Linux 4.1 has been released on Sun, 21 Jun 2015

Summary: This release adds support for Ext4 encryption, experimental support for managing clustered raid arrays, a new device mapper target that logs all writes to the devices and allows to replay them, a driver to turn the memory in persistent memory systems in a block device, support for disabling multi-user support, support for the Multiprotocol Label Switching which routes packets based on path labels rather than long network addresses, allow to attach BPF programs to kprobes for better probing, ACPI support for the ARM64 architecture, and a virtual GEM driver that allows improved software rasterizers. There are also new drivers and many other small improvements.

1. Prominent features

1.1. Ext4 encryption support

Linux already has support for data encryption facilities such as dm-crypt or ecryptfs, but they have performance and memory consumption costs. The Ext4 filesystem now supports encryption support: both data and file names can be encrypted with a key provided by the user. The key is used for the files of a directory and all the subdirectories. When reading, if a valid key is not provided, only the encrypted file names can be read, but not the decrypted ones, and the encrypted data can not be read.

To use this feature, you need e2fsprogs version 1.43, the keyutils software. A small howto can be found here.

For details about the internal design of this feature, see here

Recommended LWN article: Ext4 encryption

Code: (merge)

1.2. Experimental cluster support for MD

This release adds clustering support for MD (Linux software RAID). Cluster MD is a shared-device RAID for a cluster. It enables locking and synchronization across multiple systems on the cluster, so all nodes in the cluster can access the MD devices simultaneously, bringing the redundancy (and uptime) of RAID levels across the nodes of the cluster. Currently, the implementation is limited to RAID1 but with further work (and some positive feedback), it could be extend to other RAID levels. The code in this version is is high experimental and not recommended to use except for experimentation.

Small howto: howto Design Documentation: commit

Code: merge

1.3. Device mapper: new target that logs writes

The device mapper layer introduces a new target that log all write operations to a separate device, for later replay. The motivation behind this is to give file system developers a tool to verify that the file system is always consistent at particular points in the life of a file system by allowing them to replay the log in a variety of ways

Code: commit

1.4. Single user support

It may be strange that a multi-user system such as Linux would consider a return to the past, such a single-user opearting mode, a feature. But it turns out that embedded targets that want to make Linux as small as possible and don't care about multi-user separation. In this release, it's possible to configure the kernel without multi-user support, under this option UID and GID are zero in any possible case and processes always have all capabilities

Code: commit

Recommended LWN article: Linux as a single-user system

1.5. Virtual GEM driver for improved software rasterizers

The vGEM (virtual graphics memory manager) DRM driver allows to import a GEM object from other graphic drivers and mmap them to user-space, which can use it as a GEM shared memory handler. This makes it a lot easier to do certain things when you have no GPU but still have to deal with DRI expectations. It's used by Mesa's software renderer for enhanced performance.

Code: commit

1.6. Block device for persistent memory

There are new types of memory that can be accessed almost as fast as RAM, but don't lose data after powering off the system. This kind of memory is called persistent memory. In this release Linux includes PMEM, a driver that presents a reserved range of memory as a block device, which can be used by file systems. This is useful for developing with non-volatile DIMMs, and can be used with volatile memory as a development platform.

Recommended LWN article: Persistent memory support progress

Code: commit

1.7. Multiprotocol Label Switching

This release adds support for Multiprotocol Label Switching (MPLS). MPLS is a scalable, protocol-independent networking transport that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table, because packet-forwarding decisions are made solely on the contents of the label, without the need to examine the packet itself. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols.

Code: (merge), (merge)

1.8. BPF programs can be attached to kprobes

In this release, Linux allow to attach small BPF programs to kprobes, providing a safe way to execute user-defined BPF byte-code programs without being able to crash or hang the kernel in any way. The BPF engine makes sure that such programs have a finite execution time and that they cannot break out of their sandbox. This allows user-defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively. In this release, it's limited to root only

Code: commit

1.9. ACPI support for the ARM64 architecture

For a long time, ACPI has mostly been a x86 feature. Despite the controversies, some parts of the ARM world have been pushing for ACPI support. In this release, Linux adds preliminary ACPI 5.1 support to the arm64 architecture.

Documentation: Documentation/arm64/arm-acpi.txt

Recommended LWN article: ACPI for ARM?

Merge: commit

2. Drivers and architectures

• All the driver and architecture-specific changes can be found in the Linux_4.1-DriversArch page

3. Core (various)

• Users can change the maximum number of threads by writing to /proc/sys/kernel/threads-max commit

• Add support FALLOC_FL_INSERT_RANGE for fallocate(). It is the opposite command of FALLOC_FL_COLLAPSE_RANGE. It will create space for writing new data within a file after shifting extents to right as given length commit

• Power management: add configurable delay for pm_test, so users can determine how long to wait in this pseudo-suspend state before resuming the system commit

• Show locks in /proc/pid/fdinfo/X commit

• rcu: Add option to expedite grace periods during boot commit

• rcu: Provide diagnostic option to slow down grace-period initialization commit

• vfs: Add support for a new quota type PRJQUOTA to enforce project quota limits commit

• kbuild: add generic mergeconfig target, %.config commit

• Add new build support in commit

• Remove execution domain support, a old feature which allowed to execute files compiled for other operating systems commit

4. File systems

• XFS

  • Add fallocate's support FALLOC_FL_INSERT_RANGE commit

  • Add support for Q_SETINFO so that time limits can be set through Q_SETINFO quotactl commit

  • Add RENAME_WHITEOUT support (used by overlayfs) commit

  • Remove deprecated mount options commit

• F2FS

  • Add an optional rb-tree based extent cache, an improvement over the original extent info cache. It can be used with the "-o extent_cache" mount option commit, commit

  • Enable inline data by default commit

  • Support fs shutdown commit

• HFS+

  • Don't store special "osx" xattr prefix on-disk commit

5. Block

• dm: add full support of the multiqueue block layer to request-based DM, which improves performance commit, commit

• dm verity: add different error handling modes (return -EIO, log the error, or trigger a reboot) for corrupted blocks commit

• md: RAID 5/6 can now batch multiple (4K wide) stripe_heads so as to handle a full (chunk wide) stripe as a single unit commit

• md: raid6 can now perform read-modify-write cycles which should help performance on larger arrays commit, commit

• md /raid5: allow the stripe_cache to grow and shrink. commit

6. Cryptography

• algif: add AEAD support commit, commit

7. Memory management

• Allow compaction of unevictable pages commit, commit

• Contiguous memory allocator: Provides a userspace interface to trigger a CMA allocation and/or release the allocated memory commit, commit, commit, commit

• Incorporate zero pages into transparent huge pages. This improves transparent hugepage collapse rates commit

• hugetlbfs: Add 'min_size=<value>' moun option. This option takes the same value as the 'size' option. min_size can be specified without specifying size. If both are specified, min_size must be less that or equal to size else the mount will fail. If min_size is specified, then at mount time an attempt is made to reserve min_size pages. If the reservation fails, the mount fails. At umount time, the reserved pages are released commit, commit

• zsmalloc: support compaction commit

• zram: deprecate zram attrs sysfs nodes, replace them with new sys attrs commit, commit, commit, commit

• zram: support compaction commit

8. Security

• SELinux

  • Improve the performance of SELinux rules lookup in the in-kernel stored policy through various optimizations commit, commit, commit

  • Add missing netlink commands 1, 2, 3, 4, 5, 6, 7, 8, 9

• Smack

  • Allow an unconfined label in bringup mode commit

  • Getting the Smack security context of keys: implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY (commit).

• Audit: Fix a race that could truncate audit log reports after the comm field (commit).

9. Tracing & perf

• tracing: Automatically mount tracefs on debugfs/tracing commit

• Add new tracefs file system. It was part of debugfs, but that was starting to show its limits. It will appear in /sys/kernel/tracing commit, commit, commit, commit

• Add new 'perf data' command to provide operations over data files commit

• Add a new call chain recording option "lbr" (--call-graph lbr) into the perf tool to get the call stack information from hardware commit, commit

• perf trace: Support --events foo:bar --no-syscalls commit, commit

• perf record: Support recording running/enabled time commit

• perf annotate: Allow annotation for compressed kernel modules commit, commit

• perf diff: Support for different binaries commit

• perf diff: Add kallsyms option commit

• Support using -f to override perf.data file ownership in perf evlist commit and perf inject commit

• perf kmem: Allow --verbose option commit

• perf kmem: perf kmem records and analyze kernel memory allocation only for SLAB objects. A new option has been added, --page, implements a simple page allocator analyzer using kmem:mm_page_alloc and kmem:mm_page_free events. The SLAB analysis is available in the --slab option commit

• Support using -f to override perf.data file ownership in perf kmem commit, perf kvm commit, perf lock commit, perf mem commit, perf script commit, perf timechart commit, perf trace commit

• perf probe: Support multiple probes on different binaries commit

• perf trace: Allow mixing with other events commit

• perf trace: Dump stack on segfaults commit

• perf trace: Introduce --filter-pids commit

• perf buildid-cache: Add --purge FILE to remove all caches of FILE commit

10. Virtualization

• Add virtio-input driver, which is basically an "evdev-events-over-virtio" driver commit

• user-mode linux

  • Remove SKAS3/4 mode support commit

  • Remove broken SMP support commit

  • Remove broken highmem support commit

• Xen

  • Provide a "Xen PV" APIC driver to support >255 VCPUs commit

  • netback: making the bandwidth limiter runtime settable commit

  • privcmd: improve performance of MMAPBATCH_V2 commit

  • Support suspend/resume in pvscsi frontend commit

• vfio

  • Support for AMBA devices commit

  • Add VGA arbiter client commit

  • Add module option to disable VGA region access commit

  • Allow PCI IDs to be specified as module options commit

  • Support for platform devices with VFIO. This is required to make use of platform devices present on the system using the VFIO framework commit

11. Networking

• 6lowpan: Add generic next header compression layer interface commit, add udp compression via nhc layer commit, add other known rfc6282 compressions commit

• Extends the "classic" BPF programmable tc classifier by extending its scope also to native eBPF code, thus allowing userspace to implement own custom, 'safe' C like classifiers that can then be compiled with the LLVM eBPF backend to an eBPF elf file and loaded into the kernel via iproute2's tc, and be JITed in the kernel commit, commit, commit, commit

• bonding: Implement port churn-machine (802.3ad standard 43.4.17) commit

• bridge: Extend Proxy ARP design to allow optional set of rules that are needed to meet the IEEE 802.11 and Hotspot 2.0 requirements for ProxyARP commit

• ipv4: Create probe timer for tcp PMTU as per RFC4821. Default is 10 minutes, it can be changed in sysctl tcp_probe_interval commit

• ipv4: Raise tcp PMTU probe mss base size from 512 to 1024 bytes commit

• ipv6: expose RFC4191 route preference via rtnetlink commit

• ipv6: generation of stable privacy addresses for link-local and autoconf as specified in RFC7217 commit

• ipvs: allow rescheduling of new connections when port reuse is detected. Currently, when TCP/SCTP port reusing happens, IPVS will find the old entry and use it for the new one, behaving like a forced persistence. A new sysctl has been introduced, conn_reuse_mode, that allows controlling how to proceed when port reuse is detected commit

• multicast: Extend "ip address" command with option "autojoin" to enable multicast group join/leave on commit

• 9p: add a privport option for RDMA transport. commit

• dcb: Add IEEE QCN attribute, as specified in 802.1Qau spec, to the DCB netlink layer commit

• Add tx_maxrate attribute to the tx queue sysfs entry allowing for max-rate limiting for the queue commit

• Add real socket cookies, instead of using kernel socket addresses as cookies commit

• Allow network devices to specify port names and export the name via sysfs commit

• sockets: add support for async operations commit

• tcp: RFC7413 option support for Fast Open client commit and server commit

• tcp: add TCP_CC_INFO socket option to get flow information from Congestion Control modules commit

• tipc: add ip/udp media type commit

• tipc: add support for connect() on dgram/rdm sockets commit

• vlan: Add features for stacked vlan device commit

• netfilter

  • Add support for arptables extensions from nft_compat commit

  • nf_tables: add set extensions infrastructure for maintaining variable sized and optional per element data commit

  • nf_tables: implement set transaction support commit

  • nf_tables: add set element timeout support commit, commit

  • nft_hash: add support for timeouts commit

  • nf_tables: add support for dynamic set updates commit

  • nf_tables: support optional userdata for set elements commit

  • nf_tables: Support instantiating stateful expressions based on a template that are associated with dynamically created set entries. The expressions are evaluated when adding or updating the set element. This allows to maintain per flow state using the existing set infrastructure and expression types, with arbitrary definitions of a flow commit

• Wireless

  • Add Very High Throughput support for IBSS commit, commit

  • Tunneled Direct Link Setup: support Very High Throughput between peers commit

  • Add API to change the indoor regulatory setting commit

• Bluetooth

  • Include a Add/Remove Advertising API commit, commit, commit, commit, commit, commit, commit, commit

  • Add local SSP OOB data to OOB ext data mgmt command commit

  • Add simple version of Read Advertising Features command commit

  • Add simple version of Read Local OOB Extended Data command commit

  • Add support for AES-CMAC hash for security manager device commit

  • Add support for Local OOB Extended Data Update events commit

  • Add simultaneous dual mode scan commit

  • Add support for extended index management command commit, commit

  • Add support for trust verification of management commands commit

  • Add support for untrusted access to management commands commit

  • Introduce trusted flag for management control sockets commit

  • Open management interface for untrusted users commit

  • Support the "connectable mode" adv flag commit, support the "discoverable" adv flag commit, support the "limited-discoverable" adv flag commit, support the "managed-flags" adv flag commit, support the "tx-power" adv flag commit

12. List of merges

13. Other news sites

• LWN merge window part 1, part 2, part 3

• The Big Features Of The Linux 4.1 Kernel

• In french: Sortie du noyau Linux 4.1