Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
The release of kernel 6.10 includes several notable improvements and additions. One of the more significant changes is improved performance for Intel Core hybrid systems. On systems running an Intel Core i5-13500H CPU (while also using the EEVDF scheduler), users saw up to a 50% performance hit. With kernel 6.10, that is no more.
Another big addition is the new Panthor graphics Direct Rendering Manager (DRM) driver, which vastly improves graphics performance for new ARM Mali GPUs. Intel also received some graphics love, such as the initial support for Intel's upcoming Xe2 graphics hardware.
Support for Intel's Arrow Lake-H processors and improved functionality with Lenovo 13X Gen 4, Lenovo ThinkPad 16P Gen 5, and Lenovo ThinkPad 13X laptops also is included.
This release also features much-improved performance with AES-XTS disk and file encryption for new Intel and AMD CPUs. As well, kernel 6.10 introduces mseal(), which goes a long way to protect virtual memory against modifications and adds Trusted Platform Module (TPM) bus encryption/integrity protection.
In a post to LWN.net, Jeff Xu (from the Chromium dev team), said of mseal(), "Modern CPUs support memory permissions, such as the read/write (RW) and no-execute (NX) bits. Linux has supported NX since the release of kernel version 2.6.8 in August 2004."
Xu continues, "The memory permission feature improves the security stance on memory corruption bugs, as an attacker cannot simply write to arbitrary memory and point the code to it. The memory must be marked with the X bit, or else an exception will occur. Internally, the kernel maintains the memory permissions in a data structure called VMA (vm_area_struct). mseal() additionally protects the VMA itself against modifications of the selected seal type."
If you're looking to upgrade to the latest kernel, I would strongly advise you to wait until it is made available in your Linux distribution's default repositories.