Update/upgrade to Linux Kernel 6.8 on Linux Mint and Ubuntu system

 

Linux kernel is the essential part of any Linux operating system. It is responsible for resource allocation, low-level hardware interfaces, security, simple communications, basic file system management, and more. Written from scratch by Linus Torvalds (with help from various developers), Linux is a clone of the UNIX operating system. It is geared towards POSIX and Single UNIX Specification compliances.

The heart of a Linux distribution

The Linux kernel is the heart of a Linux distribution. If you are a long time Linux user, you may have stumbled across upgrades to the default Linux kernel packages, which lead to better support for certain hardware components or peripherals. 

Linux Kernel 6.8: New Features

CPU and GPU

Linux Mainline Kernel 6.8 introduces the Xe driver for Intel GPUs, powering the Arc family and integrated graphics on Tiger Lake processors. This driver, designed for newer chips, leverages a modular architecture, enhancing compatibility with existing DRM subsystem components and generic i915 driver elements.

The i915 driver in Kernel 6.8 also continues its evolution, adding support for Intel LunarLake (Xe 2) and refining compatibility with Intel Meteor Lake chips, ensuring optimal performance for the latest Intel graphics technologies.

Defaulting to GSP firmware functions, the Nouveau driver now seamlessly interacts with NVIDIA GPUs based on Turing and Ampere microarchitectures, enhancing GPU initialization and control operations via a dedicated GSP microcontroller, streamlining hardware interaction.

AMDGPU in Linux Kernel 6.8 advances with ACPI WBRF and VPE DPM support, revamped PCIe channel speed processing, 64-bit sequence numbers for synchronization, and added colour management mechanisms. Notably, sleep mode issues have been resolved, further stabilizing AMD GPU functionality.

In addition, Linux Kernel 6.8 also extends support with drivers for Broadcom VideoCore 7.1 GPU (Raspberry Pi 5), PowerVR 6 series GPUs (Imagination Technologies), Thunderbolt/USB4 controllers (Intel Lunar Lake), diverse camera SoCs, NSO game controllers, Adafruit Seesaw gamepads, and Lenovo Legion Go controllers. DTS driver updates in Kernel 6.8 cater to gaming devices like Powkiddy RK2023, Powkiddy X55, and Anbernic RG351V, enhancing Linux compatibility for these popular gaming platforms.

Expanded audio system support includes NXP i.MX8m MICFIL, Qualcomm SM8250, AMD ACP5x, Intel Arrow Lake, SM8550, SM8650, and X1E80100 chips, addressing diverse hardware configurations for improved audio performance.

In preparation for the Zen 5 microarchitecture, AMD implemented changes in Kernel 6.8, ensuring seamless integration and optimal performance for the upcoming processor series.

The ARM64 SoC line-up receives significant additions in Kernel 6.8, including support for Qualcomm SM8650, Qualcomm X1E80100, Samsung Exynos Auto v920, Google GS101, MediaTek MT8188, and Unisoc UMS9620, expanding compatibility across a range of ARM-based devices.

Moreover, Kernel 6.8 broadens ARM board and device support, embracing diverse platforms such as Huashan Pi, Microsoft Lumia, HTC One Mini 2, Motorola MotoG 4G, Huawei Honor 5X/GR5, Anbernic RG351V, Powkiddy RK2023, Powkiddy X55, and more, ensuring Linux compatibility across a wide array of ARM-based systems. Additionally, support for ARM11 ARMv6K SMP processors has been discontinued.

File systems

In file system modules, Kernel 6.8 introduces a new mode preventing direct writing to block devices with mounted file systems. This further enhanced security feature, disabled by default, limits root user modifications at the block device level. The inclusion of BLK_DEV_WRITE_MOUNTED parameter during build allows customization.

This release also debuts listmount() and statmount() system calls, empowering user space with detailed information on mounted file systems. This user-friendly enhancement facilitates efficient management and monitoring of file system configurations, adding a valuable layer of transparency for system administrators.

A notable improvement in the XFS file system enables the integration of fsck utility for online checks and corrections without unmounting the file system. This feature streamlines maintenance tasks, offering enhanced resilience and operational continuity for XFS-based storage solutions.

Kernel 6.8 also optimizes Ext4’s performance by employing the dioread_nolock call for blocks smaller than a memory page. This strategic enhancement eliminates unnecessary locks, particularly beneficial for high-performance computing scenarios, promoting efficiency in file system operations.

Btrfs in Kernel 6.8 introduces the nospace_cache mount flag to disable the free block cache. This, combined with functions utilizing page folios, enhances Btrfs’s flexibility and responsiveness.

The Extendable Read-Only File System (EROFS) gains subpage compression support in Kernel 6.8, tailored for read-only partitions. Additionally, performance improvements in low-memory situations make EROFS a more robust choice for scenarios where memory resources are constrained.

F2FS in this release reinforces support for zoned storage devices, catering to the trend of dividing blocks or sectors into zones. This update enables efficient utilization of zoned storage, ensuring F2FS aligns seamlessly with modern storage architectures.

The SMB file system in this release now supports the creation of block and symbolic device files, enhancing its versatility. This addition contributes to a more comprehensive set of features for users relying on SMB file system implementations.

This release also sees partial support for checking and restoring the integrity of mounted file systems in Bcachefs. While still in development, this feature signifies a step towards bolstering the reliability and data integrity aspects of the Bcachefs file system.

The device-mapper subsystem undergoes streamlining in Kernel 6.8 by discontinuing support for deprecated MD_LINEAR, MD_MULTIPATH, and MD_FAULTY handlers, aligning with evolving storage technologies. Users are encouraged to transition to more modern alternatives for enhanced compatibility and performance.

Networking

Linux Mainline Kernel 6.8 undergoes a significant network subsystem overhaul, strategically restructuring underlying data structures for improved caching efficiency. A reorganization of fields within network stack structures, including socks, netdev, netns, and mibs, optimizes cache usage. This enhancement results in a notable boost in TCP speed, up to 40% in scenarios with multiple parallel TCP connections, thanks to minimized cache line usage during data transfer and optimized variable access.

This release also adopted a streamlined approach by removing the bpfilter subsystem, leveraging BPF for packet filtering. Introduced in release 4.18, bpfilter struggled to reach widespread usability and lacked ongoing core development. With no recent updates in the mainline codebase, Facebook has continued development in a separate repository, prompting the removal of bpfilter from Linux Kernel 6.8 for a more streamlined and maintainable network subsystem.

Memory & Core

Linux Kernel 6.8 introduces improvements to the Zswap subsystem, enabling the unloading of ‘cold’ memory pages during low RAM conditions. This optimizes memory usage by compressing evicted pages in RAM, reducing the Zswap pool size and freeing up system memory. The new Zswap mode prevents unsuccessful writebacks to the actual swap partition, enhancing efficiency by avoiding the flushing of pages in the Zswap pool to the swap partition, ensuring better memory utilization during write failures.

The kernel now incorporates the SCHED_DEADLINE server mechanism in the task scheduler, addressing CPU resource underutilization by regular tasks when high-priority tasks monopolize the CPU. This enhances resource reservation efficiency compared to the previous Real-time throttling mechanism.

The DAMON subsystem gains an automatic memory consumption adjustment mechanism based on specified quotas. This enhancement allows monitoring and adapting a process’s access to data in RAM, providing insights into memory areas accessed and unclaimed.

In addition, this release also adds support for multi-size Transparent Huge Pages (mTHP), enabling the allocation of memory in blocks larger than the base page but smaller than traditional THP pages. This contributes to more flexible memory management and allocation.

Support for large folios is introduced for anonymous memory, significantly improving performance during access to unallocated memory pages by reducing core reassembly time by 5% and core-level time by 40%.

The kernel configuration file now includes the TRANSPARENT_HUGEPAGE_NEVER parameter, allowing users to disable the use of Transparent Huge Pages, providing more control over memory management.

The userfaultfd() system call introduces the UFFDIO_MOVE operation, facilitating memory page movement during heap compaction. Tests reveal a 40% reduction in packaging time compared to using the UFFDIO_COPY operation.

Linux Kernel 6.8 introduces the “KSM advisor” mechanism, automating optimization for merging identical memory pages within the Kernel Samepage Merging (KSM) subsystem, enhancing overall system performance.

Ongoing migration of Rust-for-Linux changes includes a Rust wrapper above the phylib abstraction level and a Rust driver for the Asix AX88772A Ethernet controller. Rust support remains optional and is not among the required assembly dependencies for the kernel.

The kernel now incorporates a BPF token mechanism, allowing selective delegation of certain BPF capabilities to unprivileged processes in user space, enhancing security and control over BPF-related activities. The BPF program verifier functionality is expanded, offering more robust verification of BPF programs, contributing to improved security and stability.

The perf utility gains support for data profiling, enabling the tracking of read and write operations to data structures. This feature aids in identifying the most actively modified fields in structures, enhancing performance analysis on supported processor architectures.

Support for the SUSP SBI extension enables entering standby mode with state saving in RAM on RISC-V architecture systems. The riscv_hwprobe() system call provides information about supported RISC-V instruction set architecture extensions, enhancing versatility for RISC-V development.

Virtualizations & systems

Linux Kernel 6.8 introduces three new system calls, lsm_list_modules(), lsm_get_self_attr(), and lsm_set_self_attr(), facilitating the listing of loaded Linux Security Modules (LSM) and the management of their attributes. The addition of the lsm_ctx structure enhances communication between user space and the kernel in the LSM context.

The AppArmor subsystem undergoes an upgrade by adopting the SHA-256 algorithm for rule verification, replacing SHA-1 hashes. This cryptographic enhancement bolsters the security of AppArmor, a crucial component for mandatory access control.

The kernel removes the strlcpy() function, initially included in Glibc 3.38 C library. While offering buffer overflow protection and ensuring a trailing null byte, its removal simplifies the kernel codebase, promoting streamlined functionality.

The KVM hypervisor gains support for the guest_memfd subsystem, introducing memory management capabilities for enhanced guest system functionality. Notably, guest_memfd allows the allocation of memory areas unreachable in the host environment, a boon for confidential computing.

KVM hypervisor also supports the Linear Address Masking (LAM) mode on Intel processors for guest systems. This feature enables the utilization of specific bits in 64-bit pointers to store metadata unrelated to addressing, enhancing flexibility and optimization.

ARM64 architecture receives support for 52-bit (LPA2) physical addresses in the KVM hypervisor. Additionally, x86 architecture gains the ability to build without emulating Hyper-V hypercalls, reducing kernel size and improving efficiency.

The iaa (IAA Compression Accelerator) driver is introduced, leveraging Intel Analytics Accelerator (IAA) cryptographic accelerators to expedite data compression and decompression using the DEFLATE method. This accelerates cryptographic operations for improved system performance.

On the host environment side, Kernel 6.8 implements support for the Intel Trusted Domain Extensions (TDX) mechanism within the KVM hypervisor. This enables the creation of secure guest environments utilizing virtual machine memory encryption, enhancing overall system security.

SELinux introduces the “init” SID to identify boot processes initiated before SELinux policies are applied. Furthermore, improvements are made to the /sys/fs/selinux interface, enhancing the manageability of SELinux security policies for increased system robustness.

To Install / Update Linux Kernel 6.8 Stable on Ubuntu & Linux Mint system :

Make Folder 'kernel' ( Optional ) :

$ cd Downloads/ && mkdir kernel && cd kernel

Download kernel packages using wget ( open terminal and follow the command ) :

$ wget -c https://kernel.ubuntu.com/mainline/v6.8/amd64/linux-headers-6.8.0-060800-generic_6.8.0-060800.202403131158_amd64.deb \\ https://kernel.ubuntu.com/mainline/v6.8/amd64/linux-headers-6.8.0-060800_6.8.0-060800.202403131158_all.deb \\ https://kernel.ubuntu.com/mainline/v6.8/amd64/linux-image-unsigned-6.8.0-060800-generic_6.8.0-060800.202403131158_amd64.deb \\ https://kernel.ubuntu.com/mainline/v6.8/amd64/linux-modules-6.8.0-060800-generic_6.8.0-060800.202403131158_amd64.deb

or Download from Ubuntu official site : 

Change permission file to get access from users :

$ sudo chmod +x *.deb

Install package (.deb) to update and upgrade kernel :

$ sudo dpkg --install *.deb

Completed, reboot your ubuntu system