Kernel 4.6 details

From 2015 to the current year we have found seven updates or new versions of the Linux kernel. Going from version 3.19, to 4.5. As expected, by that year we had to come across another to improve the core, and it was. For this month we were presented with the new edition of the Linux kernel, in its 4.6 edition. This is available from May 15, and adds some news for its structure or content.

1

Overall we find more reliable out-of-memory handling, support for USB 3.1 SuperSpeedPlus, support for Intel memory protection keys, AND the new OrangeFS distributed file system, just to name a few. But in more detail, the most important points discussed for the kernel were the following:

  • Reliability out of memory.
  • Kernel multiplexer connection.
  • Support for USB 3.1 SuperSpeedPlus.
  • Support for Intel memory protection keys.
  • OrangeFS Distributed File System.
  • Support for version V of the BATMAN protocol.
  • 802.1AE MAC level encryption.
  • Add support for pNFS SCSI layout
  • dma-buf: new ioctl to manage cache consistency between CPU and GPU.
  • OCFS2 inode checker online
  • Support for cgroup namespaces

Out of memory reliability.

The OOM killer in past versions had the objective of eliminating a task, with the expectation that this task was finished in an acceptable time and that in turn the memory would be freed after this. It was shown that it is easy to see where the workloads that break that assumption are, and that the OOM victim could have an unlimited amount of time to exit. As a measure for this, in kernel version 4.6, a oom_reaper as a specialized core thread, which tries to recover memory, that is, to exchange property of the OOM victim outwards, or an anonymous memory preventive measure. All under the idea that this memory will not be necessary.

Kernel multiplexer connection.

The multiplexer kernel facility provides an interface that relies on messages over TCP, with the aim of speeding up application layer protocols. The multiplexer connection kernel, or KCM for its acronym, is incorporated for this edition. Thanks to the multiplexer connection kernel, an application can efficiently receive and send application protocol messages through TCP. Furthermore, the kernel offers the guarantees that messages are sent and received atomically. On the other hand, the kernel implements a message parser based on BPF, all with the aim that the messages directed on a TCP channel can be received in the multiplexer connection kernel. It is worth saying that the multiplexer connection kernel can be used in a large number of applications, since most of the binary application protocols work under this message analysis process.

Support for USB 3.1 SuperSpeedPlus (10 Gbps).

For USB 3.1 a new protocol is added; he SuperSpeed ​​Plus. This is capable of supporting speeds of 10 Gbps. It includes USB 3.1 kernel support and the USB xHCI host controller, which encompasses massive storage, thanks to the connection of USB 3.1 to a USB 3.1 port capable of hosting xHCI. It is worth noting that the USB devices used for the new SuperSpeedPlus protocol are called USB 3.1 Gen2 devices.

Support for Intel memory protection keys.

This support is added for a particular aspect, speaking specifically of the hardware and for its memory protection. This aspect will be available in the next Intel CPUs; protection keys. These keys allow the encoding of the user-controllable permission masks, located in the entries of the page table. We talked about that instead of having a fixed protection mask, which requires a system call to change and to work on a per page basis, now the user can assign different number of variants as protection mask. As for the user space, he can handle the access issue more easily with a local registry of the threads, which are distributed in two parts for each mask; disabling access and disabling writing. With this we understand the presence or possibility of dynamically changing the protection bits of large amounts of memory, only with the administration of a CPU register, without the need to change each page in the virtual memory space that is affected .

OrangeFS Distributed File System.

It is an LGPL or scale-out parallel storage system. It is used mostly for existing problems with respect to storage that are handled in HPC, Big Data, video streaming or Bioinformatics. With OrangeFS it can be accessed through user integration libraries, the included system utilities, MPI-IO and can be used by the Hadoop environment as an alternative to the HDFS file system.

For applications, OrangeFS is not normally needed to be mounted on the VFS, but the OrangeFS core client happens to grant file systems the ability to be mounted as a VFS.

Support for version V of the BATMAN protocol.

BATMAN (Better Approach To Mobile Adhoc Networking) or ORDINANCE. (Better approach to ad hoc mobile networks) This time incorporates support for protocol V, as a substitute for protocol IV. As one of the most significant changes in BATMA.NV is the new metric, which indicates that the protocol will no longer be dependent on packet loss. This also divides the OGM protocol into two parts; The first is ELP (Echo Location Protocol), in charge of evaluating the quality of the link and discovering neighbors. And the second, a new OGM protocol, OGMv2, which incorporates an algorithm that calculates the most optimal routes and extends the metric within the network.

802.1AE MAC level encryption.

Support for IEEE MACsec 802.1A, a standard that provides encryption over Ethernet, was added to this release. It encrypts and authenticates all traffic on a LAN with GCM-AES-128. In addition, protect DHCP and VLAN traffic, so that manipulation in the ethernet headers is avoided. It is designed to handle the MACsec protocol extension key, which incorporates the distribution of keys to the nodes and the allocation of channels.

These were some of the improved aspects in the new version of the Linux kernel. You can see that there have been great improvements in security. Which is noticeable in the new attached supports for the Core Components, with a lot of emphasis on reducing errors. Among several of its aspects covered for this version 4.6, its developers affirm that it would be ideal that the systems associated with the Linux kernel could be updated automatically, referring to Linux and Android distributors. Something of great importance within these systems, since this new version stands out, in many aspects, as the safest version of the kernel.

2

Another security enhancement is that Linux now uses separate pages for the Extensible Firmware Interface (EFI) when it is executing its firmware code. It is also compatible with IBM Power9 processors and now Linux has support for more than 13 ARM systems on chips (SOC) as well as better 64-bit ARM support.

On the other hand, kernel 4.6 also supports the Synaptics RMI4 protocol; This is the native protocol for all current Synaptics touchscreens and touchpads. Finally, support for other human interface devices is also added.

The Linux kernel is showing more and more solidity in terms of security. Something advantageous and that generates confidence in the users associated with this system every time. If you want more details about the new version, you can access the official Linux kernel page and learn about the changes.


2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Tiles said

    “The Linux kernel is becoming more robust when it comes to security. Something advantageous and that increasingly generates trust in the users associated with this system. "
    So the core itself was insecure?
    It reminded me of a little scuffle I had with an MS Win Fanboy because he showed an image claiming that W10 had a few vulnerabilities (less than 30) and that OS X and the linux kernel topped the charts. Since he never showed me sources, I assumed it was fake but he defended it tooth and nail: v

  2.   pedrini210 said

    The source of that observation can be found here: http://venturebeat.com/2015/12/31/software-with-the-most-vulnerabilities-in-2015-mac-os-x-ios-and-flash/

    It's from 2015, what if… The Linux kernel had more vulnerabilities than W10.

    One thing is the vulnerability of a system and another is security in general, we know that the number of viruses in Linux (if there are viruses in Linux, we have already spoken before that https://blog.desdelinux.net/virus-en-gnulinux-realidad-o-mito/) is by far less than the amount of viruses in Windows.

    It is logical to think that the user level dominates Windows and the viruses that require user actions are more numerous there. However, in the industry Linux dominates, so when trying to extract information from corporate servers, you should surely exploit a Linux vulnerability.

    Remember that the Linux kernel is safe, however it is not perfect and can continue to improve. Linux has many edges in which it is growing: Integration with GPUs, high-performance technologies, distributed systems, mobile platforms, IoT and many more. So much development remains in Linux and innovation is being led by the Open Source platform!