Kernel release Linux 6.18

After two months of development, Linus Torvalds released the kernel. Linux 6.18. Among the most notable changes: dm-pcache for disk caching in non-volatile memory (PMEM), removal of Bcachefs, online XFS checking mode, Binder drivers (Android IPC) and Tyr (GPU Mali) in Rust, the ability to create USB drivers in Rust, caching optimization in the SLUB memory allocator, addressing namespaces by file descriptors, speeding up swap, verification of BPF programs by digital signature, virtualization of Intel CET in KVM, PSP network protocol (a hybrid of TLS and IPsec), support for the AccECN IP extension, optimization of the UDP stack.

The new version includes 15035 fixes from 2217 developers, the patch size is 45 MB (the changes affected 13142 files, 601897 lines of code were added, 355006 lines were deleted). The previous release had 14334 fixes from 2118 developers, the patch size was 46 MB. About 40% of all changes presented in 6.18 are related to device drivers, about 16% of changes are related to updating code specific to hardware architectures, 12% are related to the network stack, 5% are related to file systems and 3% are related to internal kernel subsystems.

Main new features in kernel 6.18 (1, 2, 3):

• Disk Subsystem, I/O and File Systems
  • The dm-pcache handler has been added to Device Mapper to utilize persistent memory (CXL memory addressed via a DAX device) as an additional high-performance cache in front of slower traditional disk or flash drives. Dm-pcache ensures cache contents are preserved in the event of a crash (crash-safe) by using non-volatile memory, duplicating metadata, and verifying the integrity of data and metadata using CRC32 checksums. Currently, only write-back caching is supported.
  • The Bcachefs filesystem code has been removed from the kernel, and will now be distributed as an external module built using the DKMS (Dynamic Kernel Module Support) toolchain. The Bcachefs code may be reintroduced into the kernel after Kent Overstreet demonstrates his ability to interact correctly with other kernel developers and adhere to established development guidelines.
  • The RWF_NOSIGNAL flag has been added to the pwritev2() system call to disable sending a SIGPIPE signal when writing to broken unnamed pipes or sockets.
  • A "pidns" mount option has been added to Procfs for specifying process ID namespaces (PID namespaces). For example: "mount -t proc -o pidns=/proc/self/ns/pid proc /tmp/proc".
  • XFS has been declared stable and enabled by default to use the fsck utility to check and fix detected problems online, without unmounting the file system. The file_getattr and file_setattr system calls have been added for changing the attributes of special files (any inode). The XFS_SUPPORT_V4 (XFS version 4) and XFS_SUPPORT_ASCII_CI (case-insensitive ASCII mode) options are now disabled by default in KConfig and have been deprecated. The deprecated attr2, noattr2, ikeep, and noikeep mount options have been removed.
  • MD RAID implements a new type of bitmaps - llbitmap (lockless bitmap), which operates without locks and provides higher performance.
  • Information related to encryption and verification (the i_crypt_info and i_verity_info pointers) has been moved out of the general "inode" structure. This change reduces memory consumption in file systems that do not support encryption and verification.
  • The FUSE subsystem now supports the copy_file_range() system call and direct range copying using a 64-bit size type (previously, only 32-bit size was supported). Support for synchronous initialization during mount (FUSE_DEV_IOC_SYNC_INIT) has been added.
  • The ext4 file system now supports the use of 32-bit user IDs (uid) and group IDs (gid) when accessing reserved blocks. Ioctl operations for setting and reading superblock parameters for mounted file systems have been added (tune2fs can now change superblock parameters without requiring write access to the block device). Deprecated ext3-specific settings have been completely removed.
  • A "lookup_mode" mount option has been added to f2fs to select the search mode: perf (hash search), compat (linear search), or auto (automatic selection). Changing the mode is useful for configurations with case-insensitive directories. The current search mode can be found in the "/sys/fs/f2fs/" file. /effective_lookup_mode". Added the ability to reserve inodes accessible only to privileged users.
  • Overlayfs now supports case-insensitive operation, which can be enabled at the file system layer level (setting for individual directories is not yet supported).
  • BTRFS improves parallelization of operations with high read loads and low write loads, reduces transaction commit times, and significantly reduces synchronization time (from minutes to tens of seconds). The ability to use blocks (bs) larger than a memory page (ps) is now available.
  • A parameter has been added to ksmbd (a kernel-based SMB server) to limit the maximum number of connections from one IP addresses. smbdirect, smbclient and smbserver have been switched to use standard kernel structures.
  • SQUASHFS now supports the SEEK_DATA and SEEK_HOLE options in the lseek() system call to search for data and holes in sparse files. Some tests have shown a performance improvement of up to 150 times for sparse file copying.
  • EXFAT now supports the FS_IOC_GETFSLABEL and FS_IOC_SETFSLABEL ioctls for reading and writing partition labels. It now allows changing mount options during remounting. Bitmap loading performance has been improved.
  • NTFS3 adds support for ioctls FS_IOC_GETFSLABEL and FS_IOC_SETFSLABEL for reading and setting partition labels.
• Memory and system services
  • The implementation of the Binder interprocess communication mechanism, written in the Rust language, is adopted. Binder is used in Android to organize interaction between processes and remote method calls (one process Android may call a method or function in another process Android, using Binder to identify, invoke, and pass arguments between processes). Binder's code was rewritten in Rust as part of Google's security initiative. Android.
  • SLUB, the kernel memory allocator, implements an optional "sheaves" caching layer. It uses multiple caches, each associated with a separate CPU core, allowing memory allocation and deallocation operations to be localized to a single core. This cache improves the performance of memory allocation and deallocation in the kernel by eliminating unnecessary synchronization primitives required when involving multiple CPU cores. In our tests, the performance gain ranged from 6.3% to 31%, depending on the workload.
  • Added the ability to create file descriptors associated with a specific namespace. Unlike accessing namespaces by identifiers (/proc/ /ns/), the file descriptor is assigned to a specific namespace instance and prevents the identifier from being re-allocated and pointing to a different object. Similar to pidfds, opening file descriptors referencing namespaces is accomplished using the open_by_handle_at() and name_to_handle_at() functions.
  • A "Swap Table" mechanism has been implemented to improve swap performance. This improvement is achieved by reducing swap cache contention, more efficient cache lookups, and reducing fragmentation. A Swap Table-based backend is used for swap caching instead of the XArray backend and has resulted in an average performance improvement of 5-20%. In the usemem test, throughput increased by 17-28%, in the multi-threaded kernel rebuild test, build time decreased by 1.12-3.19%, and the redis-benchmark test with BGSAVE showed a 6-7% increase in the number of requests processed.
  • The Zswap subsystem has been migrated to directly use the zsmalloc memory allocation system instead of the zpool layer, which is no longer used anywhere and has now been removed from the kernel.
  • To control the behavior of the microcode bootloader on x86 systems, the "microcode=flaglist" command-line option has been implemented. In its current form, this new option replaces "microcode.force_minrev" and also allows you to specify the minimum microcode version allowed to boot.
  • Work has begun on reorganizing the excessively bloated "page" structure used to manage RAM pages. The 'memdesc_flags_t' type has been added for fields with general-purpose flags that can be used after the expected future separation of separate structures for slabs and folios from the "page" structure.
  • For the nios2 architecture used in Altera Nios II processors (FPGA-based soft processor), support for the clone3() system call has been implemented.
  • The "transitional" attribute has been added to the kernel configuration (KConfig). It can be used to mark settings that are not exposed in user interfaces, such as "make menuconfig," and are not included in generated configuration files. The primary purpose of this attribute is to simplify renaming options while maintaining backward compatibility.
  • The minimum version of the Clang compiler that can build the kernel has been increased to LLVM 15. Debian 12 and Ubuntu LLVM 14 is shipped on 22.04.
  • Continued migrating changes from the Rust-for- branchLinuxRelated to using Rust as a second language for developing drivers and kernel modules (Rust support is not enabled by default and does not include Rust as a mandatory kernel build dependency). The new version implements atomic memory operations, a maple tree structure, the ability to create DebugFS files, and bitmap manipulation functions for Rust code. Access to the driver development API has been expanded. A full set of abstractions for developing USB device drivers has been added (USB driver example). The perf utility now supports debugging symbols generated by the rustc compiler.
• Virtualization and Security
  • Support for cryptographic verification of downloaded BPF programs using a digital signature has been added. This capability will be further expanded to include tools for defining rules for downloading signed BPF programs and enabling unprivileged users to use verified BPF programs.
  • The KVM hypervisor implements support for the Intel CET (Control-flow Enforcement Technology) virtualization extension, which protects against exploits using return-oriented programming (ROP) techniques. This protection works by storing the return address of a function not only on the regular stack but also on a separate shadow stack, which cannot be directly modified.
  • Added the ability to use more than 255 CPUs in guests running the Bhyve hypervisor on FreeBSD 15 hosts.
  • Added dibs (Direct Internal Buffer Sharing) layer for controlled sharing of buffers within an isolated environment such as a hypervisor or kernel instance Linux.
  • The audit subsystem now supports working with several simultaneously enabled LSM modules (Linux Security Module).
  • Added virtio driver spi-virtio for accessing SPI (Serial Peripheral Interface) device from virtual machines.
  • The KVM hypervisor now supports the SEV-SNP CipherText Hiding mode, which blocks reading the ciphertext of protected guest system memory on an unauthorized CPU.
  • Added qtee driver for TEE (Trusted Execution Environment) environments of Qualcomm chips.
• Network subsystem
  • Support for encrypted TCP connections has been added using the PSP Security Protocol (PSP), developed by Google for encrypting traffic between data centers. PSP provides encryption, cryptographic integrity control, and source authentication, implementing a unique combination of TLS and IPsec capabilities. PSP applies encryption at the level of individual network connections, rather than the entire communication channel. PSP uses separate encryption keys for different tunneled TCP connections to strictly isolate traffic from different applications and handlers. To reduce CPU load, encryption and decryption operations are offloaded to network cards (offload). UDP is used as the data transport protocol, over which the contents of the original TCP packet are forwarded.
    
  • Initial support has been added for the Accurate Explicit Congestion Notification (AcECN) extension. This extension is an improved version of the ECN extension that allows hosts to mark IP packets in the event of congestion instead of dropping them, making it possible to detect the onset of congestion on communication channels without packet loss. The original ECN extension has a limitation of only allowing one congestion signal to be raised during a single TCP round-trip (RTT, Round-Trip Time, sending a request and receiving a response). AccECN removes this limitation and allows the receiver to transmit more than one congestion signal to the sender in the TCP packet header. Congestion control algorithms can use this information to more accurately respond to congestion and avoid abruptly reducing the packet rate when minor congestion occurs.
  • The UDP stack has been optimized for processing incoming packets under DDoS attacks, which result in large numbers of packets arriving on one or more UDP sockets. Optimizations, such as reducing contention, optimizing the layout of data structures in memory, and utilizing NUMA (Non-Uniform Memory Access)-aware locks, have increased UDP packet reception performance by 47% or more under extreme conditions.
  • The ability to disable I/O caching in the NFS server has been implemented, allowing the NFS server to be used in systems with limited memory (e.g., limited cloud environments). Disabling the cache can also be useful on heavily loaded NFS servers to prevent data associated with local storage from being evicted from the cache due to memory being freed for the NFS cache.
  • The maximum size of incoming and outgoing packet buffers for network sockets (net.core.rmem_max and net.core.wmem_max) has been increased from 2 MB to 4 MB. The default size remains unchanged (net.core.rmem_default and net.core.wmem_default = 2 MB).
  • Added driver for the Qualcomm PPE (Packet Processing Engine) network accelerator used in the Qualcomm IPQ9574 SoC.
• Equipment
  • The Tyr driver, written in Rust, has been integrated into the kernel. It supports ARM Mali GPUs that utilize Command Stream Frontend (CSF) technology, such as the Mali G310, G510, and G710. The driver is not yet ready for regular use by regular users and is being considered an experimental prototype for testing abstractions for driver development in Rust.
  • Support for touchpads with haptic feedback and pressure sensors has been added to drivers for HID (Human interface device) input devices.
  • Work has continued on the Xe DRM (Direct Rendering Manager) driver for GPUs based on the Intel Xe architecture, which is used in Intel Arc series graphics cards and integrated graphics, starting with Tiger Lake processors. The new version adds the madvise interface, enables support for SR-IOV PF (Single Root I/O Virtualization Physical Function), adds support for Intel PSMI mode for hardware validation, ensures processing of error information transmitted by firmware, implements the SLPC power profile, and adds support for loading auxiliary firmware (such as for the fan controller and voltage regulator) during driver validation.
  • The AMDGPU driver now supports devices with Cyan Skillfish APUs, improves AMD GCN 1.0 support, adds compatibility with the criu toolkit, adds temperature metrics to sysfs, and allows MMIO remapping requests from user space.
  • The i915 driver includes support for the Wildcat Lake family of chips and improves performance with Jasper Lake, Elkhart Lake, Gen7, and Gen6 GPUs.
  • The Nouveau driver uses NVIDIA GSP firmware by default and has improved error handling.
  • Integration of Nova driver components for NVIDIA GPUs equipped with GSP firmware, used starting with the NVIDIA GeForce RTX 2000 series based on the Turing microarchitecture, has continued. The driver is written in Rust. The new version expands GSP firmware support, improves the implementation of the "register!" macro, and adds support for PCI device classes and vendor IDs.
  • Added rocket driver for NPU accelerators used in Rockchip RK3588 SoC.
  • Added kernel parameter "boot_display" to select the output device for displaying the boot process on systems with multiple GPUs.
  • The vesadrm driver implements support for 8-bit palettes.
  • The msm driver has been updated to support the Adreno 663 GPU and implements support for IFPC (Inter Frame Power Collapse) power consumption reduction technology.
  • The panthor driver has added support for the Mali-G710, Mali-G510, Mali-G310, Mali-Gx15, Mali-Gx20 and Mali-Gx25 GPUs.
  • Added support for the following ASoC sound systems: Qualcomm Glymur and PM4125, Realtek RT1321, Shanghai FourSemi FS2104/5S, Texas Instruments PCM1754 and TAS2783A, qcs615, CS35L56 B2, tas2118, tas2x20, and tas5825. Added support for the Tascam US-144mkII and Presonus S1824c USB sound cards.
  • Added support for ARM CPU Cortex-A320/A520AE/A720AE and C1-Nano/Pro/Premium/Ultra.
  • Added support for ARM boards, SoCs and devices: Apple M2 Pro, M2 Max and M2 Ultr, Sony Xperia SP, Samsung Galaxy S22, Samsung Galaxy S20 FE, ASUS Eee Pad Slider SL101, Lenovo ThinkBook 16, HP Omnibook X14 X1P42100, Dell Inspiron 7441 / Latitude 7455, Sige1, NanoPi Zero2, Axis Artpec8, NXP i.MX91, ROCK 2A/2F, Qualcomm Lemans Auto, Renesas RZ/T2H, RZ/N2H, RZ/T2H and RZ/N2H, Aspeed AST27xx, Meta Clemente BMC, Netcube Nagami som, Tqma91xx, Ultratronik i.MX8MP Ultra-MACH, i.MX8ULP EVK9, Buffalo WXR-1750DHP,

At the same time, the Latin American Free Software Foundation created a version of the completely free kernel 6.18 - Linux-libre 6.18-gnu, cleaned of firmware and driver elements containing non-free components or code sections with restricted scope. Release 6.18 includes updated blob cleanup code in the Nova-Core, Intel XE, TI PRUeth, Lantiq GSWIP, and Marvell WiFi-Ex drivers. Blob names in devicetree (.dts) files for Qualcomm, Mediatek, and TI ARM64 ARM chips have been cleaned. Blob loading has been disabled in the new FourSemi fs2104/5s, TI TAS2783, and Qualcomm GENI drivers.

Source: opennet.ru