ProHoster > Blog > internet news > Linux 5.17 kernel release

Linux 5.17 kernel release

After two months of development, Linus Torvalds has released the Linux 5.17 kernel. Among the most notable changes: a new performance management system for AMD processors, the ability to recursively map user IDs in file systems, support for portable compiled BPF programs, switching the pseudo-random number generator to the BLAKE2s algorithm, an RTLA utility for real-time execution analysis, a new fscache backend for caching network file systems, the ability to attach names to anonymous mmap operations.

The new version received 14203 fixes from 1995 developers, the patch size is 37 MB (the changes affected 11366 files, 506043 lines of code were added, 250954 lines were deleted). About 44% of all changes introduced in 5.17 are related to device drivers, about 16% of changes are related to updating code specific to hardware architectures, 15% are related to the networking stack, 4% to file systems, and 4% to internal kernel subsystems.

Key innovations in kernel 5.17:

  • Disk Subsystem, I/O and File Systems
    • The possibility of nested mapping of user IDs of mounted file systems is implemented, which is used to map files of a certain user on a mounted foreign partition with another user in the current system. The added feature allows you to recursively use mapping on top of file systems for which mapping is already applied.
    • The fscache subsystem, which is used to organize caching in the local file system of data transferred via network file systems, has been completely rewritten. The new implementation is distinguished by a significant simplification of the code and the replacement of complicated operations of scheduling and tracking the state of objects with simpler mechanisms. Support for the new fscache is implemented in the CIFS file system.
    • In the event tracking subsystem in the fanotify FS, a new FAN_RENAME event type has been implemented, which allows you to immediately intercept the operation of renaming files or directories (previously, two separate events FAN_MOVED_FROM and FAN_MOVED_TO were used to process renames).
    • The Btrfs file system has been optimized for logging and fsync operations for large directories, implemented by copying only index keys and reducing the amount of logged metadata. Support for indexing and searching by the size of free space records has been provided, which has reduced latency and search time by about 30%. Allowed to interrupt defragmentation operations. Enabled the ability to add devices when balancing between drives is disabled, i.e. when mounting a file system with the skip_balance option.
    • A new syntax for mounting the Ceph file system has been proposed, which solves the existing problems associated with binding to IP addresses. In addition to IP addresses, you can now use the cluster identifier (FSID) to determine the server: mount -t ceph [email protected]_name=/[subdir] mnt -o mon_addr=monip1[:port][/monip2[:port]]
    • The Ext4 filesystem has been migrated to a new mount API that separates the stages of parsing mount options and setting up the superblock. Removed support for the lazytime and nolazytime mount options, which were added as a temporary change to ease the transition of util-linux to use the MS_LAZYTIME flag. Added support for setting and reading labels in the FS (ioctl FS_IOC_GETFSLABEL and FS_IOC_SETFSLABEL).
    • NFSv4 added support for working on file systems without separating the case of characters in file and directory names. NFSv4.1+ adds support for defining trunked sessions.
  • Memory and system services
    • Added amd-pstate driver to provide dynamic frequency control for optimal performance. The driver supports AMD CPUs and APUs from the Zen 2 generation, developed in collaboration with Valve and aimed at improving the efficiency of power management. For adaptive frequency change, the CPPC (Collaborative Processor Performance Control) mechanism is used, which allows you to change indicators more accurately (not limited to three performance levels) and respond more quickly to state changes than previously used ACPI-based P-state drivers (CPUFreq).
    • The bpf_loop() handler is proposed in the eBPF subsystem, which provides an alternative way to organize loops in eBPF programs, faster and easier to check by the verifier.
    • At the kernel level, the CO-RE (Compile Once - Run Everywhere) mechanism is implemented, which allows you to build the code of eBPF programs only once and use a special universal loader that adapts the loaded program to the current kernel and BTF types (BPF Type Format).
    • The ability to assign names to areas of private anonymous (allocated via malloc) memory is provided, which can simplify debugging and optimize memory consumption in applications. Names are assigned via prctl with the PR_SET_VMA_ANON_NAME flag and appear in /proc/pid/maps and /proc/pid/smaps in the form "[anon: ]".
    • The task scheduler tracks and displays in /proc/PID/sched the time spent by processes in the forced-idle state, which is used, for example, to reduce the load when the processor overheats.
    • Added gpio-sim module, designed to simulate GPIO chips for testing.
    • The "latency" subcommand has been added to the "perf ftrace" command to generate histograms with latency information.
    • Added a set of utilities "RTLA" to analyze the work in real time. The package includes utilities such as osnoise (determines the influence of the operating system on the execution of a task) and timerlat (changes the delays associated with the timer).
    • The second series of patches has been integrated with the implementation of the concept of page folios, which resemble compound pages, but differ in improved semantics and a more understandable organization of work. Using tomes allows you to speed up memory management in some kernel subsystems. The proposed patches have completed the transition of the page cache to the use of tomes and added initial support for tomes in the XFS file system.
    • Added "make mod2noconfig" build mode, which generates a configuration that collects all disabled subsystems in the form of kernel modules.
    • Raised requirements for the version of LLVM/Clang that can be used to build the kernel. Build now requires at least LLVM 11 release.
  • Virtualization and Security
    • An updated implementation of the pseudo-random number generator RDRAND, which is responsible for the operation of the /dev/random and /dev/urandom devices, is proposed, notable for the transition to using the BLAKE2s hash function instead of SHA1 for entropy mixing operations. The change made it possible to increase the security of the pseudo-random number generator by getting rid of the problematic SHA1 algorithm and eliminating the overwriting of the RNG initialization vector. Since the BLAKE2s algorithm is ahead of SHA1 in terms of performance, its use also had a positive effect on performance.
    • Added protection against vulnerabilities in processors caused by speculative execution of instructions after unconditional forward jump operations. The problem arises from the preemptive processing of instructions immediately following the branch instruction in memory (SLS, Straight Line Speculation). Enabling security requires a build using GCC release 12, which is currently in testing.
    • A reference count tracking mechanism (refcount, reference-count) has been added to reduce the number of reference counting errors that cause memory to be accessed after it has been freed. The mechanism is currently limited to the network subsystem, but may be adapted to other parts of the kernel in the future.
    • Extended checks for new entries in the process's memory page table have been implemented to detect certain types of corruption and bring the system to a halt, blocking attacks at an early stage.
    • Added the ability to unpack kernel modules directly by the kernel itself rather than by a user-space handler, which allows the LoadPin LSM module to ensure that kernel modules are loaded into memory from a verified storage device.
    • A build with the "-Wcast-function-type" flag is provided to enable warnings about casting function pointers to an incompatible type.
    • Added pvUSB virtual host driver for the Xen hypervisor, which provides access to USB devices forwarded to guest systems (allows guest systems to access physical USB devices assigned to the guest system).
    • A module has been added that allows you to interact via Wi-Fi with the IME (Intel Management Engine) subsystem, which is supplied in most modern motherboards with Intel processors and is implemented as a separate microprocessor that operates independently of the CPU.
    • For the ARM64 architecture, support is implemented for the KCSAN (Kernel Concurrency Sanitizer) debugging tool, designed to dynamically detect race conditions inside the kernel.
    • For 32-bit ARM systems, the ability to use the KFENCE mechanism to detect errors when working with memory has been added.
    • The KVM hypervisor adds support for AMX (Advanced Matrix Extensions) instructions implemented in the upcoming Intel Xeon Scalable server processors.
  • Network subsystem
    • Added support for offloading operations related to traffic management to the side of network devices.
    • Added the ability to use the MCTP protocol (Management Component Transport Protocol) over devices with a serial interface. MCTP can be used to communicate between control controllers and their associated devices (host processors, peripherals, etc.).
    • The TCP stack has been optimized, for example, to improve the performance of recvmsg calls, a delayed release of socket buffers has been implemented.
    • At the CAP_NET_RAW authority level, it is allowed to set the SO_PRIORITY and SO_MARK modes through the setsockopt function.
    • IPv4 allows raw socket binding to non-local IP addresses using the IP_FREEBIND and IP_TRANSPARENT options.
    • Added sysctl arp_missed_max to set the ARP monitor failure threshold after which the network interface is put into a disabled state.
    • The ability to configure individual sysctl min_pmtu and mtu_expires values ​​for network namespaces has been provided.
    • The ability to set and determine the size of buffers for incoming and outgoing packets has been added to the ethtool API.
    • Added support for filtering transit pppoe traffic in a network bridge in Netfilter.
    • Added key exchange support to ksmbd module with SMB3 file server implementation, enabled network port 445 for smbdirect, and added support for "smb2 max credit" parameter.
  • Equipment
    • The drm (Direct Rendering Manager) subsystem and the i915 driver have added support for screens for displaying confidential information, for example, some laptops are equipped with screens with a built-in confidential view mode, which makes it difficult to view from outside. The added changes allow you to connect specialized drivers for such screens and control private browsing modes through setting properties in regular KMS drivers.
    • The amdgpu driver includes support for the STB (Smart Trace Buffer) debugging technology for all AMD GPUs that support it. STB makes it easier to analyze failures and identify the source of problems by storing in a special buffer information about the functions performed before the last failure.
    • The i915 driver adds support for Intel Raptor Lake S chips and enables support for the graphics subsystem of Intel Alder Lake P chips by default. Provides the ability to control the screen backlight via the VESA DPCD interface.
    • The fbcon/fbdev drivers have returned support for hardware accelerated scrolling in the console.
    • Continued integration of changes to support Apple M1 chips. Implemented the ability to use the simpledrm driver on systems with an Apple M1 chip to output through the framebuffer provided by the firmware.
    • Added support for ARM SoC, Snapdragon 7c, 845 and 888 devices and boards (Sony Xperia XZ2 / XZ2C / XZ3, Xperia 1 III / 5 III, Samsung J5, Microsoft Surface Duo 2), Mediatek MT6589 (Fairphone FP1), Mediatek MT8183 (Acer Chromebook 314) Aspeed AST7986/AST4908, Engicam i.Core STM500MP65, Allwinner Tanix TX7885, Facebook Bletchley BMC, Goramo MultiLink, JOZ Access Point, Y Soft IOTA Crux/Crux+, t4/t8 MacBook Pro 721/2.
    • Added support for ARM Cortex-M55 and Cortex-M33 processors.
    • Added support for CPU MIPS devices: Linksys WRT320N v1, Netgear R6300 v1, Netgear WN2500RP v1/v2.
    • Added support for StarFive JH7100 SoC based on RISC-V architecture.
    • Added lenovo-yogabook-wmi driver to control keyboard backlight and access various sensors on Lenovo Yoga Book.
    • Added asus_wmi_sensors driver to access sensors used on Asus X370, X470, B450, B550 and X399 motherboards based on AMD Ryzen processors.
    • Added x86-android-tablets driver for x86 tablet PCs shipped with Android platform.
    • Added support for TrekStor SurfTab duo W1 touch screens and electronic pen for Chuwi Hi10 Plus and Pro tablets.
    • Added support for power and voltage management to Tegra 20/30 SoC drivers. Enabled booting on older 32-bit devices based on Tegra SoC such as ASUS Prime TF201, Pad TF701T, Pad TF300T, Infinity TF700T, EeePad TF101 and Pad TF300TG.
    • Added drivers for Siemens industrial computers.
    • Added support for Sony Tulip Truly NT35521, Vivax TPC-9150, Innolux G070Y2-T02, BOE BF060Y8M-AJ0, JDI R63452, Novatek NT35950, Wanchanglong W552946ABA and Team Source Display TST043015CMHX LCD panels.
    • Added support for sound systems and codecs AMD Renoir ACP, Asahi Kasei Microdevices AKM4375, Intel systems using NAU8825/MAX98390, Mediatek MT8915, nVidia Tegra20 S/PDIF, Qualcomm ALC5682I-VS, Texas Instruments TLV320ADC3xxx. Fixed problems with Tegra194 HD-audio. Added HDA support for CS35L41 codecs. Improved sound system support for Lenovo and HP laptops and Gigabyte motherboards.

Source: opennet.ru

Add a comment