Linux Kernel 5.8 official version

Linux Kernel 5.8 software features

​ ​ 1. The functions have become more comprehensive. Compared with 4.9-rc1, it must have continued its classic rules.

​ 2.Support Intel, Alpha, PPC, Sparc, IA-64, ARM, MIPS, Amiga, Atari and IBM s/390, etc.

3.Support 32-bit large file system

Linux Kernel 5.8 software advantages

1.1. Perform better in memory thrashing situations

Reclamation code that balances swapping and cache eviction attempts to predict the likely reuse of memory pages. When it fails, it cannot detect when the cache is pathologically failed, or when the system is in the middle of a swap storm. This code has been tuned over time to the point that even in the presence of large amounts of cold anonymous memory and a capable swap device, the virtual machine refuses to scan these pages seriously and may unnecessarily crash the page cache. The proliferation of fast random IO devices such as SSDs has made this bad behavior even more obvious.

This version is designed to resolve this issue. Starting with Linux 3.15, the kernel has a default Accurate tracking of IO - the final cost of recycling bad pages. This allows the use of an IO cost-based balancing model that more aggressively scans anonymous memory in the event of a cache crash, while being able to avoid unnecessary swap storms. This version of LRU balancing is based on the rejection rate on each list, multiplied by the relative IO cost (swapping) between the swap device and the file system, in order to optimize the reclamation cost to minimize the IO cost. The swappability sysctl can now also be raised to 200 to force the kernel to use swap, which is useful for memory swaps such as zram or zswap.

1.2. Kernel Concurrency Sanitizer

The Kernel Concurrency Cleaner (KCSAN) is the kernel's data race detector. Key priorities in KCSAN's design were lack of false positives, scalability and simplicity. KCSAN uses compile-time instrumentation to detect memory accesses, and is supported by both GCC and Clang.

Documentation: Kernel Concurrency Cleanup Program (KCSAN)

Recommended LWN Article: Concurrency Errors Should Worry About Bad Data Race Detectors (Part 1)

1.3. Kernel event notification mechanism

This version adds an event notification mechanism built on top of standard pipes, which splices notification messages from the kernel into pipes opened by user space. The pipe is opened in a special mode and its internal buffer is used to hold messages generated by the kernel, which are then read by read(2). The owner of a pipe tells the kernel which sources it wants to monitor through that pipe, and filters can also be placed on the pipe so that certain source types and subevents can be ignored if they are not of interest. In this version, the only source of events is that of the key/keyring, such as linking and unlinking a key and changing its properties, and these events will be consumed by Gnome.

Documentation: Universal Notification Mechanism

Recommended LWN article: Kernel event notification mechanism

1.4. Private procfs instance

​​​Procfs used to be associated with the PID namespace, so all new procfs mounts were just mirrors of the internal mirrors. Any changes, any mount options updates, any future new introductions will be propagated to all other procfs mounts in the same PID namespace.

This release allows having multiple procfs mounts with different mount options in the same PID namespace. The main purpose of this work is to equip applications with a supervisor on embedded systems. It also adds some convenience mount options that allow private procfs mounts to only show traceable processes in procfs, allowing support for lightweight sandboxing in embedded Linux. Or an installation option that allows hiding non-PID inodes.

1.5. Attach to namespace using pidfds

This release makes it possible to use pidfds to attach to the namespace of a process, i.e. they can be passed as the first argument to the setns(2) syscall. When passing pidfd, you can specify multiple namespace flags in the second argument, and setns(2) will append the caller to all or none of the specified namespaces at once. For example: setns(pidfd, CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET);

           These functions support a variety of use cases where the caller sets a namespace to a subset to preserve privileges, performs an operation, and then re-attaches another subset of the namespace. In addition to reducing the number of syscalls required to attach to all currently supported namespaces, this also allows atomic setup to a set of namespaces, which is useful for standard container managers that interact with running containers.

1.6. Shadow call stacks and branch target identification improve ARM64 security

This release adds general support for Clang’s shadow call stack on ARM64, which uses shadow stacks to protect function return control flow from buffer overflows on the main stack.

​​ ARMv8.5-BTI is also supported in both user space and kernel space. This allows branch targets to restrict the types of branches from which they can be called, and additionally prevents branching to arbitrary code.

Recommended LWN articles: Some recent arm64 reinforcement patches

1.7. Support for inline encryption hardware

This version supports embedded encryption in the block layer. The online encryption hardware allows software to specify the encryption context (encryption key, encryption algorithm, data unit number, data unit size, etc.) along with the data transfer request to the storage device, and the online encryption hardware will use that context to encrypt/decrypt the data. Embedded encryption hardware is part of the storage device and conceptually sits on the data path between system memory and the storage device.

New features of Linux Kernel 5.8

Kernel Concurrency Sanitizer (KCSAN)

Event notification mechanism

Inline encryption is introduced in block device queue management blk-mq

                         Private procfs mount

ARM64 supports Shadow Call Stack and Branch Target Identification

       BPF iterator mechanism

Linux Kernel 5.8 Software Instructions

The major changes in the 4.9 kernel series are mainly the merger of the greybus subsystem, the extension of the 4.8 kernel series, and more pent-up development needs.

In the 5.8 kernel series, we did not encounter so many problems, but there was still a lot of development, such as some driver-related changes.

Torvalds added: “During the 5.8 merge window, we modified approximately 20% of the kernel source repositories file. Even though some of it is scripted, it’s generally the same pattern.”

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​Linux 5.8 for Microsoft's Hyper-V virtualization platform, Arm chips, Direct Rendering Manager (DRM) system, network, drivers, IBM Power PC, Microsoft's recently open source exFAT file system, etc. have brought updates.

Linux Kernel 5.8 update log

​ 1. The pace of optimization never stops!

​​ 2. More little surprises are waiting for you to discover~