2 New Features and Changes
This chapter describes new features, enhancements, and other notable changes that are introduced in UEK R7U1.
Optimized Memory for Containers
In this release, the list_lru
internal kernel data structure is dynamically
allocated. The previous static implementation allocated the data structure to memory
cgroup
s regardless of whether cgroup
s use the data
structure or not. With this update, the allocation of list_lru
to
cgroup
s is delayed until needed, which ensures that memory is available for
user applications especially on systems with a large number of running containers.
Intel® Advanced Matrix Extensions for Virtualization Enabled
Intel® Advanced Matrix Extensions (AMX) on 4th Gen Intel® Xeon® Scalable processors are enabled in the kernel. AMX is a new programming paradigm designed to accelerate artificial intelligence and machine learning workloads by providing a framework to work easily with matrices.
This update includes the kernel code required to enable AMX within virtualized environments
running in QEMU 6.1 with the -cpu host
option.
Perfmon V2 updates for AMD 4th Gen EPYC™ processors
Backports are included for AMD Performance Monitoring Version 2 (Perfmon V2) features on recent and upcoming AMD processors. Perfmon V2 allows you to set registers to enable or disable multiple performance counters at the same time and automatically detects the number of core Performance Monitor Counters (PMCs) rather than depending on a static settings per CPU family. The current updates also include the addition of L3 miss filtering, which works by tagging an instruction on Instruction Based Sampling (IBS) counter overflow and generating a Non Maskable Interrupt (NMI) if the tagged instruction causes an L3 miss. This feature is useful for feeding data to a page-migration daemon in tiered memory systems.
For more information about using perf
to monitor system performance, see the
perf(1)
manual page.
NFSv4 Courteous Server Feature Enabled
This update release introduces the NFSv4 Courteous Server feature to help mitigate against the effects of network partitioning. NFSv4 is a stateful protocol that maintains leases for clients that track operations on the server. Network outages or partitions that cause a client's release renewal to fail can result in complex recovery processes that can fail. Even in scenarios where recovery processes do not fail, the state recovery process can take time to complete impacting performance and increasing load.
NFSv4 Courteous Server does not immediately expunge the client state on lease expiration and continues to recognize previously generated state tokens as valid until a conflict arises between the expired state and the requests from another client, or until the server reboots. This feature can avoid performing recovery where it may not be required.
A client that is set to courtesy
status has the following
characteristics:
-
The client is expired but still has states on the server.
-
The client does not own locks that are in waiter (conflict) state.
-
The client has no conflict for any granted delegations.
The entire client lease is destroyed for a client in courtesy
status under
the following conditions:
-
The client has conflicts with other client requests.
-
The maximum number of NFS clients allowed on the system, based on system memory configuration, is reached.
-
The available system memory drops to a level that triggers the memory shrinker process.
The /proc/fs/nfsd/clients
interface is updated to reflect whether a client
is in courtesy
status. For example:
cat /proc/fs/nfsd/clients/2/info
clientid: 0xf0d156a662a0deec address: "192.0.2.95:1003" status: courtesy seconds from last renew: 198 name: "Linux NFSv4.1 nfs.example.com" minor version: 1 Implementation domain: "kernel.org" Implementation name: "Linux 5.18.0-rc6+ #1 SMP PREEMPT_DYNAMIC Fri May 27 22:29:45 GMT 2022 x86_64" Implementation time: [0, 0] callback state: UP callback address: 192.0.2.95:0
You can also use this interface to manually destroy a courtesy client. For example:
echo "expire" | sudo tee -a /proc/fs/nfsd/clients/2/ctl
Driver Updates
Unbreakable Enterprise Kernel Release 7 Update 1 supports a large number of hardware devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 5.15.0.
The following new features are noted in the drivers that are shipped with UEK R7U1:
-
Broadcom BCM573xx network driver
The Broadcom BCM573xx network driver,
bnxt_en
is updated to include a large number of upstream and vendor supplied patches. -
Broadcom Emulex Fibre Channel HBA driver
The Broadcom Emulex LightPulse Fibre Channel SCSI driver,
lpfc
, is updated to version 14.2.0.5 with vendor supplied patches and bug fixes. -
Microsoft Azure Network Adapter driver
The Microsoft Azure Network Adapter driver,
mana
, is included in this release. Upstream and vendor supplied patches are included and the driver is intended for use on Oracle Linux 8 and Oracle Linux 9. Notable feature updates include the addition of a handler for eXpress Data Path (XDP) Redirects. -
MPI3 Storage Controller device driver
The MPI3 Storage Controller device driver,
mpi3mr
, is included in this release at version 8.2.0.3.0. Upstream and vendor supplied patches are included. -
QLogic FastLinQ 4xxxx Core module
The QLogic FastLinQ 4xxxx Core module,
qed
, is updated to include vendor supplied patches to update this driver in line with upstream changes. -
QLogic FastLinQ 4xxxx iSCSI module
The QLogic FastLinQ 4xxxx iSCSI module,
qedi
, is updated to include vendor supplied patches to update this driver in line with upstream changes. Notably, these ISCSI transport fixes includeiscsid
connection recovery fixes andqedi
shutdown handler hang fixes. -
Marvell QLogic Fibre Channel HBA driver
The Marvell QLogic Fibre Channel HBA driver,
qla2xxx
, is updated to version 10.02.08.100-k and includes a large number of vendor supplied patches and updates. -
Intel® Ethernet Connection E800 Series Linux Driver
The Intel® Ethernet Connection E800 Series Linux Driver is updated to include vendor supplied patches and bug fixes.
CA Restrictions on Machine Keyring Removed
The .machine
kernel keyring was introduced in UEK R7 and fully described in
Unbreakable Enterprise Kernel Release 7: Release
Notes (5.15.0-0.30). However, certification authority (CA)
restrictions that were implemented did not accept Machine Owned Key (MOK) certificates without
the CA bit set to be loaded into the .machine
keyring.
With the removal of the restrictions, all MOK certificates can now be loaded.
For more information about secure booting, see Oracle Linux: Working With UEFI Secure Boot.