Kernel 4.11

If you download any software from this web site please be aware of the Warranty Disclaimer and Limitation of Liabilities.

Kernel downloads for the "Development stream"

Download Description
upstream kernel 4.11 kernel 4.11 - upstream with feature descriptions.
linux-4.11-s390-message-catalog.tar.gz / MD5 "Development Stream" kernel 4.11 - message-catalog (optional)

2017-09-15: kernel 4.11 - upstream (feature description)

To download the linux-4.11.tar.gz visit:

The upstream kernel 4.11 contains the following functionality developed by the Linux on z Systems development team:

Improve security by preventing instruction execution on memory areas containing data.
The instruction execution protection feature on IBM mainframes protects against data execution, similar to the NX feature on other architectures.
Instruction execution protection prevents stack-overflow exploits and generally makes a system insensitive to buffer-overflow attacks.
Data instruction protection is available on IBM mainframe hardware with the IEP feature. For Linux as a guest of a hypervisor, the hypervisor must support the instruction execution protection feature. For example, Linux as a guest of KVM must run on a KVM host with kernel 4.11 or later.
This feature requires an IBM z14 or higher. When used with z/VM it requires z/VM APAR VM65942.
For documentation see Device Drivers, Features, and Commands (with kernel 4.12), Chapter 'Instruction execution protection'.

Add capability indications for the vector decimal facility and the vector enhancement facility 1.
With this feature, Linux user space applications can detect the availability of the 'vector decimal facility' and the 'vector enhancement facility 1' extensions of the IBM z vector facility.
These extensions are designed to improve the performance of analytic workloads.
This feature requires an IBM z14 or higher. When used with z/VM it requires z/VM APAR VM65942.

A new API to handle protected keys.
A new kernel module which provides an in-kernel and ioctl API for protected key management:
  • Generation of a random secure key BLOB.
  • Generation of a secure key BLOB from a given clear key value.
  • Transform a given secure key BLOB into a protected key BLOB.
  • Transform a given clear key value into a protected key BLOB.
  • Find eligible crypto card based on a secure key.
  • Verify a given secure key BLOB for usability.
This feature requires an IBM System z10 or higher with crypto card CEX3C or higher.

SMC-R enables RDMA-capable network interface cards (RNICs) to offer RDMA over Converged Ethernet (RoCE).
Shared Memory Communication via RDMA (SMC) is a socket over the RDMA communication protocol that allows existing TCP socket applications to transparently benefit from RDMA when exchanging data over an RDMA over Converged Ethernet (RoCE) network. Those networks are not routable. SMC provides host-to-host direct memory access without traditional TCP/IP processing overhead. SMC offers preservation of existing IP topology and IP security, and introduces minimal administrative and operational changes. The exploitation of SMC is transparent to TCP sockets applications.
The new address family AF_SMC supports the SMC protocol on Linux. It keeps the address format of AF_INET sockets and supports streaming socket types only.
This feature requires an IBM z13 or higher.
For documentation see Device Drivers, Features, and Commands (with kernel 4.12), Chapter 'AF_SMC sockets'.

2017-09-15: "Development Stream" kernel 4.11 message catalog (feature - optional patch)

linux-4.11-s390-message-catalog.tar.gz / MD5 ... recommended (2017-09-15)

This patch contains:

Kernel message catalog.
Add support for automatic message tags to the printk macro families dev_xyz and pr_xyz. The message tag consists of a component name and a 24 bit hash of the message text. For each message that is documented in the included kernel message catalog a man page can be created with a script (which is included in the patch). The generated man pages contain explanatory text that is intended to help understand the messages.

Note that only s390 specific messages are prepared appropriately and included in the generated message catalog.

This patch is optional as it is very unlikely to be accepted in upstream kernel, but is recommended for all distributions which are built based on the 'Development stream'.