dcsimg
Read more on "Server Infrastructure Tools" »

Linux 4.16 Released with Improved Security, Virtualization Features

By Sean Michael Kerner (Send Email)
Posted April 2, 2018


April 1 is usually a day for April Fool's jokes, but a message from Linux creator Linus Torvalds to his Linux Kernel Mailing List (LKML) that day was anything but a joke.

In keeping with his established practice of announcing both release candidates and releases on Sundays, Torvalds released the Linux 4.16 kernel on April 1, after seven release candidates. The Linux 4.16 kernel is the second new major Linux kernel release of 2018, following the 4.15 kernel that was released on Jan. 28.

"So the take from [the] final week of the 4.16 release looks a lot like rc7, in that about half of it is networking," Torvalds wrote in his release announcement. "If it wasn't for that, it would all be very small and calm."

The "calm" final release of Linux 4.16 is in stark contrast to the Linux 4.15 release, which was the longest development cycle for a Linux kernel in seven years. Among the numerous reasons why the Linux 4.15 development cycle was so long were patches for the Meltdown and Spectre vulnerabilities. In Linux 4.16, there are further mitigations and updates for Meltdown and Spectre vulnerabilities.

Usercopy Whitelisting

The Linux 4.16 kernel also marks the debut of the usercopy whitelisting patches to the mailine kernel. Usercopy whitelisting is a capability that is designed to reduce the potential memory attack surface in Linux.

"Currently, hardened usercopy performs dynamic bounds checking on slab cache objects," Linux kernel developer Kees Cook wrote. "This is good, but still leaves a lot of kernel memory available to be copied to/from userspace in the face of bugs. "

Cook explained that what usercopy whitelisting does is it further restricts what memory is available for copying, allowing much finer granularity of access control.

"Slab caches that are never exposed to userspace can declare no whitelist for their objects, thereby keeping them unavailable to userspace via dynamic copy operations," Cook wrote. "After the entire usercopy whitelist series is applied, less than 15 percent of the slab cache memory remains exposed to potential usercopy bugs after a fresh boot."

Virtualization

Additionally, the OverlayFS filesystem is being extended in Linux 4.16, enabling it to be exported to a standard NFS (Network File System). The popular VirtualBox virtual machine guest drivers have now also been integrated with Linux 4.16.

Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com. Follow him on Twitter @TechJournalist.

Page 1 of 1

Read more on "Server Infrastructure Tools" »

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date