Chapter 17. Kernel

The kexec-tools package now supports the default crashkernel memory reservation values for RHEL 9

The kexec-tools package now maintains the default crashkernel memory reservation values. The kdump service uses the default value to reserve the crashkernel memory for each kernel. This implementation also improves memory allocation for kdump when a system has less than 4GB of available memory.

Dynamic preemptive scheduling enabled on ARM, AMD, and Intel 64-bit architectures

Using Dynamic Scheduling, you can change the preemption mode of the kernel at boot or runtime instead of compile time. With dynamic preemptive handling, you can override the default preemption model to improve scheduling latency.

A new command-line interface has been added to the tuna tool

The tuna tool now provides a command-line interface with more standardized menu of commands and options that is easier to use and maintain. The new command-line interface is based on the argparse parsing module. With this enhancement, you can perform the following tasks:

The runtime verification mechanism available for real-time kernel

Runtime verification is a lightweight and rigorous method to check the behavioral equivalence between system events and its formal specifications. Runtime verification has monitors integrated in the kernel that attach to tracepoints. If a state deviates from defined specifications, the runtime verification program activates reactors to inform or enable a reaction such as capturing the event in the log file or a system shutdown to avoid failure propagation in an extreme case.

CONFIG_RT_GROUP_SCHED is disabled in RHEL 9

In RHEL 8, the default control group was cgroups v1, and you could specify CPU bandwidth for realtime tasks on a per cgroup basis by using control files, for example, /sys/fs/cgroup/cpu,cpuacct/cpu.rt_period_us and /sys/fs/cgroup/cpu,cpuacct/cpu.rt_runtime_us. However, in RHEL 9, the CONFIG_RT_GROUP_SCHED kernel configuration option is disabled because cgroups v2 is the default control group and the equivalent control files do not exist for the cgroups v2 CPU controller. Note that the /proc/sys/kernel/sched_rt_runtime_us and /proc/sys/kernel/sched_rt_period_us global settings are still available, and you can use them with the stalld background process to prevent CPU time starvation.

The 64k page size kernel

In addition to the RHEL 9 for ARM kernel which supports 4k pages, Red Hat now offers an optional kernel package that supports 64k pages: kernel-64k.

The TPM 1.2 secure cryptoprocessor is no longer supported in RHEL 9

The Trusted Platform Module (TPM) secure cryptoprocessor version 1.2 has been removed and is no longer supported on RHEL 9 and later versions. TPM 2.0 replaces TPM 1.2 and provides many improvements over TPM 1.2. TPM 2.0 is not compatible with previous versions.

cgroup-v2 enabled by default in RHEL 9

The control groups version 2 (cgroup-v2) feature implements a single hierarchy model that simplifies the management of control groups. Also, it ensures that a process can only be a member of a single control group at a time. Deep integration with systemd improves the end-user experience when configuring resource control on a RHEL system.

Kernel changes potentially affecting third party kernel modules

Linux distributions with a kernel version prior to 5.9 supported exporting GPL functions as non-GPL functions. As a result, users could link proprietary functions to GPL kernel functions through the shim mechanism. With this release, the RHEL kernel incorporates upstream changes that enhance the ability of RHEL to enforce GPL by rebuffing shim.

Core scheduling is supported in RHEL 9

With the core scheduling functionality users can prevent tasks that should not trust each other from sharing the same CPU core. Likewise, users can define groups of tasks that can share a CPU core.

The kernelopts environment variable has been removed in RHEL 9

In RHEL 8, the kernel command-line parameters for systems using the GRUB boot loader were defined in the kernelopts environment variable. This variable was stored in the /boot/grub2/grubenv file for each kernel boot entry. However, storing the kernel command-line parameters using kernelopts was not robust. Therefore, Red Hat removed kernelopts and the kernel command-line parameters are now stored in the Boot Loader Specification (BLS) snippet, instead of in the /boot/loader/entries/<KERNEL_BOOT_ENTRY>.conf file.

Red Hat protects kernel symbols only for minor releases

Red Hat guarantees that a kernel module will continue to load in all future updates within an Extended Update Support (EUS) release, only if you compile the kernel module using protected kernel symbols. There is no kernel Application Binary Interface (ABI) guarantee between minor releases of RHEL 9.

Support for POSIX_FADV_NOREUSE advice is removed

Before RHEL 9.5, the kernel would ignore advice for POSIX_FADV_NOREUSE. From RHEL 9.5, support for this advice was introduced. However, implementing this advice significantly impacted the performance of applications that use the MADV_RANDOM advice. As a result, to preserve the RHEL 9 expected behavior for MADV_RANDOM, and the implementation for POSIX_FADV_NOREUSE is reverted.

The mce kernel boot parameter has been deprecated

In RHEL 9.3, the behavior of the mce kernel boot parameter has changed as a result of an upstream rebase. As a consequence, the tolerance level control functionality is deprecated and will be removed in a future major release.

Boot loader menu hidden by default

Starting with RHEL 9.1, the GRUB boot loader is now configured to hide the boot menu by default if RHEL is the only installed operating system and if the previous boot succeeded. This results in a smoother boot experience on such systems.

Boot loader configuration files are unified across CPU architectures

Configuration files for the GRUB boot loader are now stored in the /boot/grub2/ directory on all supported CPU architectures. The /boot/efi/EFI/redhat/grub.cfg file, which GRUB previously used as the main configuration file on UEFI systems, now simply loads the /boot/grub2/grub.cfg file.

RHEL no longer boots on 32-bit UEFI

Support for the 32-bit UEFI firmware was removed from the GRUB and shim boot loaders. As a consequence, RHEL 9 requires a 64-bit UEFI, and can no longer boot on 64-bit systems that use a 32-bit UEFI.

Secure Boot shim signing for RHEL 9 on x86_64 and aarch64

Red Hat Enterprise Linux (RHEL) 9 requires a signed shim binary to support Secure Boot on x86_64 and aarch64 architectures. The shim functions as the initial bootloader, verifying and loading subsequent boot components if you enabled Secure Boot. If a signed and trusted shim is not available, RHEL 9 cannot boot on systems with Secure Boot enforced. This limitation might affect deployments in enterprise and cloud environments.