ProHoster > Blog > internet news > Linux 5.2 kernel release

Linux 5.2 kernel release

After two months of development Linus Torvalds presented kernel release Linux 5.2. Among the most notable changes: Ext4 case-insensitive mode of operation, separate system calls for mounting a file system, drivers for Mali 4xx/6xx/7xx GPUs, the ability to handle changes to sysctl values ​​in BPF programs, the dm-dust device-mapper module, attack protection MDS, support for Sound Open Firmware for DSP, BFQ performance optimization, bringing the PSI (Pressure Stall Information) subsystem to Android usability.

The new version accepted 15100 fixes from 1882 developers,
patch size - 62 MB (changes affected 30889 files, 625094 lines of code added, 531864 lines deleted). About 45% of all presented in 5.2
changes are associated with device drivers, approximately 21% of changes have
attitude towards updating code specific to hardware architectures, 12%
related to the network stack, 3% to file systems and 3% to internal
kernel subsystems. 12.4% of all changes are prepared by Intel, 6.3% by Red Hat, 5.4% by Google, 4.0% by AMD, 3.1% by SUSE, 3% by IBM, 2.7% by Huawei, 2.7% by Linaro, 2.2% by ARM, 1.6 % - Oracle.

All innovations:

  • Disk Subsystem, I/O and File Systems
    • Added for Ext4 support case-insensitive work in file names, which is activated only in relation to separate empty directories using the new attribute "+F" (EXT4_CASEFOLD_FL). When this attribute is set on a directory, all operations with files and subdirectories inside will be case-insensitive, including case will be ignored when searching and opening files (for example, Test.txt, test.txt and test.TXT files in such directories will be considered the same). By default, the filesystem continues to be case-sensitive, except for directories with the "chattr +F" attribute;
    • Unified functions for processing UTF-8 characters in file names that are used when performing string comparison and normalization operations;
    • XFS adds an infrastructure for keeping track of file system health and a new ioctl for querying health status. Implemented an experimental feature to check superblock counters on the fly (online scrub).
    • Added new device-mapper module "dm-dust", which allows you to simulate the appearance of bad blocks on the media or errors when reading from the disk. The module allows you to simplify the debugging and testing of applications and various storage systems in the event of a possible failure;
    • Carried out significant performance optimization of the BFQ I/O scheduler. Under conditions of high I / O load, the optimizations made allow up to 80% reduction in the time of operations such as launching applications;
    • Added a series of system calls for mounting filesystems: fsopen(), open_tree(), fspick(), fsmount(), fsconfig() ΠΈ move_mount(). These system calls allow you to separately process different stages of mounting (process superblock, get information about the file system, mount, attach to the mount point), which were previously performed using the general mount() system call. Separate calls allow you to perform more complex mount scripts and separately perform operations such as reconfiguring the superblock, enabling options, changing the mount point, and moving to a different namespace. In addition, separate processing allows you to accurately determine the reasons for the output of error codes and set multiple sources for layered file systems, such as overlayfs;
    • A new operation IORING_OP_SYNC_FILE_RANGE has been added to the interface for asynchronous I / O io_uring , which performs actions equivalent to a system call sync_file_range(), as well as the ability to register eventfd with io_uring and receive notifications about the completion of operations;
    • Added FIEMAP ioctl for CIFS file system to provide efficient extent mapping and support for SEEK_DATA and SEEK_HOLE modes;
    • In the FUSE subsystem proposed API for managing data caching;
    • Btrfs has optimized the implementation of qgroups and improved fsync performance for files with multiple hard links. Improved data integrity check code, which now takes into account possible information corruption in RAM before flushing data to disk;
    • Support for exporting snapshots via NFS has been added to CEPH;
    • Implementation of NFSv4 mount in "soft" mode has been improved (if an error occurs while accessing the server in "soft" mode, the call to immediately returns an error code, and in "hard" mode, control is not returned until the FS becomes available again or timeout). The new release provides more accurate timeout handling, faster crash recovery, and a new "softerr" mount option to change the error code (ETIMEDOUT) returned when a timeout occurs;
    • The nfsdcld API for monitoring the state of NFS clients makes it possible for the NFS server to correctly track the state of a client on reboot. Thus, the nfsdcld daemon can now act as the nfsdcltrack handler;
    • For AFS added emulation of locks of ranges of bytes in files (Byte Range Locking);
  • Virtualization and Security
    • Work has been done to eliminate places in the kernel that allow code execution from writable mirrored memory areas, which allows blocking potential gaps that can be exploited in an attack;
    • A new "mitigations=" kernel command-line option has been added to provide a simplified way to control whether certain techniques are enabled to protect against CPU speculative execution vulnerabilities. Passing 'mitigations=off' disables all available methods, and the default 'mitigations=auto' enables protection but does not affect the use of Hyper Threading. The "mitigations=auto,nosmt" mode additionally turns off Hyper Threading, if required by the protection method.
    • Added by support for electronic digital signature in accordance with GOST R 34.10-2012 (RFC 7091, ISO/IEC 14888-3), developed by Vitaly Chikunov from Basalt SPO. Added support for AES128-CCM to native TLS implementation. Added support for AEAD algorithms to the crypto_simd module;
    • In Kconfig added a separate "kernel hardening" section with options to increase the protection of the core. Currently, the new section only contains settings for enabling GCC plugins that enhance checks;
    • The kernel code is almost spared from uninterrupted case statements in switch (no return or break after each case block). It remains to fix 32 out of 2311 cases of such use of switch, after which it will be possible to use the "-Wimplicit-fallthrough" mode when building the kernel;
    • Support for hardware mechanisms for restricting unwanted kernel access paths to data in user space is implemented for the PowerPC architecture;
    • Added blocking code attacks class MDS (Microarchitectural Data Sampling) in Intel processors. You can check the vulnerability of a system through the SysFS variable "/sys/devices/system/cpu/vulnerabilities/mds". Available two protection modes: full, which requires updated microcode, and bypass, which does not completely guarantee the clearing of CPU buffers when control is transferred to user space or the guest system. To control protection modes, the "mds=" parameter has been added to the kernel, which can take the values ​​"full", "full,nosmt" (+ disable Hyper-Threads) and "off";
    • On x86-64 systems, for IRQs, debugging mechanisms and exception handlers, "stack guard-page" protection has been added, the essence of which is substitution on the border with the stack of memory pages, access to which leads to the generation of an exception (page-fault);
    • Added sysctl setting vm.unprivileged_userfaultfd to control whether unprivileged processes can use the userfaultfd() system call;
  • Network subsystem
    • Added by support for IPv6 gateways for IPv4 routes. For example, now you can specify routing rules like "ip ro add 172.16.1.0/24 via inet6 2001:db8::1 dev eth0";
    • For ICMPv6, the icmp_echo_ignore_anycast and icmp_echo_ignore_multicast ioctl calls are implemented to ignore ICMP ECHO for anycast and
      multicast addresses. Added by the ability to limit the intensity of processing ICMPv6 packets;

    • For the mesh protocol BATMAN ("Better Approach To Mobile Adhoc Networking"), which allows you to create decentralized networks, each node in which is connected through neighboring nodes, added support for broadcasting from multicast to unicast, as well as the ability to control via sysfs;
    • In ethtool added new parameter Fast Link Down, which allows to reduce the time of receipt of information about the link down event for 1000BaseT (under normal conditions, the delay is up to 750ms);
    • Appeared opportunity binding Foo-Over-UDP tunnels to a specific address, network interface or socket (previously binding was made only by a common mask);
    • In the wireless stack provided the ability to implement handlers
      OWE (Opportunistic Wireless Encryption) in user space;

    • Netfilter has added support for the inet address family in nat chains (for example, now you can use one translation rule to process ipv4 and ipv6, without separating the rules for ipv4 and ipv6);
    • In netlink added mode strict for strict validation of all messages and attributes, which does not allow exceeding the expected size of attributes and does not allow adding additional data at the end of messages;
  • Memory and system services
    • The CLONE_PIDFD flag has been added to the clone() system call, when specified, a pidfd file descriptor, identified with the created child process, is returned to the parent process. This file descriptor, for example, can be used to send signals without fear of running into a race condition (immediately after sending the signal, the target PID may be freed due to process termination and occupied by another process);
    • For the second version of cgroups, the functionality of the freezer controller has been added, with which you can stop work in a cgroup and temporarily free up some resources (CPU, I/O, and potentially even memory) for other tasks. Management is done through the control files cgroup.freeze and cgroup.events in the cgroup tree. Writing 1 to cgroup.freeze freezes processes in the current cgroup and all child groups. Since freezing takes some time, the cgroup.events file is additionally proposed through which you can find out about the completion of the operation;
    • Secured export of memory attributes attached to each node in sysfs, which allows you to determine from user space the nature of the processing of memory banks in systems with heterogeneous memory;
    • The PSI (Pressure Stall Information) subsystem has been improved, which allows you to analyze information about the waiting time for obtaining various resources (CPU, memory, I / O) for certain tasks or sets of processes in a cgroup. With PSI, user-space processors can more accurately assess system load and slowdown patterns compared to Load Average. The new version provides support for setting sensitivity thresholds and the ability to use the poll () call to receive notification of the operation of the set thresholds for a certain period of time. This feature allows Android to track low memory at an early stage, determine the source of problems and terminate unimportant applications without causing problems that are noticeable to the user. In stress testing, PSI-based memory consumption monitors showed 10 times fewer false positives compared to vmpressure statistics;
    • The code for checking BPF programs was optimized, which for large programs began to perform checks up to 20 times faster. Optimization made it possible to raise the limit on the size of BPF programs from 4096 to a million instructions;
    • For BPF programs provided by the ability to access global data, which allows you to define global variables and constants in programs;
    • Added API, which allows you to control changes in sysctl parameters from BPF programs;
    • For the MIPS32 architecture, a JIT compiler for the eBPF virtual machine has been implemented;
    • For the 32-bit PowerPC architecture, support has been added for the KASan (Kernel address sanitizer) debugging tool, which provides error detection when working with memory;
    • On x86-64 systems, the restriction on placing state dumps during a kernel crash (crash-dump) in memory areas above 896MB has been removed;
    • For the s390 architecture, support for kernel address space randomization (KASLR) and the ability to verify digital signatures when loading the kernel via kexec_file_load () are implemented;
    • Added support for kernel debugger (KGDB), jump markers, and kprobes for PA-RISC architecture;
  • Equipment
    • Driver included Lima for GPU Mali 400/450 used in many old chips based on ARM architecture. For newer Mali GPUs, a Panfrost driver has been added that supports chips based on Midgard (Mali-T6xx, Mali-T7xx, Mali-T8xx) and Bifrost (Mali G3x, G5x, G7x) microarchitectures;
    • Added support for sound devices using open firmware SoundOpen Firmware (SOF). Despite the presence of open drivers, the firmware code for sound chips has still remained closed and was supplied in binary form. The Sound Open Firmware project was developed by Intel to create open firmware for DSP chips related to sound processing (later Google also joined the development). At present, within the framework of the project, the opening of the firmware for the sound chips of the Intel Baytrail, CherryTrail, Broadwell, ApolloLake, GeminiLake, CannonLake and IceLake platforms has already been prepared;
    • Chip support added to Intel DRM driver (i915)
      Elkhartlake (Gen11). Added PCI IDs for Comet Lake (Gen9) chips. Support for Icelake chips has been stabilized, for which additional PCI device identifiers have also been added.
      Switched on
      asynchronous switching between two buffers in the video memory (async flip) when performing write operations via mmio, which made it possible to noticeably improve the performance of some 3D applications (for example, performance in the 3DMark Ice Storm test increased by 300-400%). Technology support added HDCP2.2 (High-bandwidth Digital Content Protection) to encrypt the video signal transmitted via HDMI;

    • Vega20 GPU amdgpu driver added support for RAS (Reliability, Availability, Serviceability) and experimental support for the SMU 11 subsystem, which replaced Powerplay technology. For GPU Vega12 added support for BACO mode (Bus Active, Chip Off). Added initial support for XGMI, a high-speed bus (PCIe 4.0) for GPU connectivity. Added missing IDs for Polaris10 GPU based cards to amdkfd driver.
    • Added support for boards based on the NVIDIA Turing 117 chipset (TU117, used in the GeForce GTX 1650) to the Nouveau driver. IN
      kconfig added setting to disable deprecated features that are no longer used in current releases of libdrm;

    • Added support for "timeline" synchronization objects to the DRM API and the amdgpu driver to avoid classic locks.
    • The vboxvideo driver for the VirtualBox virtual GPU has been moved from the staging branch to the main composition;
    • Added aspeed driver for GFX chip SoC ASPEED;
    • Added support for ARM SoC and boards Intel Agilex (SoCFPGA), NXP i.MX8MM, Allwinner (RerVision H3-DVK (H3), Oceanic 5205 5inMFD, ,Beelink GS2 (H6), Orange Pi 3 (H6)), Rockchip (Orange Pi RK3399, Nanopi NEO4, Veyron-Mighty Chromebook), Amlogic: SEI Robotics SEI510,
      ST Micro (stm32mp157a, stm32mp157c), NXP (
      Eckelmann ci4x10 (i.MX6DL),

      i.MX8MM EVK (i.MX8MM),

      ZII i.MX7 RPU2 (i.MX7),

      ZII SPB4 (VF610),

      Zii Ultra (i.MX8M),

      TQ TQMa7S (i.MX7Solo),

      TQ TQMa7D (i.MX7Dual),

      Kobo Aura (i.MX50),

      Menlosystems M53 (i.MX53)), NVIDIA Jetson Nano (Tegra T210).

Simultaneously, Free Software Foundation Latin America formed
option completely free kernel 5.2 β€” linux-libre 5.2-gnu, cleaned from elements of firmware and drivers containing non-free components or code sections, the scope of which is limited by the manufacturer. New release includes file uploads
Sound Open Firmware. Disabled blobs loading in drivers
mt7615, rtw88, rtw8822b, rtw8822c, btmtksdio, iqs5xx, ishtp and ucsi_ccg. Updated blob cleanup code in ixp4xx, imx-sdma, amdgpu, nouveau and goya drivers and subsystems, as well as in microcode documentation. Stopped cleaning blobs in the r8822be driver due to its removal.

Source: opennet.ru

Add a comment