Linux 6.10 is ready

It's good when new products come out quickly, and not after six months or a year. This time we are happy

Linux kernel 6.10

which has quite a few changes. In particular, an updated ntsync driver with Windows NT synchronization primitives, DRM Panic components, the ability to encrypt data exchange with TPM devices, and a new driver for the Mali GPU. Of course, there are other changes, which you can read about under the cut.

System services and memory


  • One of the most important innovations — the appearance of the initial version of the ntsync driver. It implements the /dev/ntsync character device and a set of synchronization primitives that are used in the Windows NT kernel. As a result, the performance of Windows games launched via Wine increases — and quite significantly. A separate driver for Linux is explained by problems with the correct implementation of the NT synchronization API on top of the existing primitives in the kernel. The driver is currently disabled, but they promise to bring it to life and make it active in the next branch.

  • IN new release The process of transferring changes from the Rust-for-Linux branch related to the use of the Rust language as a second language for developing drivers and kernel modules is ongoing. Rust support is not active by default and does not result in Rust being included in the list of mandatory build dependencies for the kernel. Thus, the transition to the use of the Rust 1.78 release has already been made, which allows switching to the use of the standard alloc library. Abstractions for working with time in the kernel have also been added.

  • For 32-bit ARM, support has been added for building the kernel using the Clang compiler with the CFI (Control Flow Integrity) protection mode enabled. It blocks violations of normal execution order as a result of using exploits that change pointers to functions stored in memory.

  • There are also changes for the x32 subarchitecture, which provides a hybrid x86_64 ABI. Support for the Shadow Stack mechanism has been added for it, which allows blocking a large number of exploits. All this is due to the hardware capabilities of Intel processors to protect against overwriting the return address from a function in the event of a buffer overflow in the stack.

  • On systems with ARM64 architecture, the userfaultfd() system call, which enables the creation of handlers for accesses to unallocated memory pages (page faults) in user space, implements capabilities related to the write protection of memory areas and elements of the memory page table.

  • Removed code to support Alpha 21164 (EV5) and earlier processors released since 1995.

Security with Virtualization

  • As stated in the announcement, support for encrypted data exchange with TPM devices has appeared, as well as verification of transaction integrity.

  • Another new feature is the init_mlocked_on_free option, which is set at boot time. It ensures that the contents of memory that is protected from being pushed out to the swap partition by calling mlock() are cleared if the memory is released without being unlocked by calling munlock().

  • The crypto subsystem has improved performance of disk encryption operations that also use AES-XTS encryption on x86_64 systems with Intel and AMD processors that support the VAES, AVX2, VPCLMULQDQ, AVX10, or AVX512 extensions.

  • In addition, the ability to collect statistics about working with the kernel cryptosystem (CONFIG_CRYPTO_STATS) has been removed. It was not used, and performance suffered, so it was decided to get rid of it.

Net

  • Improved performance of sending data in zero-copy mode when using the io_uring subsystem. Also added the ability to combine multiple buffers for data sending and receiving operations.

  • The garbage collection code that was used when sending file descriptors over Unix sockets using SCM_RIGHTS messages has been completely rewritten. This change solves the problem of reference count loops accumulating.

  • It is now possible to install filters for the PFCP protocol, which is used in 4G and 5G networks.

  • Support for the SO_PEEK_OFF network socket option has been added, which, similar to the same option for Unix sockets, allows you to determine the offset of data in the queue.

  • A PoE (Power over Ethernet) implementation is proposed, based on previously available code for PoDL (Power over Data Line) support and compatible with Microchip PD692x0 and TI TPS23881 PoE controllers.

  • For TCP, DCCP and MPTC protocols, support for the rstreason mechanism has been added, which allows you to determine the reason for sending RST packets (for example, NO_SOCKET).

Disk subsystem, file systems

  • There are many changes here, including, for example, the FUSE subsystem. It is used to implement file systems in user space. A new feature has also been implemented – the fs-verity mechanism for checking the integrity and authenticity of files.

  • For the XFS file system, work continued on implementing the ability to use fsck, which is needed to check and fix detected problems without unmounting the file system.

  • Btrfs now supports truncating unattached extent maps. This can be useful for reducing memory consumption, for example when the system is running low on resources.

  • Ext4 adds support for ioctl FS_IOC_GETFSSYSFSPATH to determine the location of a given mounted file system in the /sys/fs hierarchy.

  • The OPENPROMFS, ISOFS, QNX6, NILFS2, MINIX and FREEVXFS file systems have been migrated to use the new partition mounting API.

  • The OverlayFS file system has been updated to support creating temporary files using the O_TMPFILE option.

Equipment

  • Finally, there are also many new features in the hardware section. For example, the AMDGPU driver now supports SMU 14.0 (System Management Unit). And there is also the ability to use new AMD GPUs on systems with RISC-V architecture.

  • The i915 has been updated to include PCI IDs for new Intel Arc discrete graphics cards (DG2/Alchemist).

  • Panthor for the 10th generation of Mali GPUs (G310, G510, G710) has also appeared. It uses CSF (Command Stream Frontend) technology. It moves a number of driver functions to the firmware side to reduce the load on the CPU.

  • Added support for LG SW43408, Innolux G121XCE-L01 LVDS, RK3326 GameForce Chi, Crystal Clear CMT430B19N00, POWERTIP PH128800T006-ZHC01, Startek KD050HDFIA020-C020A, Pixel 3a, Khadas TS050 V2, Raydium RM screen panels 69380,BOE NT116WHM-N44, CMN N116BCA-EA1 and AUO B120XAN01.0.

  • Added support for the sound subsystem of Lenovo Thinkbook 13x Gen 4, Lenovo Thinkbook 16P Gen 5, Lenovo Thinkbook 13X and ASUS Zenbook 2024 HN7306W laptops. And also support for external sound cards Vocaster One and Vocaster Two. In addition, a driver for NAU8325 amplifiers from Nuvoton Technology has been added.

  • Added support for ARM boards, SoCs and devices: PocketBook 614 Plus, Sony Xperia Z3, Xperia 1 V, Samsung Galaxy S5 China, Motorola Moto G, RK3326 GameForce Chi, Anbernic RG35XX (Plus/H/2024), Airoha EN7581, Radxa ROCK 3C, ArmSom Sige7, Tanix TX1, Toradex Colibri iMX8DX, Renesas RZ/V2H, Forlinx OK3588-C, Protonic MECSBC, Emcraft Systems NavQ+, NXP S32G3, Wolfvision pf5, Amlogic A4/A5, ASUS RT-AC3200, ASUS RT-AC5300, ASrock E3C256D4I, IBM system1 BMC, Meta Harma BMC(AST2600), ASRock X570D4U BMC, Au-Zone Maivin AI Vision Starter Kit.

The new version includes 14,564 fixes from 1,989 developers. The patch size is 41 MB: the changes affected 12,509 files, 547,663 lines of code were added, 312,464 lines were removed. As always, the release of the completely free kernel 6.10 was released — Linux-libre 6.10-gnu. It does not contain firmware elements and drivers containing non-free components or code sections whose scope of application is limited by the manufacturer.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *