The first half of the 7.0 merge window

The merge window for Linux 7.0 has opened, and with it comes a number of interesting improvements and enhancements. At the time of writing, there have been 7,695 non-merge commits accepted. The 7.0 release is not special, according to the kernel's versioning scheme — just the release that comes after 6.19. Humans love symbolism and round numbers, though, so it may feel like something of a milestone.

The most important changes included in this release were:

Architecture-specific

• The kernel now supports atomic 64-byte loads and stores on Arm CPUs that provide the feature.

Core kernel

• Rust support is officially no longer experimental. Rust is here to stay, although individual subsystem maintainers are still free to keep it out of their subsystems.
• BPF can be used to filter io_uring operations; see this article for details. The change adds a way to potentially enforce sandboxing on io_uring operations, given that seccomp() can't block individual io_uring operations — and that therefore administrators with seccomp()-based sandboxes typically disable io_uring altogether.
• Users have the option of using non-circular io_uring queues for better cache performance in applications where requests are usually completed before the submission system call returns. In a circular queue, the slots where new messages are stored continue advancing in memory until they wrap around. This causes churn in the cache. A non-circular queue will reset the queue's pointers whenever it is empty, hopefully keeping the start of the queue's memory in cache.
• Looking up types in BPF type format (BTF) debugging information now uses a binary search, which should make loading BPF programs more efficient.
• As reported in January, BPF kfuncs can accept implicit arguments.
• The scheduler has changed to only support two preemption modes on most architectures: PREEMPT_LAZY and PREEMPT_FULL. Only architectures that do not support preemption at all can still configure PREEMPT_NONE, and only architectures that don't support lazy preemption can configure PREEMPT_VOLUNTARY. See this article and its sequel for details on the different modes.
• The time-slice extension proposal for restartable sequences has been merged. This change allows processes that are almost done with a lock at the end of their time slice to request a short grace period to finish their work and release it.
• Administrators of systems that need to panic when workqueues stall can set a new build-time configuration option to force that behavior.
• The deprecated linuxrc-based initial ramdisk (initrd) code has been removed. The other initrd code is scheduled to follow in 2027, which will leave initramfs (which uses a filesystem in RAM instead of a disk image in RAM) the only supported way to boot the kernel.

Filesystems and block I/O

• Non-blocking updates to file modification times now actually work. Previously, they would return -EAGAIN unconditionally; now, that only happens when the filesystem would actually block. This makes non-blocking direct writes work on filesystems with fine-grained timestamps.
• Filesystems no longer implement leases by default, and must instead opt-in. This resolves a number of problems caused by leases being available on filesystems that were never designed to handle them. Most popular filesystems do implement leases, but 9p and cephfs don't, for example.
• Historically, filesystems have reported errors in mutually incompatible ways. A new set of helper functions makes it easier for filesystems to report errors to fsnotify in a consistent way.
• A new filesystem — "nullfs" — has been added for use as the root filesystem of Linux systems. It's immutable and completely empty, containing no data whatsoever. This simplifies the boot process, because user space can mount other filesystems on top of it and then use the pivot_root() system call to make those the new root, rather than having to clean up the contents of initramfs and re-use the root filesystem.
• In support of Checkpoint/Restore in Userspace (CRIU), the statmount() system call can now report information about the mount associated with a file descriptor.
• The EROFS maintainers have enabled LZMA compression by default, and marked DEFLATE and Zstandard compression as no longer experimental. The filesystem also shares page-cache entries for identical files on separate EROFS filesystems.
• Filesystems that need to calculate checksums or parity over data can use bounce buffers to store a copy of the data during direct I/O. See this article for details.
• Btrfs now supports direct I/O when the block size exceeds the system's page size.
• XFS's autonomous self-healing support has been merged; see this article for details.

Hardware support

• GPIO and pin control: ROHM bd72720 GPIO devices.
• Graphics: CSW MNE007QB3-1 panels, AUO B140HAN06.4 panels, AUO B140QAX01.H EDP panels, Sitronix ST7920 panels, Samsung LTL106HL02 panels, LG H546WF1-ED01 panels, HannStar HSD156J panels, BOE NV130WUM-T08 panels, Innolux G150XGE-L05 panels, Anbernic RG-DS panels, RK3368 HDMI controllers, RK3506 chips, Genio 510/700/1200-EVK HDMI outputs, and Radxa NIO-12L HDMI outputs.
• Hardware monitoring: MT8196 and MT7987 Mediatek heat sensors, RZ/T2H and RZ/N2H Renesas heat sensors, HiTRON HAC300S power supplies, Monolithic MP5926 hot-swap controllers, STEF48H28 hot-swap controllers, Pro WS TRX50-SAGE WIFI A and ROG MAXIMUS X HERO chips, Dell OptiPlex 7080 computers, F81968 I/O chips, ASUS Pro WS WRX90E-SAGE SE chips, SHT85 sensors, P3T1035 temperature sensors, and P3T2030 temperature sensors.
• Media: TI video input ports, os05b10, s5k3m5, and s5kjn1 camera sensors, and Synopsys CSI-2 receivers.
• Miscellaneous: Renesas RZ/V2N SoCs and Rock Band 4 PS4 and PS5 guitars, ATCSPI200 SPI devices, AXIADO AX300 SPI devices, NXP XPI SPI devices, and Renesas RZ/N1 SPI devices.
• Networking: Huawei hinic3 PF ethernet cards, Motorcomm YT6801 PCIe ethernet controllers, MaxLinear MxL862xx switches, RealTek RTL8127ATF 10G Fiber SFP NICs, RZ/G3L GBETH SoC NICs and QCC2072 WiFi chipsets.
• Power: Maxim MAX776750 PMICs, Realtek RT8902 level shifters, Samsung S2MPG11 PMICs, and Texas Instruments TPS65185 PMICs.
• Sound: NXP i.MX952 application processor, Realtek RT1320 and RT5575 audio codecs, and Sophogo CV1800B chips.

Miscellaneous

• The vDSO now provides a 64-bit version of clock_getres().
• With this version, the kernel supports SPI devices with multiple data lanes that transmit in parallel.

Security-related

• SELinux can now control BPF token access. BPF tokens allow unprivileged processes to perform certain privileged BPF operations; see this article for details.
• The kernel supports ML-DSA post-quantum signatures, and can use them to authenticate kernel modules.
• The option to sign kernel modules with schemes involving SHA-1 hashes has been removed, although the kernel remains able to load modules signed this way, for now.
• NETFILTER_PKT audit records now contain the source and destination port numbers for inspection.

Virtualization and containers

• Container runtimes can use the new OPEN_TREE_NAMESPACE option to open a new mount namespace without cloning an existing mount namespace. This should make starting a new container faster on systems with many mounts.

Internal kernel changes

• A reimplementation of RCU task traces has resulted in the deprecation of the rcu_read_lock_trace() and rcu_read_unlock_trace() functions.
• The kernel has added an official policy on tool-generated content. To encourage the tools themselves to follow it, there is also documentation aimed at LLMs.
• The kmalloc_*() family of functions (which allocate based on the required size) are poised to be replaced with kmalloc_obj_*() functions (which allocate based on the provided type) during this release cycle. The new functions will both make object-length-calculation errors less common and provide for possible type-based hardening of the kernel.
• A number of Rust changes were made to use the recently-vendored syn crate to implement macros — changes which, ironically, actually reduced the amount of Rust code in the kernel by cleaning up the previous ad-hoc macro definitions.
• Support for Sparse context analysis (which helps find locking bugs, although not well) was removed in favor of compiler-based context analysis in Clang 22. The compiler-based analysis should catch more locking bugs with fewer false positives; see this article for details.
• The kernel's build configuration has new syntactic sugar: "depends on X if Y", standing in for "depends on X || !Y".
• Sheaf caches are all cached per-CPU, a change that has been in the works for nearly a year. This change reduces the amount of cross-CPU contention caused by allocating new pages from the kernel's slab allocator.
• s390 machines now have the same kinds of poison pointers (which have hex value 0xdead000000000000 on s390) as other architectures, which allow the kernel to track DMA mappings from the networking page pool, among other things.
• The DRM subsystem has given up on integration with the kernel debugger (kgdb) for now. The move is motivated by the difficulty of supporting kgdb on modern hardware.
• The new __counted_by_ptr() annotation marks members of a structure that specify the length of an object behind a pointer, like __counted_by() does for arrays in a structure.

The merge window is not quite half over, so as usual there will be a follow-up article once it closes, on February 22 if all goes as planned. For now, though, the 7.0 release is following the trend of recent Linux releases: packed with incremental improvements, and no huge changes. One thing that didn't make it into this release is support for revocable driver interfaces in C; that patch set may just be pushed off to 7.1, or may face stiffer resistance.