Chapter 44. Kernel
Heterogeneous memory management included as a Technology Preview
Red Hat Enterprise Linux 7.3 introduced the heterogeneous memory management (HMM) feature as a Technology Preview. This feature has been added to the kernel as a helper layer for devices that want to mirror a process address space into their own memory management unit (MMU). Thus a non-CPU device processor is able to read system memory using the unified system address space. To enable this feature, add
experimental_hmm=enable
to the kernel command line. (BZ#1230959)
criu rebased to version 2.12
Red Hat Enterprise Linux 7.2 introduced the
criu
tool as a Technology Preview. This tool implements Checkpoint/Restore in User-space (CRIU)
, which can be used to freeze a running application and store it as a collection of files. Later, the application can be restored from its frozen state.
Note that the
criu
tool depends on Protocol Buffers
, a language-neutral, platform-neutral extensible mechanism for serializing structured data. The protobuf and protobuf-c packages, which provide this dependency, were also introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview.
With Red Hat Enterprise Linux 7.4, the criu packages have been upgraded to upstream version 2.12, which provides a number of bug fixes and enhancements over the previous version. (BZ#1400230)
kexec
as a Technology Preview
The
kexec
system call has been provided as a Technology Preview. This system call enables loading and booting into another kernel from the currently running kernel, thus performing the function of the boot loader from within the kernel. Hardware initialization, which is normally done during a standard system boot, is not performed during a kexec
boot, which significantly reduces the time required for a reboot. (BZ#1460849)
kexec fast reboot as a Technology Preview
As a Technology Preview, this update adds the
kexec fast reboot
feature, which makes the reboot significantly faster. To use this feature, you must load the kexec kernel manually, and then reboot the operating system. It is not possible to make kexec fast reboot
as the default reboot action.
Special case is using
kexec fast reboot
for Anaconda
. It still does not enable to make kexec fast reboot
default. However, when used with Anaconda
, the operating system can automatically use kexec fast reboot
after the installation is complete in case that user boots kernel with the anaconda option. To schedule a kexec reboot, use the inst.kexec
command on the kernel command line, or include a reboot --kexec
line in the Kickstart file. (BZ#1464377)
Unprivileged access to name spaces can be enabled as a Technology Preview
You can now set the
namespace.unpriv_enable
kernel command-line option if required, as a Technology Preview.
The default setting is off.
When set to
1
, issuing a call to the clone() function with the flag CLONE_NEWNS
as an unprivileged user no longer returns an error and allows the operation.
However, to enable the unprivileged access to name spaces, the
CAP_SYS_ADMIN
flag has to be set in some user name space to create a mount name space. (BZ#1350553)
KASLR as a Technology Preview
Kernel address space layout randomization (KASLR) is now available as a Technology Preview. KASLR is a kernel feature that contains two parts, kernel text KASLR and
mm
KASLR. These two parts work together to enhance the security of the Linux kernel.
The physical address and virtual address of kernel text itself are randomized to a different position separately. The physical address of the kernel can be anywhere under 64TB, while the virtual address of the kernel is restricted between [0xffffffff80000000, 0xffffffffc0000000], the 1GB space.
The starting address of three
mm
sections (the direct mapping, vmalloc
, and vmemmap
section) is randomized in a specific area. Previously, starting addresses of these sections were fixed values.
KASLR can thus prevent inserting and redirecting the execution of the kernel to a malicious code if this code relies on knowing where symbols of interest are located in the kernel address space.
Note that KASLR code is now compiled in the Linux kernel, but it is disabled by default. If you want to use it, add the
kaslr
kernel option to the kernel command line to enable it explicitly. (BZ#1449762)
Updated NFSv4
pNFS clients with flexible file layout
Flexible file layout on
NFSv4
clients was first introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview. Red Hat Enterprise Linux 7.4 adds updates to this feature, however, it is still being offered as a Technology Preview.
NFSv4
flexible file layout enables advanced features such as non-disruptive file mobility and client-side mirroring, which provides enhanced usability in areas such as databases, big data and virtualization. See https://datatracker.ietf.org/doc/draft-ietf-nfsv4-flex-files/ for detailed information about NFS
flexible file layout. (BZ#1349668)
CUIR enhanced scope detection
The Linux support for Control Unit Initiated Reconfiguration (CUIR) enables concurrent storage service with no or minimized down time. In addition to the support for Linux instances running in Logical Partitioning (LPAR) mode, support for Linux instances on IBM z/VM systems has been added as a Technology Preview. (BZ#1274456)
SCSI-MQ as a Technology Preview in the qla2xxx
driver
The
qla2xxx&
driver updated in Red Hat Enterprise Linux 7.4 can now enable the use of SCSI-MQ (multiqueue) with the ql2xmqsupport=1
module parameter. The default value is 0
(disabled). The SCSI-MQ functinality is provided as a Technology Preview when used with the qla2xxx
driver.
Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions. A fix is being tested but was not ready in time for Red Hat Enterprise Linux 7.4 General Availability. (BZ#1414957)
Intel Cache Allocation Technology as a Technology Preview
This update adds Intel Cache Allocation Technology (CAT) as a Technology Preview. This technology enables the software to restrict cache allocation to a defined subset of cache. The defined subset can overlap with other subsets. (BZ#1288964)