Linux kernel 4.9 introduced

Two months have passed of active work on the new version of the kernel, and today Linus Torvalds finally introduced the Linux 4.9 kernel . The most notable measurements are tools for diagnosing and blocking kernel stack overflows, as well as the inclusion of SELinux support in OverlayFS, plus the implementation of the Gerybus bus, which many people wanted.

As for statistics, it is, as always, extensive. The new version was taken 15 thousand fixes from 1400 developers. The total patch size is 45 MB. The changes in the patch affected 11042 files, with the addition of 632157 lines of code and the removal of 354728 lines. It is not a surprise that the majority (about 42%) of the changes presented in this version are somehow related to device drivers. Another 19% of changes are related to updating the code for various hardware architectures, 12% - the network stack, 5% - file systems, 4% - the kernel subsystems.

Well, now a little bit more about what is a significant change in the new version of the kernel .
')

Network subsystem

• Finally, the implementation of the TCP congestion control algorithm proposed by Google has been added to the kernel. This is the so-called BBR (Bottleneck Bandwidth and RTT), which is successfully used to reduce data transfer delays for traffic from resources such as google.com and YouTube;
• A random number generation module has been added to netfilter. This module is recommended to be used to select a random packet assignment, for example, it can be random distribution over queues;
• A new mechanism for configuring the network mesh protocol BATMAN ("Better Approach To Mobile Adhoc Networking), implemented on the basis of the netlink interface, is introduced;
• Plus, net quilter was added to netfilter, where byte quotas are implemented. As an example, the possibility of setting a quota of 100 MB, where after the traffic limit for this rule has been reached, the rule itself will cease.

Security and Virtualization

• Here, it is mainly necessary to highlight the addition of several changes with the implementation of the virtual kernel stack mapping mechanism (CONFIG_VMAP_STACK), which provides a number of tools for detecting and blocking stack overflows. All this is true for x86 architecture. The new feature is likely to become a problem for attackers who plan to exploit vulnerabilities in the kernel. These changes can reduce the number of memory allocation operations, increase security, and implement various means to diagnose stack spacing. All this is realized thanks to the developers who minimize the delay due to optimizations and caching;
• For SELinux added support for multi-layer file systems - this is, first of all, OverlayFS. They are used to build environments in so-called container insulation systems;
• Also implemented are system calls such as pkey_alloc (), pkey_free () and pkey_mprotect (), which adds support for a specific Memory Protection Keys for Userspace (PKU) mechanism that works in future Intel processors.

System services and memory

• Here the main change is the addition of the Greybus subsystem. It is designed specifically to ensure the interaction of the components of the modular Ara smartphone (yes, they did not forget about it!). So, Greybus allows you to use the internal bus for the interaction of hardware components that are connected as needed. There is support for call routing and private interaction. This allows the two components to interact with each other in a closed mode. Perhaps enthusiasts of the modular smartphone project will now be able to continue working;
• A new set of files has been added to / sys / kernel / irq, where the composition of the interrupt handler table is described. The new set is positioned as a replacement / proc / interrupts;
• Appeared option CONFIG_DEBUG_TEST_DRIVER_REMOVE, which allows you to test the efficiency of unloading the device driver through the execution of the loading cycle, unloading and re-loading the driver at the initial stage - device initialization. All this works in automatic mode;
• Also, the developers continued to develop tools for formatting documentation to the kernel.

Files and disks

• The FUSE module received support for access control lists that comply with the POSIX ACL;
• The XFS file system adds support for a number of shared extents that allow multiple owners to share information about contiguous data areas. This feature allows XFS to call copy_file_range ();
• Well, in the NFS server, the developers added support for the COPY operation, which is defined in the NFS4.2 specification and allows you to copy the contents of the file without moving information from the server to the client and back.

Hardware

• The AMDGPU driver has added support (so far experimental) to the GPU Southern Islands family based on the GCN 1.0 microarchitecture. Added tools for working with virtual displays ;
• Added support for Mellanox Technologies platform systems;
• Also added support for Loongson 1C processors;
• Broadcom Northstar USB 3.0 controllers and Rockchip / Innosilicon USB 2.0 controllers are now supported.

Well, thanks to Linus and the whole community of developers - now we are waiting for new accomplishments that allow developing Linux.