On April 12th, Linus Torvalds released the stable Linux 7.0 kernel. The version jump from 6.19 to 7.0 isn’t a revolution — Torvalds openly admitted that git simply doesn’t handle long version numbers well. That said, there are plenty of significant changes under the hood.

XFS — Self-Healing Filesystem

The biggest filesystem change in years. XFS gained automatic metadata repair on live, mounted filesystems. Previously, metadata corruption meant unmounting the volume and running xfs_repair manually. Now the kernel detects and fixes issues in the background without interrupting operations.

The mechanism is conservative — it doesn’t blindly repair, and every correction goes through validation. For production servers where downtime means real money, this is a game changer.

Post-Quantum Signatures for Kernel Modules

Kernel 7.0 adds support for ML-DSA (Module-Lattice-Based Digital Signature Algorithm) for verifying kernel module signatures. This is the first step toward quantum computer resistance in the kernel’s trust chain.

At the same time, SHA-1-based module signing has been removed entirely — long considered insecure, it’s finally gone from the codebase.

Networking — AccECN and 12% Faster UDP

AccECN (Accurate Explicit Congestion Notification) is now enabled by default. Classic ECN provided only a binary “congestion occurred” signal. AccECN delivers granular feedback, allowing senders to fine-tune throughput reduction instead of reacting to a single bit per RTT.

UDP receive — Google engineers optimized the hot-path timekeeping function in the network stack. Result: 12.3% increase in UDP receive throughput on 100 Gbps interfaces. On busy servers, this code path fires over 100 million times per second — every saved instruction counts.

CAKE_MQ — the original CAKE qdisc for traffic shaping was limited to a single CPU core. Red Hat developed a multi-queue version that distributes packet shaping across all TX queues. With today’s 10-25 Gbps links, single-core processing was the bottleneck.

Process Performance and Swap

Thread creation and teardown is 10-16% faster thanks to PID allocation optimizations. File open/close operations are 4-16% faster on multi-core systems.

The swap subsystem shows up to 20% better throughput in scenarios with shared swap across processes. Tests with Redis persistence confirm real-world speedups. Zram also got an optimization — compressed data goes directly to disk without decompression in between.

RISC-V — Hardware Control-Flow Integrity

Support added for Zicfiss (Shadow Stack) and Zicfilp (Landing Pad) extensions. These provide hardware-enforced control-flow integrity — protection against ROP and JOP attacks without software overhead. x86 and ARM have had their equivalents for some time, now RISC-V joins in.

io_uring — BPF Sandboxing

io_uring operations can now be filtered via cBPF. Think of it as seccomp but for io_uring — it lets you restrict what operations a process can perform through this interface. Non-circular queue support was also added for improved cache performance.

Apple Silicon

Asahi Linux keeps pushing forward. In 7.0:

  • Power Management Processor support — ~20% lower idle power consumption on M1 Pro (~0.5W reduction)
  • Variable Refresh Rate via undocumented DCP parameter
  • M3 — PCIe, keyboard, trackpad, NVMe reach early M1 support parity
  • Better Bluetooth/Wi-Fi coexistence — no more audio dropouts

Filesystems — Other Changes

  • EXT4 — improved concurrent Direct I/O write performance
  • NTFS3 — delayed allocation and iomap migration
  • exFAT — ~10% faster reads on 512-byte clusters
  • Btrfs — Direct I/O when block size exceeds page size
  • EROFS — LZMA compression enabled by default
  • NULLFS — new immutable, empty root filesystem for containers and initramfs

Drivers and Hardware

CPU:

  • Intel Nova Lake — early driver and platform support
  • AMD Zen 6 — CPU identification, platform preparation
  • Race condition fix in amd-pstate driver with active mode

GPU:

  • NVIDIA NVK — large page support restored, better open-source performance
  • Rockchip RK3588/RK3576 — H.264 and H.265 hardware decoding in mainline (no vendor BSP required)
  • Initial stateful AV1 decoder support via V4L2

Other:

  • Rock Band 4 — Bluetooth guitars (PS4/PS5)
  • Framework 13 — fan threshold controls
  • Intel TSX — defaults to “auto” mode, enabled on CPUs without known vulnerabilities

Rust Is Officially Permanent

Rust’s experimental status in the kernel has been formally ended. At the 2025 Maintainers Summit, the “Rust experiment” was declared complete — Rust is a permanent part of the kernel. This doesn’t change daily kernel work, but it gives the green light for new drivers written in Rust.

Removed

  • laptop_mode — deprecated power-saving feature
  • SHA-1 module signing
  • HIPPI — 90s networking standard, removed after years of disuse

Sources: Phoronix, Phoronix — Feature Preview, 9to5Linux, Asahi Linux, Linuxiac