Unbreakable Enterprise Kernel for Oracle Linux

The Open, Easy, Secure Linux Kernel for Enterprise Clouds

The Unbreakable Enterprise Kernel (UEK), included as part of Oracle Linux, provides the latest open source innovations, key optimizations and security for enterprise cloud workloads. This Linux kernel powers Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata Database Machine. Oracle tests the UEK intensively with demanding Oracle workloads, and recommends the UEK for Oracle deployments and all other enterprise deployments.

Oracle contributes to upstream Linux kernel development with enhancements that benefit Oracle Database, middleware, applications and hardware, as well as our broad partner ecosystem. These enhancements are distributed to customers through the UEK for Oracle Linux.

By selectively integrating the latest open source Linux capabilities into the UEK Release 4 while still providing application binary compatibility with the Red Hat Compatible Kernel, Oracle makes it easy to run the most demanding cloud and enterprise workloads without compromising stability and security. We test all our on-premises software, and run Oracle Cloud on the UEK, ensuring you can achieve the highest scalability and performance with your current workloads and those of the future. 


FEATURES BENEFITS
DTrace DTrace provides Oracle Linux customers with a comprehensive, dynamic tracing framework.  Find and fix performance and stability problems easily and securely with DTrace enhancements like perf_events as Statically Defined Trace (SDT) probes.
Performance and Scalability
Improvements

Notable performance improvements include:

  • Enhanced memory performance by attempting to better locate a process near it’s memory and better placement of workloads that do not fit on one NUMA node.
  • Elimination of memory fragmentation by making the unqueued slab allocator the default memory allocator.
  • Up to 3.6x performance improvement of SPECjbb by optimizations to eliminate lock contention.
  • Simple to use SSDs as a block cache for slower block devices with bcache.
  • Support many millions of IOps on NVM-Express and high-end PCI-E devices with a new, scaled multiqueue block layer subsystem.
  • Smaller memory footprint and higher performance by reducing swap memory usage with Zram and Zswap.

 

Btrfs Improvements Continued improvements in scalability, performance and stability for Btrfs are key features of this latest release.  Btrfs now includes RAID 5 and RAID 6 support.
Virtualization Improvements Many improvements in hardware configuration and accelerations for Kernel-based Virtual Machine (KVM) and Oracle Linux guests and dom0 of Oracle VM as well as other virtualization solutions. Hyper-V support for netpoll allows a network console to be used to debug kernel issues.
Linux Containers It’s easier than ever to get the most out of your systems with Linux Containers (LXC) and Docker. Deploy applications quickly and efficiently with Linux container technologies. You can easily build your own or download ours from Oracle Container Registry, Docker Hub, and Docker Store.
File System Improvements

With this release several updates have been made to key file systems such as NFS, XFS and Ext4.

  • NFS 4.2 client support.
  • Overlayfs is included.
  • Ext4 now supports 64-bit file systems allowing for file systems larger than 16TB in size, and metadata checksumming to verify filesystem metadata correctness.
  • XFS includes namespace support for better isolation, and performance and data integrity improvements.
Updated Drivers and
Hardware Support
The UEK Release 4 supports a wide range of hardware and devices. In close cooperation with our enterprise solution hardware partners, UEK updates deliver support for the latest hardware features and driver updates.
Security Improvements

In addition to ongoing CVE fixes, notable security improvements include:

  • Reduced attack profile for ‘Known Address” attacks with Address Space Layout Randomization
  • Prevent “File Descriptor Exhaustion” attacks on /dev/random and /dev/urandom by introducing getrandom() system call.
  • Prevent kernel module attacks through support for signed modules when using kexec.
  • Enhanced auditing and malicious software detection by logging executable path names when they core dump.
  • Secure your data more effectively with SELinux Labeled NFS volumes.

Technology Previews

In addition to the features listed above, the Unbreakable Enterprise Kernel includes the following features which are still under development, but are made available for testing/evaluation purposes.

FEATURES BENEFITS
DCTCP (Data Center TCP) DCTCP enhances congestion control by making use of the Explicit Congestion Notification (ECN) feature of state-of-the-art network switches. DCTCP reduces buffer occupancy and improves throughput by allowing a system to react more intelligently to congestion than is possible using TCP.
DRBD (Distributed Replicated Block Device) A shared-nothing, synchronously replicated block device (RAID1 over network), designed to serve as a building block for high availability (HA) clusters.  It requires a cluster manager (for example, pacemaker) for automatic failover.
Kernel module signing facility

Applies crypographic signature checking to modules on module load, checking the signature against a ring of public keys compiled into the kernel.  GPG is used to do the cryptographic work and determines the format of the signature and key data.

NFS over RDMA interoperation
with ZFS and Oracle Solaris
NFS over RDMA does not yet fully interoperate with ZFS and Oracle Solaris. NFS over RDMA for NFS versions 3 and 4 is supported for Oracle Linux systems using the Oracle InfiniBand stack and is more efficient than using NFS with TCP over IPoIB. Currently, only the Mellanox ConnectX-2 and ConnectX-3 Host Channel Adapters (HCAs) pass the full Connectathon NFS test suite and are supported.
NFS server-side copy offload

NFS server-side copy offload is an NFS v4.2 feature that reduces the overhead on network and client resources by offloading copy operations to one or more NFS servers rather than involving the client in copying file data over the network.

Server-side parallel NFS Server-side parallel NFS (pNFS) improves the scalability and performance of an NFS server by making file metadata and data available on separate paths.

 For more information, please see our release notes for Unbreakable Enterprise Kernel Release 4 (Update 1, Update 2, Update 4, Update 5)