what “grew up” in the Linux 6.2 kernel. Release details

Network technologies

• A driver for MediaTek Wi-Fi 7 (802.11be) devices has been added to the kernel, plus support for 800-gigabit links has appeared.
• Now you can rename network interfaces on the fly, without stopping work, which is very convenient.
• ipset has a new bitmask parameter that allows you to set a mask based on arbitrary bits in an IP address (for example, “ipset create set1 hash:ip bitmask 255.128.255.0”).
• In the TUN driver, the link speed has been increased from 10Mbps to 10Gbps. This made it possible to solve speed limiting problems in a number of applications.
• Also for IPv6, there is now support for a load balancing mechanism between network links, which is called PLB. It is designed to reduce congestion points on data center switches.
• Well, for UDP it is now possible to use separate hash tables for different network namespaces.

Memory and system

• The kernel now allows code and changes to be included in the kernel that are licensed under the Copyleft-Next 0.3.1 license. What is this license? It was developed by one of the authors of GPLv3 and is also compatible with GPLv2. But, unlike the latter, it is easier to understand, it contains the terms and procedure for eliminating violations. The license also automatically removes copyleft requirements for obsolete code. This is considered a code older than 15 years.
• The rv utility appeared, as briefly discussed above. It provides an interface for user-space interaction with Runtime Verification subsystem handlers. Accordingly, the latter is designed to check the correct operation on highly reliable systems with a guarantee that there will be no failures. Validation is done at runtime by attaching handlers to tracepoints that check the actual progress against a previously predefined model.
• A new implementation of qspinlock locks for the PowerPC architecture is proposed. This step allowed to increase productivity.
• Added support for ftrace, stack protection, sleep and standby modes for Chinese processors with LoongArch architecture.
• As for the Rust-for-Linux branch, there is an active transfer of additional functionality that is associated with the use of Rust as a second language for developing drivers and kernel modules. It’s worth noting that Rust’s support is inactive by default, so this does not result in the language being included in the list of required kernel build dependencies. But on the other hand, the basic functionality has been expanded, primarily to support low-level code, including the Vec type and the macros pr_debug!(), pr_cont!() and pr_alert!(), as well as the procedural macro “#[vtable]”.
• The slab memory allocation mechanism – SLOB (slab allocator) has been deprecated.

Disks, file subsystems

• In the kernel, the possibilities for managing lazy writing for block devices have been expanded. In some situations, lazy writes can lead to large consumption of hot writes. In order to avoid this situation, new parameters “strict_limit”, “min_bytes”, “max_bytes”, “min_ratio_fine” and “max_ratio_fine” are proposed.
• The F2FS file system implements the atomic replace ioctl operation. It makes it possible to write data to a file in one atomic operation. A block extent cache has also been added to help identify actively used data.
• A number of bugs have been fixed in ext4. Well, ntfs3 introduced several new mount options: “nocase” to control case-sensitive characters in file and directory names; windows_name to prevent the creation of file names containing characters that are invalid for Windows; hide_dot_files to control how the hidden file label is assigned to files that start with a dot.
• As for exFAT, it was possible to speed up the creation of both files and folders.
• Improved implementation of POSIX Access Control Lists (POSIX ACLs).
• The fscrypt subsystem now supports the SM4 encryption algorithm (Chinese standard GB/T 32907-2016).
• And the principle of checking access rights to NVMe devices has also been changed. In particular, it became possible to read / write to the device if the writing process has access to a special device file.

Security and virtualization

• First of all, it is worth noting the new options for blocking attacks that use the generation of “oops” states, after which problematic tasks are completed and the state is restored without stopping the system. If there are many calls to such states, then a reference counter (refcount) overflow occurs, which allows exploiting vulnerabilities caused by dereferencing NULL pointers. In order to avoid this situation, a limit on the maximum number of oops hits has been added to the kernel.
• For the ARM64 platform, it became possible to enable and disable the software implementation of the Shadow Stack mechanism at the boot stage. In the new kernel assembly of the hardware and software implementation of the Shadow Stack, it became possible to use one kernel on different ARM systems, regardless of whether they support instructions for pointer authentication.
• Added support for using the asynchronous exit notification mechanism on Intel processors, which allows detecting single-step attacks on code running in SGX enclaves.
• Support for the LANDLOCK_ACCESS_FS_TRUNCATE flag has been added to the Landlock mechanism (which allows you to restrict the interaction of a group of processes with the external environment), which makes it possible to control the execution of file truncation operations.

You may also be interested in these texts:

→ 8 things developers forget about when porting an application to Kubernetes
→ What to do in 2023? Pet Project Ideas and Professional Development Toolkit
→ Why ARM? Platform perspectives in server application

Traditionally lined and variant completely free kernel 6.2 – linux-libre 6.2-gnu, which has no non-free components or code snippets. There are no restrictions on the use of code in this kernel. Plus cleaned up new blobs in the nouveau driver.