Linux 5.14 was released on Sun, 29 Aug 2021.

Summary: This release includes a new system call to create secret memory areas that not even root can access, intended to be used to keep secrets safe; Core Scheduling, to allow safer use of SMT systems with CPU vulnerabilities; a burstable CFS controller via cgroups which allows bursty CPU-bound workloads to borrow a bit against their future quota; two new madvise(2) flags to improve performance in some situations; support for a Ext4 journal checkpoint ioctl that causes the journal blocks to be discarded or zero-filled for purposes of safety; a cgroup interface to kill all processes within that cgroup; initial steps towards signed BPF programs; and support for the next AMD and Intel GPUs chips. As always, there are many other features, new drivers, improvements and fixes.

1. Prominent features

1.1. New memfd_secret(2) system call to create secret memory areas

This release includes a new system call, memfd_secret(2), which allows to create a special memfd file descriptor whose contents will not be readable by any other process, not even root processes or the kernel itself; only the process that creates it can access it. This is intended to be used by programs that need to store some secret safely.

Recommended LWN article: memfd_secret() in 5.14

1.2. Improved AMD and Intel GPU support

This release adds preliminary support for future AMD and Intel graphics hardware, such as AMD Yellow Carp, AMD Beige Goby and Intel Alder Lake P.

1.3. CFS burstable bandwith controller

This release introduces the burstable CFS controller via cgroups, which allows bursty CPU-bound workloads to borrow a bit against their future quota to improve overall latencies & batching. Can be tweaked via /sys/fs/cgroup/cpu/<X>/cpu.cfs_burst_us.

Recommended LWN article: The burstable CFS bandwidth controller

1.4. Core Scheduling, for safe hyperthreading

Some of the recent CPU vulnerabilities allow to gather information from other processes being run in the same HyperTreading CPU. This release adds support for core scheduling, a feature that allows only trusted tasks to run concurrently on cpus sharing compute resources (like hyperthreads on a core). The goal is to mitigate the core-level side-channel attacks without requiring to disable SMT (which has a significant impact on performance in some situations).

Recommended LWN article: Core scheduling lands in 5.14

1.5. Two new madvise(2) flags: MADV_POPULATE_READ and MADV_POPULATE_READ

The madvise(2) system call lets applications hint the kernel about their behavior so that the kernel can optimize the management of memory resources. In this release, two new flags have been added: MADV_POPULATE_READ, which prefault page tables, just like manually reading each individual page would do, and without breaking any COW mappings; and MADV_POPULATE_WRITE, which can be used to preallocate backend memory and prefault page tables just like manually writing (or reading+writing) each individual page, break any COW mappings in the way. This lets some application (eg. emulators like QEMU) optimize some cases.

1.6. EXT4 journal checkpoint

This release includes a new ioctl for Ext4 file systems, EXT4_IOC_CHECKPOINT. When called, the journal ensures all transactions and their associated buffers are submitted to the disk. In-progress transactions are waited upon and included in the checkpoint. The EXT4_IOC_CHECKPOINT_FLAG_DISCARD and EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT ioctl flags cause the journal blocks to be discarded or zero-filled, respectively, after the journal checkpoint is complete. The ioctl may be useful when snapshotting a system or for complying with content deletion SLOs.

1.7. cgroup kill interface to kill all processes

This release introduces the cgroup.kill file. It does what it says on the tin and allows a caller to kill a cgroup by writing "1" into cgroup.kill. The file is available in non-root cgroups.

1.8. Initial steps towards BPF signed programs

This release includes the first steps towards signed bpf programs. It uses new type of bpf program that is in charge of loading other BPF programs.

Recommended LWN article: Toward signed BPF programs

2. Core (various)

3. File systems

4. Memory management

5. Block layer

6. Tracing, perf and BPF

7. Virtualization

8. Security

9. Networking

10. Architectures

10.1. X86

10.2. ARM


10.4. RISCV

10.5. S390

10.6. UML

10.7. M68K

10.8. MIPS

11. Drivers

11.1. Graphics

11.2. Power Management

11.3. Storage

11.4. Drivers in the Staging area

11.5. Networking

11.6. Audio

11.7. Tablets, touch screens, keyboards, mouses

11.8. TV tuners, webcams, video capturers

11.9. Universal Serial Bus

11.10. Serial Peripheral Interface (SPI)

11.11. Watchdog

11.12. Serial

11.13. CPU Frequency scaling

11.14. Voltage, current regulators, power capping, power supply

11.15. Real Time Clock (RTC)

11.16. Pin Controllers (pinctrl)

11.17. Multi Media Card (MMC)

11.18. Memory Technology Devices (MTD)

11.19. Industrial I/O (iio)

11.20. Multi Function Devices (MFD)

11.21. Pulse-Width Modulation (PWM)

11.22. Inter-Integrated Circuit (I2C + I3C)

11.23. Hardware monitoring (hwmon)

11.24. DMA engines

11.25. Cryptography hardware acceleration

11.26. PCI

11.27. FRU Support Interface (FSI)

11.28. Clock

11.29. PHY ("physical layer" framework)

11.30. EDAC (Error Detection And Correction)

11.31. IOMMU

11.32. Various

12. List of Pull Requests

13. Other news sites

KernelNewbies: Linux_5.14 (last edited 2021-10-24 00:41:59 by diegocalleja)