The new version of Linux kernel 6.10 was released a few days ago and at the launch of this, several quite interesting developments are presented, such as the ntsync driver integration with Windows NT synchronization primitives, and the adding DRM Panic components, which act in a similar way to the "blue screen of death."
Has been discontinued support for older Alpha CPUss, ability to verify integrity in FUSE-based file systems, Restricting access to ioctl using the Landlock mechanism, and a new subsystem to profile memory allocation operations, among other things.
In terms of numbers, this version has 14,564 fixes contributed by 1,989 developers, and the patch has a size of 41 MB, affecting 12,509 files. 547,663 lines of code have been added and 312,464 have been removed. In comparison, the previous version included 15,680 fixes from 2,106 developers and a 54 MB patch.
What's new in Linux 6.10?
Among the main new features introduced by Linux 6.10, the new fcntl operation, F_DUPFD_QUERY, which allows a process identify if two different file descriptors point to the same file, offering an alternative to kcmp() without exposing unnecessary information and working even when kcmp() is disabled.
La integrity check in FUSE is another new feature, and with it FUSE can now use the fs-verity mechanism to verify the integrity and authenticity of files. Also added a new protocol based on netlink, which facilitates the management of the NFS server in the kernel. In user space, the nfsdctl utility has been developed to work with this protocol.
In addition to this, a initial version of ntsync driver, which introduces the /dev/ntsync character device and a set of synchronization primitives used in the Windows NT kernel. This advance can greatly improve the performance of Windows games run through Wine, by eliminating the overhead of RPC in userspace.
It has been introduced a new subsystem to profile memory allocation operations in the Linux kernel. This subsystem helps detect memory leaks and optimize memory usage, with low overhead allowing it to be used in production systems, not just debug builds.
Has been developed a initial implementation of kernel emergency handler, called DRM Panic. This driver uses the DRM subsystem to display a visual report in color similar to the "blue screen of death". In future versions, the ability to display a logo and QR code in case of emergency will be added.
Moreover, init_mlocked_on_free option has been proposed For configuration at the boot stage, this option ensures that memory protected by mlock() is cleared if it is freed without being unlocked, preventing cryptographic keys from remaining in memory upon abrupt termination of an application.
Of the Other changes and improvements that were introduced in this version:
- Support for the Shadow Stack mechanism in the x32 subarchitecture, which blocks many exploits by using the hardware capabilities of Intel processors to protect against return address overwriting in buffer overflows.
- The mseal system call has been introduced to allow processes to block changes to certain parts of their address space.
- Rust continues to be integrated as a second language for the development of drivers and kernel modules. Although Rust support is not enabled by default, Rust version 1.78 allows you to use the standard alloc library.
- option to the dm-crypt module to use high priority work queues, improving performance on high performance servers.
- Optimizations in Btrfs: support for reducing unfixed extent maps, useful for reducing memory consumption on systems with low RAM.
- Landlock LSM Module: This module, which allows limiting the interaction of certain processes with the external environment, has incorporated the ability to impose restrictions on access to ioctl() calls.
- Ext4: Added the FS_IOC_GETFSSYSFSPATH ioctl to determine the location of a mounted file system within the /sys/fs hierarchy.
- Bcachefs has been prepared to run fsck without unmounting the partition, improving its reliability.
- The Panthor driver has been included for the 10th generation Mali GPU, which uses CSF technology to reduce the load on the CPU and improve the work on the GPU.
- Intel Arc, PCI IDs for new Intel Arc discrete video cards have been added to the i915 driver.
- Xe DRM Driver: Work continues on the Xe DRM driver for GPUs based on the Intel Xe architecture, with added support for Arrow Lake H CPUs and initial support for the SR-IOV mechanism.
- AMDGPU Driver now supports SMU 14.0 and new AMD GPUs on systems with RISC-V architecture.
Finally, if you are interested in being able to know more about it, you can consult the details in the following link. The new version of the Kernel is now available in most of the official channels of the distributions, as well as in kernel.org.