The most notable changes:
- A lockdown module that restricts the root user's access to kernel files and interfaces. Details.
- The virtiofs filesystem for forwarding specific host directories to guest systems. The interaction goes according to the "client-server" scheme through FUSE. Details.
- fs-verity file integrity control mechanism. Similar to dm-verity, but works at the Ext4 and F2FS file system level, not block devices. Details.
- The dm-clone module for copying read-only block devices, while data can be written to the copy directly during the cloning process. Details.
- Support for AMD Navi 12/14 GPUs and APUs from the Arcturus and Renoir families. Work has also begun on support for future Intel Tiger Lake graphics.
- The MADV_COLD and MADV_PAGEOUT flags for the madvise() system call. They allow you to determine what data in memory is not critical for the process to work or will not be needed for a long time so that this data can be forced out to swap and free up memory.
- The EROFS file system has been moved from the Staging section - a very light and fast read-only file system, beneficial for storing firmware and livecd. Details.
- The exFAT file system driver developed by Samsung has been added to the Staging section.
- Haltpoll mechanism to improve the performance of guest systems. It allows guests to receive additional CPU time before the CPU is returned to the hypervisor. Details.
- blk-iocost controller for distributing I/O between cgroups. The new controller focuses on the cost of the future IO operation. Details.
- Namespaces for kernel module symbols. Details.
- Work continues on integrating real-time patches into the kernel.
- The io_uring mechanism has been improved.
- Speed ββup work with large directories on XFS.
- Dozens of other changes.
Source: linux.org.ru