X

News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

Announcing the Unbreakable Enterprise Kernel Release 6 Update 1 for Oracle Linux

Simon Coter
Senior Manager, Oracle Linux and Virtualization Product Management

The Unbreakable Enterprise Kernel (UEK) for Oracle Linux provides the latest open source innovations, key optimizations, and security to cloud and on-premises workloads. It is the Linux kernel that powers Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata Database Machine and Oracle Linux on 64-bit Intel and AMD or 64-bit Arm platforms.

UEK Release 6 maintains compatibility with the Red Hat Compatible Kernel (RHCK) and does not disable any features that are enabled in RHCK. Additional features are enabled to provide support for key functional requirements and patches are applied to improve performance and optimize the kernel.

What's New?

The Unbreakable Enterprise Kernel Release 6 Update 1 (UEK R6U1) for Oracle Linux is based on the mainline kernel version 5.4. Through actively monitoring upstream check-ins and collaboration with partners and customers, Oracle continues to improve and apply critical bug and security fixes to UEK R6. This update includes several new features, added functionality, and bug fixes across a range of subsystems.

UEK R6U1 can be recognized with a release number starting with 5.4-17-2036.

Notable changes:

  • Padata replaces ktaskPadata is a mechanism by which the kernel can farm jobs out to be done in parallel on multiple CPUs while optionally retaining their ordering. Oracle initially contributed padata to the mainline kernel and continues to provide ongoing development of the padata implementation in the upstream kernel and helped advance padata as the framework for parallelizing CPU-intensive work in the kernel, replacing ktask
  • Improvements, bug and security fixes for Btrfs, CIFS, ext4, NFS, OCFS2 and XFS filesystems.
  • Drivers
    • AMD-TEE drivers, amdtee and tee, are new additions in this release to include mainline kernel updates for the AMD Milan CPU family.

    • Atheros 802.11n HTC are updated for security fixes, including CVE-2019-19073.

    • Broadcom BCM573xx network driver, bnxt_en, is available at version 1.10.1 and includes vendor supplied patches and updates.

    • Intel Ethernet Connection E800 Series Linux driver, ice, is updated to version 0.8.2-k to enable support for newer Intel 800-Series Ethernet controllers and PCIe cards.

    • Broadcom Emulex LightPulse Fibre Channel SCSI driver, lpfc, is updated to version 12.8.0.3 with vendor supplied patches and bug fixes.

    • Broadcom MegaRAID SAS driver, megaraid_sas, is updated to version 07.714.04.00-rc1.

    • LSI MPT Fusion SAS 3.0 device driver, mpt3sas, is updated to version 34.100.00.00 to include vendor supplied patches.

    • QLogic Fibre Channel HBA driver, qla2xxx, is updated to version 10.01.00.25-k and includes a large number of vendor supplied patches.

    • Realtek RTL8152/RTL8153-based USB Ethernet Adapter driver, r8152, is updated to version 1.10.11 with upstream kernel patches.

    • Intel VMD (Volume Management Device) driver, vmd, version 0.6 is added to this kernel release and enables serviceability of NVMe devices.

  • Tech-Preview features
    • Core scheduling is a feature enabled in the kernel to limit trusted tasks to run concurrently on CPU cores that share compute resources to help mitigate against certain categories of 'core shared cache' processor bugs that could cause data leakage and other related vulnerabilities.
    • Wireguard is a faster and more secure replacement for IPsec and OpenVPN. New networks are being built with modern cryptography from WireGuard rather than legacy technologies like IPsec and OpenVPN. WireGuard is enabled as a technical preview in UEK R6U1 and introduces the wireguard kernel module at version 1.0.20200712.
    • NFS v4.2 Server Side Copy functionality is back-ported from the upstream kernel and provides mechanisms that allow an NFS client to copy file data on a server or between two servers without the data being transmitted back and forth over the network through the NFS client.

For details on these and other new features and changes, please consult the Release Notes for the UEK R6 Update 1.

Security (CVE) Fixes

A full list of CVEs fixed in this release can be found in the Release Notes for the UEK R6U1.

Software Download

Oracle Linux can be downloaded, used, and distributed free of charge and all updates and errata are freely available. This allows organizations to decide which systems require a support subscription and makes Oracle Linux an ideal choice for development, testing, and production systems. The user decides which support coverage is the best for each system individually, while keeping all systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive access to zero-downtime kernel updates using Oracle Ksplice.

Compatibility

UEK R6 Update 1 is fully compatible with the UEK R6 GA release. The kernel ABI for UEK R6 remains unchanged in all subsequent updates to the initial release.

About Oracle Linux

Oracle Linux is an open and complete operating environment that helps accelerate digital transformation. It delivers leading performance and security for hybrid and multicloud deployments. Oracle Linux is 100% application binary compatible with Red Hat Enterprise Linux. And, with an Oracle Linux Support subscription, customers have access to award-winning Oracle support resources and Linux support specialists, zero-downtime patching with Ksplice, cloud native tools such as Kubernetes and Kata Containers, KVM virtualization and oVirt-based virtualization manager, DTrace, clustering tools, Spacewalk, Oracle Enterprise Manager, and lifetime support. All this and more is included in a single cost-effective support offering. Unlike many other commercial Linux distributions, Oracle Linux is easy to download and completely free to use, distribute, and update.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.