Unbreakable Enterprise Kernel for Oracle Linux

The Open, Easy, Secure Linux Kernel for Enterprise Clouds

The Unbreakable Enterprise Kernel (UEK), included as part of Oracle Linux, provides the latest open source innovations, key optimizations and security for enterprise cloud workloads. This Linux kernel powers Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata Database Machine. Oracle tests UEK intensively with demanding Oracle workloads, and recommends UEK for Oracle deployments and all other enterprise deployments.

Oracle contributes to upstream Linux kernel development with enhancements that benefit Oracle Database, middleware, applications and hardware, as well as our broad partner ecosystem. These enhancements are distributed to customers through UEK for Oracle Linux.

By selectively integrating the latest open source Linux capabilities into UEK while still providing application binary compatibility with the Red Hat Compatible Kernel, Oracle makes it easy to run the most demanding cloud and enterprise workloads without compromising stability and security. We test all our on-premises software, and run Oracle Cloud on UEK, ensuring you can achieve the highest scalability and performance with your current workloads and those of the future.


FEATURES BENEFITS
DTrace DTrace provides Oracle Linux customers with a comprehensive, dynamic tracing framework.  Find and fix performance and stability problems easily and securely with DTrace enhancements like perf_events as Statically Defined Trace (SDT) probes.
Performance and Scalability
Improvements

Notable performance improvements include:

  • Improvements and fixes to NUMA balancing help resolve issues that could cause high I/O wait times when this feature was enabled. NUMA balancing is automatically enabled on systems that have multiple NUMA nodes.
  • RDMA over Converged Ethernet (RoCE), a standard InfiniBand Trade Association (IBTA) protocol enables efficient data transfer for RDMA over Ethernet networks using UDP encapsulation to transcend Layer 3 networks.
  • TCP-BBR, a feature that can be used to achieve higher bandwidth and lower latency for internet traffic can offer significant performance improvements for internet-based applications. BBR (Bottleneck Bandwidth and Round-Trip Time) is a scheduling algorithm that helps to control the transmit rate of the TCP protocol to reduce buffering by monitoring round-trip times against bandwidth bottlenecks to reduce TCP congestion.

 

Btrfs Improvements Continued improvements in scalability, performance and stability for Btrfs are key features of this latest release. 
Virtualization Improvements Significant improvements to KVM functionality including:
  • Secure Encrypted Virtualization (SEV) for AMD-V enabled.  AMD's Secure Encrypted Virtualization (SEV) feature that extends the AMD-V architecture has been enabled in UEK Release 5. Hardware that supports SEV can use this feature to run multiple virtual machines under the control of a hypervisor in a more secure fashion. 
  • User-Mode Instruction Prevention (UMIP) for Intel enabled.  Intel's UMIP feature has been enabled in UEK Release 5. UMIP is a security feature present in newer Intel processors, that can prevent the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0.
  • Paravirtual TLB shootdown implemented.  Patches have been applied to implement a KVM paravirtual translation lookaside buffer (TLB) shootdown algorithm. 
Linux Containers It’s easier than ever to get the most out of your systems with Linux Containers (LXC) and Docker. Deploy applications quickly and efficiently with Linux container technologies. You can easily build your own or download ours from Oracle Container Registry, Docker Hub, and Docker Store.
File System Improvements

With this release several updates have been made to key file systems such as NFS, XFS and Ext4.

  • UEK Release 5 enables use of synchronous DAX faults in the ext4 and XFS file systems.
  • XFS includes support for reflink and deduplication.
  • UEK Release 5 enables XFS realtime subvolume support. This capability makes it possible to mount a realtime subvolume on systems running UEK Release 5
Updated Drivers and
Hardware Support
The UEK Release 5 supports a wide range of hardware and devices. In close cooperation with our enterprise solution hardware partners, UEK updates deliver support for the latest hardware features and driver updates.
Security Improvements

In addition to ongoing CVE fixes, notable security improvements include:

  • Secure boot improvements. Secure boot is designed to protect a system against malicious code being loaded and executed early in the boot process. Secured platforms load only software binaries, such as option ROM drivers, boot loaders, and operating system loaders, that are unmodified and trusted by the platform. While the operating system is loaded, measures have been added to prevent malicious code from being injected on subsequent boots..

The Unbreakable Enterprise Kernel Release 5 is the latest UEK release and is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 5 and later on the x86-64 and 64-bit ARM (aarch64) architectures. It is based on the mainline Linux kernel version 4.14.35.

The Unbreakable Enterprise Kernel Release 4 is Oracle's fourth major release of its heavily tested and optimized operating system kernel for Oracle Linux 6 Update 7 or later, and Oracle Linux 7 Update 1 or later, on the x86-64 architecture. It is based on the mainline Linux kernel version 4.1.12.

For more information, please see our documentation of Unbreakable Enterprise Kernel for Oracle Linux.