Chapter 12. Kernel
Kernel version in RHEL 7.4
Red Hat Enterprise Linux 7.4 is distributed with the kernel version 3.10.0-693. (BZ#1801759)
The NVMe driver rebased to kernel version 4.10
The NVM-Express kernel driver has been updated to upstream kernel version 4.10, which provides a number of bug fixes and enhancements over the previous version. The most notable change is: the initial NVMe-over-Fabrics transport implementation, which uses existing RDMA NICs (Infiniband, RoCE, iWARP) and existing NVMe SSDs, has been added to the driver, but does not include support for DIF/DIX and multipathing. (BZ#1383834)
crash rebased to version 7.1.9
With this update, the crash packages have been upgraded to upstream version 7.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#1393534)
crash now analyzes vmcore dumps for IBM Power ISA 3.0
crashutility has been updated to correspond with changes in the kernel page table related to IBM Power ISA version 3.0 architecture. As a result, the
crashutility is now able to analyze vmcore dumps of kernels on IBM Power ISA 3.0 systems. (BZ#1368711)
crash updated for IBM Power and for the little-endian variant of IBM Power
The crash packages have been updated to support IBM Power Systems and the little-endian variant of IBM Power Systems. These packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Red Hat Enterprise Linux kernel. (BZ#1384944)
memkind updated to version 1.3.0
memkindlibrary has been updated to version 1.3.0, which provides several bug fixes and enhancements over the previous version.
Notable changes include:
- A logging mechanism has been introduced.
- Hardware Locality (hwloc) has been integrated, and can be turned on using the
- The symbols exposed by libmemkind.so have been cleaned up. For example,
jemallocare no longer exposed.
- AutoHBW files have been moved to to the
/memkind/autohbw/directory, code has been refactored and tests have been added to appropriate scenarios.
- Flags improving security have been added to
memkind. The flags can be turned off with the
--disable-secureconfigure time option.
- The configuration of
jemallochas been changed to turn off unused features.
- Several symbols have been deprecated. For details, see the Deprecated Functionality part. (BZ#1384549)
Jitter Entropy RNG added to the kernel
This update adds the Jitter Entropy Random Number Generator (RNG), which collects entropy through CPU timing differences to the Linux kernel. This RNG is by default available through the
algif_rnginterface. The generated numbers can be added back to the kernel through the
/dev/randomfile, which makes these numbers available to other
/dev/randomusers. As a result, the operating system now has more sources of entropy available. (BZ#1270982)
/dev/random now shows notifications and warnings for the urandom pool initialization
With this update, the random driver (/dev/random), has been modified to print a message when the nonblocking pool (used by /dev/urandom) is initialized. (BZ#1298643)
fjes updated to version 1.2
fjesdriver has been updated to version 1.2, which includes a number of bug fixes and enhancements over the previous version. (BZ#1388716)
Full support for user name spaces
User name spaces (userns) that were introduced in Red Hat Enterprise Linux 7.2 as Technology Preview are now fully supported. This feature provides additional security to servers running Linux containers by improving isolation between the host and the containers. Administrators of containers are no longer able to perform administrative operations on the host, which increases security.
The default value of
0. You can set it to a non-zero value, which stops the applications that malfunction. It is recommended that
user.max_usernamespacesis set to a large value, such as
15000, so that the value does not need to be revisited in the normal course of operation. (BZ#1340238)
makedumpfile updated to version 1.6.1
The makedumpfile package has been upgraded to upstream version 1.6.1 as part of the kexec-tools 2.0.14 rpm, which provides a number of bug fixes and enhancements over the previous version. (BZ#1384945)
qat updated to the latest upstream version
qatdriver has been updated to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version.
Notable bug fixes and enhancements:
- Added support for the Diffie-Hellman (DH) software
- Added support for Elliptic Curve Diffie–Hellman (ECDH) software
- Added support for Error-correcting Code (ECC) software for curve P-192 and P-256 (BZ#1382849)
Addition of intel-cmt-cat package
pqosutility provided in this package enables administrators to monitor and manipulate L3 cache to improve utility and performance.
The tool bypasses the kernel API and operates on the hardware directly, this requires that CPU pinning is in use with the target process before use. (BZ#1315489)
i40e now supports trusted and untrusted VFs
This update adds support for both trusted and untrusted virtual functions into the
i40eNIC driver. (BZ#1384456)
Kernel support for OVS 802.1ad (QinQ)
This update provides the ability to use two VLAN tags with Open vSwitch (OVS) by enabling the 802.1ad (QinQ) networking standard in kernel. Note that the user-space part of this update is provided by the openvswitch package. (BZ#1155732)
Live post-copy migration support for shared memory and
This update enhances the kernel to enable live post-copy migration to support shared memory and the
hugetlbfsfile system. To benefit from this feature:
- Configure 2MiB huge pages on a host,
- Create a guest VM with 2MiB huge pages,
- Run the guest VM and a stress-test application to test the memory,
- Live-migrate the guest VM with post-copy. (BZ#1373606)
New package: dbxtool
The dbxtool package provides a command-line utility and a one-shot
systemdservice for applying UEFI Secure Boot DBX updates. (BZ#1078990)
mlx5 now supports SRIOV-trusted VFs
This update adds support of Single Root I/O Virtualization (SRIOV)-trusted virtual functions (VFs) to the
rwsem performance updates from the 4.9 kernel backported
With this update, most upstream R/W semaphores (
rwsem) performance related changes up to the Linux kernel version 4.9 have been backported into the Linux kernel while maintaining kernel Application Binary Interface (kABI).
Notable changes include:
- Writer-optimistic spinning, which reduces locking latency and improves locking performance.
- Lock-less waiter wakeup without holding internal spinlock. (BZ#1416924)
getrandom added to the Linux kernel
This update adds the
getrandomsystem call to the Linux kernel. As a result, the user space can now request randomness from the same non-blocking entropy pool used by /dev/urandom, and the user space can block until at least 128 bits of entropy has been accumulated in that pool. (BZ#1432218)
A new status line, Umask, has been included in
Previously, it was not possible to read the process umask without modification. Without this change, a library cannot read the umask safely, especially if the main program is multithreaded. The proc filesystem (procfs) now exposes the umask in the
/proc/<PID>/statusfile. The format is
Umask: OOOO, where OOOO is the octal representation of the umask of the task. (BZ#1391413)
Intel® Omni-Path Architecture (OPA) host software
Intel® Omni-Path Architecture (OPA) host software has been fully supported since Red Hat Enterprise Linux 7.3. Intel® OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.
For instructions on how to obtain Intel® Omni-Path Architecture documentation, see https://access.redhat.com/articles/2039623. (BZ#1459948)
The XTS-AES key verification now meets the FIPS 140-2 requirements
With this update, while running Red Hat Enterprise Linux in FIPS mode and using kernel XTS-AES key verification, the AES key is forced to be different from the tweak key. This ensures that the FIPS 140-2 IG A.9 requirements are met. Additionally, the XEX-based tweaked-codebook mode with ciphertext stealing (XTS) test vectors now could be marked to be skipped. (BZ#1314179)
mlx5 is now supported on IBM z Systems
mlx5device driver is now also supported for Linux on IBM z Systems and can be used for Ethernet TCP/IP network. (BZ#1394197)
perf tool now supports processor cache-line contention detection
perftool now provides the
c2csubcommand for Shared Data Cache-to-Cache (C2C) analysis. This enables you to inspect cache-line contention and detect both true sharing and false sharing.
Contention occurs when a processor core on a Symmetric Multi Processing (SMP) system modifies data items on the same cache line that is in use by other processors. All other processors using this cache line must then invalidate their copy and request an updated one, which can lead to degraded performance.
c2csubcommand provides detailed information about the cache lines where contention has been detected, the processes reading and writing the data, the instructions causing the contention, and the Non-Uniform Memory Access (NUMA) nodes involved. (BZ#1391243)
SCSI-MQ support in the
lpfcdriver updated in Red Hat Enterprise Linux 7.4 can now enable the use of SCSI-MQ (multiqueue) with the
lpfc_use_blk_mq=1module parameter. The default value is
Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions. A fix is being tested but was not ready in time for Red Hat Enterprise Linux 7.4 General Availability. (BZ#1382101)