3.3 Red Hat Compatible Kernel

The following notable features, enhancements, and changes apply to the Red Hat Compatible Kernel (RHCK) that is shipped with Oracle Linux 8.

  • modinfo command updated to recognize and display the PKCS#7 module signature.  The modinfo command has been updated to recognize and display signature information, such as signature key fingerprint, signer, and correct hash algorithm, for modules that are signed with CMS and PKCS#7 formatted signatures. Also, note that previous versions of the modinfo command incorrectly displayed these modules as signed with the MD4 hash and did not display the appropriate signature information, such as the signature key or the correct hash algorithm.

  • Some kernel modules have been moved to the kernel-modules-extra package.  To increase security in Oracle Linux 8, a set of kernel modules have been moved to the kernel-modules-extra package, which means none of these modules are installed by default. As a consequence, non-root users cannot load these components, as they are also blacklisted by default. To use one of these kernel modules, as the root user, you must install the kernel-modules-extra package, then explicitly remove the module blacklist. As a result, non-root users will be able to load the software component automatically.

    To check whether a module was moved and is now included in the kernel-modules-extra package, you can run the following command:

    # dnf repoquery -l kernel-modules-extra
  • 5-level paging added.  T has been updated to include a new P4d_t software page table type. This change enables 5-level paging in Oracle Linux 8. This feature requires hardware support which may not be available on your processor type.

  • Memory management 5-level paging added.  Memory bus limits have been extended to 57/52 bit of virtual/physical memory addressing, with 128 PiB of virtual address space and 4 PB of physical memory capacity. This extended address range allows the memory management feature in Oracle Linux 8 to enable 5-level paging, which is capable of handling an expanded address range.

    The I/O memory management unit (IOMMU) code in the Linux kernel is also updated in this release to enable 5-level paging tables.

  • Support for Control Group v2 added.  This release supports the Control Group v2 mechanism, which organizes processes hierarchically and distributes system resources along the hierarchy in a controlled and configurable manner. Unlike the previously supported version, Control Group v2 is a single hierarchy that categorizes processes based on the role of the process owner and eliminates issues with conflicting policies and multiple hierarchies.

    The Control Group v2 mechanism supports numerous controllers, including the following: CPU controller, memory controller, I/O controller, PID controller, and the RDMA controller. Note that the I/O controller, in conjunction with the memory controller, implements the control of page cache write-back IOs.

    Note

    Support for the cpuset Cgroup v2 controller is not currently available in Oracle Linux 8.

  • Capability for reporting eBPF-based programs and maps added to sosreport tool.  In Oracle Linux 8, the sosreport tool includes the capability for reporting any loaded extended Berkeley Packet Filtering (eBPF) programs and maps.

  • bpftool added.  Support for the bpftool tool has been added to the Linux kernel. This tool is used for inspection and the basic manipulation of programs and maps that are based on eBPF. The bpftool tool is part of the kernel source tree and is provided by the bpftool package, which is a subpackage of the kernel package.

  • Support for early kdump added.  The early kdump feature enables the crash kernel and initramfs to load early so that it can capture vmcore information, including early crashes. Previously, the kdump service did not start soon enough to capture crash information (vmcore), especially for early kernel crashes. See the /usr/share/doc/kexec-tools/early-kdump-howto.txt file for more details.