The NVMe driver rebased to kernel version 4.10
The NVM-Express kernel driver has been updated to upstream kernel version 4.10, which provides a number of bug fixes and enhancements over the previous version. The most notable change is: the initial NVMe-over-Fabrics transport implementation, which uses existing RDMA NICs (Infiniband, RoCE, iWARP) and existing NVMe SSDs, has been added to the driver, but does not include support for DIF/DIX and multipathing. (BZ#1383834)
crash rebased to version 7.1.9
With this update, the crash
packages have been upgraded to upstream version 7.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#1393534
crash now analyzes vmcore dumps for IBM Power ISA 3.0
crash utility has been updated to correspond with changes in the kernel page table related to IBM Power ISA version 3.0 architecture. As a result, the
crash utility is now able to analyze vmcore dumps of kernels on IBM Power ISA 3.0 systems. (BZ#1368711)
crash updated for IBM Power and for the little-endian variant of IBM Power
The crash packages have been updated to support IBM Power Systems and the little-endian variant of IBM Power Systems. These packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Red Hat Enterprise Linux kernel. (BZ#1384944)
memkind updated to version 1.3.0
memkind library has been updated to version 1.3.0, which provides several bug fixes and enhancements over the previous version.
Notable changes include:
A logging mechanism has been introduced.
Hardware Locality (hwloc) has been integrated, and can be turned on using the
The symbols exposed by libmemkind.so have been cleaned up. For example,
jemalloc are no longer exposed.
AutoHBW files have been moved to to the
/memkind/autohbw/ directory, code has been refactored and tests have been added to appropriate scenarios.
Flags improving security have been added to
memkind. The flags can be turned off with the
--disable-secure configure time option.
The configuration of
jemalloc has been changed to turn off unused features.
Several symbols have been deprecated. For details, see the Deprecated Functionality part. (BZ#1384549)
Jitter Entropy RNG added to the kernel
This update adds the Jitter Entropy Random Number Generator (RNG), which collects entropy through CPU timing differences to the Linux kernel. This RNG is by default available through the
algif_rng interface. The generated numbers can be added back to the kernel through the
/dev/random file, which makes these numbers available to other
/dev/random users. As a result, the operating system now has more sources of entropy available. (BZ#1270982)
/dev/random now shows notifications and warnings for the urandom pool initialization
With this update, the random driver (/dev/random), has been modified to print a message when the nonblocking pool (used by /dev/urandom) is initialized. (BZ#1298643)
fjes updated to version 1.2
fjes driver has been updated to version 1.2, which includes a number of bug fixes and enhancements over the previous version. (BZ#1388716)
Full support for user name spaces
User name spaces (userns) that were introduced in Red Hat Enterprise Linux 7.2 as Technology Preview are now fully supported. This feature provides additional security to servers running Linux containers by improving isolation between the host and the containers. Administrators of containers are no longer able to perform administrative operations on the host, which increases security.
The default value of
0. You can set it to a non-zero value, which stops the applications that malfunction. It is recommended that
user.max_usernamespaces is set to a large value, such as
15000, so that the value does not need to be revisited in the normal course of operation. (BZ#1340238)
makedumpfile updated to version 1.6.1
The makedumpfile package has been upgraded to upstream version 1.6.1 as part of the kexec-tools 2.0.14 rpm, which provides a number of bug fixes and enhancements over the previous version. (BZ#1384945)
Intel Cache Allocation Technology is supported
This update adds support of Intel Cache Allocation Technology. This technology enables the software to restrict cache allocation to a defined subset of cache. The defined subset can overlap with other subsets. (BZ#1288964)
qat updated to the latest upstream version
qat driver has been updated to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version.
Notable bug fixes and enhancements:
Added support for the Diffie-Hellman (DH) software
Added support for Elliptic Curve Diffie–Hellman (ECDH) software
Added support for Error-correcting Code (ECC) software for curve P-192 and P-256 (BZ#1382849)
Addition of intel-cmt-cat package
pqos utility provided in this package enables administrators to monitor and manipulate L3 cache to improve utility and performance.
The tool bypasses the kernel API and operates on the hardware directly, this requires that CPU pinning is in use with the target process before use. (BZ#1315489)
i40e now supports trusted and untrusted VFs
This update adds support for both trusted and untrusted virtual functions into the
i40e NIC driver. (BZ#1384456)
Kernel support for OVS 802.1ad (QinQ)
This update provides the ability to use two VLAN tags with Open vSwitch (OVS) by enabling the 802.1ad (QinQ) networking standard in kernel. Note that the user-space part of this update is provided by the openvswitch package. (BZ#1155732)
Live post-copy migration support for shared memory and
This update enhances the kernel to enable live post-copy migration to support shared memory and the
hugetlbfs file system. To benefit from this feature:
Configure 2MiB huge pages on a host,
Create a guest VM with 2MiB huge pages,
Run the guest VM and a stress-test application to test the memory,
Live-migrate the guest VM with post-copy. (BZ#1373606)
New package: dbxtool
The dbxtool package provides a command-line utility and a one-shot
systemd service for applying UEFI Secure Boot DBX updates. (BZ#1078990)
mlx5 now supports SRIOV-trusted VFs
This update adds support of Single Root I/O Virtualization (SRIOV)-trusted virtual functions (VFs) to the
mlx5 driver. (BZ#1383280)
rwsem performance updates from the 4.9 kernel backported
With this update, most upstream R/W semaphores (
rwsem) performance related changes up to the Linux kernel version 4.9 have been backported into the Linux kernel while maintaining kernel Application Binary Interface (kABI).
Notable changes include:
Writer-optimistic spinning, which reduces locking latency and improves locking performance.
Lock-less waiter wakeup without holding internal spinlock. (BZ#1416924)
getrandom added to the Linux kernel
This update adds the
getrandom system call to the Linux kernel. As a result, the user space can now request randomness from the same non-blocking entropy pool used by /dev/urandom, and the user space can block until at least 128 bits of entropy has been accumulated in that pool. (BZ#1432218)
A new status line, Umask, has been included in
Previously, it was not possible to read the process umask without modification. Without this change, a library cannot read the umask safely, especially if the main program is multithreaded. The proc filesystem (procfs) now exposes the umask in the
/proc/<PID>/status file. The format is
Umask: OOOO, where OOOO is the octal representation of the umask of the task. (BZ#1391413)
Intel® Omni-Path Architecture (OPA) host software
Intel® Omni-Path Architecture (OPA) host software has been fully supported since Red Hat Enterprise Linux 7.3. Intel® OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.
The XTS-AES key verification now meets the FIPS 140-2 requirements
With this update, while running Red Hat Enterprise Linux in FIPS mode and using kernel XTS-AES key verification, the AES key is forced to be different from the tweak key. This ensures that the FIPS 140-2 IG A.9 requirements are met. Additionally, the XEX-based tweaked-codebook mode with ciphertext stealing (XTS) test vectors now could be marked to be skipped. (BZ#1314179)
mlx5 is now supported on IBM z Systems
mlx5 device driver is now also supported for Linux on IBM z Systems and can be used for Ethernet TCP/IP network. (BZ#1394197)
perf tool now supports processor cache-line contention detection
perf tool now provides the
c2c subcommand for Shared Data Cache-to-Cache (C2C) analysis. This enables you to inspect cache-line contention and detect both true sharing and false sharing.
Contention occurs when a processor core on a Symmetric Multi Processing (SMP) system modifies data items on the same cache line that is in use by other processors. All other processors using this cache line must then invalidate their copy and request an updated one, which can lead to degraded performance.
c2c subcommand provides detailed information about the cache lines where contention has been detected, the processes reading and writing the data, the instructions causing the contention, and the Non-Uniform Memory Access (NUMA) nodes involved. (BZ#1391243)
SCSI-MQ support in the
lpfc driver updated in Red Hat Enterprise Linux 7.4 can now enable the use of SCSI-MQ (multiqueue) with the
lpfc_use_blk_mq=1 module parameter. The default value is
Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions. A fix is being tested but was not ready in time for Red Hat Enterprise Linux 7.4 General Availability. (BZ#1382101)