Elastic Compute Service:Release notes for Alibaba Cloud Linux 3

Image ID

Release date

Description

aliyun_3_x64_20G_alibase_20230327.vhd

2023-03-27

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-13.1.al8.x86_64.

aliyun_3_arm64_20G_alibase_20230327.vhd

2023-03-27

• The Alibaba Cloud Linux 3.2104 64-bit LTS for ARM base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-13.1.al8.aarch64.

aliyun_3_x64_20G_qboot_alibase_20230214.vhd

2023-02-14

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (Quick Start) image is updated.

• This image is derived from the aliyun_3_x64_20G_alibase_20230110.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

aliyun_3_x64_20G_uefi_alibase_20230214.vhd

2023-02-14

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (UEFI) image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20230110.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

• The boot mode is changed to the Unified Extensible Firmware Interface (UEFI) mode and only the UEFI mode is supported.

aliyun_3_x64_20G_alibase_20230110.vhd

2023-01-10

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The configurations of the Plus debug repository are added.

• Kernel updates:

  • The kernel version is updated to 5.10.134-13.al8.x86_64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • /dev/ioasid is supported.

    In versions earlier than ANCK 5.10-013, device-passthrough frameworks (such as VFIO and vDPA) create their own logic to isolate untrusted device DMAs that are initiated by userspace. In ANCK 5.10-013 and later, /dev/ioasid provides a unified interface to manage I/O page tables for devices that are assigned to userspace. This simplifies VFIO and vDPA.

  • The performance of the SoftWare Input/Output Translation Lookaside Buffer (SWIOTLB) mechanism is optimized.

    In versions earlier than ANCK 5.10-013, the SWIOTLB mechanism that is used to communicate with peripherals only uses a single lock when allocating memory. In ANCK 5.10-013 and later, the lock is split into multiple locks and allows user configuration. Confidential virtual machines (AMD SEV- or Intel TDX-based virtual machines) that have high specifications, such as more than 32 CPUs, can benefit from the change. For Redis and MySQL, tests show that the change helps gain a maximum I/O performance increase of eight times.

  • napi.tx is enabled in virtio-net to improve the performance of TCP Small Queue (TSQ).

    In 3bedc5bca69d ('ck: Revert "virtio_net: enable napi_tx by default"'), high si leads to performance degradations in some special scenarios. This causes TSQ not to work as expected. To resolve the issue, the napi.tx feature is re-enabled.

  • The AST2600 PCIe 2D VGA driver is supported.

    In versions earlier than ANCK 5.10-013, ASPEED AST2600 graphics cards are not supported. In ANCK 5.10-013 and later, ASPEED AST2600 graphics cards are supported, and graphics can be properly displayed when the graphics cards are connected to external monitors.

  • A switch is added for the group identity feature.

    In ANCK 5.10-013, the global sysctl switch is added for group identity. By default, the switch is turned off to reduce the scheduling overhead of common processes. You can run the echo 1 > /proc/sys/kernel/sched_group_identity_enabled command to turn on the switch.

  • The default kernel boot cmdline is adjusted on the ARM64 platform.

    In 5.10.134-013 and later, the following parameter settings are added to the kernel boot cmdline on the ARM64 platform to improve performance:

    cgroup.memory=nokmem iommu.passthrough=1 iommu.strict=0

    • cgroup.memory=nokmem: disables kernel memory accounting. When enabled, kernel memory accounting results in additional logic for allocating and releasing slab pages and affects performance. For more information, go to the OpenAnolis.

    • iommu.passthrough=1: bypasses the Input-Output Memory Management Unit (IOMMU) for DMA. This can reduce translations for page table mappings. If iommu.passthrough=1 is not added to the kernel boot cmdline, the value of CONFIG_IOMMU_DEFAULT_PASSTHROUGH is used. The iommu.passthrough parameter takes effect for physical machines.

    • iommu.strict=0: indicates that the lazy mode is used for translation look-aside buffer (TLB) invalidation. The lazy mode defers the invalidation of hardware TLBs during DMA unmap operations to increase throughput and the unmapping speed. If the lazy mode is not supported by the relevant IOMMU driver, the mode automatically switches back to the strict mode (iommu.strict=1). The strict mode invalidates IOMMU hardware TLBs during DMA unmap operations.

  • The Compact NUMA aware (CNA) spinlock feature is supported.

    In 5.10.134-013 and later, NUMA awareness is added to qspinlock. One of the following kernel boot cmdline parameter settings can be added to enable the CNA spinlock feature: numa_spinlock=on or numa_spinlock=auto.

    After the feature is enabled, qspinlock hands spinlocks to the CPU on the same NUMA node when CPUs on different NUMA nodes compete for spinlocks. This reduces memory accesses across NUMA nodes and improves performance. This feature helps gain a more than 10% performance increase under sysbench and partial LevelDB benchmarks.

  • The perf mem and perf c2c commands provide more features on the ARM64 platform.

    In 5.10.134-013 and later, the perf mem and perf c2c commands are extended to provide more features. On the ARM64 platform, perf mem and perf c2c can be used to show the data sources of samples, such as L1 hit. perf mem supports synthesized memory events, synthesized instruction events, synthesis directive events, and instruction delay information. perf c2c provides the capability of locating NUMA node information.

  • fsck.xfs supports journal replay.

    After a machine breaks down, file systems may be in the inconsistent state and the journal log is not replayed. In xfsprogs-5.0.0-10.0.4 and earlier, this may drop the machine into the rescue shell because fsck.xfs does not support journal replay, which brings maintenance trouble. In xfsprogs-5.0.0-10.0.5 and later, fsck.xfs supports journal replay. When you assume the administrator role, you can set fsck.mode to force and fsck.repair to yes to enable journal replay. Note that journal replay takes effect only for system disks.

  • Adaptive hugetext is supported.

    In 5.10.134-013 and later, the adaptive hugetext feature is provided to resolve hardware drawbacks, especially for x86 platforms. An example of the hardware drawbacks is that Intel Skylake has only eight iTLB entries to use. This feature selects the most popular 2 MB areas into huge pages based on PTE scan results. In short, this feature provides two system interfaces to limit the number of huge pages per application and prevent performance degradations that are caused by iTLB miss increase. This feature is suitable for Java applications and applications that have big text footprint, such as OceanBase and MySQL.

  • SGX dynamic memory management is supported.

    In versions earlier than ANCK 5.10, the dynamic management of SGX enclave memory is not supported. In ANCK 5.10 and later, the SGX EDMM feature is provided to allow the dynamic management of SGX memory.

  • The WireGuard module is enabled.

    In versions earlier than ANCK 5.10-013, the WireGuard module is not enabled. In ANCK 5.10 and later, the WireGuard module is enabled. WireGuard is an easy-to-configure, fast, and secure virtual private network (VPN) that can replace IPSec. WireGuard is abstract and suitable for general use in most scenarios.

aliyun_3_arm64_20G_alibase_20230110.vhd

2023-01-10

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• The configurations of the Plus debug repository are added.

• Kernel updates:

  • The kernel version is updated to 5.10.134-13.al8.aarch64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • /dev/ioasid is supported.

    In versions earlier than ANCK 5.10-013, device-passthrough frameworks (such as VFIO and vDPA) create their own logic to isolate untrusted device DMAs that are initiated by userspace. In ANCK 5.10-013 and later, /dev/ioasid provides a unified interface to manage I/O page tables for devices that are assigned to userspace. This simplifies VFIO and vDPA.

  • The performance of the SoftWare Input/Output Translation Lookaside Buffer (SWIOTLB) mechanism is optimized.

    In versions earlier than ANCK 5.10-013, the SWIOTLB mechanism that is used to communicate with peripherals only uses a single lock when allocating memory. In ANCK 5.10-013 and later, the lock is split into multiple locks and allows user configuration. Confidential virtual machines (AMD SEV- or Intel TDX-based virtual machines) that have high specifications, such as more than 32 CPUs, can benefit from the change. For Redis and MySQL, tests show that the change helps gain a maximum I/O performance increase of eight times.

  • napi.tx is enabled in virtio-net to improve the performance of TCP Small Queue (TSQ).

    In 3bedc5bca69d ('ck: Revert "virtio_net: enable napi_tx by default"'), high si leads to performance degradations in some special scenarios. This causes TSQ not to work as expected. To resolve the issue, the napi.tx feature is re-enabled.

  • The AST2600 PCIe 2D VGA driver is supported.

    In versions earlier than ANCK 5.10-013, ASPEED AST2600 graphics cards are not supported. In ANCK 5.10-013 and later, ASPEED AST2600 graphics cards are supported, and graphics can be properly displayed when the graphics cards are connected to external monitors.

  • A switch is added for the group identity feature.

    In ANCK 5.10-013, the global sysctl switch is added for group identity. By default, the switch is turned off to reduce the scheduling overhead of common processes. You can run the echo 1 > /proc/sys/kernel/sched_group_identity_enabled command to turn on the switch.

  • The default kernel boot cmdline is adjusted on the ARM64 platform.

    In 5.10.134-013 and later, the following parameter settings are added to the kernel boot cmdline on the ARM64 platform to improve performance:

    cgroup.memory=nokmem iommu.passthrough=1 iommu.strict=0

    • cgroup.memory=nokmem: disables kernel memory accounting. When enabled, kernel memory accounting results in additional logic for allocating and releasing slab pages and affects performance. For more information, go to the OpenAnolis.

    • iommu.passthrough=1: bypasses the Input-Output Memory Management Unit (IOMMU) for DMA. This can reduce translations for page table mappings. If iommu.passthrough=1 is not added to the kernel boot cmdline, the value of CONFIG_IOMMU_DEFAULT_PASSTHROUGH is used. The iommu.passthrough parameter takes effect for physical machines.

    • iommu.strict=0: indicates that the lazy mode is used for translation look-aside buffer (TLB) invalidation. The lazy mode defers the invalidation of hardware TLBs during DMA unmap operations to increase throughput and the unmapping speed. If the lazy mode is not supported by the relevant IOMMU driver, the mode automatically switches back to the strict mode (iommu.strict=1). The strict mode invalidates IOMMU hardware TLBs during DMA unmap operations.

  • The Compact NUMA aware (CNA) spinlock feature is supported.

    In 5.10.134-013 and later, NUMA awareness is added to qspinlock. One of the following kernel boot cmdline parameter settings can be added to enable the CNA spinlock feature: numa_spinlock=on or numa_spinlock=auto.

    After the feature is enabled, qspinlock hands spinlocks to the CPU on the same NUMA node when CPUs on different NUMA nodes compete for spinlocks. This reduces memory accesses across NUMA nodes and improves performance. This feature helps gain a more than 10% performance increase under sysbench and partial LevelDB benchmarks.

  • The perf mem and perf c2c commands provide more features on the ARM64 platform.

    In 5.10.134-013 and later, the perf mem and perf c2c commands are extended to provide more features. On the ARM64 platform, perf mem and perf c2c can be used to show the data sources of samples, such as L1 hit. perf mem supports synthesized memory events, synthesized instruction events, synthesis directive events, and instruction delay information. perf c2c provides the capability of locating NUMA node information.

  • fsck.xfs supports journal replay.

    After a machine breaks down, file systems may be in the inconsistent state and the journal log is not replayed. In xfsprogs-5.0.0-10.0.4 and earlier, this may drop the machine into the rescue shell because fsck.xfs does not support journal replay, which brings maintenance trouble. In xfsprogs-5.0.0-10.0.5 and later, fsck.xfs supports journal replay. When you assume the administrator role, you can set fsck.mode to force and fsck.repair to yes to enable journal replay. Note that journal replay takes effect only for system disks.

  • Adaptive hugetext is supported.

    In 5.10.134-013 and later, the adaptive hugetext feature is provided to resolve hardware drawbacks, especially for x86 platforms. An example of the hardware drawbacks is that Intel Skylake has only eight iTLB entries to use. This feature selects the most popular 2 MB areas into huge pages based on PTE scan results. In short, this feature provides two system interfaces to limit the number of huge pages per application and prevent performance degradations that are caused by iTLB miss increase. This feature is suitable for Java applications and applications that have big text footprint, such as OceanBase and MySQL.

  • SGX dynamic memory management is supported.

    In versions earlier than ANCK 5.10, the dynamic management of SGX enclave memory is not supported. In ANCK 5.10 and later, the SGX EDMM feature is provided to allow the dynamic management of SGX memory.

  • The WireGuard module is enabled.

    In versions earlier than ANCK 5.10-013, the WireGuard module is not enabled. In ANCK 5.10 and later, the WireGuard module is enabled. WireGuard is an easy-to-configure, fast, and secure virtual private network (VPN) that can replace IPSec. WireGuard is abstract and suitable for general use in most scenarios.

Image ID

Release date

Description

aliyun_3_x64_20G_alibase_20221118.vhd

2022-11-18

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-12.2.al8.x86_64.

aliyun_3_arm64_20G_alibase_20221118.vhd

2022-11-18

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-12.2.al8.aarch64.

aliyun_3_x64_20G_alibase_20221102.vhd

2022-11-02

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-12.2.al8.x86_64.

aliyun_3_arm64_20G_alibase_20221102.vhd

2022-11-02

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.134-12.2.al8.aarch64.

aliyun_3_x64_20G_alibase_20220907.vhd

2022-09-07

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.134-12.al8.x86_64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • YiTian 710 processors are supported.

  • Panjiu M-series servers are supported.

  • The performance on the YiTian platform is optimized.

  • Memory System Resource Partitioning and Monitoring (MPAM) is supported on the ARM 64-bit architecture.

  • Datop can be used to monitor NUMA across nodes and identify cold and hot memory in processes.

  • The hot migration capability of AMD SEV is supported by the guest OS.

  • More than 4 GB of memory can be reserved for a crash kernel on the ARM 64-bit architecture.

  • Hotfixes for kernel modules are supported on the ARM 64-bit architecture.

  • ftrace osnoise tracer is supported.

  • ext4 fast commit is supported, which is frequently applied to the fsync function. For example, ext4 fast commit optimizes the performance of MySQL and PostgreSQL databases. The corresponding e2fsprogs version is updated to 1.46.0.

  • The following features developed in-house by Alibaba Cloud are supported:

    • 2 MB unaligned part at the end of executable binary files can be filled, which improves the performance by 2% for specific scenarios.

    • The XFS 16k atomic write feature is supported. Compared with double writes, XFS 16k atomic writes improve the performance of disks by up to 50% and reduce I/O on disks. The corresponding xfsprogs and mariadb repositories are updated to Anolis YUM repositories. This solution has the following advantages over the hardware-based atomic write solution:

      • This solution is based on the COW technique.

      • This solution does not depend on hardware.

      • This solution does not depend on runtime I/O path configurations.

      The XFS 16k atomic write feature can be used together with the Hugetext feature. For more information, see Work with MariaDB 16K atomic writes.

    • Nydus and erofs over fscache can be used to accelerate container images. Nydus and erofs over fscache are developed by OpenAnolis and are integrated into Linux 5.19. Nydus and erofs over fscache are the first native in-kernel acceleration solution that is supported by the Linux community for container images. For more information, see OpenAnolis.

    • The fuse fd passthrough and fd attach features are supported. fd passthrough can reduce I/O latency by 90% for common scenarios. fd attach can recover fuse mount points in abnormal cases without impacts and help improve the stability of production environments.

    • Kidled can be used to scan anonymous pages, files, and slabs.

    • The memory.use_priority_swap interface is added to reclaim memory based on the priorities of cgroups.

    • 1-RTT and RDMA DIM are supported by SMC to optimize CQ interrupt process logic and improve QPS by 40% in data paths. SMC CI/CD is supported to fix dozens of stability issues.

aliyun_3_arm64_20G_alibase_20220907.vhd

2022-09-07

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.134-12.al8.aarch64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • YiTian 710 processors are supported.

  • Panjiu M-series servers are supported.

  • The performance on the YiTian platform is optimized.

  • MPAM is supported on the ARM 64-bit architecture.

  • Datop can be used to monitor NUMA across nodes and identify cold and hot memory in processes.

  • The hot migration capability of AMD SEV is supported by the guest OS.

  • More than 4 GB of memory can be reserved for a crash kernel on the ARM 64-bit architecture.

  • Hotfixes for kernel modules are supported on the ARM 64-bit architecture.

  • ftrace osnoise tracer is supported.

  • ext4 fast commit is supported, which is frequently applied to the fsync function. For example, ext4 fast commit optimizes the performance of MySQL and PostgreSQL databases. The corresponding e2fsprogs version is updated to 1.46.0.

  • The following features developed in-house by Alibaba Cloud are supported:

    • 2 MB unaligned part at the end of executable binary files can be filled, which improves the performance by 2% for specific scenarios.

    • The XFS 16k atomic write feature is supported. Compared with double writes, XFS 16k atomic writes improve the performance of disks by up to 50% and reduce I/O on disks. The corresponding xfsprogs and mariadb repositories are updated to Anolis YUM repositories. This solution has the following advantages over the hardware-based atomic write solution:

      • This solution is based on the COW technique.

      • This solution does not depend on hardware.

      • This solution does not depend on runtime I/O path configurations.

      The XFS 16k atomic write feature can be used together with the Hugetext feature. For more information, see Work with MariaDB 16K atomic writes.

    • Nydus and erofs over fscache can be used to accelerate container images. Nydus and erofs over fscache are developed by OpenAnolis and are integrated into Linux 5.19. Nydus and erofs over fscache are the first native in-kernel acceleration solution that is supported by the Linux community for container images. For more information, see OpenAnolis.

    • The fuse fd passthrough and fd attach features are supported. fd passthrough can reduce I/O latency by 90% for common scenarios. fd attach can recover fuse mount points in abnormal cases without impacts and help improve the stability of production environments.

    • Kidled can be used to scan anonymous pages, files, and slabs.

    • The memory.use_priority_swap interface is added to reclaim memory based on the priorities of cgroups.

    • 1-RTT and RDMA DIM are supported by SMC to optimize CQ interrupt process logic and improve QPS by 40% in data paths. SMC continuous integration and continuous delivery (CI/CD) is supported to fix dozens of stability issues.

aliyun_3_x64_20G_qboot_alibase_20220907.vhd

2022-09-07

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (Quick Start) image is updated.

• This image is derived from the aliyun_3_x64_20G_alibase_20220907.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

aliyun_3_x64_20G_uefi_alibase_20220907.vhd

2022-09-07

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (UEFI) image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20220907.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

• The boot mode is changed to the UEFI mode and only the UEFI mode is supported.

aliyun_3_arm64_20G_alibase_20220819.vhd

2022-08-19

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.112-11.2.al8.aarch64.

aliyun_3_x64_20G_alibase_20220815.vhd

2022-08-15

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.112-11.2.al8.x86_64.

aliyun_3_x64_20G_alibase_20220728.vhd

2022-07-28

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.112-11.1.al8.x86_64.

aliyun_3_arm64_20G_alibase_20220728.vhd

2022-07-28

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• The kernel version is updated to 5.10.112-11.1.al8.aarch64.

aliyun_3_x64_20G_alibase_20220527.vhd

2022-05-27

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.112-11.al8.x86_64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • The following technologies developed by Alibaba Cloud are supported:

    • Duptext

    • Enhanced hugetext

    • Kernel Electric-Fence (KFENCE), which is used to detect out-of-bound memory accesses and use-after-free errors

  • CSV2 confidential virtual machines that use Hygon processors can be started.

  • Up to 256 CPUs are supported by the guest OS.

  • The throughput, latency, and connection speeds of SMC in HTTP workloads such as NGINX are improved, and several stability and compatibility issues are fixed.

  • Advanced Matrix Extensions (AMX), virtual AMX, Inter-Processor Interrupt (IPI) virtualization, UINTER, Intel_idle, and Trust Domain Extensions (TDX) are supported by Intel Sapphire Rapids (SPR) processors.

  • SEV-ES, ptdma driver, CPU frequency, k10temp, and EDAC are supported by AMD.

  • DDR PMU, PCIe PMU driver, Arm CoreLink CMN-700 Coherent Mesh Network, and RAS are supported by YiTian 710 processors.

  • CoreSight is supported.

  • ARM SPE perf memory profiling and c2c are supported by ARM architecture.

  • DAX per file is supported by virtiofs.

  • smmu event polling is supported.

aliyun_3_x64_20G_qboot_alibase_20220527.vhd

2022-05-27

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (Quick Start) image is updated.

• This image is derived from the aliyun_3_x64_20G_alibase_20220527.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

aliyun_3_x64_20G_uefi_alibase_20220527.vhd

2022-05-27

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (UEFI) image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20220527.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

• The boot mode is changed to the UEFI mode and only the UEFI mode is supported.

aliyun_3_arm64_20G_alibase_20220526.vhd

2022-05-26

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.112-11.al8.aarch64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • The following technologies developed by Alibaba Cloud are supported:

    • Duptext

    • Enhanced hugetext

    • KFENCE, which is used to detect out-of-bound memory accesses and use-after-free errors

  • CSV2 confidential virtual machines that use Hygon processors can be started.

  • Up to 256 CPUs are supported by the guest OS.

  • The throughput, latency, and connection speeds of SMC in HTTP workloads such as NGINX are improved, and several stability and compatibility issues are fixed.

  • AMX, virtual AMX, IPI virtualization, UINTER, Intel_idle, and TDX are supported by Intel SPR processors.

  • SEV-ES, ptdma driver, CPU frequency, k10temp, and EDAC are supported by AMD.

  • DDR PMU, PCIe PMU driver, Arm CoreLink CMN-700 Coherent Mesh Network, and RAS are supported by YiTian 710 processors.

  • CoreSight is supported.

  • ARM SPE perf memory profiling and c2c are supported by ARM architecture.

  • DAX per file is supported by virtiofs.

  • smmu event polling is supported.

aliyun_3_x64_20G_alibase_20220413.vhd

2022-04-13

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.4.al8.x86_64.

  • The CVE-2022-1016 and CVE-2022-27666 vulnerabilities are fixed.

aliyun_3_arm64_20G_alibase_20220413.vhd

2022-04-13

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.4.al8.aarch64.

  • The CVE-2022-1016 and CVE-2022-27666 vulnerabilities are fixed.

aliyun_3_x64_20G_alibase_20220315.vhd

2022-03-15

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions.

• Common vulnerabilities and exposures (CVEs) are fixed.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.3.al8.x86_64.

  • The CVE-2022-0435 and CVE-2022-0847 vulnerabilities are fixed.

aliyun_3_arm64_20G_alibase_20220315.vhd

2022-03-15

• The Alibaba Cloud Linux 3.2104 LTS 64-bit for ARM base image is updated to include the latest software versions.

• CVEs are fixed.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.3.al8.aarch64.

  • The CVE-2022-0435 and CVE-2022-0847 vulnerabilities are fixed.

aliyun_3_x64_20G_alibase_20220225.vhd

2022-02-25

• The Alibaba Cloud Linux 3.2104 LTS 64-bit base image is updated to include the latest software versions. CVEs are fixed.

• The Coordinated Universal Time (UTC) time standard is used by the real-time clock (RTC). For more information, see Linux time and time zones.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.2.al8.x86_64.

  • The CVE-2022-0492, CVE-2021-4197, CVE-2022-0330, CVE-2022-22942, and CVE-2022-0185 vulnerabilities are fixed.

  • The following features developed by Alibaba Cloud are supported:

    • Duptext

    • Hugetext

    • RDMA/SMC-R

  • AMX, Reliability, Availability, and Serviceability (RAS), RCEC, bus lock detection, Ratelimit support, and Uncore are supported by Intel SPR processors.

  • The MCA-R feature is added to Intel Ice Lake processors.

  • The Intel Driver & Support Assistant feature is enabled.

  • The XDP socket feature is supported by virtio-net.

  • The kernel TLS cryptography protocol is supported.

  • KFENCE is supported to detect out-of-bound memory accesses and use-after-free errors.

  • The AVX and AVX2 instruction sets of the SM4 algorithm in kernel are optimized.

  • Hygon CSV vm attestation is supported.

  • The perf c2c feature of ARM SPE is supported.

  • The i10nm_edac feature is supported.

  • The unevictable_pid feature is ported.

  • The memory watermark adjustment is supported.

  • The adaptive sqpoll mode of io_uring is supported.

  • Huge vmalloc mappings are supported.

aliyun_3_x64_20G_qboot_alibase_20220225.vhd

2022-02-25

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (Quick Start) image is updated.

• This image is derived from the aliyun_3_x64_20G_alibase_20220225.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

• The UTC time standard is used by RTC. For more information, see Linux time and time zones.

aliyun_3_arm64_20G_alibase_20220225.vhd

2022-02-25

• The UTC time standard is used by RTC. For more information, see Linux time and time zones.

• Kernel updates:

  • The kernel version is updated to 5.10.84-10.2.al8.aarch64.

  • The CVE-2022-0492, CVE-2021-4197, CVE-2022-0330, CVE-2022-22942, and CVE-2022-0185 vulnerabilities are fixed.

  • The following features developed by Alibaba Cloud are supported:

    • Duptext

    • Hugetext

    • RDMA/SMC-R

  • AMX, RAS, RCEC, bus lock detection, Ratelimit support, and Uncore are supported by Intel SPR processors.

  • The MCA-R feature is added to Intel Ice Lake processors.

  • The Intel Driver & Support Assistant feature is enabled.

  • The XDP socket feature is supported by virtio-net.

  • The kernel TLS cryptography protocol is supported.

  • KFENCE is supported to detect out-of-bound memory accesses and use-after-free errors.

  • The AVX and AVX2 instruction sets of the SM4 algorithm in kernel are optimized.

  • Hygon CSV vm attestation is supported.

  • The perf c2c feature of ARM SPE is supported.

  • The i10nm_edac feature is supported.

  • The unevictable_pid feature is ported.

  • The memory watermark adjustment is supported.

  • The adaptive sqpoll mode of io_uring is supported.

  • Huge vmalloc mappings are supported.

aliyun_3_x64_20G_uefi_alibase_20220225.vhd

2022-02-25

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (UEFI) image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20220225.vhd version of the Alibaba Cloud Linux 3.2104 LTS 64-bit base image.

• The UTC time standard is used by RTC. For more information, see Linux time and time zones.

Image ID

Release date

Description

aliyun_3_x64_20G_qboot_alibase_20211214.vhd

2021-12-14

• The Alibaba Cloud Linux 3.2104 LTS 64-bit (Quick Start) image is released.

• This image is derived from the aliyun_3_x64_20G_alibase_20210910.vhd version of the Alibaba Cloud Linux 3.2104 64-bit base image.

aliyun_3_x64_20G_alibase_20210910.vhd

2021-09-10

• The Alibaba Cloud Linux 3.2104 64-bit base image is updated to include the latest software versions. CVEs are fixed.

• The update-motd service is added and enabled by default.

• The kdump service is enabled by default.

• The atd service is enabled by default.

• Kernel updates:

  • The kernel is upgraded to upstream stable kernel release 5.10.60. The current kernel version is 5.10.60-9.al8.x86_64.

  • Kernel bugs and critical security vulnerabilities are fixed.

  • The following technologies developed in-house by Alibaba Cloud are supported:

    • Elastic remote direct memory access (eRDMA) and SMC-R based on eRDMA

    • Resource isolation technology: Out-of-memory (OOM) priority control

    • Memory KIDLED technology

    • Resource isolation technology: memcg zombie reaper

    • Rich container technology: rich container

    • Resource isolation technology: CPU group identity

    • Unified Kernel Fault Event Framework (UKFEF) technology

  • Intel SPR CPUs are supported.

  • The cpupower utility used for AMD Milan is supported.

  • The Non-Maskable Interrupt (NMI) watchdog based on the System for Electronic Disclosure by Insiders (SEDI) is supported by the ARM 64-bit architecture.

  • MPAM is supported by the ARM 64-bit architecture.

  • Memory hotplug is supported by the ARM 64-bit architecture.

  • The kernel quick start technology is enhanced.

  • X86 SGX2 is supported.

  • The performance of virtio-net is optimized.

  • The Extended Berkeley Packet Filter (eBPF) Linux Security Modules (LSM) technology is supported.

  • Software and hardware that are virtualized based on kernel-based Virtual Machine (KVM) are co-designed, and PV-qspinlock is supported during the co-design.

aliyun_3_arm64_20G_alibase_20210910.vhd

2021-09-10

• The Alibaba Cloud Linux 3.2104 64-bit for ARM image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20210910.vhd version of the Alibaba Cloud Linux 3.2104 64-bit base image.

aliyun_3_x64_20G_uefi_alibase_20210910.vhd

2021-09-10

• The Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is updated to include the latest software versions.

• This image is derived from the aliyun_3_x64_20G_alibase_20210910.vhd version of the Alibaba Cloud Linux 3.2104 64-bit base image.

• Supported regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Ulanqab), China (Shenzhen), China (Heyuan), and Singapore.

aliyun_3_arm64_20G_alibase_20210709.vhd

2021-07-09

• The Alibaba Cloud Linux 3.2104 64-bit for ARM image is released.

• Security Center can be connected.

• Supported region: China (Hangzhou).

aliyun_3_x64_20G_alibase_20210425.vhd

2021-04-25

• The Alibaba Cloud Linux 3.2104 64-bit base image is updated.

• Kernel updates: The kernel version is updated to 5.10.23-5.al8.x86_64.

aliyun_3_x64_20G_uefi_alibase_20210425.vhd

2021-04-25

• The Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is released.

• This image is derived from the aliyun_3_x64_20G_alibase_20210425.vhd version of the Alibaba Cloud Linux 3.2104 64-bit base image.

• The boot mode is changed to the UEFI mode and only the UEFI mode is supported.

• Supported regions: China (Beijing), China (Hangzhou), China (Shanghai), and China (Shenzhen).

aliyun_3_x64_20G_alibase_20210415.vhd

2021-04-15

• The Alibaba Cloud Linux 3.2104 64-bit base image is released.

• Kernel description:

  • The kernel is based on the 5.10 kernel version supported in the Linux community. The 5.10.23-4.al8.x86_64 kernel version is used in the base image.

  • The PV-Panic, PV-Unhalt, and PV-Preempt features are supported by the ARM 64-bit architecture.

  • Kernel Live Patching (KLP) is supported by the ARM 64-bit architecture.

  • TCP-RT is supported.

  • The memcg backend asynchronous reclaim feature is supported.

  • The memcg quality of service (QoS) and Pressure Stall Information (PSI) features implemented based on cgroup v1 interfaces are supported.

  • The cgroup writeback feature is supported.

  • The monitoring of block I/O throttling is enhanced.

  • An interface is provided to optimize JBD2 of ext4.

  • The open source kernel of Alibaba Cloud is optimized and vulnerabilities in multiple subsystems including the scheduler, memory, file system, and block layer are fixed.

  • The CPU burst feature is supported. For more information, see Enable the CPU burst feature for cgroup v1.

• Image description:

  • The base image is compatible with the CentOS 8 and Red Hat Enterprise Linux (RHEL) 8 software ecosystems. CVEs are fixed.

  • GCC 10.2.1 and glibc 2.32 are supported.

  • Python 3.6 and Python 2.7 are supported.

  • AppStream is supported.

• Supported region: China (Hangzhou).