1 New Features and Changes
Unbreakable Enterprise Kernel Release 6 (UEK R6) is a heavily tested and optimized operating system kernel for Oracle Linux 7.7 and later and for Oracle Linux 8.1 and later. The kernel is developed, built, and tested on Arm (aarch64) Intel x86 and AMD x86 (x86_64). platforms. It is based on the mainline Linux kernel version 5.4. This release also updates drivers and includes bug and security fixes.
Oracle actively monitors upstream check-ins and applies critical bug and security fixes to UEK R6.
UEK R6U1 uses the 5.4.17-2036 version and build of the UEK R6 kernel, which includes security and bug fixes, as well as driver updates.
UEK R6 uses the same versioning model as the mainline Linux kernel version. It is possible that some applications might not understand the 5.4 versioning scheme. However, regular Linux applications are usually neither aware of nor affected by Linux kernel version numbers.
UEK R6 maintains compatibility with the Red Hat Compatible Kernel (RHCK) and does not disable any features that are enabled in RHCK. Additional features are enabled to provide support for key functional requirements and patches are applied to improve performance and optimize the kernel for use on Oracle operating environments.
The kernel's source code is available through a public git source code repository at https://github.com/oracle/linux-uek.
Notable Features and Changes
The following are the major new features of Unbreakable Enterprise Kernel Release 6 Update 1 (UEK R6U1).
Core Kernel Functionality
UEK R6U1 provides equivalent core kernel functionality to UEK R6, making use of the same upstream mainline kernel release and upstream LTS bug fixes, with additional patches to enhance existing functionality and provide some minor bug fixes and security improvements. Key changes are specific to functionality that is required for Oracle Database and other Oracle software.
Padata replaces ktask
Padata is a framework for parallelizing CPU-intensive work in the kernel. In UEK R6, Oracle released the ktask framework for multithreading CPU-intensive kernel work, but contributed to convergence and ongoing development of the padata implementation in the upstream kernel. In UEK R6U1 ktask is replaced with equivalent functionality in padata to align with upstream. The changes should not be user visible, and struct page initialization and VFIO-enabled KVM guest initialization continue to be multithreaded to reduce start-up times.
Documentation for padata is provided in
/usr/share/doc/kernel-uek-doc-5.4/core-api/padata.rst
.
File Systems
The following notable file system changes are implemented in UEK R6U1:
-
Btrfs
Upstream patches for security enhancements and bug fixes have been applied. This includes a fix for CVE-2019-19448.
-
CIFS
General upstream bug fix patches have been applied.
-
Ext4
Upstream bug fixes have been applied, including several fixes for race conditions that resulted in undesirable behavior or system hangs.
-
NFS
Bug fixes and performance enhancements have been applied for NFS. Significantly, a fix is included for an issue in the NFSv3 client that stalled the ls -lrt command if the directory was being modified when the command was issued.
-
OCFS2
Upstream changes for OCFS2 from the 5.7 upstream kernel are back-ported into this kernel release. A bug fix was also applied to resolve an issue that triggered a general protection fault when an NFS server was hosted on an OCFS2 file system.
-
XFS
Several bug fixes and performance enhancements have been applied. Significantly, multi-threaded inode flushing is improved to provide better performance and to avoid the small possibility of undesirable behavior resulting from a race condition. Additionally, a fix is included for a bug that could cause an unlock of a freeze lock to fail thereby causing the file system to hang. Security enhancements have also been applied, including a fix for CVE-2020-12655.
Technical Preview Features
Several features are under investigation and ongoing development for release within UEK R6. The following features are available within UEK R6U1 as a technical preview.
Core Scheduling
Core scheduling is a feature enabled in the kernel to limit trusted tasks to run concurrently on CPU cores that share compute resources to help mitigate against certain categories of 'core shared cache' processor bugs that could cause data leakage and other related vulnerabilities.
This feature is implemented in the form of a cgroup, where tasks in a core scheduling enabled cgroup have a unique group "cookie". These tasks are unable to share a core with tasks having a different cookie nor with tasks not in an enabled core scheduling cgroup.
Core scheduling is designed to operate on a system
configured with Simultaneous Multi-Threading turned on.
However, core scheduling does not eliminate the need for
other processor security mitigations that may be needed on a
system. To use this feature, ensure that SMT=on
is configured and then perform the following operations as
the root user:
-
Create a regular version 1 CPU controller group. For example, to create a group called
cpu_sched_0
:# mkdir /sys/fs/cgroup/cpu/cpu_sched_0
-
Add tasks to the cgroup. Tasks are added by writing their process ID (PID) to the
tasks
file in the group:# echo PID > /sys/fs/cgroup/cpu/core_sched_0/tasks
-
To enable core scheduling for the cpu controller group, write a value of 1 to the
cpu.tag
file:# echo 1 > /sys/fs/cgroup/cpu/core_sched_0/cpu.tag
Once the
cpu.tag
file is updated, tasks within the cgroup never share a core with tasks from a different cgroup or tasks not assigned to a cgroup.
This feature is enabled as a technical preview and is in development. Interfaces are subject to change. Hot plugging CPUs in a system with core scheduling cgroups is not advised. Using core scheduling on AMD processors may exhibit wider performance variation and is also not advised.
WireGuard
WireGuard is a faster and more secure replacement for IPsec
and OpenVPN. New networks are being built with modern
cryptography from WireGuard rather than legacy technologies
like IPsec and OpenVPN. WireGuard is enabled as a technical
preview in UEK R6U1 and introduces the
wireguard
kernel module at version
1.0.20200712.
Note that the wireguard-tools
package
from the unsupported ol7_developer_UEKR6
repository is required to configure WireGuard. For access to
this yum repository, you should install the appropriate
oraclelinux-developer-release-el7
or
oraclelinux-developer-release-el8
package for
your operating environment. Once installed, restrict use of
the repository for the wireguard-tools
package, to avoid accidentally installing pre-release UEK
updates.
To install the wireguard-tools
package on
Oracle Linux 7, run:
# yum install oraclelinux-developer-release-el7 # yum-config-manager --disable ol7_developer # yum-config-manager --enable ol7_developer_UEKR6 # yum-config-manager --save --setopt=ol7_developer_UEKR6.includepkgs='wireguard-tools*' # yum install wireguard-tools
To install this package on Oracle Linux 8, run:
# dnf install oraclelinux-developer-release-el8 # dnf config-manager --disable ol8_developer # dnf config-manager --enable ol8_developer_UEKR6 # dnf config-manager --save --setopt=ol8_developer_UEKR6.includepkgs='wireguard-tools*' # dnf install wireguard-tools
NFS v4.2 Server Side Copy
NFS v4.2 Server Side Copy functionality is back-ported from
the upstream kernel and is available in UEK R6U1 as a
technical preview. The server-side copy features provide
mechanisms that allow an NFS client to copy file data on a
server or between two servers without the data being
transmitted back and forth over the network through the NFS
client. Note that intra-server functionality is enabled;
whereas inter-server functionality is disabled by default.
To enable this functionality set the nfsd
module's inter_copy_offload_enable
parameter and restart NFS service. You can do this
temporarily by running:
# echo y > /sys/module/nfsd/parameters/inter_copy_offload_enable
Alternately, to make this change permanent, edit
/etc/modprobe.d/nfsd.conf
to add the
line:
options nfsd inter_copy_offload_enable=Y
Note that the ability to do a server side copy is largely dependent on the capabilities of the server file system. For example, to do an efficient intra-server copy of a file, the underlying target file system needs a snapshot or clone capability for individual files.
Initial testing has indicated some issues with this feature and it is largely considered to be experimental in this release.
Driver Updates
The Unbreakable Enterprise Kernel Release 6 supports a large number of hardware and devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 5.4.
A complete list of the driver modules included in UEK R6 along with version information is provided in the appendix at Driver Modules in Unbreakable Enterprise Kernel Release 6 (x86_64).
Notable Driver Features and Updates
The following new features are noted in the drivers shipped with UEK R6U1:
-
AMD-TEE drivers
The AMD-TEE drivers,
amdtee
andtee
, are new additions in this release and are included at version 1.0, as part of a wider initiative to include mainline kernel updates for the AMD Milan CPU family. . -
Atheros 802.11n HTC wireless LAN card driver
The Atheros 802.11n HTC wireless LAN card driver,
ath9k_htc
, is patched and updated for security fixes, including CVE-2019-19073 . -
Broadcom BCM573xx network driver
The Broadcom BCM573xx network driver,
bnxt_en
, is available at version 1.10.1 and includes vendor supplied patches and updates. A patch to better handle statistics collection on older firmware is also included at the vendor's request. Significantly, maintenance of network counters across resets is also improved so that the accumulation of counters during a reset only occurs when theirq_re_init
parameter is set. Note that one upstream change results in a change to the device name for Broadcom network interfaces that use this driver. For example, a device that may have previously been identified as eno3d1 is now identified as eno3. This change results because the ports on the network device may belong to different functions and a fix has been applied to improve device naming by avoiding assumptions about port functionality on a device. -
Intel Ethernet Connection E800 Series driver
The Intel Ethernet Connection E800 Series Linux driver,
ice
, is fully updated to version 0.8.2-k with vendor supplied patches and updates to enable support for newer Intel 800-Series Ethernet controllers and PCIe cards, using the Columbiaville code-name. -
Broadcom Emulex LightPulse Fibre Channel SCSI driver
The Broadcom Emulex LightPulse Fibre Channel SCSI driver,
lpfc
, is updated to version 12.8.0.3 with vendor supplied patches and bug fixes. -
Broadcom MegaRAID SAS driver
The Broadcom MegaRAID SAS driver,
megaraid_sas
, is updated to version 07.714.04.00-rc1. This update includes vendor supplied patches that bring the driver version in line with the upstream kernel release. -
LSI MPT Fusion SAS 3.0 Device driver
The LSI MPT Fusion SAS 3.0 Device driver,
mpt3sas
, is updated to version 34.100.00.00 to include vendor supplied patches that bring the driver version in line with the upstream kernel release. -
QLogic Fibre Channel HBA driver
The QLogic Fibre Channel HBA driver,
qla2xxx
is updated to version 10.01.00.25-k and includes a large number of vendor supplied patches to bring the driver version in line with the upstream kernel release. -
Realtek RTL8152/RTL8153 Based USB Ethernet Adapter driver
The Realtek RTL8152/RTL8153 Based USB Ethernet Adapter driver,
r8152
is updated to version 1.10.11 with upstream kernel patches. -
Intel Volume Management Device driver
The Intel VMD (Volume Management Device) driver,
vmd
, version 0.6 is added to this kernel release and enables serviceability of NVMe devices, taking advantage of hardware logic provided by the Intel Xeon processor. The driver aggregates NVMe PCIe SSDs and behaves similarly to an HBA for SATA and SAS.
Compatibility
Oracle Linux maintains full user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that is running underneath the operating system. Existing applications in user space continue to run unmodified on the Unbreakable Enterprise Kernel Release 6 and no re-certifications are needed for RHEL certified applications.
To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R6 remains unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R5 that require recompilation of third-party kernel modules on the system. Before installing UEK R6, verify its support status with your application vendor.
Notable changes in kernel headers
Upstream changes to kernel headers may mean that third party
modules do not compile across different kernel versions
without modification to source code. Notably, the
memcg_cache_params
structure has been moved
from include/linux/slab.h
to
mm/slab.h
. This means that code needs to be
refactored to account for the change if you are compiling
across kernel versions.
To solve this problem, so that the code can compile for both UEK R5 and UEK R6, change header requirements in the source code. For example, change lines like those in the following example to what is shown in the second example:
#ifdef CONFIG_SLUB #include <linux/slub_def.h> #endif
#if ( LINUX_VERSION_CODE < KERNEL_VERSION(5,4,0) ) #ifdef CONFIG_SLUB #include <linux/slub_def.h> #endif #endif
Certification of UEK R6 for Oracle products
Note that the certification of different Oracle products on UEK R6 may not be immediately available at the time of a UEK R6 release. You should always check to ensure that the product you are using is certified for use on UEK R6 before upgrading or installing the kernel. Check certification at https://support.oracle.com/epmos/faces/CertifyHome.
Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1, which is available at https://support.oracle.com/epmos/faces/DocumentDisplay?id=1369107.1.
Oracle Automatic Storage Management Filter Driver (Oracle ASMFD) certification for different kernel versions is described in Document ID 2034681.1, which is available at https://support.oracle.com/epmos/faces/DocumentDisplay?id=2034681.1.