Linux 3.7 has been released on 10 Dec 2012.
Summary: This Linux release includes support for the ARM 64-bit architecture, ARM support to boot into different systems using the same kernel, signed kernel modules, Btrfs support for disabling copy-on-write on a per-file basis using chattr and faster fsync(), a new "perf trace" tool modeled after strace, support for the TCP Fast Open feature in the server side, experimental SMBv2 protocol support, stable NFS 4.1 and parallel NFS support, a new tunneling protocol that allows to transfer Layer 2 Ethernet packets over UDP, and support for the Intel "supervisor mode access prevention" (SMAP) security feature. Many small features and new drivers and fixes are also available.
Contents
-
Prominent features in Linux 3.7
- ARM multi-platform support
- ARM 64-bit support
- Cryptographically-signed kernel modules
- Btrfs updates
- perf trace, an alternative to strace
- TCP Fast Open (server side)
- Experimental SMB 2 protocol support
- NFS v4.1 support no longer experimental
- Virtual extensible LAN tunneling protocol
- Intel "supervisor mode access prevention" support
- Driver and architecture-specific changes
- Various core changes
- Filesystems
- Block
- Crypto
- Security
- Perf
- Virtualization
- Networking
- Other news sites that track the changes of this release
1. Prominent features in Linux 3.7
1.1. ARM multi-platform support
A typical Linux distribution for x86 PC computers can boot and work in hundreds of different PC (different CPU vendor, different GPU models, different motherboards and chipsets, etc) using a single distribution install media. This ability to be able to boot in different hardware configurations is taken as a given in the PC world. However, it didn't exist in the Linux ARM world. The ARM ecosystem has historically been driven by the embedded world, where hardware enumeration isn't even possible in many cases, so each ARM kernel image was targeted for a specific embedded hardware target. It couldn't boot in other ARM systems.
In this release, the Linux ARM implementation has added "multi-platform" support - the ability to build a single ARM kernel image that is able to boot multiple hardware. This will make much easier for distributors to support ARM platforms.
Recommended LWN article: Supporting multi-platform ARM kernels Code: (commit)
1.2. ARM 64-bit support
The newest ARM CPU model, ARM v8, adds 64-bit memory addressing capabilities for first time for the ARM world. The new 64-bit CPUs can run 32 bits code, but the 64-bit instruction set is completely new, not just 64-bit extensions to the 32-bit instruction set, so the Linux support has been implemented as a completely new architecture.
Recommended LWN article: Supporting 64-bit ARM systems Code: arch/arm64
1.3. Cryptographically-signed kernel modules
This release allows to optionally sign kernel modules. The kernel can optionally disable completely the load of modules that have not been signed with the correct key - even for root users. This feature is useful for security purposes, as an attacker who gains root user access will not be able to install a rootkit using the module loading routines.
Recommended LWN article: Loading signed kernel modules Code: (commit 1, 2, 3)
1.4. Btrfs updates
fsync() speedups: The fsync() syscall writes the modified data of a file to the hard disk. The performance of fsync() is important for software like dpkg/rpm, Firefox, QEMU, etc. Btrfs fsync() performance has been quite bad, but in this release fsync can be several times faster. Code: (commit 1, 2)
Remove the hard link limits inside a single directory: Btrfs didn't allow to create more than about 20 hardlinks in the same directory. A disk format change has been added to add a new kind of "inode references" that lifts the hard link limit in a directory up to 65K (commit)
Hole punching: "Hole punching" is the ability to deallocate a range of space in a file (using the fallocate() syscall with the FALLOC_FL_PUNCH_HOLE mode). Btrfs now supports this feature. Code: (commit)
chattr per-file NOCOW support: Btrfs can disable copy-on-write for file data using the "nodatacow" mount option. In this version it also has added support for disabling copy-on-write for file data in a per-file basis using the "chattr +C file" (needs a recent e2fsprogs). Copy-on-write does not fit all workloads, and some applications want to disable it to get better fragmentation and performance behaviour. Note: in order to disable copy-on-write you need to use chattr in a empty file, it won't work in a file that already has data (in that case, you can create a temporary file, disable COW, copy the data, and rename the file). Note 2: disabling copy-on-write will also disable checksum support for that file. Note 3: it is possible to use chattr +C on a directory, and the new files created after issuing the command will get disabled COW support. Code: (commit)
1.5. perf trace, an alternative to strace
The perf profiling infrastructure has added a new tool "perf trace". This tool should look loosely like the venerable 'strace' tool, but instead of using the ptrace() syscall, it uses the Linux tracing infrastructure. Its purpose is to make tracing easier for a wider audience of Linux users.
pert trace will show the events associated with the target, initially syscalls, but other system events like pagefaults, task lifetime events, scheduling events, etc. This tool is still in its early versions, so it is a live mode only tool and a lot of details things need to be improved, but eventually will work with perf.data files like the other perf tools, allowing a detached 'record' from analysis phases.
Code: (commit)
1.6. TCP Fast Open (server side)
Linux already added TCP Fast Open support for clients in 3.6. This release adds the Fast Open support for the server side, making the support of TCP Fast Open complete on Linux.
"Fast Open" is a optimization to the process of stablishing a TCP connection that allows the elimination of one round time trip from certain kinds of TCP conversations. Fast Open could result in speed improvements of between 4% and 41% in the page load times on popular websites.
Recommended LWN article: TCP Fast Open: expediting web services
1.7. Experimental SMB 2 protocol support
Note : The changelog of the previous kernel release, 3.6, mentioned SMBv2 support, but it was a mistake. SMBv2 support wasn't actually available in Linux 3.6, it was merged but it got turned off before the final release. It is finally available in this release.
The CIFS networking filesystem has added support for the version 2 of the SMB protocol. The SMB2 protocol is the successor to the popular CIFS and SMB network file sharing protocols, and is the native file sharing mechanism for Windows operating systems since it was introduced in Windows Vista in 2006. SMB2 enablement will eventually allow users better performance, security and features, than would not be possible with previous protocols.
Code: (commit)
1.8. NFS v4.1 support no longer experimental
The support for NFS v4.1 (RFC 5661) has been going on for a long time, and in this release it will get rid of the the "experimental" tag for first time.
The main feature of NFS v4.1 is pNFS, aka "parallel NFS". pNFS can take advantage of clustered server deployments allowing to provide scalable parallel access to a given filesystem or individual files distributed among multiple servers. A single filesystem might be stripped across several servers, either at the file or block level.
Code: (commit)
1.9. Virtual extensible LAN tunneling protocol
Linux adds vxlan, a tunneling protocol that allows to transfer Layer 2 Ethernet packets over UDP. vxlan is often used to tunnel virtual network infrastructure in virtualized environments.
The VXLAN protocol itself, which is a RFC draft right now, is a tunnelling protocol that is designed to solve the problem of limited number of available VLANs (4096). With vxlan the identifier is expanded to 24 bits. The protocol runs over UDP using a single destination port. Unlike most tunnels, a VXLAN is a 1 to N network, not just point to point. A VXLAN device can either dynamically learn the IP address of the other end, in a manner similar to a learning bridge, or the forwarding entries can be configured statically. There is also an implantation of VXLAN for Open vSwitch.
Recommended articles: VXLAN for Linux, Typical VXLAN use case
Code: (commit)
1.10. Intel "supervisor mode access prevention" support
Supervisor Mode Access Prevention (SMAP) is a new security feature that will be available in future Intel processors. It forbids kernel access to memory pages used by userspace. This allows to stop some kind of exploits.
Recommended Intel documentation: IntelĀ® Architecture Instruction Set Extensions Programming Reference
Recommended LWN article: Supervisor mode access prevention
2. Driver and architecture-specific changes
All the driver and architecture-specific changes can be found in the Linux_3.7_DriverArch page
3. Various core changes
Linux 3.6 added some symlink and hardlink restrictions for security purposes, and enabled it by default, but it broke some programs, so it has been disabled by default. Distributions and users can enable it by writing "1" to /proc/sys/fs/protected_symlinks and /proc/sys/fs/protected_hardlinks (commit)
Make core dump functionality optional (commit)
Teach the kernel to load firmware files directly from the filesystem instead of using udev (commit)
Add xattr support to cgroups (commit)
kdb: Implement disable_nmi command to disable NMI-entry (commit)
Add special serial console driver that allows to temporary use NMI debugger port as a normal console (commit)
- Read-Copy-Update (RCU) locking
Control grace-period duration from sysfs (commit)
Make rcutree module parameters visible in sysfs (commit)
Consider userspace as in RCU extended quiescent state: this option sets hooks on kernel / userspace boundaries and puts RCU in extended quiescent state when the CPU runs in userspace. It means that when a CPU runs in userspace, it is excluded from the global RCU state machine and thus doesn't to keep the timer tick on for RCU (commit)
4. Filesystems
5. Block
Implement support for the WRITE SAME command supported on some SCSI devices. This command allows the same block to be efficiently replicated throughout a block range. Only a single logical block is transferred from the host and the storage device writes the same data to all blocks described by the I/O (commit)
ioctl to zero block ranges (commit)
UBI (Unsorted Block Images), targeted for flash devices: Fastmap support. Fastmap is a mechanism which allows attaching an UBI device in nearly constant time. Instead of scanning the whole MTD device it only has to locate a checkpoint (called fastmap) on the device. The on-flash fastmap contains all information needed to attach the device (commit 1, 2, 3, 4, 5, 6, 7, 8, 9)
MD: TRIM support for linear (commit), raid 0 (commit), raid 1 (commit), raid 10 (commit), raid5 (commit)
DM RAID: Add rebuild capability for RAID10 (commit)
6. Crypto
aesni_intel: improve performance by utilizing parallel AES-NI hardware pipelines (commit)
cast5 - add x86_64/avx assembler implementation (commit)
RSA: Implement signature verification algorithm [PKCS#1 / RFC3447] (commit)
X.509: Add a crypto key parser for binary (DER) X.509 certificates (commit), add an ASN.1 decoder (commit), add simple ASN.1 grammar compiler (commit)
7. Security
Smack: implement revoking all rules for a subject label (commit)
Allow Yama to be unconditionally stacked (commit)
- Integrity Measurement Architecture
8. Perf
kvm: Events analysis tool (commit)
perf probe: Add union member access support (commit)
perf tools: Long option completion support for each subcommands (commit)
9. Virtualization
Add bio-based I/O path for virtio-blk. It reduces the I/O path in guest kernel to achieve high IOPS and lower latency. The downside is that guest can not use the I/O scheduler to merge and sort requests. However, this is not a big problem if the backend disk in host side uses faster disk device (it can be disabled with the use_bio module parameter) (commit)
Add the xen EFI video mode support (commit)
Support Xen in ARM (commit)
Xen backend support for paged out grant targets (commit)
10. Networking
loopback: set default MTU to 64K (commit)
Providing protocol type via system.sockprotoname xattr of /proc/PID/fd entries (commit)
Use a per-task frag allocator (commit)
- Netfilter
Add protocol-independent NAT core (commit)
Add IPv6 MASQUERADE target (commit)
Add IPv6 NETMAP target (commit)
Add IPv6 REDIRECT target (commit)
Add IPv6 NAT support (commit)
Support IPv6 in FTP NAT helper (commit)
Support IPv6 in IRC NAT helper (commit)
Support IPv6 in SIP NAT helper (commit)
Support IPv6 in amanda NAT helper (commit)
Add stateless IPv6-to-IPv6 Network Prefix Translation target (commit)
Remove xt_NOTRACK (commit)
Near Field Communication (NFC): Add an Link Layer Control (LLC) Core layer to HCI (commit), add an shdlc llc module to llc core (commit), LLCP raw socket support (commit)
bonding: support for IPv6 transmit hashing (and TCP or UDP over IPv6), bringing IPv6 up to par with IPv4 support in the bonding driver (commit)
team: add support for non-Ethernet devices (commit)
gre: Support GRE over IPv6 (commit), add GSO support (commit), add GRO capability (commit)
packet: Diag core and basic socket info dumping (commit)
ethtool: support for setting MDI/MDI-X state for twisted pair wiring (commit)
ppp: add 64-bit stats (commit)
Add generic netlink support for tcp_metrics (commit)
11. Other news sites that track the changes of this release
LWN Merge window part 1, merge window part 2, merge window part 3
H-Online Kernel Log - Coming in 3.7 Part 1: Filesystems & storage, Part 2: Networking, Part 3: Infrastructure, Part 4: Drivers, Part 5: CPU and platform code
Phoronix An Overview Of The Linux 3.7 Kernel