't depend on any special Linux behaviour".
graphics drivers, in particular, are heavily discussed.
Firmware binary blobs
The official kernel, that is the Linus git branch at the kernel.org repository, does not contain any kind of proprietary code;
however Linux can search the filesystems to locate proprietary firmware, drivers, and other executable modules (collectively known as "binary blobs
"), then it can load and link them into the kernel space.
Whenever proprietary modules are loaded into Linux, the kernel marks itself as being "tainted",
and therefore bug reports from tainted kernels will often be ignored by developers.
When it is needed (e.g., for accessing boot devices or for speed) firmware can be built-in to the kernel, this means building the firmware into vmlinux
; however this is not always a viable option for technical or legal issues (e.g., it is not permitted to firmware that is non-GPL compatible).
Linux is a registered trademark
of Linus Torvalds
in the United States, the European Union, and some other countries.
A legal battle over the trademark began in 1996, when William Della Croce, a lawyer who was never involved in the development of Linux, started requesting licensing fees for the use of the word ''Linux''. After it was proven that the word was in common use long before Della Croce's claimed first use, the trademark was awarded to Torvalds.
* Operating system
* Monolithic Kernel
* Linux kernel version history
* Comparison of operating systems
* Comparison of operating system kernels
* Minix 3
* Microsoft Windows
** /kernel.org/doc/ Linux kernel documentation index
** /kernel.org/doc/man-pages/ Linux kernel man pages
for each recent kernel version
a source of various kernel-related information
Kernel coverage at LWN.net
an authoritative source of kernel-related information
Bootlin's Elixir Cross Referencer
a Linux kernel source code cross-reference
Category:Free software programmed in C
Category:Free system software
Category:Software using the GPL license
Category:Free and open-source software