3.5 Red Hat Compatible Kernel

The following changes are specific to the Red Hat Compatible Kernel (RHCK). For more information, refer to latest versions of the release notes for Oracle Linux Unbreakable Enterprise Kernel Release 5 in the Unbreakable Enterprise Kernel Documentation library.

  • IMA and EVM features available on all architectures.  In this update, the Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM) features are available on all architectures. The IMA and EVM features are used to monitor files for accidental or malicious altering. In Oracle Linux 7 Update 6, these features were only available on the AMD64 and Intel 64 architectures.

  • PMTU discovery and route redirection provided for VXLAN and GENEVE tunnels.  This enhancement adds Path MTU (PMTU) discovery and route redirection for Virtual Extensible LAN (VXLAN) and Generic Network Virtualization Encapsulation (GENEVE) tunnels. The kernel can now handle Internet Control Message Protocol (ICMP) error messages such as "Destination Unreachable" and "Redirect Message", as well as ICMPv6 error messages such as "Packet Too Big" and "Destination Unreachable" for VXLAN and GENEVE tunnels, which is done by adjusting the PMTU and modifying the forwarding information.

  • Spectre V2 mitigation default changed from IBRS to Retpoline on new Oracle Linux 7 Update 7 installations.  On new Oracle Linux 7 Update 7 installations, the default mitigation for the Spectre V2 vulnerability (CVE-2017-5715) for systems with the 6th Generation Intel Core Processors and close derivatives has changed from Indirect Branch Restricted Speculation (IBRS) to Retpoline. This implementation is a result of Intel’s recommendations to align with the defaults that are used in the Linux community and also to restore lost performance. Note that using Retpoline in certain situations might not fully mitigate Spectre V2.