ProHoster > Blog > internet news > Kernel release Linux 6.10

Kernel release Linux 6.10

After two months of development, Linus Torvalds released the kernel. Linux 6.10. Among the most notable changes: the ntsync driver with synchronization primitives Windows NT, DRM Panic components for implementing a "blue screen of death" analogue, discontinuation of support for older Alpha CPUs, the ability to verify integrity in a FUSE-based file system, restricting access to ioctl via the Landlock mechanism, a subsystem for profiling memory allocation operations, the mseal() system call, the ability to encrypt data exchange with TPM devices, support for high-priority work queues in dm-crypt, and the panthor driver for the tenth generation of Mali GPUs.

The new version includes 14564 fixes from 1989 developers, the patch size is 41 MB (the changes affected 12509 files, 547663 lines of code were added, 312464 lines were deleted). The last release had 15680 fixes from 2106 developers, the patch size was 54 MB. About 41% of all changes introduced in 6.10 are related to device drivers, approximately 15% of changes are related to updating code specific to hardware architectures, 13% are related to the network stack, 5% are related to file systems, and 4% are related to internal kernel subsystems.

Key innovations in kernel 6.10:

  • Disk Subsystem, I/O and File Systems
    • A new fcntl operation, F_DUPFD_QUERY, has been added that allows a process to determine that two different file descriptors refer to the same file. Unlike similar features provided by the kcmp() system call, F_DUPFD_QUERY does not reveal unnecessary information and works on systems with kcmp() disabled.
    • The FUSE subsystem, used to implement file systems in user space, implements the ability to use the fs-verity mechanism to verify the integrity and authenticity of files.
    • The dm-crypt module, used for encryption of block devices, has been updated with the "high_priority" option, which allows the use of high-priority work queues to improve performance on powerful machines. серверахThis mode is disabled by default, as it can lead to increased latency on regular PCs when performing tasks unrelated to encryption, such as audio processing.
    • Added a netlink-based protocol to manage the NFS server in the kernel. In user space, the nfsdctl utility has been prepared based on this protocol. Support for NFS v2 mounting is disabled by default (in the mount.nfs utility, support for NFS v2 was discontinued in 2021).
    • In the XFS file system, work continues to implement the ability to use the fsck utility to check and correct identified problems online, without unmounting the file system. Added ioctl XFS_IOC_EXCHANGE_RANGE to exchange byte ranges between two files in atomic mode.
    • Btrfs provides support for shrinking unpinned extent maps, which can be useful for reducing memory consumption when the system is low on memory. The data compression code and put_file_data() function have been converted to use page folios. The mechanism for locking extents when performing writeback operations has been redesigned.
    • The Ext4 FS has added support for the ioctl FS_IOC_GETFSSYSFSPATH to determine the location of a given mounted FS in the /sys/fs hierarchy.
    • The OPENPROMFS, ISOFS, QNX6, NILFS2, MINIX and FREEVXFS file systems have been converted to use the new partition mounting API.
    • The EROFS (Extendable Read-Only File System) file system, designed for use on read-only partitions, now supports the Zstandard compression algorithm.
    • Bcachefs has been prepared for executing fsck without unmounting the partition (online check). Added changes and fixes to improve reliability. The ability to update and rollback the FS format in the “nochanges” mode has been implemented, which disables recording and stores metadata only in memory.
    • Added support for creating temporary files to the OverlayFS file system using the O_TMPFILE option.
    • Support for the mechanism for limiting the bandwidth of block devices “CONFIG_BLK_DEV_THROTTLING_LOW” has been discontinued, which since 2017 has retained its experimental status, has not become widespread in practice and makes it difficult to maintain the block device subsystem.
  • Memory and system services
    • Added, but disabled during assembly, the ntsync driver, which implements the /dev/ntsync character device and a set of synchronization primitives used in the kernel. Windows NT. Implementing such primitives at the kernel level can significantly improve performance. Windows-games launched using Wine. Performance gains are achieved by eliminating the overhead associated with using RPCs in user space. Creating a separate kernel driver Linux This is explained by the problematic nature of correctly implementing the NT synchronization API on top of existing primitives in the kernel.
    • Added a subsystem for profiling memory allocation operations in the kernel Linux, which allows for the detection of kernel memory leaks and simplifies memory optimizations. The subsystem provides low overhead, allowing it to be used not only in debug kernel builds but also on production systems.
    • Added an initial implementation of the kernel emergency handler - DRM Panic, which uses the DRM (Direct Rendering Manager) subsystem to display a visual color report in the style of the “blue screen of death”. In the next release it is planned to add the ability to display a logo and QR code on the screen when an emergency condition occurs.
    • Continued migrating changes from the Rust-for- branchLinuxRelated to using Rust as a second language for developing drivers and kernel modules (Rust support is not enabled by default and does not include Rust as a mandatory kernel build dependency). A transition to Rust 1.78 was made, which allowed the standard alloc library to be used instead of a custom fork. Abstractions for working with time in the kernel (a wrapper around the ktime_t structure) were added. Support for using Rust kernel components on RISC-V systems was added.
    • BPF programs implement the ability to use wait queues in the kernel. Added functions bpf_preempt_disable and bpf_preempt_enable, allowing you to create code sections that are not interrupted by the task scheduler. Provided the ability for BPF programs to access cryptographic functions of the kernel (crypto). Support for JIT compilation of BPF programs on systems with 32-bit ARCv2 processors has been implemented.
    • For 32-bit ARM systems, support has been implemented for assembling the kernel using the Clang compiler with the CFI (Control Flow Integrity) protection mode enabled, which blocks violations of the normal execution order (control flow) as a result of the use of exploits that change function pointers stored in memory.
    • Added the ability to directly mirror circular trace buffers via mmap() to transfer their contents to user space without additional copying.
    • Added the "mseal" system call to allow processes to lock on changing certain parts of their address space. In practice, the new system call is planned to be used in the Chrome browser to enhance sandbox isolation.
    • For the x32 subarchitecture, which provides a hybrid x86_64 ABI that allows the use of a 64-bit memory addressing model on 32-bit systems (the processor runs in 64-bit mode, but uses 32-bit pointers and arithmetic operations), added support for the Shadow Stack mechanism, which allows you to block the operation of many exploits, using the hardware capabilities of Intel processors to protect against overwriting the return address from a function in the event of a buffer overflow on the stack.
    • On systems with ARM64 architecture, the userfaultfd() system call, which makes it possible to create handlers for accessing unallocated memory pages (page faults) in user space, implements features related to write protection of memory areas and memory page table elements.
    • Code supporting the Alpha 21164 (EV5) and earlier processors, released since 1995, has been removed. Maintaining the code for these processors was complicated by their lack of byte-level memory access. Alpha was the first architecture to which the kernel was ported. Linux, initially available only for x86 systems.
  • Virtualization and Security
    • Added support for encrypted data exchange with TPM (Trusted Platform Module) devices and transaction integrity verification.
    • The Landlock LSM module, which allows you to limit the interaction of a group of processes with the external environment, has added the ability to apply rules to restrict access to ioctl() calls.
    • The option init_mlocked_on_free, set at the boot stage, has been proposed, which ensures that the contents of memory protected from being evicted to the swap partition using the mlock() call are reset if this memory is freed without being unlocked by the munlock() call. Using this option allows you to prevent cryptographic keys from settling in memory in the event of an emergency termination of an application working with them.
    • The crypto subsystem accelerates disk encryption operations using the AES-XTS algorithm on x86_64 systems with Intel and AMD processors that support the VAES, AVX2, VPCLMULQDQ, AVX10, or AVX512 extensions.
    • The ability to collect statistics on the use of the kernel crypto subsystem (CONFIG_CRYPTO_STATS) has been removed. This feature was not used in practice and led to a significant decrease in productivity, and also created a significant additional burden on maintainers.
  • Network subsystem
    • The performance of data sending operations in zero-copy mode when using the io_uring subsystem has been significantly improved. Added the ability to combine (“bundle”) several buffers for sending and receiving data operations.
    • Rewrote the garbage collection code used when sending file descriptors over Unix sockets using SCM_RIGHTS messages. The change solves the problem with the accumulation of looped reference counters.
    • Added the ability to set filters for the PFCP (Packet Forwarding Control Protocol) protocol used in 4G and 5G networks.
    • Added support for the network sockets option SO_PEEK_OFF, which, by analogy with the same option for Unix sockets, allows you to determine the data offset in the queue used by the recv system call when specifying the MSG_PEEK flag (marks the data unread and it will be issued again the next time recv is called).
    • Support for the IORING_CQE_F_SOCK_NONEMPTY operation has been added to the io_uring subsystem, which allows you to determine whether a network socket has connection requests pending processing.
    • An implementation of PoE (Power over Ethernet) technology is proposed, based on previously available code to support PoDL (Power over Data Line) and compatible with Microchip PD692x0 and TI TPS23881 PoE controllers.
    • For the TCP, DCCP and MPTC protocols, support for the rstreason mechanism has been added, which allows you to determine the reason for sending RST packets (for example, NO_SOCKET).
  • Equipment
    • The panthor driver for the tenth generation GPU Mali (G310, G510, G710) is included, which uses CSF (Command Stream Frontend) technology, which transfers some driver functions to the firmware side to reduce the load on the CPU and offers a new model for organizing work on the GPU . Changes to support the new driver have also been adopted by Mesa and are included in the panfrost Gallium driver for Mali GPUs.
    • PCI identifiers of new discrete Intel Arc video cards (DG915/Alchemist) have been added to the i2 driver.
    • Work continued on the Xe drm driver (Direct Rendering Manager) for GPUs based on the Intel Xe architecture, which is used in Intel Arc family video cards and integrated graphics, starting with Tiger Lake processors. Added support for Arrow Lake H CPUs. Continued implementation of support for Lunar Lake processors. Added initial support for the SR-IOV (Single Root I/O Virtualization) mechanism.
    • The AMDGPU driver has added support for SMU 14.0 (System Management Unit). Added the ability to use new AMD GPUs on systems with RISC-V architecture.
    • Added a driver for the Tegra Security Engine cryptographic accelerator, which can be used to accelerate AES and various hashing algorithms.
    • Added support for LG SW43408, Innolux G121XCE-L01 LVDS, RK3326 GameForce Chi, Crystal Clear CMT430B19N00, POWERTIP PH128800T006-ZHC01, Startek KD050HDFIA020-C020A, Pixel 3a, Khadas TS050 V2, Raydium RM screen panels 69380,BOE NT116WHM-N44, CMN N116BCA-EA1 and AUO B120XAN01.0.
    • Added support for the audio subsystem of Lenovo Thinkbook 13x Gen 4, Lenovo Thinkbook 16P Gen 5, Lenovo Thinkbook 13X and ASUS Zenbook 2024 HN7306W laptops. Added support for external sound cards Vocaster One and Vocaster Two. Added driver for NAU8325 amplifiers from Nuvoton Technology.
    • The HID-Steam driver has added support for the IMU (Inertial Measurement Unit) of the Steam Deck game controller, allowing the use of a separate evdev node to access gyroscope and accelerometer data.
    • Changes are included to support the Snapdragon X Elite ARM SoC, which uses Qualcomm's own 12-core Oryon CPU and Qualcomm Adreno GPU. The chip is aimed at use in laptops and PCs, and is ahead of the Apple M3 and Intel Core Ultra 155H chips in many performance tests.
    • Added support for ARM boards, SoCs and devices: PocketBook 614 Plus, Sony Xperia Z3, Xperia 1 V, Samsung Galaxy S5 China, Motorola Moto G, RK3326 GameForce Chi, Anbernic RG35XX (Plus/H/2024), Airoha EN7581, Radxa ROCK 3C, ArmSom Sige7, Tanix TX1, Toradex Colibri iMX8DX, Renesas RZ/V2H, Forlinx OK3588-C, Protonic MECSBC, Emcraft Systems NavQ+, NXP S32G3, Wolfvision pf5, Amlogic A4/A5, ASUS RT-AC3200, ASUS RT-AC5300, ASrock E3C256D4I, IBM system1 BMC, Meta Harma BMC(AST2600), ASRock X570D4U BMC, Au-Zone Maivin AI Vision Starter Kit.
    • Added support for Milk-V Mars boards using the Starfive JH7110 SoC based on the RISC-V architecture.

At the same time, the Latin American Free Software Foundation created a version of the completely free kernel 6.10 - Linux-libre 6.10-gnu, cleaned of firmware and driver elements containing non-free components or code sections with restricted scope by the manufacturer. Release 6.10 includes updated blob cleaning code in the Intel i915, rtl8xxxu, qla2xxx, and QCAI sahara drivers. Blob names in dts files (devicetree) for the Aarch64 architecture have been cleaned. New files added to the Adreno, Intel IPU3, and PRUEth drivers have been cleaned of blobs. New drivers for Panthor, Intel IPU6, PRUEth SR1, rtw8703b, tps23881, air_en8811h, Intel ISH HID, and pcm6240 have been cleaned. Cleaning of the Prism2.5/3 USB driver has been discontinued and has been removed from the kernel.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster