Oracle has published stable releases of the Oracle Linux 9 distribution and Unbreakable Enterprise Kernel 7 (UEK R7), positioned for use in the Oracle Linux distribution as an alternative to the standard Red Hat Enterprise Linux kernel package. The Oracle Linux 9 distribution is based on the Red Hat Enterprise Linux 9 package base and is fully binary compatible with it.
For download without restrictions, installation iso images are offered, 8.6 GB and 840 MB in size, prepared for the x86_64 and ARM64 (aarch64) architectures. For Oracle Linux 9, unlimited and free access to the yum repository with binary package updates with bug fixes (errata) and security issues is open. Separately maintained repositories with sets of Application Stream and CodeReady Builder packages are also prepared for download.
In addition to the RHEL kernel package (based on the 5.14 kernel), Oracle Linux offers its own Unbreakable Enterprise Kernel 7, based on the Linux 5.15 kernel and optimized for industrial software and Oracle hardware. The kernel sources, including the breakdown into individual patches, are available in the public Oracle Git repository. The Unbreakable Enterprise Kernel is installed by default, positioned as an alternative to the regular RHEL kernel package and provides a number of advanced features, such as DTrace integration and improved Btrfs support. In addition to the additional kernel, the releases of Oracle Linux 9 and RHEL 9 are completely identical in functionality (the list of changes can be found in the RHEL9 announcement).
Key innovations in the Unbreakable Enterprise Kernel 7:
- Improved support for Aarch64 architecture. The default memory page size on 64-bit ARM systems has been reduced from 64 KB to 4 KB, which better matches the memory sizes and workloads typical of ARM systems.
- The delivery of the DTrace 2.0 dynamic debugging system has been continued, which has been switched to the use of the eBPF kernel subsystem. DTrace 2.0 runs on top of eBPF, similar to how Linux's existing tracing tools run on top of eBPF.
- Expanded the capabilities of the Btrfs file system. An asynchronous implementation of the DISCARD operation has been added to Btrfs to mark freed blocks that can no longer be physically stored. Asynchronous implementation allows you not to wait for the completion of DISCARD by the drive and perform this operation in the background. Added new mount options to simplify data recovery from a corrupted FS: "rescue=ignorebadroots" to mount despite damage to some root trees (extent, uuid, data reloc, device, csum, free space), "rescue=ignoredatacsums" to disable checking data checksums and "rescue=all" to enable 'ignorebadroots', 'ignoredatacsums' and 'nologreplay' modes at the same time. Significant performance optimizations have been made to fsync() operations. Added support for fs-verity (file authentication and integrity) and user ID matching.
- XFS implements support for DAX operations for direct access to the file system, bypassing the page cache to avoid double caching. Changes have been added to address 32-bit time_t overflow issues in 2038, including new bigtime and inobtcount mount options.
- Improvements have been made to the OCFS2 (Oracle Cluster File System) file system.
- The ZoneFS file system has been added to simplify low-level work with zoned storage devices. Zoned storage refers to hard disk drives or NVMe SSDs where the storage space is divided into zones, constituting groups of blocks or sectors, to which only sequential addition of data is allowed with updating the entire group of blocks. ZoneFS associates each zone in the drive with a separate file that can be used to store data in raw mode without manipulation at the sector and block level, i.e. allows applications to use the file API instead of directly accessing the block device using ioctl.
- Support for the VPN WireGuard protocol has been stabilized.
- Extended capabilities of the eBPF subsystem. The CO-RE (Compile Once - Run Everywhere) mechanism has been implemented, which solves the problem of portability of compiled eBPF programs and allows you to build the code of eBPF programs only once and use a special universal loader that adapts the loaded program to the current kernel and BTF types (BPF Type format). The "BPF trampoline" mechanism has been added, which makes it possible to practically reduce the overhead of transferring calls between the kernel and BPF programs to zero. Provided the ability to directly access the core functionality from BPF programs and suspend the handler.
- Integrated detector of split locks ("split lock") that occurs when accessing unaligned data in memory due to the fact that when executing an atomic instruction, the data crosses two lines of the CPU cache. The kernel can detect such locks on the fly that result in significant performance degradation and issue warnings or send a SIGBUS signal to the application that caused the lock.
- Support is provided for Multipath TCP (MPTCP), an extension of the TCP protocol for organizing the operation of a TCP connection with the delivery of packets simultaneously along several routes through different network interfaces bound to different IP addresses.
- The task scheduler implements the SCHED_CORE scheduling mode, which allows you to control which processes can run together on the same CPU core. Each process can be assigned a cookie identifier that defines the scope of trust between processes (for example, belonging to the same user or container). When organizing code execution, the scheduler can ensure that the same CPU core is shared only between processes associated with the same owner, which can be used to block some attacks of the Specter class by preventing both trustworthy and untrustworthy tasks from executing on the same SMT (Hyper Threading) thread.
- For cgroups, a slab memory controller is implemented, which is notable for moving slab accounting from the level of memory pages to the level of kernel objects, which makes it possible to share slab pages in different cgroups, instead of dedicating separate slab caches for each cgroup. The proposed approach makes it possible to increase the efficiency of using slab, reduce the size of memory used for slab by 30-45%, significantly reduce the overall memory consumption of the kernel and reduce memory fragmentation.
- The delivery of debug data in the CTF (Compact Type Format) format is provided, which provides compact storage of information about C-types, relationships between functions and debug symbols.
- The distribution of the DRBD (Distributed Replicated Block Device) module and the /dev/raw device has been discontinued (O_DIRECT flag should be used for direct access to files).
Source: opennet.ru