1. Unbreakable Enterprise Kernel Release 7 - Release Notes (5.15.0-0.30)
  2. New Features and Changes
  3. Core Kernel Features and Functionality

Core Kernel Features and Functionality

Several major, core kernel features have been implemented in the upstream kernel, between the 5.4 release that was used as the base kernel version for UEK R6 and the 5.15.0 kernel release that is used as the base kernel version for UEK R7. Although some features have been backported into the UEK R6 kernel in update releases, the following are the significant new features that are available in UEK R7:

  • BPF improvements

    UEK R7 introduces numerous Berkeley Packet Filter (BPF) improvements, including the following:

    • The introduction of Compile Once Run Everywhere in libbpf and in LLVM and BPF Type Format (BTF). This change enables the BPF verifier to use in-kernel BTF to type check BPF assembly code, which provides for safer and faster BPF tracing.

    • BPF trampoline, which is a feature that enables kernel code to call into BPF programs with nearly zero overhead, is available for the x86_64 architecture. Support for memory-mapping BPF array map and other improvements are also introduced in this release.

    • BPF support for calling kernel functions directly. This enhancement enables BPF programs that call kernel functions initially to reuse Transmission Control Protocol (TCP) congestion control implementations.

    • BPF programs are capable of sleeping during executing, simplifying the mechanism to bind a socket to a range of addresses or port numbers. The new BPF_PROG_TYPE_SK_LOOKUP program type runs when the kernel is searching for an open socket for an incoming connection. The mechanism can then decide which socket should receive the connection. This mechanism has been added as a way to bind a socket to a range of addresses or port numbers in a more simple way. Currently, this feature is limited to tracing and security-module programs.

  • Core scheduling capability included

    Core scheduling provides the ability to isolate groups of processes that are running on the same core, ensuring maximum protection against side-channel attacks. You can use core scheduling as a method for preventing Spectra-class vulnerability attacks, while keeping Simultaneous Multithreading (SMT) enabled and avoiding a performance penalty for disabling SMT.

  • New cgroup slab memory controller

    UEK R7 introduces a new control group (cgroup) slab memory controller that enables you to share slab memory between memory cgroups. This new implementation of the slab memory controller aims to reach much better slab utilization by sharing slab pages between multiple memory cgroups. Also, accounting is performed per-object rather than per-page. The new capability saves a significant amount of memory, which greatly reduces inefficiencies.

  • io_uring enhancements

    The io_uring system call, which is a Linux API for asynchronous I/O, is designed for higher performance than the previous Linux AIO API that is supported by QEMU. Several enhancements for io_uring are introduced in UEK R7, the majority of which are focused around networked I/O.

    One io_uring performance improvement that is related to I/O is a new BIO recycling mechanism for removing some internal memory-management overhead, which reportedly provides a 10% increase in the number of I/O operations per second that io_uring is capable of sustaining.

    Other notable changes for io_uring include Oracle ASMLib v3 + oracaleasm-support. With this release, Oracle ASMLib uses the io_uring system call in place of the legacy oracleasm driver interface, which has been removed in UEK R7.

  • Split lock detection

    In this release, the split lock detection CPU feature is enabled by default on x86_64 systems that have the capability for this functionality, such as the Ice Lake processor. The split_lock_detect boot command enables you to warn or send SIGBUS (Bus error signals) to applications that make use of split locks. A split lock occurs when an atomic CPU instruction operates on data that spans two cache lines. This operation is much slower than an atomic operation within a cache line, and it disrupts performance on other cores.

    Note that you can disable this feature in the kernel by setting split_lock_detect=off.