Linux Kernel 6.8 Released. This is What’s New.

7 min


A new mainline Linux Kernel 6.8 is now available. Find out what are the best new features of this version.

Following almost two months of development effort, Linus Torvalds released Linux Kernel 6.8. This release brings the usual CPU, GPU updates across upcoming product line-ups, performance and security upgrades, networking, filesystem and more. Key highlights include Xe driver for Intel GPUs, the protection mode for block devices with mounted file systems, the Deadline server task scheduler mechanism, automatic optimization of merging identical memory pages, etc.

In a sea of normality, one thing that stands out is a bit of random git numerology. This is the last mainline kernel to have less than ten million git objects. In fact, we’re at 9.996 million objects, so we got really close to crossing that not-milestone if it hadn’t been for the nice calming down in the last couple of weeks. Other trees – notably linux-next – obviously are already comfortably over that limit.

Of course, there is absolutely nothing special about it apart from a nice round number. Git doesn’t care.

Linus

Linux Kernel 6.8: New Features

CPU and GPU

Linux Mainline Kernel 6.8 introduces the Xe driver for Intel GPUs, powering the Arc family and integrated graphics on Tiger Lake processors. This driver, designed for newer chips, leverages a modular architecture, enhancing compatibility with existing DRM subsystem components and generic i915 driver elements.

The i915 driver in Kernel 6.8 also continues its evolution, adding support for Intel LunarLake (Xe 2) and refining compatibility with Intel Meteor Lake chips, ensuring optimal performance for the latest Intel graphics technologies.

Defaulting to GSP firmware functions, the Nouveau driver now seamlessly interacts with NVIDIA GPUs based on Turing and Ampere microarchitectures, enhancing GPU initialization and control operations via a dedicated GSP microcontroller, streamlining hardware interaction.

AMDGPU in Linux Kernel 6.8 advances with ACPI WBRF and VPE DPM support, revamped PCIe channel speed processing, 64-bit sequence numbers for synchronization, and added colour management mechanisms. Notably, sleep mode issues have been resolved, further stabilizing AMD GPU functionality.

In addition, Linux Kernel 6.8 also extends support with drivers for Broadcom VideoCore 7.1 GPU (Raspberry Pi 5), PowerVR 6 series GPUs (Imagination Technologies), Thunderbolt/USB4 controllers (Intel Lunar Lake), diverse camera SoCs, NSO game controllers, Adafruit Seesaw gamepads, and Lenovo Legion Go controllers. DTS driver updates in Kernel 6.8 cater to gaming devices like Powkiddy RK2023, Powkiddy X55, and Anbernic RG351V, enhancing Linux compatibility for these popular gaming platforms.

Expanded audio system support includes NXP i.MX8m MICFIL, Qualcomm SM8250, AMD ACP5x, Intel Arrow Lake, SM8550, SM8650, and X1E80100 chips, addressing diverse hardware configurations for improved audio performance.

In preparation for the Zen 5 microarchitecture, AMD implemented changes in Kernel 6.8, ensuring seamless integration and optimal performance for the upcoming processor series.

The ARM64 SoC line-up receives significant additions in Kernel 6.8, including support for Qualcomm SM8650, Qualcomm X1E80100, Samsung Exynos Auto v920, Google GS101, MediaTek MT8188, and Unisoc UMS9620, expanding compatibility across a range of ARM-based devices.

Moreover, Kernel 6.8 broadens ARM board and device support, embracing diverse platforms such as Huashan Pi, Microsoft Lumia, HTC One Mini 2, Motorola MotoG 4G, Huawei Honor 5X/GR5, Anbernic RG351V, Powkiddy RK2023, Powkiddy X55, and more, ensuring Linux compatibility across a wide array of ARM-based systems. Additionally, support for ARM11 ARMv6K SMP processors has been discontinued.

File systems

In file system modules, Kernel 6.8 introduces a new mode preventing direct writing to block devices with mounted file systems. This further enhanced security feature, disabled by default, limits root user modifications at the block device level. The inclusion of BLK_DEV_WRITE_MOUNTED parameter during build allows customization.

This release also debuts listmount() and statmount() system calls, empowering user space with detailed information on mounted file systems. This user-friendly enhancement facilitates efficient management and monitoring of file system configurations, adding a valuable layer of transparency for system administrators.

A notable improvement in the XFS file system enables the integration of fsck utility for online checks and corrections without unmounting the file system. This feature streamlines maintenance tasks, offering enhanced resilience and operational continuity for XFS-based storage solutions.

Kernel 6.8 also optimizes Ext4’s performance by employing the dioread_nolock call for blocks smaller than a memory page. This strategic enhancement eliminates unnecessary locks, particularly beneficial for high-performance computing scenarios, promoting efficiency in file system operations.

Btrfs in Kernel 6.8 introduces the nospace_cache mount flag to disable the free block cache. This, combined with functions utilizing page folios, enhances Btrfs’s flexibility and responsiveness.

The Extendable Read-Only File System (EROFS) gains subpage compression support in Kernel 6.8, tailored for read-only partitions. Additionally, performance improvements in low-memory situations make EROFS a more robust choice for scenarios where memory resources are constrained.

F2FS in this release reinforces support for zoned storage devices, catering to the trend of dividing blocks or sectors into zones. This update enables efficient utilization of zoned storage, ensuring F2FS aligns seamlessly with modern storage architectures.

The SMB file system in this release now supports the creation of block and symbolic device files, enhancing its versatility. This addition contributes to a more comprehensive set of features for users relying on SMB file system implementations.

This release also sees partial support for checking and restoring the integrity of mounted file systems in Bcachefs. While still in development, this feature signifies a step towards bolstering the reliability and data integrity aspects of the Bcachefs file system.

The device-mapper subsystem undergoes streamlining in Kernel 6.8 by discontinuing support for deprecated MD_LINEAR, MD_MULTIPATH, and MD_FAULTY handlers, aligning with evolving storage technologies. Users are encouraged to transition to more modern alternatives for enhanced compatibility and performance.

Networking

Linux Mainline Kernel 6.8 undergoes a significant network subsystem overhaul, strategically restructuring underlying data structures for improved caching efficiency. A reorganization of fields within network stack structures, including socks, netdev, netns, and mibs, optimizes cache usage. This enhancement results in a notable boost in TCP speed, up to 40% in scenarios with multiple parallel TCP connections, thanks to minimized cache line usage during data transfer and optimized variable access.

This release also adopted a streamlined approach by removing the bpfilter subsystem, leveraging BPF for packet filtering. Introduced in release 4.18, bpfilter struggled to reach widespread usability and lacked ongoing core development. With no recent updates in the mainline codebase, Facebook has continued development in a separate repository, prompting the removal of bpfilter from Linux Kernel 6.8 for a more streamlined and maintainable network subsystem.

Memory & Core

Linux Kernel 6.8 introduces improvements to the Zswap subsystem, enabling the unloading of ‘cold’ memory pages during low RAM conditions. This optimizes memory usage by compressing evicted pages in RAM, reducing the Zswap pool size and freeing up system memory. The new Zswap mode prevents unsuccessful writebacks to the actual swap partition, enhancing efficiency by avoiding the flushing of pages in the Zswap pool to the swap partition, ensuring better memory utilization during write failures.

The kernel now incorporates the SCHED_DEADLINE server mechanism in the task scheduler, addressing CPU resource underutilization by regular tasks when high-priority tasks monopolize the CPU. This enhances resource reservation efficiency compared to the previous Real-time throttling mechanism.

The DAMON subsystem gains an automatic memory consumption adjustment mechanism based on specified quotas. This enhancement allows monitoring and adapting a process’s access to data in RAM, providing insights into memory areas accessed and unclaimed.

In addition, this release also adds support for multi-size Transparent Huge Pages (mTHP), enabling the allocation of memory in blocks larger than the base page but smaller than traditional THP pages. This contributes to more flexible memory management and allocation.

Support for large folios is introduced for anonymous memory, significantly improving performance during access to unallocated memory pages by reducing core reassembly time by 5% and core-level time by 40%.

The kernel configuration file now includes the TRANSPARENT_HUGEPAGE_NEVER parameter, allowing users to disable the use of Transparent Huge Pages, providing more control over memory management.

The userfaultfd() system call introduces the UFFDIO_MOVE operation, facilitating memory page movement during heap compaction. Tests reveal a 40% reduction in packaging time compared to using the UFFDIO_COPY operation.

Linux Kernel 6.8 introduces the “KSM advisor” mechanism, automating optimization for merging identical memory pages within the Kernel Samepage Merging (KSM) subsystem, enhancing overall system performance.

Ongoing migration of Rust-for-Linux changes includes a Rust wrapper above the phylib abstraction level and a Rust driver for the Asix AX88772A Ethernet controller. Rust support remains optional and is not among the required assembly dependencies for the kernel.

The kernel now incorporates a BPF token mechanism, allowing selective delegation of certain BPF capabilities to unprivileged processes in user space, enhancing security and control over BPF-related activities. The BPF program verifier functionality is expanded, offering more robust verification of BPF programs, contributing to improved security and stability.

The perf utility gains support for data profiling, enabling the tracking of read and write operations to data structures. This feature aids in identifying the most actively modified fields in structures, enhancing performance analysis on supported processor architectures.

Support for the SUSP SBI extension enables entering standby mode with state saving in RAM on RISC-V architecture systems. The riscv_hwprobe() system call provides information about supported RISC-V instruction set architecture extensions, enhancing versatility for RISC-V development.

Virtualizations & systems

Linux Kernel 6.8 introduces three new system calls, lsm_list_modules(), lsm_get_self_attr(), and lsm_set_self_attr(), facilitating the listing of loaded Linux Security Modules (LSM) and the management of their attributes. The addition of the lsm_ctx structure enhances communication between user space and the kernel in the LSM context.

The AppArmor subsystem undergoes an upgrade by adopting the SHA-256 algorithm for rule verification, replacing SHA-1 hashes. This cryptographic enhancement bolsters the security of AppArmor, a crucial component for mandatory access control.

The kernel removes the strlcpy() function, initially included in Glibc 3.38 C library. While offering buffer overflow protection and ensuring a trailing null byte, its removal simplifies the kernel codebase, promoting streamlined functionality.

The KVM hypervisor gains support for the guest_memfd subsystem, introducing memory management capabilities for enhanced guest system functionality. Notably, guest_memfd allows the allocation of memory areas unreachable in the host environment, a boon for confidential computing.

KVM hypervisor also supports the Linear Address Masking (LAM) mode on Intel processors for guest systems. This feature enables the utilization of specific bits in 64-bit pointers to store metadata unrelated to addressing, enhancing flexibility and optimization.

ARM64 architecture receives support for 52-bit (LPA2) physical addresses in the KVM hypervisor. Additionally, x86 architecture gains the ability to build without emulating Hyper-V hypercalls, reducing kernel size and improving efficiency.

The iaa (IAA Compression Accelerator) driver is introduced, leveraging Intel Analytics Accelerator (IAA) cryptographic accelerators to expedite data compression and decompression using the DEFLATE method. This accelerates cryptographic operations for improved system performance.

On the host environment side, Kernel 6.8 implements support for the Intel Trusted Domain Extensions (TDX) mechanism within the KVM hypervisor. This enables the creation of secure guest environments utilizing virtual machine memory encryption, enhancing overall system security.

SELinux introduces the “init” SID to identify boot processes initiated before SELinux policies are applied. Furthermore, improvements are made to the /sys/fs/selinux interface, enhancing the manageability of SELinux security policies for increased system robustness.

That’s more about the key highlights of this release.

How to Download and Install Linux Kernel 6.8

Remember that using the bleeding-edge mainline Linux Kernel in your production systems/daily-drive laptops/desktops is not wiser unless you have a specific requirement.

For general users, it’s always best to wait for a few weeks until all the major Linux Distributions bring this version via their official stable channel after proper testing.

That being said, if you still want to install this version on Ubuntu and related distributions, visit the below pages:

  • Firstly, visit the mainline kernel page (rc7; the latest builds should be available in two, three days)
    • Browse to the latest version folder (such as 6.8). There are two types of builds available – generic and lowlatency. You can download generic builds that work most of the time for standard systems.
    • For audio recordings and other setups that require low latency (like real-time feeds), download the lowlatency one.
  • Secondly, download the four deb packages for generic via the terminal and install them.
wget -c https://kernel.ubuntu.com/mainline/v6.8-rc7/amd64/linux-headers-6.8.0-060800rc7-generic_6.8.0-060800rc7.202403032133_amd64.deb

wget -c https://kernel.ubuntu.com/mainline/v6.8-rc7/amd64/linux-headers-6.8.0-060800rc7_6.8.0-060800rc7.202403032133_all.deb

wget -c https://kernel.ubuntu.com/mainline/v6.8-rc7/amd64/linux-image-unsigned-6.8.0-060800rc7-generic_6.8.0-060800rc7.202403032133_amd64.deb

wget -c https://kernel.ubuntu.com/mainline/v6.8-rc7/amd64/linux-modules-6.8.0-060800rc7-generic_6.8.0-060800rc7.202403032133_amd64.deb
sudo dpkg -i *.deb
  • After installation, reboot the system.
  • The instruction for lowlatency and other architecture (e.g., ARM) installations are the same. Replace the package name in the above wget commands. You can find them on the mainline Kernel page.

You can also compile sources on your own from the below links.

mainline:6.82024-03-10[tarball][view diff][browse]

Distro support

Arch Linux users should get this version by 1st/2nd week of April 2024 via monthly ISO refresh.

Ubuntu 24.04 & Fedora 40 may feature this Kernel by April 2024.

Wrapping up

To sum up, the release of Linux Kernel 6.8 introduces numerous important updates and enhancements, such as updates to CPU and GPU, Bcachefs updates, security, core changes, and improvements to file systems and networking.

This release initiates the merge window for Kernel 6.9.


Arindam

Creator and author of debugpoint.com. Connect with me via Telegram, 𝕏 (Twitter), or send us an email.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments