Linux Kernel 4.18: Lighter & More Secured Code

The latest version of the Linux kernel removes nearly 100,000 lines of code, adds file encryption and Berkeley Packet Filter among numerous improvements.

While the most significant changes could leave developers who have been waiting for these changes for some time speechless, others could escape the mass of Linux users. So, not to be missed, here is a selection of new features brought to you by the Linux 4.18 kernel.

A vast cleaning of the code

The Linux 4.18 kernel has eliminated almost 100,000 lines of obsolete code.
That’s a lot! However, this doesn’t mean that some of your favorite features have disappeared. This meticulous cleaning removed all the useless code, and it seems that there were many of them.

As a result, the new kernel should occupy less memory, run slightly more efficiently and be less vulnerable to attacks that might be taking advantage of the neglected parts of the old code. The remaining code is also a little cleaner and easier to handle.

BPFILTER to reinforce network security

BPFILTER, a name derived from Berkeley Packet Filter, is another exciting feature of this core. Initially, BPFILTER was used to filter packets for other tools such as tcpdump. Its introduction in Linux 4.18 could eventually replace both iptables and nftables. BPFILTER also extends the capabilities of Linux in several areas, in particular, network security, load balancing, and performance monitoring, without affecting performance.

We can, therefore, say that BPFILTER represents a fundamental change for the network and security. The transition from the previous technology should be straightforward. BPFILTER has simple solutions for translating iptables rules into its rule format. It also provides flexibility to decide where to apply the filtering rules, perhaps on the network interface itself. It also offers solutions to modernize and revitalize the network stack.

Speck file system encryption

Since Linux version 4.18, FSCRYPT, which operates at the file system level rather than the block device level, supports the Speck128/Speck256 encryption algorithms.

Although Speck has raised some concerns because its development by the National Security Agency (NSA) and the U.S. agency may not have shared all of its design elements, it offers a new option for file system encryption. It may stay unused, but it appears to be the only encryption option available for low-end Android devices and therefore may play an important role.

Improved performance

The mechanism for controlling concomitance without blocking the user space of so-called “reboot sequences” is included in the new kernel. Calls to the RSEQ system allow faster operations in the user space, as demonstrated by some micro-benchmarks. It also provides significant improvements in the kernel programmer code. These changes should translate into a substantial increase in the overall performance of the system.

Another improvement in Linux 4.18 is support for bi-directional transfer in USB 3.2, which accelerates data transfers from USB devices to hosts and devices using C-type cables. The Linux 4.18 kernel also has a kernel scan interface for asynchronous I/O. It allows you to consult a set of file descriptors to determine which files can perform I/O without blocking them. This change also improves performance. The new kernel also includes a TCP copy-free receiving API and support for high-performance XDP AF sockets that promises to improve performance while saving CPU cycles and memory bandwidth.

In conclusion, the Linux 4.18 kernel shows many improvements regarding performance, security, and functionality that Linux system users should appreciate. You can also reassure them about the 2038 deadline!

Comments Off on Linux Kernel 4.18: Lighter & More Secured Code