1. Release Notes for Unbreakable Enterprise Kernel Release 5
  2. New Features and Changes

1 New Features and Changes

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7.5 and later on the x86-64 and 64-bit Arm (aarch64) architectures. It is based on the mainline Linux kernel version 4.14.35. This release also updates drivers and includes bug and security fixes.

Oracle actively monitors upstream check-ins and applies critical bug and security fixes to UEK R5.

UEK R5 is initially released with the 4.14.35-1818 version and build of the kernel.

UEK R5 uses the same versioning model as the mainline Linux kernel version. It is possible that some applications might not understand the 4.14 versioning scheme. However, regular Linux applications are usually neither aware of nor affected by Linux kernel version numbers.

Notable Features and Changes

The following sections describe the major new features of Unbreakable Enterprise Kernel Release 5 (UEK R5) relative to UEK R4.

64-bit Arm (aarch64) architecture

With Unbreakable Enterprise Kernel Release 5, Oracle delivers kernel modifications to enable support for 64-bit Arm (aarch64) architecture. These changes are built and tested against existing Arm hardware and provide support for Oracle Linux for Arm. Features described in this document are available for Arm insofar as the hardware is capable of supporting the feature that is described. Limitations and items beyond the scope of current development work for Arm are described in more detail in Unusable or Unavailable Features for Arm.

Other notable Arm-specific changes that have been made in UEK R5 include:

  • 64 KB Base Page Size

    During testing the use of a 64 KB base page size resulted in significant performance gains for workloads that stress memory, such as MySQL and Java middleware, where THP (Transparent Huge Pages) are not used or the application is not configured to use huge pages. This change results in better overall performance and removes complex configuration requirements to configure huge pages manually.

  • Arm port of DTrace code

    Kernel code has been patched to facilitate an Arm (aarch64) port of DTrace on UEK R5. This includes changes to add support for aarch64 in the SDT collection process and to allow SDT to be disabled even when DTrace is enabled. Profile and systrace providers have been updated and tested to be functional on aarch64.

  • Kdump modifications

    Changes were made to kexec to ensure that the crashdump kernel runs at exception level 2 (EL2)

  • KVM patches for Arm

    A large number of Arm-related backports are included to help to enable KVM for Arm.

  • CPU topology workaround to resolve missing cache information in ACPI

    Due to lack of an official cache property for Arm64 in ACPI, the CPU cache information is not present in sysfs. To resolve this issue, a patch has been applied to display default cache information until such time that ACPI provides better information.

Core Kernel Functionality

The following notable core kernel features are implemented in UEK R5:

  • Ambient Capability Mask included

    When performing privileged tasks, processes can be assigned capabilities in the form of different masks. The ambient capability mask is added to help solve inheritability problems in the current capability model that made capabilities difficult to use.

  • kmod support for PKCS#7

    Previous versions of kmod, up through 20-21.0.1, do not support the PKCS#7 signature type. As a result, the modinfo command does not display signature information for a signed module. As a workaround, confirmation that a module is signed may be obtained by checking for the label ~Module signature appended~ returned at the end of the module binary. For example: 

    # xzgrep 'Module signature appended' /lib/modules/<kernel_version>/kernel/drivers/net/dummy.ko.xz
Binary file (standard input) matches

    Starting with kmod version 20-21.0.2, basic PKCS#7 signature type support has been added. You can use modinfo to display whether a PKCS#7 signature is present. However, note that signer and sig_key information is still missing and that the algorithm displayed for the sig_hashalgo value may incorrectly display as using the md4 algorithm when the sha512 algorithm has been used instead. Note that the default algorithm used for module signature hashes in UEK R5 is sha512.

  • xz kernel compression enabled

    The CONFIG_HAVE_KERNEL_XZ option is enabled in UEK R5. This means that the kernel image and all kernel modules are automatically compressed, using xz compression, when compiled. Module file suffixes indicate that they are compressed and differ from the suffix used in UEK R4 and other previous releases of UEK. For example, modules are named in the format: module.ko.xz. This change significantly reduces kernel footprint and package size.

  • cgroup updates and changes

    The cgroup mechanism has been updated and improved in UEK R5. Notable upstream changes available in this release include:

    • Berkeley packet filter (BPF) cgroup controller and pids controller configuration enabled in the kernel.

    • Thread mode for cgroup v2 is available to enable thread granularity for some controllers. This update facilitates hierarchical resource distribution across the threads of a group of processes. By default, all threads of a process belong to the same cgroup, which also serves as the resource domain to host resource consumptions which are not specific to a process or thread. The thread mode allows threads to be spread across a subtree while still maintaining the common resource domain for them.

    • The memcontrol cgroup has introduced three new entries in memory.stat: workingset_refault (number of refaults of previously evicted pages), workingset_activate (number of refaulted pages that were immediately activated), and workingset_nodereclaim (number of times a shadow node has been reclaimed).

    • The memcontrol cgroup now also provides shmem statistics.

    • The rdma cgroup controller was added to perform accounting and limit enforcement on RDMA or InfiniBand resources.

    • A new boot option, cgroup_no_v1, has been added to make it possible to disable specified controllers in cgroup v1 mounts, so that they remain available for cgroup v2 mounts.

  • Futex scalability improvements

    Several improvements were made to futex code, including the addition of a patch that removes the requirement to lock pages when handling keys for shared futexes. These improvements can boost hashing of shared futexes significantly, resulting in better performance.

  • Legacy mcelog device enabled

    The kernel configuration option CONFIG_X86_MCELOG_LEGACY is enabled in UEK R5. Although support for /dev/mcelog is deprecated upstream and this option is usually disabled by default, this device is required for the Oracle Linux FMA Software that is part of the Oracle Hardware Management Pack.

Cryptography

The following notable cryptographic features are implemented in UEK R5:

  • Intel QuickAssist Technology enabled

    UEK R5 enables Intel QuickAssist Technology, which is used to offload cryptographic workloads to hardware capable of optimizing these operations. UEK R5 includes the drivers and firmware required to use this hardware for cryptographic compression and acceleration. No user space packages are provided for this technology at this point.

DTrace

The following notable DTrace features and fixes are implemented in UEK R5:

  • SDT probes enabled for KASLR-enabled kernels

    A fix has been applied to resolve an issue that caused a kernel crash if Kernel Address Space Layout Randomization (KASLR) was enabled and DTrace SDT probes were enabled at the same time. DTrace can now be used with KASLR-enabled kernels.

  • Added dynamic debugging

    Where a kernel is enabled for dynamic debugging (CONFIG_DYNAMIC_DEBUG is enabled), DTrace is built with all debugging messages enabled.

  • Array size boundary checking in user space

    An enhancement was applied to the DTrace user space packages to add checking of the bounds of non-associative arrays, both in CTF and in declared arrays. Lvalue arrays used for assignment are also bounds-checked. It is possible to bypass the bounds checking by casting to an untyped pointer type. For example: 

     ((char *)curlwpsinfo->pr_name)[500]

  • Disassembler prints all actions

    A fix has been applied to the D disassembler to follow the full chain of actions per statement so that it prints out all actions.

  • PID provider added

    A new PID provider has been added to both the DTrace kernel and user space code. It extends the existing fasttrap provider (used for USDT probes) with the ability to set function boundary probes on user space functions, and to probe most arbitrary instructions within user space functions. It is called the 'pid' provider because it is a meta-provider that creates user space tracing providers on demand based on process IDs (pid).

File Systems

The following sections detail the most notable features that have been implemented for file systems in UEK R5:

Btrfs

Several Btrfs improvements and patches have been applied to provide fixes for bugs that may be present in RHCK or in previous UEK releases. These include, but are not limited to:

  • A fix for the issue where using btrfs send on a large deduped file resulted in a soft lockup or out-of-memory issue.

  • A fix for the issue where a kernel panic would occur when freeze and unfreeze operations were performed in multiple threads.

  • Fixes for handling of quota groups to resolve leak issues and a problem with reference counts after cloning a file between subvolumes.

  • Improvements to quota accounting for quota groups to improve stability and resolve issues when handling missing records when performing a back reference walk.

ext4

The following ext4 features have been implemented:

  • Synchronous DAX faults

    UEK R5 enables use of synchronous DAX faults in the ext4 file system. This includes fixes to the libnvdimm code to improve DAX functionality and to introduce a mechanism to enable a user space flush of persistent memory updates by using file system to DAX mappings. Standard ACPI 6.2 label access and error injection methods are also available. Fixes were also applied to simplify error handling for DAX faults.

OCFS2

Several OCFS2 improvements and patches have been applied in this update, including the following notable items:

  • Inode cluster lock set before moving reflinked inodes

    A fix was applied to inode cluster locking to ensure that a cluster lock is taken in EX mode before initializing security ACLs on the orphan inode that is being moved to a reflinked destination. This fix helps to prevent problems from occurring due to missing checks on lock modes.

  • Added feature to attempt to reuse the extent block in dealloc without meta_alloc

    A feature was added to reuse the extent block cached in dealloc after it has been unlinked from the extent tree to resolve an issue where the extent tree needs to grow but no metadata has been reserved ahead of time. By reusing the extents in dealloc, where deleted extents are cached, the extent tree can grow without the need to reserve additional metadata. This patch can solve a potential crash issue.

XFS

The following XFS features have been implemented:

  • Support for reflink and deduplication

    Stability fixes and the in-memory extent map redesign for XFS reflink functionality have been backported from the upstream 4.15 kernel. These fixes and enhancements allow for the removal of EXPERIMENTAL warnings that were generated by the kernel at mount time and includes a fix that resolves an issue that was causing file system shutdowns when memory became too fragmented. The support for mapping multiple file logical blocks to the same physical block (reflink/deduplication) that this backport makes available to this release, brings XFS into line with other file systems such as OCFS2 and Btrfs.

    The user space packages for XFS, xfsprogs, have been updated to version 4.14 to properly handle XFS reflinking.

    DAX is disabled on reflink file systems and attempts to mount a reflink file system with DAX are rejected with an error message.

  • Synchronous DAX faults enabled

    UEK R5 enables use of synchronous DAX faults in the XFS file system. This change includes fixes to the libnvdimm code to improve DAX support and to introduce a mechanism to enable a user space flush of persistent memory updates by using file system to DAX mappings. Standard ACPI 6.2 label access and error injection methods are also available. Fixes were also applied to simplify error handling for DAX faults.

  • Realtime subvolume support enabled

    By default, UEK R5 enables XFS realtime subvolume support. This capability makes it possible to mount a realtime subvolume on systems running UEK R5.

Memory Management

The following notable memory management features are implemented in UEK R5:

  • Heterogeneous Memory Management (HMM) support

    UEK R5 introduces HMM, a helper layer that allows device drivers to mirror address space for a process. This new memory management facility includes features to shadow the CPU page table of a process into a device specific page table and to keep both the tables synchronized; to handle DMA mapping for the shadowed page table; and to migrate private anonymous memory to private device memory and vice versa. These features allow device drivers to avoid pinning memory which blocks some kernel features and allows the user space API to decouple from the requirement to manually manage memory copies to and from device memory. The change is transparent to the user space, effectively allowing a library to use GPU, DSP or FPGA without requiring links within the application.

  • hugetlbfs hole punching enhancement

    Updates to the userfaultfd mechanism to allow it to deliver a SIGBUS signal to the faulting process, instead of a page-fault event. This update to userfaultfd allows an application to prevent pages from being allocated implicitly when a hole in a hugetlbfs file is accessed by using the mapped address so that an application can explicitly manage page allocations of hugetlbfs files.

Networking

The following notable networking features are implemented in Unbreakable Enterprise Kernel Release 5:

  • TCP-BBR available

    UEK R5 makes available TCP-BBR, a feature that can be used to achieve higher bandwidth and lower latency for internet traffic to offer significant performance improvements for internet based applications. BBR (Bottleneck Bandwidth and Round-Trip Time) is a scheduling algorithm that helps to control the transmit rate of the TCP protocol to reduce buffering by monitoring round trip times against bandwidth bottlenecks to reduce TCP congestion. The TCP-BBR algorithm is not enabled by default in UEK R5 and the default TCP congestion control algorithm is set to cubic.

  • net.ipv4.tcp_tw_recycle removed

    The tcp_tw_recycle option, for IPv4 connections, is removed from UEK R5. This option was removed from the upstream Linux kernel in version 4.12. The option caused issued for load-balanced connections or connections that made use of network address translation. After the randomization of TCP timestamp offsets, the option created issues with all TCP connections and became non-functional. Its removal is equivalent to setting net.ipv4.tcp_tw_recycle to 0, which was the default configuration on previous kernel generations.

NUMA

Many modern multiprocessors have non-uniform memory access (NUMA) memory designs, where the performance of a process can depend on whether the memory range being accessed is attached to the local CPU or to another CPU. As performance is different depending on memory locality, the operating system should ideally schedule a process to run on the CPU whose memory controller is connected to the memory to be accessed.

  • NUMA balancing enabled

    UEK R5 includes improvements and fixes to NUMA balancing to resolve issues that caused high I/O Wait times when this feature was enabled. NUMA balancing is automatically enabled on systems that have multiple NUMA nodes.

RDMA

Remote Direct Memory Access (RDMA) is a feature that allows direct memory access between two systems that are connected by a network. RDMA facilitates high-throughput and low-latency networking in clusters.

Unbreakable Enterprise Kernel Release 5 includes RDMA features that are provided in the upstream kernel, with the addition of Ksplice and DTrace functionality, along with Oracle's own RDMA features, including support for RDS and Shared-PD.

The following RDS protocols are enabled with UEK R5:

  • Reliable Datagram Sockets (RDS) is a high-performance, low-latency, reliable connectionless protocol for datagram delivery

  • Internet Protocol over InfiniBand (IPoIB)

Note:

Ethernet tunneling over IPoIB (eIPoIB) is not supported with UEK R5.

The following RDS features are enabled with UEK R5:

  • Quality of Service (QoS)

  • Active Bonding (AB)

  • Netfilter (NF)

Oracle provides support for RDMA on InfiniBand on the following Oracle-branded HCAs as delivered inside Oracle Engineered Systems:

  • Sun InfiniBand Dual Port 4x QDR Host Channel Adapters M2

  • Oracle Dual Port QDR InfiniBand Adapter M3

New RDMA features implemented in UEK R5 include:

  • Mellanox HCA drivers updated

    The Mellanox mlx4 HCA driver has been updated for Ethernet and InfiniBand. The Mellanox mlx5 HCA driver has been updated for future functionality.

  • RDMA subsystem updated

    The RDMA subsystem has been updated. This includes an update to ib_core and new user land based on upstream RDMA Core libraries.

  • QoS features added

    Quality-of-Service (QoS) technologies such as PFC and CNP Counters and DSCP (including DSCP-to-Priority Mapping) have been added to facilitate QoS.

  • resilient_rdmaip module added

    The Active-Active Bonding feature that was previously available in the RDS driver module is moved into a new independent driver module, resilient_rdmaip, in UEK R5. This change acknowledges that the Active-Active Bonding feature is more generic and applies more widely to RDMA, as a whole. It also helps to reduce code complexity within the RDS module and brings the UEK RDS driver closer to matching the upstream RDS implementation. Finally, this change facilitates further improvement to the Active-Active Bonding code.

Security

The following notable security features are implemented in Unbreakable Enterprise Kernel Release 5:

  • Secure boot improvements

    Secure boot is designed to protect a system against malicious code being loaded and executed early in the boot process. Secured platforms load only software binaries, such as option ROM drivers, boot loaders, and operating system loaders, that are unmodified and trusted by the platform. While the operating system is loaded, measures have been added to prevent malicious code from being injected on subsequent boots. Although this feature was available in previous releases of UEK, the implementation differed significantly from the approach taken in UEK R5. The new design avoids any relation to the securelevel security mechanism used in BSD kernels. These updates and changes help to ensure that the approach that is taken in UEK R5 brings Oracle Linux in line with other mainstream distributions.

    Some of the secure boot features that are applied to the kernel when it is locked down are described briefly in the following list:

    • Facilitates using keys in the UEFI database when in secure boot mode

    • Enforces module signatures

    • Disallows access to /dev/mem, /dev/kmem and /proc/kcore

    • Disallows do_kexec_load, which is used to allocate structs and load initram

    • Copies the secure_boot flag in the boot parameters across kexec reboots

    • Disallows images to be loaded into trusted kernels where the signature is not verified in the kexec_file

    • Disables hibernate and user space software suspend (uswsusp)

    • Locks down PCIe Base Address Register access

    • Locks down IO port access

    • Restricts CPU Model Specific Register access

    • Restricts the debugfs interface in the ASUS WMI driver

    • Restricts access to custom ACPI methods

    • Ignores the acpi_rsdp kernel parameter

    • Disables ACPI table override

    • Disables ACPI Platform Error Interface (APEI) error injection

    • Disables the EATA SCSI driver

    • Prohibits PCMCIA CIS storage

    • Prohibits using TIOCSSERIAL to change device addresses, IRQs and DMA channels

    • Prevents using module parameters that specify hardware options (such as ioport)

    • Disables the testmmiotrace module

    • Disables debugfs

    • Disables kprobes for debugging

    • Disables Berkeley Packet Filter functions

    • Disables DTrace

    Several new kernel configuration options have been added to cater for secure boot:

    • LOCK_DOWN_KERNEL: Allows the kernel to be locked down under certain circumstances, such as when UEFI secure boot is enabled.

    • LOCK_DOWN_IN_EFI_SECURE_BOOT: Allows kernel lockdown to be triggered if EFI Secure Boot is set in an EFI variable provided by system firmware if not indicated by a boot parameter.

    • LOAD_UEFI_KEYS: Allows a kernel in secure boot mode to load modules signed with UEFI-stored keys and to reject modules signed with keys that match the blacklist.

  • User space updates to enable FIPS

    The dracut package for Oracle Linux 7 has been updated to dracut-033-535.0.2. This update enables FIPS support and compatibility with UEK R5. You must install this version or higher of the dracut package if you intend to enable FIPS mode on a system running UEK R5. See Oracle Linux 7: Security Guide for more information.

Storage

The following notable storage features are implemented in Unbreakable Enterprise Kernel Release 5:

  • NBD functionality enabled

    Network Block Device (NBD) functionality is enabled as a loadable kernel module in UEK R5. This allows the operating system to use a remote server as one of its block devices by using TCP.

  • libnvdimm subsystem added to kernel and updated for PMEM and DAX

    The libnvdimm kernel subsystem, which is responsible for the detection, configuration, and management of Non-Volatile Dual Inline Memory Modules (NVDIMMs) is enabled in UEK R5. If NVDIMMs are present in the system, they are exposed through the /dev/pmem* device nodes and can be configured by using the ndctl utility.

    PMEM through libnvdimm, also makes DAX (Direct Access) functionality available. DAX is a facility that avoids the overhead of traditional buffer I/O on the page cache and produces direct file mappings into user space.

    Upstream patches for libnvdimm were also backported to introduce a 'flags' attribute that exports the generic DIMM status to indicate whether it is locked or whether it is in an alias state; and to clean up some code for better stability.

    ACPI 6.2 allows for named methods to access the label storage area of an NVDIMM. A patch has been applied to ensure that the new standard _LSI, _LSR and _LSW label methods are used, if available, and to fall back to use the NVDIMM_FAMILY_INTEL device-specific methods. This enables interoperability with environments that only implement standardized methods.

  • TCMU functionality backported

    TCMU (Target Core Module in Userspace) features have been backported from the 4.16 release of the upstream kernel to enable this functionality in UEK R5. These features allow Linux I/O iSCSI targets to be run as user space programs and facilitate targets to function in a Highly Available manner, allowing failover and failback of multiple iSCSI target gateways without data corruption.

Virtualization

The following notable virtualization features are implemented in Unbreakable Enterprise Kernel Release 5:

  • KVM updated to include backported bug fixes

    KVM features in the upstream 4.15 and 4.16 kernels are backported into UEK R5. Many of these patches offer better stability and resolve bugs and performance issues.

  • Secure Encrypted Virtualization (SEV) for AMD-V enabled

    AMD's Secure Encrypted Virtualization (SEV) feature that extends the AMD-V architecture has been enabled in UEK R5 and upstream patches from the 4.16 kernel have been backported to ensure that the latest features and functionality are available. Hardware that supports SEV can use this feature to run multiple virtual machines under the control of a hypervisor in a more secure fashion. Private memory space can be encrypted with a guest-specific key, while shared memory space can be encrypted with a hypervisor key. This feature can protect data on guest virtual machines from a potentially compromised hypervisor.

  • User-Mode Instruction Prevention (UMIP) for Intel enabled

    Intel's UMIP feature has been enabled in UEK R5 and upstream patches from the 4.16 kernel have been backported to ensure that the latest features and functionality are available. UMIP is a security feature present in newer Intel processors, that can prevent the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0. UMIP helps to protect access to system-wide settings such as the global and local descriptor tables, the task register and the interrupt descriptor table. UMIP has specifically been integrated with KVM to enable support for UMIP within a virtualized environment.

  • Paravirtual TLB shootdown implemented

    Patches have been applied to implement a KVM paravirtual translation lookaside buffer (TLB) shootdown algorithm. TLB is a memory cache that reduces the time taken to access a memory location. TLB shootdown is an operation that runs on multi-processor machines to flush the TLB on all processors to ensure that page restrictions are respected. Typically, TLB shootdown is managed by the host scheduler. In environments where multi-CPU virtual machines are running, VCPUs are not scheduled simultaneously. This can waste CPU cycles and cause synchronization latency, particularly in oversubscribed situations. The paravirtual TLB shootdown code helps to resolve this and makes TLB invalidation significantly more effective.

Driver Updates

The Unbreakable Enterprise Kernel Release 5 supports a large number of hardware and devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 4.14.35.

A complete list of the driver modules included in UEK R5 along with version information is provided in the appendix at Driver Modules in Unbreakable Enterprise Kernel Release 5 (x86_64).

Notable Driver Features

The following new features are noted in the drivers shipped with UEK R5:

  • VXLAN offload support on Mellanox CX-5 HCAs

    The mlx5e driver has added netdev support for VXLAN tunneling. This feature reduces CPU overhead by offloading packet processing for VXLAN encapsulation to the HCA hardware directly. This reduces system load for VXLAN tunneling, improves performance and reduces packet throughput.

  • Hyper-V drivers updated

    The Hyper-V storage driver, hv_storvsc, has been updated to provide performance improvements for I/O operations on certain workloads by eliminating bounce buffers. The Hyper-V network driver, hv_netvsc, has been updated to support transparent SR-IOV on Virtual Function devices to reduce configuration complexity and the use of a dedicated bonding driver and script to handle hot plugging of the required PCI devices.

    A large number of other upstream patches from the 4.15 and 4.16 Linux kernel versions have been backported to deliver a full range of expected functionality and features for Hyper-V on UEK R5.

  • QLogic QEDF 25/40/50/100Gb FCoE driver added

    The QLogic QEDF 25/40/50/100Gb FCoE driver, qedf, has been added to the driver modules included in this kernel release. The driver introduces FCoE support for QLogic 41000 Series Converged Network Adapters.

  • FC-NVMe transport support for Emulex and QLogic devices enabled

    The NVM Express drivers, nvme, have been patched and updated to support enabling NVMe over Fibre Channel fabrics. This change involved the addition of several new nvme modules, updates to other modules, such as the Emulex LightPulse Fibre Channel SCSI driver, lpfc and modifications to kernel block layer code such as the multi-queue block I/O queueing mechanism. Note that this functionality is currently available as a technical preview. Hardware vendors are responsible for testing and supporting FC-NVMe transport for their own devices. For more information on FC-NVMe support for your hardware, please contact your hardware vendor.

  • Broadcom/Emulex LightPulse Fibre Channel SCSI driver updated to 12.0.0.2

    The Broadcom/Emulex LightPulse Fibre Channel SCSI driver, lpfc has been updated to version 12.0.0.2. This release adds support for Emulex 32/64GB Host Bus Adapters and the initial framework to enable NVMe on Fibre Channel. Note that FC-NVMe in lpfc is available as a technical preview.

  • QLogic Fibre Channel HBA driver updated to 10.00.00.06-k1

    The QLogic Fibre Channel HBA driver, qla2xxx has been updated to version 10.00.00.06-k1. Changes include many bug fixes for stability and performance. This release also includes a large number of vendor supplied and upstream patches to enable NVMe on Fibre Channel. Note that FC-NVMe in qla2xxx is available as a technical preview.

  • LSI MPT Fusion SAS 3.0 device driver updated

    The LSI MPT Fusion SAS 3.0 device driver, mpt3sas, has been patched and updated to support NVMe drives and to add support for the Broadcom SAS3616 HBA. Other upstream patches have also been applied for bug fixes.

  • Amazon Elastic Network Adapter driver updated to 1.5.0k

    The Elastic Network Adapter driver, ena, has been updated to version 1.5.0k. This version provides a number of upstream bug fixes and improvements. Additional features include additional power management operations, initial support for IPv6 RSS and improved driver robustness.

  • Avago MegaRAID SAS driver updated

    The Avago MegaRAID SAS driver, megaraid_sas, has been updated to version 07.704.04.00-rc1 and includes upstream and vendor supplied patches. Additional features include added support for the SAS3.5 generation of MegaRAID SAS controllers. Changes were also applied to cater for the potential to increase the adapter Queue Depth (QD) to 9k.

  • Interface driver for GENEVE encapsulated traffic included

    The interface driver for GENEVE encapsulated traffic, geneve, is included in this release of the kernel. Although this driver is provided simply as part of the upstream code used by this kernel release, it is mentioned as its inclusion resolves a known issue in Oracle Linux 7.5.

New and Updated Packages

To support the newly added functionality that the UEK R5 provides, several kernel and user space binary packages have been added or updated from the ones included in the base distribution. For more information about the ULN channels and Oracle Linux yum server repositories in which these packages are available, see Installation and Availability.

Kernel space packages that are adde and updated for UEK R5 are labeled with the prefix kernel-uek. The linux-firmware package is also updated with the latest available firmwares.

The packages listed here are specific to user space functionality and are updated to take advantage of features available in UEK R5. There is no dependency on these packages to use UEK R5. If you use any of these packages and also use UEK R5 you should update the package to the latest version for full compatibility with all of the features available in UEK R5.

  • bcache-tools

  • btrfs-progs

  • btrfs-progs-devel

  • daxctl

  • daxctl-devel

  • daxctl-libs

  • debugmode

  • dracut

  • dracut-caps

  • dracut-config-generic

  • dracut-config-rescue

  • dracut-fips

  • dracut-fips-aesni

  • dracut-network

  • dracut-tools

  • dtrace-utils

  • dtrace-utils-devel

  • dtrace-utils-testsuite

  • initscripts

  • iproute

  • iproute-devel

  • iproute-doc

  • iproute-tc

  • ixpdimm-cli

  • ixpdimm-data

  • ixpdimm-devel

  • ixpdimm-monitor

  • libdtrace-ctf

  • libdtrace-ctf-devel

  • libinvm-cim

  • libinvm-cim-devel

  • libinvm-cli

  • libinvm-cli-devel

  • libinvm-i18n

  • libinvm-i18n-devel

  • libixpdimm

  • libixpdimm-cim

  • libixpdimm-cli

  • libpmem

  • libpmem-debug

  • libpmem-devel

  • libpmemblk

  • libpmemblk-debug

  • libpmemblk-devel

  • libpmemcto

  • libpmemcto-debug

  • libpmemcto-devel

  • libpmemlog

  • libpmemlog-debug

  • libpmemlog-devel

  • libpmemobj

  • libpmemobj++-devel

  • libpmemobj-devel

  • libpmempool

  • libpmempool-debug

  • libpmempool-devel

  • librpmem

  • librpmem-debug

  • librpmem-devel

  • libvmem

  • libvmem-debug

  • libvmem-devel

  • libvmmalloc

  • libvmmalloc-debug

  • libvmmalloc-devel

  • libzstd

  • libzstd-devel

  • ndctl

  • ndctl-devel

  • ndctl-libs

  • pmempool

  • rpmemd

  • xfsprogs

  • xfsprogs-devel

Compatibility

Oracle Linux maintains full user space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version running underneath the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 5 and no re-certifications are needed for RHEL certified applications.

To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R5 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R4 that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor.

Certification of UEK R5 for Oracle products

Note that certification of different Oracle products on UEK R5 may not be immediately available at the time of a UEK R5 release. You should always check to ensure that the product that you are using is certified for use on UEK R5 before upgrading or installing the kernel. Check certification at https://support.oracle.com/epmos/faces/CertifyHome.

Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1 available at https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1369107.1.

Oracle Automatic Storage Management Filter Driver (Oracle ASMFD) certification for different kernel versions is described in Document ID 2034681.1 available at https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=2034681.1.