1. Release Notes for Unbreakable Enterprise Kernel Release 5 Update 5
  2. New Features and Changes

1 New Features and Changes

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7.5 and later on the x86_64 and 64-bit Arm (aarch64) architectures. The release is based on the mainline Linux kernel version 4.14.35. This release also updates drivers and includes bug and security fixes.

UEK R5U5 uses the 4.14.35-2047 version and build of the UEK R5 kernel, which includes security and bug fixes, as well as driver updates.

Oracle actively monitors upstream check-ins and applies critical bug and security fixes to UEK R5.

UEK R5 uses the same versioning model as the mainline Linux kernel version. It is possible that some applications might not understand the 4.14 versioning scheme. However, regular Linux applications are usually neither aware of nor affected by Linux kernel version numbers.

Notable Features and Changes

The following are the major new features of Unbreakable Enterprise Kernel Release 5 Update 5 (UEK R5U5), relative to UEK R5U4.

64-bit Arm (aarch64) Architecture

With UEK R5U5, Oracle continues to deliver kernel modifications to enable support for 64-bit Arm (aarch64) architecture. These changes are built and tested against existing Arm hardware and provide support for Oracle Linux for Arm. Features described in this document are available for Arm insofar as the hardware is capable of supporting the feature that is described. Limitations and items that are beyond the scope of current development work for Arm are described in more detail in Unusable or Unavailable Arm Features.

Core Kernel Functionality

UEK R5U5 provides core kernel functionality that is equivalent to UEK R5U4 and makes use of the same upstream mainline kernel release and upstream LTS bug fixes. Additional patches to enhance existing functionality and provide some minor bug fixes and security improvements are also included. Key changes are specific to the functionality that is required for Oracle Database and other Oracle software.

Page Clearing Optimizations

Optimizations to the code that handles page cache clearance can improve performance in KVM for large guests, which can result in much quicker start-up times. These optimizations offer significant performance gains: the changes are localized to the hardware platforms for which they are designed, such as Intel's next-generation Icelake server hardware platform. These changes do not impact other hardware platforms.

File Systems

The following notable file system changes are implemented in UEK R5U5:

  • Btrfs

    Several security issues for Btrfs were backported and are resolved in this update release. Upstream bug fixes are also applied to this release.

  • CIFS

    Upstream bug fixes are applied to this release.

  • Ext4

    Multiple upstream bug fixes are applied to this release. A security issue is also resolved in this release.

  • NFS

    Multiple upstream bug fixes are applied and two security issues are also resolved in this release.

  • OCFS2

    Several bugs that are fixed in the upstream 5.7 kernel release have been backported to this update release for OCFS2. An unused function is removed from the source code to reduce bloat and improve performance. A bug fix is applied to better handle changes to ACLs so that a remount is no longer required to display these changes. A fix is applied for an issue that caused reflink operations from some nodes to hang for very long time while waiting for the cluster lock on an orphan directory.

  • XFS

    Upstream bug fixes, including a fix to resolve a build warning, as well as a security patch, are applied in this update.

Networking

UEK R5U5 supports 1/10/25/50/100 Gb Ethernet ports. 200 Gb Ethernet ports are not enabled in UEK R5U5, as the changes that are required to support this feature affect the kernel ABI. Oracle maintains kernel ABI compatibility through the entire UEK R5 lifecycle. If you require the use of 200 Gb Ethernet ports, use UEK R6.

RDMA

Remote Direct Memory Access (RDMA) is a feature that allows direct memory access between two systems that are connected by a network. RDMA facilitates high-throughput and low-latency networking in clusters.

Unbreakable Enterprise Kernel Release 5 Update 5 includes RDMA features that are provided in the upstream kernel, with the addition of Ksplice and DTrace functionality and Oracle's own RDMA features, which includes support for RDS and Shared-PD.

Notable changes to the RDMA implementation in UEK R5U5 include the following:

  • Improvements to RDS failover/failback performance

    RDS handling of failover and failback is improved to boost performance. Most significantly, a change in the RDS connection algorithm called "RDS yields" resolves issues that caused RDS connections to hang for periods when two parties attempted a simultaneous connection. Additionally, changes are implemented to prevent sleep within worker threads, which could block other work on the same work queue.

  • Improved tracing on RDS for debugging

    Tracepoints have been added to RDS code for support within eBPF and DTrace, to replace legacy debugging mechanisms. These changes enable better debugging and integration with existing tracing tools.

  • RDMA bug fixes and optimizations

    General bug fixes and optimizations for RDMA are also included in this update release, including the resolution of a bug to properly handle RDMA cancel requests.

Security

The following notable security features are implemented in UEK R5U5:

  • securityfs interface for Secure Boot lockdown mode added

    The lockdown file for the securityfs interface (/sys/kernel/security/lockdown) now includes capability for reading and setting the Secure Boot lockdown state. For example, you can use the cat command to view the current configuration and use a piped echo command to set a new value: 

    $ sudo cat /sys/kernel/security/lockdown
[none] integrity confidentiality
$ sudo echo 'integrity' > /sys/kernel/security/lockdown
$ sudo cat /sys/kernel/security/lockdown
none [integrity] confidentiality

    Note that after a lockdown mode is set, you are unable to write to this file again without a system reboot with lockdown disabled.

Driver Updates

Unbreakable Enterprise Kernel Release 5 supports a large number of hardware and devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 4.14.35.

A complete list of the driver modules that are included in UEK R5U5, along with version information, is provided in the appendix at Driver Modules in Unbreakable Enterprise Kernel Release 5 Update 5 (x86_64).

Notable Driver Features and Updates

The following driver updates are included in UEK R5U5, relative to UEK R5U4:

  • Intel i10nm Error Detection And Correction (EDAC) driver

    The i10nm Error Detection And Correction (EDAC) driver (i10nm_edac) is enabled in this release to facilitate this functionality on Intel's next-generation 10nm-based server CPUs, code name Icelake.

  • Broadcom BCM573xx network driver

    The Broadcom BCM573xx network driver (bnxt_en) is updated to version 1.10.1 with additional patches. This update includes vendor-supplied patches and bug fixes.

  • Intel QuickData Technology driver

    The Intel QuickData Technology driver (ioatdma) is updated to version 5.00 and enabled in this release to facilitate this functionality on Intel's next-generation 10nm-based server CPUs, code name Icelake.

  • LSI MPT Fusion SAS 3.0 Device driver

    The LSI MPT Fusion SAS 3.0 Device driver (mpt3sas) is updated to version 36.100.00.00 to include vendor-supplied patches that bring the driver version in line with the upstream kernel release.

  • Marvell PHY driver

    The Marvell PHY driver (marvell) is updated to include vendor-supplied patches to improve stability on the Arm (aarch64) platform and also for several bug fixes.

  • QLogic Fibre Channel HBA driver

    The QLogic Fibre Channel HBA driver (qla2xxx) is updated to version 10.02.00.103-k and includes a large number of vendor-supplied patches to bring the driver version in line with the upstream kernel release.

  • Microsoft Hyper-V network driver

    The Microsoft Hyper-V network driver (hv_netvsc) is updated to include several vendor supplied patches to improve stability.

Cisco fnic 1.6 driver Unsupported

Cisco no longer supports the Cisco FCoE HBA Driver (fnic 1.6) that is sourced from the upstream kernel and which is available in most kernels, including UEK R5, UEK R6, and UEK R7. Cisco provides a fully supported UCS Linux driver (version 2.0.0.83, and later) that is tested on and compatible with Oracle Linux, with UEK R5 and later UEK releases, on the Cisco software download page. The driver package includes features that are not available in the currently included driver module such as NVMe support and multi-queue support.

Customers who are running Oracle Linux on Cisco servers must install the Cisco driver package to receive driver fixes, driver updates, new hardware support, and new feature support. Contact Cisco for more information about driver solutions on Oracle Linux.

Compatibility

Oracle Linux maintains full user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that is running underneath the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 5 and no re-certifications are needed for RHEL certified applications.

To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors that have hardware and software dependencies on kernel modules. The kernel ABI for UEK R5 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R4 that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor.

Certification of UEK R5 for Oracle products

Note that certification of different Oracle products on UEK R5 may not be immediately available at the time of a UEK R5 release. You should always check to ensure that the product that you are using is certified for use on UEK R5 before upgrading or installing the kernel. Check certification at https://support.oracle.com/epmos/faces/CertifyHome.

Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1, which is available at https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1369107.1.

Oracle Automatic Storage Management Filter Driver (Oracle ASMFD) certification for different kernel versions is described in Document ID 2034681.1, which is available at https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=2034681.1.