KernelNewbies:

Linux 5.10 was released on Sun, 13 December 2020.

Summary: This new Linux version is a Long Term Support release, and it brings support for a fast commit mode in Ext4 which provides faster fsync(); support for safer sharing of io_uring rings between processes; a new syscall to provide madvise(2) hints for other processes, code patching to allow direct calls to be used instead of indirect calls for improved repotline performance, support for register encryption in AMD's virtualized guests; support for ARM Memory Tagging Extension that prevents a number of security issues; and code patching to allow direct calls to be used instead of indirect calls. As always, there are many other new drivers and improvements.

Note: This changelog is not 100% complete.

1. Prominent features

1.1. Long Term Support

This release is a Long Term Support release, which means that maintainers will provide bugfixes for this kernel revision for a much longer period of time than for other stable kernel releases.

1.2. Ext4 fast commit support, for faster metadata performance

Many applications use fsync(2) to ensure that data is reliably placed on disk. Such operation attempts to synchronize to the disk a few more metadata than expected. In this release, Ext4 will use a novel journaling technique, consisting in optimistically only journal the minimum required information through which a crash recovery operation can recover the metadata modified through an fsync operation. This speeds up fsync() and metadata heavy operations. This feature needs to be enabled at mkfs time.

1.3. Support io_uring restrictions to facilitate secure sharing of rings

Since io_uring was introduced in Linux 5.1, it has seen widespread adoption. As usual, widespread adoption leads to new use cases, such as processes that might want share a ring with less trusted processes. This release adds a few API changes that add some restrictions and make possible for host application to grant access to some of its file descriptors and allow untrusted applications or guests to safely use io_uring.

Recommended LWN article: Operations restrictions for io_uring

1.4. Memory hints for other processes

Processes in Linux can use the madvise() system call to inform the kernel about their behaviour in order to get better performance. However, in some platforms (e.g., Android), the information required to make the hinting decision is not known to the process. Instead, it is known to a centralized userspace daemon(e.g., ActivityManagerService), and that daemon must be able to initiate memory reclaim on its own without any app involvement. To solve the concern, this patch introduces new syscall - process_madvise(2). Basically, it's same with madvise(2) syscall, except that it requires a pidfd of a target process, and for now it supports a more limited set of possible memory hints.

Recommended LWN article: process_madvise(), pidfd capabilities, and the revenge of the PIDs

1.5. AMD support for encryption of register in virtualized guests

Linux supports SEV since Linux 4.15. SEV is an AMD feature that encrypts the memory of virtualized guests, such that hosts can't access it unencrypted. This release enhances it by also encrypting the guest register state, making the registers inaccessible to the hypervisor by en-/decrypting them on world switches. Thus, it adds additional protection to Linux guests against exfiltration, control flow and rollback attacks. With SEV-ES, the guest is in full control of what registers the hypervisor can access.

1.6. Static calls for improved post-Spectre performance

Static calls are a replacement for global function pointers. They use code patching to allow direct calls to be used instead of indirect calls. They give the flexibility of function pointers, but with improved performance. This is especially important for cases where retpolines would otherwise be used, as retpolines can significantly impact performance.

Recommended LWN article: Relief for retpoline pain

1.7. Support ARM Memory Tagging Extension

Memory Tagging Extension (part of the ARMv8.5 Extensions) provides a mechanism to detect the sources of memory related errors which may be vulnerable to exploitation, including bounds violations, use-after-free, use-after-return, use-out-of-scope and use before initialization errors.

Recommended LWN article: The Arm64 memory tagging extension in Linux

2. Core (various)

3. File systems

4. Memory management

5. Tracing, perf and BPF

6. Block layer

7. Virtualization

8. Cryptography

9. Security

10. Networking

11. Architectures

11.1. Some sections missing

12. Drivers

12.1. Some sections missing

12.2. Networking

12.3. Audio

12.4. Tablets, touch screens, keyboards, mouses

12.5. TV tuners, webcams, video capturers

12.6. Universal Serial Bus (USB) and Thunderbolt

12.7. Serial Peripheral Interface (SPI)

12.8. Watchdog

12.9. Serial

12.10. CPU Frequency scaling

12.11. Voltage, current regulators, power capping, power supply

12.12. Real Time Clock (RTC)

12.13. Pin Controllers (pinctrl)

12.14. Multi Media Card (MMC)

12.15. Memory Technology Devices (MTD)

12.16. Industrial I/O (iio)

12.17. Multi Function Devices (MFD)

12.18. Pulse-Width Modulation (PWM)

12.19. Inter-Integrated Circuit (I2C + I3C)

12.20. Hardware monitoring (hwmon)

12.21. General Purpose I/O (gpio)

12.22. Leds

12.23. DMA engines

12.24. Hardware Random Number Generator (hwrng)

12.25. Cryptography hardware acceleration

12.26. PCI

12.27. FRU Support Interface (FSI)

12.28. Clock

12.29. PHY ("physical layer" framework)

12.30. EDAC (Error Detection And Correction)

12.31. Various

13. List of Pull Requests

14. Other news sites

KernelNewbies: Linux_5.10 (last edited 2020-12-14 22:59:46 by diegocalleja)