1. Unbreakable Enterprise Kernel Release 7 Update 2 - Release Notes (Version 5.15.0-200)
  2. New Features and Changes

2 New Features and Changes

This chapter describes new features, enhancements, and other notable changes that are introduced in UEK R7U2.

NVMe In-Band Authentication for Data Protection

NVMe In-Band authentication is a security feature for NVMe over Fabrics configurations. NVMe In-Band authentication provides a challenge-response identify authentication protocol that uses a "shared secret" and doesn't require the transmission of a password between the host and controller. Authentication doesn't require a secure channel to remain safe. In this feature implementation, functionality is added to both the host and target side and driven by the user space nvme-cli application. The nvme-cli application must be at version 2.2.3 or later to use this feature.

NVMe In-Band authentication is available on Oracle Linux 9 with UEK R7U2.

AMD Last Branch Record Extension Version 2

The Last Branch Record (LBR) feature is a hardware based mechanism that's used to analyze the flow of control in software. It logs branch information in real time to enable the system to determine where priority or hot code should be directed, such as different types of optimizations that are active in running applications. This UEK release implements AMD Last Branch Record Extension Version 2 (LbrExtV2), whose added functionalities include LBR-Freeze-on-PMI to correlate better with PMC overflow events, new speculation information, and new hardware based filtering for obtaining data on specific branch types.

Kernel SYN Flood Messages Include the Listening Address

Kernel SYN flood messages are enhanced to include both the listening IP address and port:

Possible SYN flooding on port <ip_address>:<port>.

The update makes it easier for administrators to identify the affected socket when many processes are bound to the same port on different IP addresses.

Updated Drivers

In close cooperation with hardware and storage vendors, Oracle has updated several device drivers from the versions in mainline Linux 5.15.0.

The following new features are noted in the drivers that are shipped with UEK R7U2:

  • Intel® Ethernet Connection E800 Series Linux driver

    The Intel Ethernet Connection E800 Series Linux driver ice is updated to 6.0.0 with vendor supplied enhancements and bug fixes. Notable enhancements include Point-to-Point Protocol over Ethernet (PPPoE) protocol hardware offload, Inter-Integrated Circuit (I2C) protocol write command, VLAN Tag Protocol Identifier (TPID) filters in the Ethernet switch device driver model (switchdev), and double VLAN tagging in switchdev. The update also includes changes to enable the driver to work with the Ethernet Port Configuration Tool (EPCT) that includes the devlink command, used to list and view configurable devices.

  • Mellanox 5th generation network adapters (ConnectX series) core driver

    The Mellanox ConnectX series driver mlx5 is updated to version 6.3 with vendor supplied patches and bug fixes.

  • Broadcom Emulex Fibre Channel HBA driver

    The Broadcom Emulex Fibre Channel HBA driver lpfc is updated to version 14.2.0.13 with vendor supplied patches and bug fixes.

  • Marvell QLogic Fibre Channel HBA driver

    The Marvell QLogic Fibre Channel HBA driver qla2xxx is updated to version 10.02.09.100-k with vendor supplied patches and bug fixes.

  • LSI MPT Fusion SAS 3.0 Device Driver

    The LSI MPT Fusion SAS 3.0 Device Driver mpt3sas is updated to version 43.100.00.00 with vendor supplied patches and bug fixes.

  • Broadcom MegaRAID SAS driver

    The Broadcom MegaRAID SAS driver megaraid_sas is updated to version 07.725.01.00-rc1 with vendor supplied patches and bug fixes.

  • MPI3 Storage Controller Device Driver

    The MPI3 Storage Controller Device Driver mpi3mr is updated to version 8.5.0.0 with vendor supplied patches and bug fixes.

  • Broadcom BCM573xx network driver

    The Broadcom BCM573xx network driver bnxt_en is updated with vendor supplied patches and is at version 6.2.

  • Microsoft Azure Network Adapter

    The Microsoft Azure Network Adapter mana is updated with vendor supplied patches and bug fixes and is at version 6.4.

  • Solarflare network driver

    The Solarflare network driver (sfc) has been split into sfc and sfc-siena. The latter (sfc-siena) is the driver for Siena hardware (SFN5000/SFN6000 series).

Deprecated and Removed Features

The following features are deprecated or removed and no longer available in UEK R7U2:

  • CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_DES option for 3DES/DES3 RPCSEC GSS encryption types

    The RPCSEC GSS encryption types DES and Triple-DES (3DES/DES3) are deprecated in this UEK release, and might be removed from the kernel in a future UEK release.

    These encryption types were deprecated by RFCs 6649 and 8429 because they're known to be insecure.

  • CONFIG_NFS_V2 and CONFIG_NFSD_V2 options for NFSv2 client and server

    Support for NFSv2 clients and NFSv2 servers is deprecated in this UEK release, and might be removed from the kernel in a future UEK release.

    NFSv2 has long been replaced by NFSv3 and NFSv4, which offer improved functionality, performance, and security.

  • CONFIG_NFS_DISABLE_UDP_SUPPORT option for NFSv3 over UDP

    Support for NFS version 3 over the UDP network protocol is deprecated in this UEK release, and might be removed from the kernel in a future UEK release.

    Modern NFS/RPC over TCP and RDMA implementations provide better performance than UDP, and provide reliable ordered delivery of data combined with congestion control.

    Note that NFSv4 is already not supported over UDP, for the same reasons.

  • CONFIG_STAGING option

    With the CONFIG_STAGING kernel configuration option, you can select drivers that don't necessarily meet the highest kernel quality level but are merely made available for test use. However, the kernel option CONFIG_STAGING is deprecated in this UEK release and might be removed in a future release.

  • CONFIG_IXGB option

    The CONFIG_IXGB for Intel PRO/10GbE hardware is deprecated and might be removed from the kernel in a future UEK release.

  • CONFIG_IP_NF_TARGET_CLUSTERIP option

    The CONFIG_IP_NF_TARGET_CLUSTERIP option that allowed you to build load-balancing clusters of network servers without a dedicated load-balancing router or switch is deprecated in favor of functionality already in Netfilter cluster match.

  • CONFIG_EFI_VARS option

    The CONFIG_EFI_VARS option that provided the efivars sysfs interface to configure UEFI variables is removed from the upstream kernel and is deprecated in this release of UEK. Replacement functionality has been present in the kernel since 2012. For more information, see https://www.kernel.org/doc/html/latest/filesystems/efivarfs.html.

  • Firewire driver

    The CONFIG_FIREWIRE option was disabled in Oracle Linux 9. Thus, the Firewire driver is deprecated and unusable in this UEK release.

  • crashkernel=auto option

    The crashkernel=auto option is deprecated and no longer supported on Oracle Linux 9 and therefore unsupported for UEK R7 on Oracle Linux 9. Some platforms, such as the Raspberry Pi have maximum limits for crashkernel memory reservation and these must be specified explicitly. This option will be removed in a future UEK release.

  • Several network scheduler modules

    The following network scheduler modules are deprecated:

    • cls_tcindex
    • cls_rsvp
    • sch_dsmark
    • sch_atm
    • sch_cbq

    These modules might be disabled or blocklisted and can be removed in a future release of UEK. The modules are already removed in the upstream Linux kernel.