After two months of development, Linus Torvalds unveiled the Linux kernel 5.14 release and in this new version of the most notable changes, for example new quotactl_fd () and memfd_secret () system calls, removing ide and raw drivers, new I / O priority driver for cgroup, SCHED_CORE task scheduling mode, infrastructure for creating BPF verified program loaders.
The new version received 15883 fixes from the developers 2002 patch size: 69MB (changes affected 12,580 files, 861501 lines of code added, 321,654 lines removed).
Main news in Linux 5.14
In this new version a new I / O prioritization driver for cgroup -rq-qos, which can control the priority of processing requests to block devices generated by members of each cgroup. Support for the new priority controller has been added to the mq-deadline I / O scheduler.
Another important change is in ext4, which now implements a new EXT4_IOC_CHECKPOINT ioctl command which forces all pending journal transactions and their associated buffers to be downloaded to disk, and also overwrites the storage area used by the journal. The change was prepared as part of the initiative to prevent information leaks from file systems. Also performance optimizations have been made to Btrfs when deleting the journaling of unnecessary extended attributes during fsync execution, performance of intensive operations with extended attributes increased to 17%.
Moreover added quotactl_fd () system call, which allows you to manage quotas not through a special device file, but by specifying a file descriptor associated with the file system for which the quota is applied.
Also old drivers for block devices with the IDE interface have been removed from the kernel, which have long been superseded by the libata subsystem. The support for old devices is preserved in its entirety, the changes refer only to the possibility of using old drivers, when using drives that were named / dev / hd *, not / dev / sd *.
Task Scheduler has a new SCHED_CORE scheduling mode which allows you to control which processes can run together on the same CPU core. Each process can be assigned an identification cookie that defines the scope of trust between processes (for example, belonging to the same user or container).
The memfd_secret () system call has been added, who allows you to create a private memory area in an address space isolated, visible only to the proprietary process, not reflected in other processes, and directly inaccessible to the kernel.
The hypervisor KVM for ARM64 systems has added the ability to use the MTE extension on guest systems, allowing you to bind tags to each memory allocation operation and organize a check for the correct use of pointers to block the exploitation of vulnerabilities caused by accessing already freed blocks of memory, buffer overflows, calls before initialization, and use outside the current context.
Pointer authentication provided by ARM64 can now be configured separately for kernel and user space. The technology allows the use of specialized ARM64 instructions to verify return addresses using digital signatures, which are stored in the unused upper bits of the pointer itself.
For Intel CPUs, starting with the Skylake family and ending with Coffee Lake, using Intel TSX (Transactional Synchronization Extensions) is disabled by default, This provides a means to improve the performance of multithreaded applications by dynamically eliminating unnecessary synchronization operations. The extensions are disabled due to the possibility of performing Zombieload attacks.
Also be continuous with MPTCP integration (MultiPathTCP), in the new version, a mechanism has been added to set your own traffic hash policies for IPv4 and IPv6, which makes it possible from user space to determine which of the packet fields, including encapsulated ones, will be used when calculating a hash that determines the choice of a route for a packet.
The controller amdgpu implemented support for the new AMD Radeon RX 6000 series of GPUs, developed under the code names "Beige Goby" (Navi 24) and "Yellow Carp", as well as improved support for GPU Aldebaran (gfx90a) and APU Van Gogh. Added the ability to work with multiple eDP panels at the same time.
For APU Renoir, support for working with encrypted buffers in video memory is implemented, While for the previous Radeon RX 6000 (Navi 2x) and AMD GPUs, Active State Power Management (ASPM) support is enabled by default, which was previously only enabled for the Navi 1x, Vega, and Polaris GPUs.
For AMD chips, support for shared virtual memory has been added (SVM) based on the Heterogeneous Memory Management Subsystem (HMM), which enables devices with their own memory management units (MMUs) to be used, which can access main memory. Even with the help of HMM, you can organize a joint address space between the GPU and the CPU, in which the GPU can access the main memory of the process.
Of the other changes that stand out:
- Initial support was added for AMD Smart Shift technology, which dynamically changes CPU and GPU power consumption in laptops with an AMD chipset and graphics card to improve performance in games, video editing, and 3D rendering.
- Added simpledrm graphics controller using EFI-GOP or VESA framebuffer provided by UEFI firmware or BIOS for output.
- Added support for the Raspberry Pi 400.
- For Lenovo laptops, a WMI interface was added to change BIOS settings via / sys / class / firmware-attributes /.
- Expanded support for USB4.
The best summary of news that I have read in the Hispanic blogosphere, complete, explanatory and detailed without overwhelming. So it should always be. Thanks!