You won't find the biggest news about the latest Linux kernel release, 4.6, in its release notes. There's been a major improvement in Linux's security.
Greg Kroah-Hartman, maintainer of the Linux kernel's stable branch, explained in a Linux.com interview that Linux is being hardened against potential security bugs. In 4.6, the biggest example of this is that it has "write-only protection to all the data structures. If a bug happens where you would normally be able to overwrite a portion of memory, now with the added protections in place, you aren't allowed to do that so the bug does not cause any additional 'harm.'"
This is part of an overall refocusing of Linux developers on security issues. While Linux has never been as full of security holes as Windows, it's also far from perfect.
In a Google+ post, Kroah-Hartman wrote, "The real reason we are doing more kernel security work these days is thanks to the great efforts of Konstantin Ryabitsev and Kees Cook over the past year, educating stubborn kernel developers about why these things are worth it. Many thanks to their work for hitting us over the head until we got it through our thick skulls."
In addition to protecting data structures from being overwritten, Kroah-Hartman said, "We have people working on a lot of things: taking bits and pieces of the GRSec, the large security patch set, taking them and merging them into the kernel as needed." The result is Linux 4.6 is the most secure Linux kernel to date.
Looking ahead, Kroah-Hartman also wants Linux and Android distributors and hardware manufacturers to support automatic kernel updating. Two Linux-based operating systems, Google's Chrome OS and CoreOS, already do this.
In these two operating systems, Kroah-Hartman said, "You have two system images. You're going to update one. Once you know it works, it can switch over to the other one. You have to be able to update it in a secure way. This technology's been proven. It's solved. People just need to use it, and build it into their systems. The kernel is not going to go around updating itself on its own. It's up to the infrastructure you built for your product."
In another security improvement, Linux now uses separate pages for Extensible Firmware Interface (EFI) when executing its firmware code. This isolates the EFI code, which is used in secure boot mechanisms, from the rest of the kernel.
Of course, there's more to a Linux kernel than just improved security. As Linus Torvalds wrote, "The 4.6 kernel on the whole was a fairly big release." Other changes in "Charred Weasel," named for poor furry critter that was fried by accident in the Linux-powered Large Hadron Collider, include the following features.
First, Linux now supports 13 more ARM systems on chips (SOC). It also has better 64-bit ARM support. Besides more ARM chip support, the new Linux also supports IBM's work-in-progress Power9 processors.
Another enterprise server improvement is that in Linux 4.6 a long standing Infiniband interface problem has finally been fixed. In other storage-related news, the kernel now supports OrangeFS. This is a scale-out network file system designed for use on high end computing (HEC) systems that require high performance access to multi-server based disk storage.
This version of Linux now supports the Synaptics RMI4 protocol. This is the native protocol for all current Synaptics touchscreens and touchpads. The release also includes support for other human-interface devices including game controllers. Last, but not least, in component support, Linux now can fully use USB 3.1's 10Gbps speeds.
There have also been numerous small improvements. These include better Dell and Alienware laptop support. It also boasts better Intel Skylake chip support.
Taken all-in-all, this is a major release. As Kroah-Hartman said, "Once you get into a dynamic environment, you have to be able to update. People need to embrace change. They need to get over that fear of change doesn't work."