Chapter 1 New Features and Changes

Unbreakable Enterprise Kernel Release 6 (UEK R6) is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 7 and later and for Oracle Linux 8 Update 1 and later. The kernel is developed, built, and tested on Arm (aarch64) Intel x86 and AMD x86 (x86_64). platforms. It is based on the mainline Linux kernel version 5.4. This release also updates drivers and includes bug and security fixes.

Oracle actively monitors upstream check-ins and applies critical bug and security fixes to UEK R6.

UEK R6 uses the same versioning model as the mainline Linux kernel version. It is possible that some applications might not understand the 5.4 versioning scheme. However, regular Linux applications are usually neither aware of nor affected by Linux kernel version numbers.

UEK R6 maintains compatibility with the Red Hat Compatible Kernel (RHCK) and does not disable any features that are enabled in RHCK. Additional features are enabled to provide support for key functional requirements and patches are applied to improve performance and optimize the kernel for use on Oracle operating environments.

The kernel's source code is available through a public git source code repository at https://github.com/oracle/linux-uek.

1.1 Notable Features and Changes

The following sections describe the major new features of Unbreakable Enterprise Kernel Release 6 (UEK R6), relative to UEK R5. A summary list of the key features in this release follows:

  • Linux 5.4 stable kernel base.  The 5.4 mainline kernel release used as the base kernel for UEK R6 includes many upstream kernel features and improvements over previous releases and over RHCK. For a listing of major features and enhancements that are available in this kernel, as opposed to the previous major release of UEK, see Section 1.1.1, “Core Kernel Functionality”.

  • Arm Support.  Many features and improvements in this release are aimed at improved support for the Arm (aarch64) platform. Notable changes include security improvements and improved virtualization support on Arm. See Section 1.1.2, “Arm (aarch64) Platform” for details.

  • Cgroup v2 enhancements.  Cgroup v2 functionality was first introduced in UEK R5 to enable the CPU controller functionality. UEK R6 includes all Cgroup v2 features, along with several enhancements described in Section 1.1.1, “Core Kernel Functionality”.

  • ktask enhancements.  ktask is a framework for parallelizing CPU-intensive work in the kernel. It can be used to speed up large tasks on systems with a lot of available CPU power, where a task is single-threaded in user space. ktask provides a generic API that can add concurrency to many different kinds of tasks, while reducing the complexity around the management of multiple threads, and is currently used during struct page initialization and VFIO-enabled KVM guest initialization to significantly reduce start-up times.

    Documentation for ktask is provided in /usr/share/doc/kernel-uek-doc-5.4/core-api/ktask.html, though the interface is not yet stable.

  • Parallelized kswapd.  Page replacement is handled in the kernel asynchronously by kswapd and synchronously by direct reclaim. When free pages within the zone free list are low, kswapd scans pages to determine if there are unused pages that can be evicted to free up space for new page allocations. This optimization can improve performance by avoiding direct reclaims, which can be resource intensive and time-consuming.

  • Kexec firmware signing.  The option to check and validate a kernel image signature is enabled in UEK R6. When kexec is used to load a kernel from within UEK R6, kernel image signature checking and validation can be implemented to ensure that a system only loads a signed and validated kernel image.

  • Memory management improvements.  Several performance enhancements have been implemented in the kernel's memory management code to improve the efficiency around clearing pages and cache, as well as enhancements to fault management and reporting. See Section 1.1.6, “Memory Management” for more information.

  • NVDIMM updates.  NVDIMM feature updates have been implemented so that persistent memory can now be used as traditional RAM and an update that helps to standardize the zero-key erase functionality has also been included. See Section 1.1.1, “Core Kernel Functionality” for more information.

  • DTrace v2.0.  DTrace support is enabled in UEK R6 and has been reimplemented to use the Berkeley Packet Filter (BPF) that is integrated into the Linux kernel. The current version is the first Dtrace release based on the new implementation, it does not achieve feature parity with DTrace on UEK R5 yet, but it will in the future. Other improvements have been made to simplify the set of RPMs that are available for DTrace as a result of improvements in the upstream toolchain. See Section 1.1.4, “DTrace v2.0” for more information.

  • OCFS2.  Support for the OCFS2 file system is enabled in UEK R6. See OCFS2 for more information.

  • Btrfs file system support.  Support for the Btrfs file system is enabled on Oracle Linux 8 systems if UEK R6 is installed on the system. Further enhancements have been made to Btrfs in this release. See Btrfs for more information.

1.1.1 Core Kernel Functionality

Several major core kernel features have been implemented in the upstream kernel, between the 4.14 release that was used as the base kernel version for UEK R5, and the 5.4 kernel release that is used as the base kernel version for UEK R6. Although some features have been back-ported into the UEK R5 kernel in update releases, the following significant new features are available in UEK R6:

  • Lockdown mode (x86_64 only).  Lockdown mode is significantly improved and there are several implementation changes that are worth noting. This release distinguishes between integrity and confidentiality modes. See Section 1.1.9, “Security” for more information on this feature.

  • fs-verity.  fs-verity is a kernel feature that file systems can hook into to for integrity and authenticity protection of read-only files. This facility can be used to detect non-malicious file corruption and malicious modification of files that should not be changed on a system. This feature currently only works with ext4 and f2fs file systems.

  • High-performance asynchronous I/O with io_uring.  This feature provides a fast, scalable asynchronous I/O interface for both buffered and unbuffered I/Os. It also supports asynchronous polled I/O. A user-space library, liburing, provides basic functionality for applications with helpers to allow applications to easily set up an io_uring instance and submit/complete I/O.

  • Cgroup updates.  Full Cgroup v2 functionality is included in UEK R6. Functionality in UEK R5 included some features, such as the CPU controller, which allowed CPU resources to be set for a particular group of tasks. UEK R6 includes these features, along with the following notable enhancements:

    • A cgroup-aware OOM killer that can be used to kill a cgroup as a single unit to maintain the integrity of a workload. This functionality can be enabled by setting memory.oom.group in the cgroup v2 memory controller. This setting determines that the cgroup is an indivisible workload, and tasks, along with their descendents, are killed together by the OOM killer or not at all.

    • A freezer controller is added to cgroupsv2, providing the ability to stop the workload in a cgroup and temporarily free up some resources.

    • This release introduces blk-iocost, an I/O cost-based model work-conserving proportional controller. It currently has a simple linear cost model built-in, where each I/O is classified as sequential or random and given a base cost, accordingly. Additional size-proportional cost is then added on top.

  • NVDIMM.  Persistent memory can now be used as traditional RAM. Furthermore, fixes were implemented around the security-related commands within libnvdimm to enable the use of keys where payload data was filled with zero values, to allow secure operations to continue to take place where a zero-key is in use. A common implementation was put in place to ensure that all commands use the same zero-key semantic and that secure erasure of data on an NVDIMM can be performed where a zero-key is in use. This change is important because some NVDIMM platforms enable security with a default zero-key , rather than letting the operating system specify the initial key, which could prevent operations from working where security was enabled.

1.1.2 Arm (aarch64) Platform

The following notable ARM features are implemented in UEK R6:

  • Security improvements.  Various enhancements have been made to improve mitigations against attacks including the following: syscall wrappers, pointer authentication, KASLR (kernel virtual address randomization) support, and PSTATE.SSBS bit support (ARM v8.5 cores).

  • Memory hotplug.  Core support for hot plugging memory.

  • KVM improvements.  Improvements for KVM guests on Arm (aarch64) systems include pointer authentication (ARM v8.3) and Scalable Vector Extension (SVE) support.

1.1.3 Cryptography

The following notable cryptographic features are implemented in UEK R6:

  • Simplified key description management.  Keys and keyrings are more namespace-aware .

  • Zstandard Compression.  Zstandard compression (zstd) is added to crypto and scompress. Only the default level is enabled.

1.1.4 DTrace v2.0

DTrace v2.0 is a re-implementation of DTrace that makes use of existing Linux kernel tracing facilities, like eBPF, which did not exist when DTrace was first ported to Linux. The new implementation removes DTrace dependencies on specialized kernel patches.

DTrace v2.0 is available with UEK R6 only. Previous versions of UEK continue to include the original DTrace implementation.

DTrace V2.0 on Oracle Linux 8 has been reimplemented as a user space application. It no longer requires the libdtrace-ctf library to run on Oracle Linux 8. The functionality of that library is integrated into the Oracle Linux 8 GNU toolchain. Note that libdtrace-ctf is still required on Oracle Linux 7.

Functionality is being delivered as it becomes available, starting with a limited set of capabilities (primarily framework functionality that does not offer many user visible features) but ultimately reaching, and then exceeding, earlier support.

  • Notable changes and improvements.  The following notable changes and improvements are included:

    • The majority of underlying core DTrace functionality is re-implemented (D compiler, provider API, probe management) in user space. Much of this functionality previously resided in the kernel.

    • The D compiler is now targeted to generate eBPF code, and the majority of the D language is already supported by the compiler.

    • BPF verifier reporting output is enabled. When compiled D scripts are loaded into the kernel as BPF programs, the BPF verifier performs a static code analysis to ensure safety of the program. When this analysis fails, output is generated and DTrace reports this output to the user.

    • Function Boundary Tracing (FBT) probes are enabled with functions grouped by module (regardless of whether the module is compiled in or loadable) if the kernel provides this information in /proc/kallsyms (or /proc/kallmodsyms).

    • Syscall entry and return probes (systrace provider) are enabled, with support for typed probe arguments. Currently only available in -lv output.

    • Statically Defined Tracing (SDT) probes based on Linux tracepoints are enabled, with support for typed probe arguments. Currently only available in -lv output.

  • Notable limitations.  Limitations of note include:

    • The printf() function is not yet implemented; use trace().

    • The trace() action currently works only on numeric values, not strings.

    • Most actions, like exit(), are not yet implemented.

    • Of the three variable scopes, Global ("x") and thread-local ("self->x") are not yet implemented

    • Many providers (like dtrace or profile) -- including probes like BEGIN, END, and profile-1n -- are not yet functional

    • Probe descriptions (provider:module:function:name) that match multiple probes through the use of wild-cards are not yet supported. For example, write:entry works because it matches syscall:vmlinux:write:entry only, but write:* does not because it matches both syscall:vmlinux:write:entry and syscall:vmlinux:write:return.

Example Usage

The following examples illustrate current functionality in DTrace v2.0 on UEK R6. Examples assume that commands are run as root and /usr/sbin is in the PATH.

  • Show DTrace version information:

    # dtrace -V
    DTrace 2.0.0 [Pre-Release with limited functionality]
    dtrace: Oracle D 2.0
  • List probes:

    # dtrace -l
    DTrace 2.0.0 [Pre-Release with limited functionality]
    ID   PROVIDER    MODULE                     FUNCTION NAME
    1     dtrace                                        BEGIN
    2     dtrace                                        END
    3     dtrace                                        ERROR
    4        fbt   vmlinux     trace_initcall_finish_cb entry
    5        fbt   vmlinux     trace_initcall_finish_cb return
    6        fbt   vmlinux         initcall_blacklisted entry
    7        fbt   vmlinux         initcall_blacklisted return          

    On this particular system, there were:

    • 3 dtrace probes

    • 87890 fbt probes (based on kprobes)

    • 1262 sdt probes (based on Linux tracepoints)

    • 666 syscall probes

  • Example script that uses the -S option, to output the compiled D code as an eBPF program, and that uses the -e option, to exit after compilation:

    # dtrace -Sen 'write:entry { trace(1) }'
    DTrace 2.0.0 [Pre-Release with limited functionality]
    
    Disassembly of ::write:entry
              
    DIFO 0x46af600 returns D type (integer) (size 8) [record 16 bytes]
    INS OFF  OPCODE                  INSTRUCTION
    000 000: 62 a 0 fef8 ffffffff    stw  [%fp-264], -1     ! = EPID
    001 008: 62 a 0 fefc 00000000    stw  [%fp-260], 0
    002 016: 7a a 0 ff00 00000000    stdw [%fp-256], 0
    003 024: 7a a 0 ff08 00000000    stdw [%fp-248], 0
    004 032: 7a a 0 ff10 00000000    stdw [%f
    [...]
  • Example script:

    # dtrace -n '
    write:entry,
    write:return
    {
    this->x = 3;                /* clause-local variables */
    this->y = 8;
    trace(this->x * this->y);
    trace(&`max_pfn);
    }'

    In the above:

    • Probe write() system call entry and exit (multiple probes at once);

    • Probe with recording the address of a kernel identifier (max_pfn) and other data items;

    • Probes are named (explicitly, no wild-cards) with the same action.

    • Clause-local variables are used.

    • The trace() action is used to report output.

1.1.5 File Systems

The following are the most notable features that have been implemented for file systems in UEK R6:

Btrfs

Btrfs continues to be supported in UEK. Several improvements and patches have been applied in this update, including support for swap files, ZStandard compression, and various performance improvements. Note that Btrfs is not currently supported for root file systems on Oracle Linux 8.

ext4

64-bit timestamps have been added to the superblock fields.

OCFS2

OCFS2 continues to be supported in UEK. Several improvements and patches have been applied in this update, including support for the 'nowait' AIO feature, support on Arm platforms, and reading of the journal superblock for online as well as offline operations.

XFS

A new, online health reporting infrastructure and user space ioctl to get metadata health status after online fsck has been added. Also added in this release is support to fallocate swap files and swap files on realtime devices, as well as partial reflink support. Various performance improvements have also been made.

NFS

Performance improvements and enhancements have been made to RPC and the NFS client and server components. Significant improvements were made for NFS with RDMA. Enhancements include the following: multiple TCP NFSv4.1+ client connections, per server, for improved throughput from hardware parallelism, enhanced soft-mount behaviour, and improved diagnostics.

1.1.6 Memory Management

The following notable memory management features are implemented in UEK R6:

  • TLB Flushing.  TLB flushing code is improved to avoid unnecessary flushes and to reduce TLB shootdowns.

  • Huge Page clearing.  Memory management is enhanced to improve throughput by leveraging the clearing of huge pages more optimally.

  • Page cache improvements.  Page cache efficiency is improved by using the more efficient Xarray data type.

  • Improved fragmentation avoidance.  Fragmentation avoidance algorithms are improved and compaction and defragmentation times are faster.

  • THP fault handling improvements.  Improvements have been implemented to the handling of Transparent Huge Page (THP) faults and also to provide better reporting on THP status.

1.1.7 Networking

The following notable networking features are implemented in Unbreakable Enterprise Kernel Release 6:

  • TCP Early Departure Time.  The TCP stack now uses the Early Departure Time model for sending packets, instead of the As Fast As Possible model. This improvement brings several performance gains, as it resolves a limitation in the original TCP/IP framework and introduces the scheduled release of packets for overcoming hardware limitations and bottlenecks.

  • Generic Receive Offload.  GRO is enabled for the User Datagram Protocol (UDP).

  • TLS Receive.  The prior UEK release enabled the kernel to send TLS messages. This release enables the kernel to also receive TLS messages. The implementation of kernel handling of TLS connections offers significant performance gains over implementations that are limited to user space.

  • Zero-copy TCP Receive.  The prior UEK release introduced a zero-copy TCP feature for sending packets to the network. This release enables receive functionality for zero-copy TCP.

  • Packet Filtering.  nftables is now the default backend for firewall rules. BPF-based networking filtering (bpfilter) is also added in this release.

  • Express data path (XDP) Added.  XDP is a flexible and minimal kernel-based packet transport for high-speed networking.

1.1.8 RDMA

Remote Direct Memory Access (RDMA) is a feature that allows direct memory access between two systems that are connected by a network. RDMA facilitates high-throughput and low-latency networking in clusters.

Unbreakable Enterprise Kernel Release 6 includes RDMA features that are provided in the upstream kernel, with the addition of Ksplice and DTrace functionality.

UEK R6 maintains feature parity with UEK R5 and includes the following notable upstream updates:

  • Dynamic Statistics Infrastructure.  A dynamic statistics infrastructure has been implemented to facilitate the monitoring of various objects by binding them to counters that are accessible through a netlink interface.

  • Verbs Flow Counters.  Patches have been applied to provide an API that allows user-space applications to monitor real-time traffic activity and events of the verbs objects that it manages.

  • RDMA ioctl() improvements.  Various updates have been applied to improve RDMA ioctl(). Significantly, new headers are used and naming has been made more consistent. The uverbs_ioctl header has been extended to include the driver_id and compact representation of uverbs_attr_spec is enabled.

  • RDMA Resource tracking.  A general infrastructure for RDMA resource tracking has been implemented. This infrastructure is used to provide detailed Queue Pair (QP) information, as well as global resource utilization information.

  • CQ moderation is exposed to user space.  Patches are applied to expose Completion Queue (CQ) to user-space applications to control the number of CQEs that are required to create an event. This change gives more controls to user applications to improve performance tuning.

  • Improved Namespace functionality.  Various patches have been applied to improve namespace functionality. A patch that allows you to safely change the net namespace of an RDMA device was applied to add a command. Device sharing in multiple net namespaces is disabled and running netlink commands in non init_net net namespaces is now possible.

1.1.9 Security

The following notable security features are implemented in Unbreakable Enterprise Kernel Release 6:

  • Lockdown mode for x86_64 systems.  Lockdown mode is improved. This release distinguishes between the integrity and confidentiality modes. When Secure Boot is enabled in UEK R6, lockdown integrity mode is enforced by default. Confidentiality mode can be enabled as an option on the kernel command line or by using securityfs, when UEFI Secure Boot is enabled. Lockdown modes can also be enabled when a kernel command line option is used to disable Secure Boot; however, no lockdown enforcing is performed by default when Secure Boot is disabled.

    The following restrictions are applied when integrity mode is enabled:

    • Enforce kernel module signatures

    • Restrict read write access to /dev/{mem,kmem,port}

    • Restrict efivar_ssdt_load

    • Disable kexec_load system call

    • Disable hibernation

    • Prohibit PCI BAR access from user space

    • Prohibit X86 IO port access from user space

    • Restrict MSR access

    • Limit access to ACPI custom_method

    • Ignore acpi_rspd kernel param

    • Disable ACPI table override

    • Prohibit PCMCIA CIS storage

    • Prohibit TIOCSSEARIAL

    • Prohibit unsafe kernel module parameters

    • Prohibit the testmmiotrace module

    • Prohibit debugs access

    The following restrictions are applied when confidentiality mode is enabled:

    • Prohibit tracing and perf kprobes

    • Restrict use of bpf to read kernel memory

    • Prohibit unsafe use of perf

    • Prohibit tracefs

    • Prohibit access to /proc/kcore

    Note that kernel keyring management has also changed for UEK R6, which now uses code from the mainline upstream kernel to implement a platform keyring. UEFI Secure Boot DB and Machine Owner Keys (MOKs) are now stored in the platform keyring and are not treated equally to the kernel trust keyring. Although kexec trusts keys in the platform keyring, these cannot be used to add a new CA into the kernel for IMA (Integrity Measurement Architecture) and cannot be used to verify kernel modules.

  • IBRS.  Indirect Branch Restricted Speculation (IBRS) continues to be supported for processors affected by Spectre V2 Speculative Execution Side Channel Vulnerability and for which other software or hardware techniques may not be sufficient or are not available.

  • Improved protection in world writable directories.  This kernel release discourages spoofing attacks by disallowing the opening of FIFOs or regular files that are not owned by the user in world-writable sticky directories, such as /tmp.

  • Arm KASLR.  Kernel virtual address randomization is enabled by default for Arm platforms.

  • aarch64 Pointer authentication.  This feature adds primitives that can be used to mitigate certain classes of memory stack corruption attacks on Arm platforms.

1.1.10 Storage

The following notable storage features are implemented in Unbreakable Enterprise Kernel Release 6:

  • NVMe improvements.  NVMe over Fabrics TCP host and the target drivers have been added. Multipath support and passthrough command support have been added. NVMe namespace support is extended to include Namespace Write Protect and Asynchronous Namespace Access.

1.1.11 Virtualization

The following notable virtualization features are implemented in Unbreakable Enterprise Kernel Release 6:

  • VirtIO improvements.  The VirtIO PMEM feature adds a VirtIO-based asynchronous flush mechanism and simulates persistent memory to a guest, allowing it to bypass a guest page cache. A VirtIO-IOMMU para-virtualized driver that allows IOMMU requests over the VirtIO transport without emulating page tables is also added in this release.

  • Arm platform improvements.  Guests on Arm (aarch64) platform systems include pointer authentication (ARM v8.3) and Scalable Vector Extension (SVE) support.

1.2 Driver Updates

The Unbreakable Enterprise Kernel Release 6 supports a large number of hardware and devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 5.4.

A complete list of the driver modules included in UEK R6 along with version information is provided in the appendix at Appendix B, Driver Modules in Unbreakable Enterprise Kernel Release 6 (x86_64).

1.2.1 Notable Driver Features

The following new features are noted in the drivers shipped with UEK R6:

  • Broadcom BCM573xx network driver.  The bnxt_en driver version was updated to 1.10.1, with additional patches back-ported from the upstream 5.5 kernel release and vendor contributed patches that are specific to expanding and updating functionality for Broadcom Thor Ethernet controllers.

  • Broadcom Emulex LightPulse Fibre Channel SCSI driver.  The lpfc driver was updated to 12.6.0.3. This update includes a large number of vendor contributed patches to address changes to the driver since the upstream 5.4 kernel was made available and important bug fix for the adapter firmware . Changes for this driver also resulted in updates to other kernel dependencies, such as code for NVMe over Fibre Channel.

  • QLogic BCM5706/5708/5709/5716 driver.  The bnx2 driver is updated; and, although the version number remains at 2.2.6, the driver includes vendor contributed patches and firmware updates.

  • QLogic Fibre Channel HBA driver.  The qla2xxx driver is updated to version 10.01.00.22.81.1-k. This update back-ports many patches that have since gone into the upstream kernel and includes particular vendor contributed patches to improve performance and provide fixes for some bugs in the original driver.

  • Microsemi Smart Family Controller driver.  The smartpqi driver is updated to version 1.2.10-025 and includes upstream patches that have been applied to the driver since the 5.4 kernel release under vendor guidance. These updates include several bug fixes and performance enhancements.

  • LSI MPT Fusion SAS 3.0 Device driver.  The mpt3sas driver is updated to version 33.100.00.00 and includes vendor contributed patches.

1.3 New and Updated Packages

To support the newly added functionality that the UEK R6 provides, several kernel and user-space binary packages have been added or updated from the packages that are included in the base distribution. For more information about the ULN channels and Oracle Linux yum server repositories in which these packages are available, see Chapter 4, Installation and Availability.

Kernel space packages that are added and updated for UEK R6 are labeled with the prefix kernel-uek. The linux-firmware package is also updated with the latest available firmwares.

The packages listed here are specific to user-space functionality and are updated to take advantage of features that are available in UEK R6. There is no dependency on these packages to use UEK R6. If you use any of these packages and also use UEK R6, you should update the package to the latest version for full compatibility with all of the features that are available in UEK R6.

Packages

Oracle Linux 8 version number

Oracle Linux 7 version number

ndctl,ndctl-libs, ndctl-devel, daxctl, daxctl-libs, daxctl-devel

67 (x86_64)

67 (x86_64)

ipmctl, ipmctl-monitor, libipmctl, libipmctl-devel

01.00.00.3467 (x86_64)

01.00.00.3467 (x86_64)

libsafec, libsafec-check, libsafec-devel

3.3 (x86_64)

3.3 (x86_64)

btrfs-progs, btrfs-progs-devel

5.4.0 (x86_64, aarch64)

5.4.0 (x86_64, aarch64)

xfsprogs, xfsprogs-devel

5.4.0 (x86_64, aarch64)

5.4.0 (x86_64, aarch64)

ocfs2-tools

1.8.6 (x86_64, aarch64)

1.8.6 (x86_64, aarch64)

e2fs-progs, libss, libss-devel, libcom_err, libcom_err-devel

1.45.4 (x86_64, aarch64)

1.45.4 (x86_64, aarch64)

dtrace, dtrace-devel, dtrace-testsuite

2.0.0 (x86_64, aarch64)

2.0.0 (x86_64, aarch64)

libdtrace-ctf,libdtrace-ctf-devel

N/A

1.1.0 (x86_64, aarch64)

bcache-tools

1.0.8 (x86_64, aarch64)

1.0.8 (x86_64, aarch64)

cloud-init

18.5 (x86_64, aarch64)

18.5 (x86_64, aarch64)

crash, crash-devel

7.2.7 (x86_64, aarch64)

7.2.7 (x86_64, aarch64)

iproute, iproute-devel, iproute-doc, iproute-tc

5.4.0 (x86_64, aarch64)

5.4.0 (x86_64, aarch64)

kexec-tools

2.0.19 (x86_64, aarch64)

2.0.15 (x86_64, aarch64)

libzstd, libzstd-devel

1.3.8 (x86_64, aarch64)

1.3.4 (x86_64, aarch64)

linux-firmware

20200124-999.4 (x86_64, aarch64)

20200124-999.4 (x86_64, aarch64)

nvme-cli

1.9 (x86_64, aarch64)

1.9 (x86_64, aarch64)

nvmetcli

0.7 (x86_64, aarch64)

0.7 (x86_64, aarch64)

nbd

3.20 (x86_64, aarch64)

3.20 (x86_64, aarch64)

drbd-utils

9.0.0 (x86_64, aarch64)

9.0.0 (x86_64, aarch64)

libdnf, python3-libdnf, python3-hawkey

0.35 (x86_64, aarch64)

N/A

1.4 Compatibility

Oracle Linux maintains full user-space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that is running underneath the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 6 and no re-certifications are needed for RHEL certified applications.

To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R6 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R5 that require recompilation of third-party kernel modules on the system. Before installing UEK R6, verify its support status with your application vendor.

Notable changes in kernel headers

Upstream changes to kernel headers may mean that third party modules do not compile across different kernel versions without modification to source code. Notably, the memcg_cache_params structure has been moved from include/linux/slab.h to mm/slab.h. This means that code needs to be refactored to account for the change if you are compiling across kernel versions.

To solve this problem, so that the code can compile for both UEK R5 and UEK R6, change header requirements in the source code. For example, change lines like those in the following example to what is shown in the second example:

#ifdef CONFIG_SLUB
#include <linux/slub_def.h>
#endif
#if ( LINUX_VERSION_CODE < KERNEL_VERSION(5,4,0) )

#ifdef CONFIG_SLUB
#include <linux/slub_def.h>
#endif

#endif 

1.5 Certification of UEK R6 for Oracle products

Note that certification of different Oracle products on UEK R6 may not be immediately available at the time of a UEK R6 release. You should always check to ensure that the product you are using is certified for use on UEK R6 before upgrading or installing the kernel. Check certification at https://support.oracle.com/epmos/faces/CertifyHome.

Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1, which is available at https://support.oracle.com/epmos/faces/DocumentDisplay?id=1369107.1.

Oracle Automatic Storage Management Filter Driver (Oracle ASMFD) certification for different kernel versions is described in Document ID 2034681.1, which is available at https://support.oracle.com/epmos/faces/DocumentDisplay?id=2034681.1.