Linux kernel 5.18 released

Only about a couple of months have passed since the release of the Linux 5.17 kernel, and now a new release is ready,

already Linux 5.18

. Despite the relatively short time interval between the two releases, there are a lot of changes, additions and fixes.

So, in the new version there are 16206 fixes from 2127 developers. The total size of the patch is 108 MB, while 14235 files were affected by the changes, 1340982 lines of code were added, 593836 lines were deleted. Read more about the new release under the cut.



Iron


  • Among the most notable changes In this section, add support for Intel Alderlake N chips and Intel DG2-G12 (Arc Alchemist) discrete graphics cards.

  • In addition, support for a number of chips has been added, including ARM SoС Qualcomm Snapdragon 625/632, Samsung Exynos 850, Samsung Exynos 7885, Airoha EN7523, Mediatek mt6582, Microchip Lan966, Renesas RZ/G2LC, RZ/V2L, Tesla FSD, TI K3/AM62 and i.MXRTxxxx.

  • Also added support for ARM devices and boards Broadcom (Raspberry Pi Zero 2 W), Qualcomm (Google Herobrine R1 Chromebook, SHIFT6mq, Samsung Galaxy Book2), Rockchip (Pine64 PineNote, Bananapi-R2-Pro, STM32 Emtrion emSBS, Samsung Galaxy Tab S, Prestigio PMT5008 3G tablet), Allwinner (A20-Marsboard), Amlogic (Amediatek X96-AIR, CYX A95XF3-AIR, Haochuangy H96-Max, Amlogic AQ222 and OSMC Vero 4K+), Aspeed (Quanta S6Q, ASRock ROMED8HM3), Marvell MVEBU/Armada (Ctera C200 V1 and V2 NAS), Mstar (DongShanPiOne, Miyoo Mini), NXP i.MX (Protonic PRT8MM, emCON-MX8M Mini, Toradex Verdin, Gateworks GW7903).

  • Adding support for sound systems and codecs such as AMD PDM, Atmel PDMC, Awinic AW8738, i.MX TLV320AIC31xx, Intel CS35L41, ESSX8336, Mediatek MT8181, nVidia Tegra234, Qualcomm SC7280, Renesas RZ/V2L, Texas Instruments TAS585M cannot be missed.

  • Even in the amdgpu driver, FreeSync adaptive synchronization technology was enabled by default. It allows you to adjust the refresh rate of the image, which allows you to avoid problems with the “picture” when playing computer games and watching videos.

Virtualization and Security

  • One of the most important points is the addition of the Intel IBT (Indirect Branch Tracking) command flow protection mechanism. This mechanism makes it possible to prevent attackers from using Return-Oriented Programming (ROP) techniques.

  • Added more stringent buffer bounds checking in functions such as memcpy(), memmove() and memset(). It is usually performed at compile time when the CONFIG_FORTIFY_SOURCE mode is enabled. It allows you to block all buffer overflows in the kernel that are associated with memcpy () for about the last three years.

  • The second part of the code for the updated implementation of the RDRAND pseudo-random number generator has also been added. It is he who is responsible for the operation of the /dev/random and /dev/urandom devices.

  • A new keystore (keyring) has appeared – “machine”. It contains the Machine Owner Keys (MOKs) that are supported in the shim bootloader. The keys are used, in particular, to digitally sign those components of the kernel that are loaded at a stage after the initial boot.

  • Another important change is the removal of support for asymmetric private keys for TPM, which was offered in the legacy version of TPM. They have a number of security problems, due to which, among other things, they have not become too popular.

If you are reading our blog, you may be interested in these texts:

How to optimize spending on infrastructure rental
Ready-made container registry – who needs it and how to use it
How we launched a remote cloud region in Uzbekistan

File systems, disks, input and output

  • In this section, it is worth noting the addition of support for forwarding compressed data in the Btrfs file system when performing operations such as send and receive. Applications that use these calls have now been given the ability to transfer compressed data without repackaging. In addition, fsync performance has been improved in Btrfs.

  • In Direct I / O mode, it became possible to access encrypted files in the scrypt inline encryption mode.

  • The NFS server has NFSv3 enabled by default. Now it is considered to be the always supported version of NFS, but support for NFSv2 is likely to be discontinued in the future.

  • And another notable update – the ReiserFS file system has been deprecated, so it may be removed in 2025. This step will significantly reduce the effort required to maintain common file system changes that come with supporting the new mount, iomap, and tome APIs.

  • EXT4 improves the performance of the fast_commit mode and increases scalability.

Memory and services

  • Now the process of integrating a set of patches has started, which makes it possible to greatly reduce the time for rebuilding the kernel. First of all, by restructuring the hierarchy of header files and reducing the number of cross dependencies. The new release includes patches that optimize the structure of the task scheduler header files (kernel/sched). The result speaks for itself – the CPU time consumption for building the kernel/sched/ code was reduced by 61%, and the actual time decreased by 3.9% (from 2.95 to 2.84 sec).

  • Improved task scheduling performance on AMD processors with Zen microarchitecture.

  • There was a mechanism for tracking (probe) function calls – fprobe. It makes it possible to work with one handler for several functions at once.

  • Removed support for older ARM processors (ARMv4 and ARMv5) that do not have a memory management unit (MMU). But support for ARMv7-M systems without MMU has been retained.

  • There is also no support for the RISC-like NDS32 architecture, which was previously used in processors from Andes Technologies.

  • Added support for the Intel HFI (Hardware Feedback Interface) mechanism.

  • In addition, a driver for the Intel SDSi (Software-Defined Silicon) mechanism has been added to the release. It allows you to control the inclusion of additional features in the processor.

  • The amd_hsmp driver has also appeared to support the AMD HSMP (Host System Management Port) interface. It provides access to processor control functions through a set of registers found in AMD EPYC server processors.

Network

  • Speed ​​up the process of deleting network namespaces. This is important for large systems with a lot of traffic.

  • Work continues on integrating packet drop tracking into the networking stack.

  • There is support for port binding in the implementation of network bridges. In this case, the user can only send traffic through the port from the allowed MAC address.

  • In the XDP (eXpress Data Path) subsystem, support for fragmented packets placed in several buffers has been added.

A complete list of updates, changes and additions can be found

here at this link

.

If you need a completely free kernel, which is purged of firmware elements and drivers with non-free components, then here is the link. As usual, the Free Software Foundation team put together the package and cleaned up a number of drivers, including panels, sound chips, SoCs, and so on.