Unbreakable Enterprise Kernel 8.2 ships with confidential computing support, XFS live repair

Many enterprise Linux deployments rely on hardware-level memory isolation to protect sensitive workloads from co-tenants and compromised hypervisors. Oracle’s Unbreakable Enterprise Kernel 8.2 (UEK 8.2) extends that capability on Oracle Linux with support for Intel Trust Domain Extensions, along with a set of file system and memory management changes intended to reduce downtime and improve diagnostic visibility.

UEK 8.2 is based on the mainline long-term stable Linux 6.12 kernel and carries the release number 6.12.0-200. It targets 64-bit Intel and AMD (x86-64) and 64-bit Arm (aarch64) systems.

Intel TDX adds hardware-enforced workload isolation

Intel Trust Domain Extensions (TDX) is Intel’s confidential computing technology for creating trusted execution environments. The technology deploys virtual workloads in isolated trust domains, using hardware-based mechanisms to encrypt and manage memory in order to preserve the integrity and confidentiality of CPU state within those domains.

UEK 8.2 includes both guest and hypervisor support for TDX on Oracle Linux 9 and Oracle Linux 10. Organizations running workloads on Oracle Cloud Infrastructure get production-grade support for this capability. For deployments outside OCI, TDX support carries a technology preview designation, meaning it is available for evaluation and testing, with production use not yet fully supported by Oracle.

The addition brings UEK in line with the growing set of kernels that support confidential computing primitives, an area that has gained traction in regulated industries and multi-tenant cloud environments where workload data needs protection at the hardware layer.

XFS online repair removes the need to unmount for maintenance

File system administrators managing large-scale XFS deployments have historically needed to take file systems offline to run repair operations. UEK 8.2 changes that through support for XFS online repair, which lets administrators check and fix XFS file systems without unmounting them.

The capability operates through the xfs_scrub utility. The tool verifies file system metadata and, when it detects corruption or inconsistencies, can apply targeted repairs with the file system still serving active workloads. For environments where taking storage offline disrupts database operations or application availability, this eliminates a significant maintenance constraint.

Lightweight guard pages cut per-thread memory overhead

UEK 8.2 introduces lightweight guard pages, a mechanism for marking regions of virtual memory so that unauthorized access triggers a segmentation fault (SIGSEGV). The feature is aimed at thread stacks and user-space memory allocators.

Previously, similar protection required memory mappings with restricted permissions. At scale, with large numbers of processes and threads, that approach added memory overhead by creating or splitting virtual memory areas. The lightweight implementation uses guard markers that avoid that overhead by sidestepping virtual memory area creation and splitting entirely. The net effect is lower memory cost for systems running high thread counts.

Memory allocation profiling adds diagnostic depth

Memory allocation profiling, also new in UEK 8.2, gives developers visibility into how the kernel allocates and frees memory. The feature tracks where allocations originate, when memory is freed, the number of allocations in progress, and how much memory remains in use at any given point. That data gives developers a path to identifying memory leaks and understanding allocation patterns without relying on external profiling agents.

Driver updates extend hardware support

UEK 8.2 includes several device driver updates aligned with upstream kernel versions, with selected backports from later releases. The NVIDIA ConnectX series core driver (mlx5) received fixes and improvements backported from kernel 6.16. The AMD HSMP platform interface driver was updated with changes from kernel 6.18, covering AMD EPYC Zen6 systems. The Broadcom Emulex lpfc driver was updated to support the LPe37000 and LPe38000 series 32Gb and 64Gb Fibre Channel adapters. The Intel ixgbe driver added support for the E610 series of network devices.

UEK 8.2 is available through the Unbreakable Linux Network, the Oracle Linux yum server, Oracle Container Registry, and Oracle Software Delivery Cloud.