Linux kernel 4.18: Better security, leaner code

The latest version of the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the Berkeley Packet Filter, plus makes a nod to gamers and mobile devices.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The recent release of Linux kernel 4.18 followed closely by the releases of 4.18.1, 4.18.2, 4.18.3, 4.18.4, and 4.18.5 brings some important changes to the Linux landscape along with a boatload of tweaks, fixes, and improvements.

While many of the more significant changes might knock the socks off developers who have been aiming at these advancements for quite some time, the bulk of them are likely to go unnoticed by the broad expanse of Linux users. Here we take a look at some of the things this new kernel brings to our systems that might just make your something-to-get-a-little-excited-about list.

Code Cleanup

For one thing, the 4.18 kernel has brought about the surprising removal of nearly 100,000 lines of outdated code. That's a lot of code! Does this mean that any of your favorite features may have been ripped out? That is not very likely. This code cleanup does means that a lot of code deadwood has been carefully expunged from the kernel along with one significant chunk. As a result, the new kernel should take up less memory, run a little more efficiently and be less vulnerable to attacks that might have taken advantage of the neglected sections of older code. This change also leaves the remaining code somewhat cleaner and easier to manage.

Losing its Lustre

The one significant chunk of the code shrinkage mentioned above refers to the removal of the Lustre file system which has been in the kernel, though not fully integrated, for roughly five years. It was removed because it hasn't been moving forward at a sufficient pace to maintain it in the kernel. As premature or incomplete code, Lustre, which is a distributed file system used in cluster computing, may well be reintroduced into a later release after its developers have taken the time to get this feature into better shape, ready to be reattached to the kernel tree. (Lustre is a mashup of the words Linux and cluster.)

Introducing BPFILTER

Another exciting feature is BPFILTER. (The name derives from Berkeley Packet Filter.) While starting out as a packet-filtering facility for other tools (e.g., tcpdump), BPFILTER is poised in 4.18 to eventually replace both iptables and nftables. It also extends the capabilities of Linux in several areas – network security, load balancing and performance monitoring – without impacting performance. In essence, BPFILTER represents something of a foundational shift for both networking and security.

In what is expected to be a very easy transition from the earlier technology BPFILTER will provide easy ways to translate iptables rules into its own rule format. It also provides flexibility with respect to where filtering rules are applied — maybe on the network interface itself — and ways to modernize and revitalize the network stack.

Speck file-system encryption

FSCRYPT, which operates at the file system level rather than at the block device level, in 4.18 supports Speck128/Speck256 encryption algorithms. This change makes Speck an option for file system encryption, although it has met with some controversy because it was developed at the National Security Agency (NSA) and that organization may not have shared all aspects of its design. While some may opt not to use it, it does provide what seems to be the only encryption option for low-end Android devices and, thus, has an important role to play.

Faster, better graphics

The 4.18 kernel provides improved open-source graphics drivers. The AMDGPU (open-source graphics driver for the latest AMD Radeon graphics cards) driver has incorporated code for the future Vega 20 GPU graphics card along with support for the Vega M hardware — the Radeon graphics found within Intel Kabylake-G processors. There are also improvements in Hyper-V support for both Vega M and Nvidia Volta GV100 hardware. These changes promise to provide some super-fast

To continue reading this article register now

Now read: Getting grounded in IoT