Server News Linux 4.16 Released with Improved Security, Virtualization Features

Linux 4.16 Released with Improved Security, Virtualization Features

April 1 is usually a day for April Fool’s jokes, but a message from Linux creator Linus Torvalds to his Linux Kernel Mailing List (LKML) that day was anything but a joke.

In keeping with his established practice of announcing both release candidates and releases on Sundays, Torvalds released the Linux 4.16 kernel on April 1, after seven release candidates. The Linux 4.16 kernel is the second new major Linux kernel release of 2018, following the 4.15 kernel that was released on Jan. 28.

“So the take from [the] final week of the 4.16 release looks a lot like rc7, in that about half of it is networking,” Torvalds wrote in his release announcement. “If it wasn’t for that, it would all be very small and calm.”

The “calm” final release of Linux 4.16 is in stark contrast to the Linux 4.15 release, which was the longest development cycle for a Linux kernel in seven years. Among the numerous reasons why the Linux 4.15 development cycle was so long were patches for the Meltdown and Spectre vulnerabilities. In Linux 4.16, there are further mitigations and updates for Meltdown and Spectre vulnerabilities.

Usercopy Whitelisting

The Linux 4.16 kernel also marks the debut of the usercopy whitelisting patches to the mailine kernel. Usercopy whitelisting is a capability that is designed to reduce the potential memory attack surface in Linux.

“Currently, hardened usercopy performs dynamic bounds checking on slab cache objects,” Linux kernel developer Kees Cook wrote. “This is good, but still leaves a lot of kernel memory available to be copied to/from userspace in the face of bugs. “

Cook explained that what usercopy whitelisting does is it further restricts what memory is available for copying, allowing much finer granularity of access control.

“Slab caches that are never exposed to userspace can declare no whitelist for their objects, thereby keeping them unavailable to userspace via dynamic copy operations,” Cook wrote. “After the entire usercopy whitelist series is applied, less than 15 percent of the slab cache memory remains exposed to potential usercopy bugs after a fresh boot.”


Additionally, the OverlayFS filesystem is being extended in Linux 4.16, enabling it to be exported to a standard NFS (Network File System). The popular VirtualBox virtual machine guest drivers have now also been integrated with Linux 4.16.

Sean Michael Kerner is a senior editor at ServerWatch and Follow him on Twitter @TechJournalist.

Latest Posts

How to Convert a Physical Computer to a Virtual Machine

Many organizations are implementing virtualization technology into their networks to convert physical computers to virtual machines (VM). This helps reduce overall physical hardware costs,...

HPE ProLiant DL380 Gen10: Rack Server Overview and Insight

The HPE ProLiant DL380 series has consistently been a market leader in the server space. The Gen10 released in 2017 further increased HPE's market...

Best Server Management Software & Tools 2021

Finding the best server management software tools for your organization can have a major impact on the success of your business operations. Manually handling...

IBM AS/400: Lasting the Test of Time

Some server operating systems (OS) were built to survive the test of time – the IBM AS/400 is one such system.  The AS/400 (Application System/400)...

What is Disaster Recovery?

The modern organization's heavy dependence on using data to drive their business has made having a Disaster Recovery (DR) plan in place a necessity....

Related Stories