Linux 5.19 was released
Summary: This release adds optional support for IPv6 packets larger than 64KB; support AMD's SEV-SNP and Intel's TDX for more secure virtualized guests; support for a new !LoongArch architecture; support for hundreds of millions of extended attributes per inode in XFS; support for ID mapping in overlayfs; support for proactive reclaim in memory control groups; support for NFS Courteous Server; support for ZSTD compressed firmware files; support for several new BPF features. As always, there are many other features, new drivers, improvements and fixes.
More secure virtualization with AMD's SEV-SNP and Intel's TDX
These release incorporate two features that help to make existing encrypted virtualization (ie. hosts can't access the memory contents of virtualized guests) more secure:
- AMD Secure Nested Paging (SEV-SNP): Add to confidential guests the necessary memory integrity protection against malicious hypervisor-based attacks like data replay, memory remapping and others, thus achieving a stronger isolation from the hypervisor
- Intel TDX: This release adds support for running Linux as a guest under Intel TDX, which provides encrypted guest memory support. TDX also includes memory encryption and integrity capabilities, like those of AMD's SEV-SNP Documentation
Jumbograms: IPv6 packets bigger than 64 KB
The maximum size of a standard IPv4/6 header is 64 KB. For high speed networking interfaces (400 GB), this maximum size is too small and the networking stack can't avoid having too much per-packet overhead. With the help of RFC 2675, it's possible to create the so called "jumbograms", which allow for packets much bigger than 64KB. This release incorporates supports for such packets. This feature is aimed mainly at local networks with intense network traffic, not the Internet, and can provide huge performance wins.
Recommended LWN article: Going big with TCP packets
Conference slides/video: BIG TCP
New architecture: LoongArch
This release adds initial support for the LoongArch architecture
Larger per-inode attribute limits in XFS
Some people want to use XFS to store hundreds of millions of xattrs per inode. This release adds an on-disk format change to allow these huge number of extended attributes. This change also increases the number of supported data extents per inode from 2^32 to 2^47, and a new logging feature is introduced that lays the foundation for future integration of attribute modifications as part of other atomic transactional operations.
ID mapping in overlayfs
ID mapping is a feature that lets you map a UID or GID to another one in a different mount. This release adds support for ID mapping in overlayfs itself, which is one of the file system where this feature is more likely to be used.
Proactive reclaim in memory control groups
This releases introduces a memcg interface to trigger memory reclaim on a memory cgroup. {{{'echo 10M > memory.reclaim' }}} will trigger reclaim in the target memory cgroup.
The reason why this interface has been added is that a userspace proactive reclaimer can continuously probe the memcg to reclaim a small amount of memory. This gives more accurate and up-to-date workingset estimation as the LRUs are continuously sorted and can potentially provide more deterministic memory overcommit behavior. The memory overcommit controller can provide more proactive response to the changing behavior of the running applications instead of being reactive. A userspace reclaimer's purpose in this case is not a complete replacement for kswapd or direct reclaim, it is to proactively identify memory savings opportunities and reclaim some amount of cold pages set by the policy to free up the memory for more demanding jobs or scheduling new jobs.
BPF improvements: dynamic pointers, typed pointers, libbpf USDT
As usual, there are many BPF related changes. Between many other features, this release includes support for:
- Dynamic pointers: A dynamic pointer ({{{struct bpf_dynptr}}}) is a pointer that stores extra metadata alongside the address it points to. This abstraction is useful in bpf given that every memory access in a bpf program must be safe.
- Typed pointers: It enables storing pointers of a certain type in BPF map, and extends the verifier to enforce type safety and lifetime correctness properties.
- libbpf support for USDT (User Statically-Defined Tracing) probes: While USDTs themselves are pretty complicated abstraction built on top of uprobes, for end-users USDT is as natural a primitive as uprobes themselves. And thus it's important for libbpf to provide best possible user experience when it comes to build tracing applications relying on USDTs. With enough diligence and BPF cookies it's possible to implement USDT support that feels as natural as tracing any uprobe.
NFS Courteous Server
This release implements the NFSv4 Courteous Server. Previously NFSD would purge open and lock state for an unresponsive client after one lease (typically 90 seconds). Now, after one lease period, another can open and lock those files and the unresponsive client's is purged; otherwise if the unresponsive client's open and lock is uncontended, the server retains that open and lock state for to 24 hours, allowing the client's workload to resume after a network partition
ZSTD compressed firmware files
This release adds support for ZSTD compressed firmware files, and support for userspace to initiate the firmware load when it needs to, instead of being always initiated by the kernel.