1. Unbreakable Enterprise Kernel Release 7 Update 1 - Release Notes (5.15.0-100)
  2. New Features and Changes

2 New Features and Changes

This chapter describes new features, enhancements, and other notable changes that are introduced in UEK R7U1.

Optimized Memory for Containers

In this release, the list_lru internal kernel data structure is dynamically allocated. The previous static implementation allocated the data structure to memory cgroups regardless of whether cgroups use the data structure or not. With this update, the allocation of list_lru to cgroups is delayed until needed, which ensures that memory is available for user applications especially on systems with a large number of running containers.

Intel® Advanced Matrix Extensions for Virtualization Enabled

Intel® Advanced Matrix Extensions (AMX) on 4th Gen Intel® Xeon® Scalable processors are enabled in the kernel. AMX is a new programming paradigm designed to accelerate artificial intelligence and machine learning workloads by providing a framework to work easily with matrices.

This update includes the kernel code required to enable AMX within virtualized environments running in QEMU 6.1 with the -cpu host option.

Perfmon V2 updates for AMD 4th Gen EPYC™ processors

Backports are included for AMD Performance Monitoring Version 2 (Perfmon V2) features on recent and upcoming AMD processors. Perfmon V2 allows you to set registers to enable or disable multiple performance counters at the same time and automatically detects the number of core Performance Monitor Counters (PMCs) rather than depending on a static settings per CPU family. The current updates also include the addition of L3 miss filtering, which works by tagging an instruction on Instruction Based Sampling (IBS) counter overflow and generating a Non Maskable Interrupt (NMI) if the tagged instruction causes an L3 miss. This feature is useful for feeding data to a page-migration daemon in tiered memory systems.

For more information about using perf to monitor system performance, see the perf(1) manual page.

NFSv4 Courteous Server Feature Enabled

This update release introduces the NFSv4 Courteous Server feature to help mitigate against the effects of network partitioning. NFSv4 is a stateful protocol that maintains leases for clients that track operations on the server. Network outages or partitions that cause a client's release renewal to fail can result in complex recovery processes that can fail. Even in scenarios where recovery processes do not fail, the state recovery process can take time to complete impacting performance and increasing load.

NFSv4 Courteous Server does not immediately expunge the client state on lease expiration and continues to recognize previously generated state tokens as valid until a conflict arises between the expired state and the requests from another client, or until the server reboots. This feature can avoid performing recovery where it may not be required.

A client that is set to courtesy status has the following characteristics:

  • The client is expired but still has states on the server.

  • The client does not own locks that are in waiter (conflict) state.

  • The client has no conflict for any granted delegations.

The entire client lease is destroyed for a client in courtesy status under the following conditions:

  • The client has conflicts with other client requests.

  • The maximum number of NFS clients allowed on the system, based on system memory configuration, is reached.

  • The available system memory drops to a level that triggers the memory shrinker process.

The /proc/fs/nfsd/clients interface is updated to reflect whether a client is in courtesy status. For example: 

cat /proc/fs/nfsd/clients/2/info
clientid: 0xf0d156a662a0deec
address: "192.0.2.95:1003"
status: courtesy
seconds from last renew: 198
name: "Linux NFSv4.1 nfs.example.com"
minor version: 1
Implementation domain: "kernel.org"
Implementation name: "Linux 5.18.0-rc6+ #1 SMP PREEMPT_DYNAMIC Fri May 27 22:29:45 GMT 2022 x86_64"
Implementation time: [0, 0]
callback state: UP
callback address: 192.0.2.95:0

You can also use this interface to manually destroy a courtesy client. For example:

echo "expire" | sudo tee -a /proc/fs/nfsd/clients/2/ctl

Driver Updates

Unbreakable Enterprise Kernel Release 7 Update 1 supports a large number of hardware devices. In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 5.15.0.

The following new features are noted in the drivers that are shipped with UEK R7U1:

  • Broadcom BCM573xx network driver

    The Broadcom BCM573xx network driver, bnxt_en is updated to include a large number of upstream and vendor supplied patches.

  • Broadcom Emulex Fibre Channel HBA driver

    The Broadcom Emulex LightPulse Fibre Channel SCSI driver, lpfc, is updated to version 14.2.0.5 with vendor supplied patches and bug fixes.

  • Microsoft Azure Network Adapter driver

    The Microsoft Azure Network Adapter driver, mana, is included in this release. Upstream and vendor supplied patches are included and the driver is intended for use on Oracle Linux 8 and Oracle Linux 9. Notable feature updates include the addition of a handler for eXpress Data Path (XDP) Redirects.

  • MPI3 Storage Controller device driver

    The MPI3 Storage Controller device driver, mpi3mr, is included in this release at version 8.2.0.3.0. Upstream and vendor supplied patches are included.

  • QLogic FastLinQ 4xxxx Core module

    The QLogic FastLinQ 4xxxx Core module, qed, is updated to include vendor supplied patches to update this driver in line with upstream changes.

  • QLogic FastLinQ 4xxxx iSCSI module

    The QLogic FastLinQ 4xxxx iSCSI module, qedi, is updated to include vendor supplied patches to update this driver in line with upstream changes. Notably, these ISCSI transport fixes include iscsid connection recovery fixes and qedi shutdown handler hang fixes.

  • Marvell QLogic Fibre Channel HBA driver

    The Marvell QLogic Fibre Channel HBA driver, qla2xxx, is updated to version 10.02.08.100-k and includes a large number of vendor supplied patches and updates.

  • Intel® Ethernet Connection E800 Series Linux Driver

    The Intel® Ethernet Connection E800 Series Linux Driver is updated to include vendor supplied patches and bug fixes.

CA Restrictions on Machine Keyring Removed

The .machine kernel keyring was introduced in UEK R7 and fully described in Unbreakable Enterprise Kernel Release 7: Release Notes (5.15.0-0.30). However, certification authority (CA) restrictions that were implemented did not accept Machine Owned Key (MOK) certificates without the CA bit set to be loaded into the .machine keyring.

With the removal of the restrictions, all MOK certificates can now be loaded.

For more information about secure booting, see Oracle Linux: Working With UEFI Secure Boot.

NVMe Verbose Logging

In this release, verbose logging for NVMe is enabled by default to improve logging. This implementation facilitates troubleshooting by helping administrators to better analyze why the controller might fail NVMe-related commands.

Secure Boot Enabled on All UEFI-Compliant Systems

Beginning with this update release, Secure Boot is implemented and kernel images are now signed on all UEFI-compliant x86_64 and Arm systems.