Este conteúdo não está disponível no idioma selecionado.
Chapter 12. Kernel
Kernel version in RHEL 7.4
Red Hat Enterprise Linux 7.4 is distributed with the kernel version 3.10.0-693. (BZ#1801759)
The NVMe driver rebased to kernel version 4.10
The NVM-Express kernel driver has been updated to upstream kernel version 4.10, which provides a number of bug fixes and enhancements over the previous version. The most notable change is: the initial NVMe-over-Fabrics transport implementation, which uses existing RDMA NICs (Infiniband, RoCE, iWARP) and existing NVMe SSDs, has been added to the driver, but does not include support for DIF/DIX and multipathing. (BZ#1383834)
crash rebased to version 7.1.9
With this update, the crash packages have been upgraded to upstream version 7.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#1393534)
crash
now analyzes vmcore dumps for IBM Power ISA 3.0
The
crash
utility has been updated to correspond with changes in the kernel page table related to IBM Power ISA version 3.0 architecture. As a result, the crash
utility is now able to analyze vmcore dumps of kernels on IBM Power ISA 3.0 systems. (BZ#1368711)
crash updated for IBM Power and for the little-endian variant of IBM Power
The crash packages have been updated to support IBM Power Systems and the little-endian variant of IBM Power Systems. These packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Red Hat Enterprise Linux kernel. (BZ#1384944)
memkind
updated to version 1.3.0
The
memkind
library has been updated to version 1.3.0, which provides several bug fixes and enhancements over the previous version.
Notable changes include:
- A logging mechanism has been introduced.
- Hardware Locality (hwloc) has been integrated, and can be turned on using the
--with-hwloc
option. - The symbols exposed by libmemkind.so have been cleaned up. For example,
libnuma
andjemalloc
are no longer exposed. - AutoHBW files have been moved to to the
/memkind/autohbw/
directory, code has been refactored and tests have been added to appropriate scenarios. - Flags improving security have been added to
memkind
. The flags can be turned off with the--disable-secure
configure time option. - The configuration of
jemalloc
has been changed to turn off unused features. - Several symbols have been deprecated. For details, see the Deprecated Functionality part. (BZ#1384549)
Jitter Entropy RNG added to the kernel
This update adds the Jitter Entropy Random Number Generator (RNG), which collects entropy through CPU timing differences to the Linux kernel. This RNG is by default available through the
algif_rng
interface. The generated numbers can be added back to the kernel through the /dev/random
file, which makes these numbers available to other /dev/random
users. As a result, the operating system now has more sources of entropy available. (BZ#1270982)
/dev/random
now shows notifications and warnings for the urandom pool initialization
With this update, the random driver (/dev/random), has been modified to print a message when the nonblocking pool (used by /dev/urandom) is initialized. (BZ#1298643)
fjes
updated to version 1.2
The
fjes
driver has been updated to version 1.2, which includes a number of bug fixes and enhancements over the previous version. (BZ#1388716)
Full support for user name spaces
User name spaces (userns) that were introduced in Red Hat Enterprise Linux 7.2 as Technology Preview are now fully supported. This feature provides additional security to servers running Linux containers by improving isolation between the host and the containers. Administrators of containers are no longer able to perform administrative operations on the host, which increases security.
The default value of
user.max_user_namespaces
is 0
. You can set it to a non-zero value, which stops the applications that malfunction. It is recommended that user.max_usernamespaces
is set to a large value, such as 15000
, so that the value does not need to be revisited in the normal course of operation. (BZ#1340238)
makedumpfile updated to version 1.6.1
The makedumpfile package has been upgraded to upstream version 1.6.1 as part of the kexec-tools 2.0.14 rpm, which provides a number of bug fixes and enhancements over the previous version. (BZ#1384945)
qat
updated to the latest upstream version
The
qat
driver has been updated to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version.
Notable bug fixes and enhancements:
- Added support for the Diffie-Hellman (DH) software
- Added support for Elliptic Curve Diffie–Hellman (ECDH) software
- Added support for Error-correcting Code (ECC) software for curve P-192 and P-256 (BZ#1382849)
Addition of intel-cmt-cat package
The
pqos
utility provided in this package enables administrators to monitor and manipulate L3 cache to improve utility and performance.
The tool bypasses the kernel API and operates on the hardware directly, this requires that CPU pinning is in use with the target process before use. (BZ#1315489)
i40e
now supports trusted and untrusted VFs
This update adds support for both trusted and untrusted virtual functions into the
i40e
NIC driver. (BZ#1384456)
Kernel support for OVS 802.1ad (QinQ)
This update provides the ability to use two VLAN tags with Open vSwitch (OVS) by enabling the 802.1ad (QinQ) networking standard in kernel. Note that the user-space part of this update is provided by the openvswitch package. (BZ#1155732)
Live post-copy migration support for shared memory and hugetlbfs
This update enhances the kernel to enable live post-copy migration to support shared memory and the
hugetlbfs
file system. To benefit from this feature:
- Configure 2MiB huge pages on a host,
- Create a guest VM with 2MiB huge pages,
- Run the guest VM and a stress-test application to test the memory,
- Live-migrate the guest VM with post-copy. (BZ#1373606)
New package: dbxtool
The dbxtool package provides a command-line utility and a one-shot
systemd
service for applying UEFI Secure Boot DBX updates. (BZ#1078990)
mlx5
now supports SRIOV-trusted VFs
This update adds support of Single Root I/O Virtualization (SRIOV)-trusted virtual functions (VFs) to the
mlx5
driver. (BZ#1383280)
rwsem
performance updates from the 4.9 kernel backported
With this update, most upstream R/W semaphores (
rwsem
) performance related changes up to the Linux kernel version 4.9 have been backported into the Linux kernel while maintaining kernel Application Binary Interface (kABI).
Notable changes include:
- Writer-optimistic spinning, which reduces locking latency and improves locking performance.
- Lock-less waiter wakeup without holding internal spinlock. (BZ#1416924)
getrandom
added to the Linux kernel
This update adds the
getrandom
system call to the Linux kernel. As a result, the user space can now request randomness from the same non-blocking entropy pool used by /dev/urandom, and the user space can block until at least 128 bits of entropy has been accumulated in that pool. (BZ#1432218)
A new status line, Umask, has been included in /proc/<PID>/status
Previously, it was not possible to read the process umask without modification. Without this change, a library cannot read the umask safely, especially if the main program is multithreaded. The proc filesystem (procfs) now exposes the umask in the
/proc/<PID>/status
file. The format is Umask: OOOO
, where OOOO is the octal representation of the umask of the task. (BZ#1391413)
Intel® Omni-Path Architecture (OPA) host software
Intel® Omni-Path Architecture (OPA) host software has been fully supported since Red Hat Enterprise Linux 7.3. Intel® OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.
For instructions on how to obtain Intel® Omni-Path Architecture documentation, see https://access.redhat.com/articles/2039623. (BZ#1459948)
The XTS-AES key verification now meets the FIPS 140-2 requirements
With this update, while running Red Hat Enterprise Linux in FIPS mode and using kernel XTS-AES key verification, the AES key is forced to be different from the tweak key. This ensures that the FIPS 140-2 IG A.9 requirements are met. Additionally, the XEX-based tweaked-codebook mode with ciphertext stealing (XTS) test vectors now could be marked to be skipped. (BZ#1314179)
mlx5
is now supported on IBM z Systems
The Mellanox
mlx5
device driver is now also supported for Linux on IBM z Systems and can be used for Ethernet TCP/IP network. (BZ#1394197)
The perf
tool now supports processor cache-line contention detection
The
perf
tool now provides the c2c
subcommand for Shared Data Cache-to-Cache (C2C) analysis. This enables you to inspect cache-line contention and detect both true sharing and false sharing.
Contention occurs when a processor core on a Symmetric Multi Processing (SMP) system modifies data items on the same cache line that is in use by other processors. All other processors using this cache line must then invalidate their copy and request an updated one, which can lead to degraded performance.
The new
c2c
subcommand provides detailed information about the cache lines where contention has been detected, the processes reading and writing the data, the instructions causing the contention, and the Non-Uniform Memory Access (NUMA) nodes involved. (BZ#1391243)
SCSI-MQ support in the lpfc
driver
The
lpfc
driver updated in Red Hat Enterprise Linux 7.4 can now enable the use of SCSI-MQ (multiqueue) with the lpfc_use_blk_mq=1
module parameter. The default value is 0
(disabled).
Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions. A fix is being tested but was not ready in time for Red Hat Enterprise Linux 7.4 General Availability. (BZ#1382101)