Linux 4.16 has been released
Summary: Besides the latest code to deal with CPU security bugs, this release declares the reverse mapping and reflink features as stable, membarrier(2) adds expedited support, SMB3 Direct (RDMA) support, adds the x86 jailhouse hypervisor which is able to statically partition a multicore system into multiple so-called cells, support for PowerPC memory protection keys, the hypervisor part of AMD Secure Encrypted Virtualization; and many new drivers and other improvements.
Improved protection for CPU security bugs
This release adds:
* x86: Basic IBPB (Indirect Branch Prediction Barrier) support commit
* arm: Implement branch predictor hardening for Falkor and affected Cortex-A CPUs and Cavium ThunderX2 commit
* arm: Add support for unmapping kernel when running in userspace (Kernel Page Table Isolation) commit
* kvm/x86: Add Indirect Branch Predictor Barrier (IBPB) is an indirect branch control mechanism. It keeps earlier branches from influencing later ones commit
* s390: An implementation of the array_index_mask_nospec function to the defense against spectre v1 commit
* s390: A s390 variant of the 'retpoline' spectre v2 defense called 'expoline' commit
* s390: Run user space and KVM guests with modified branch prediction commit
XFS reverse mapping and reflink features are now stable
The reverse mapping and reflink features, merged back in 4.8
Code: commit
membarrier(2) expedited support
This release provides expedited command in membarrier(2) for registration and use of membarrier across processes communicating through shared memory mappings. The non-expedited command has proven to be really too slow (taking 10ms and more to complete) for real-world use. The expedited version completes in a matter of microseconds.
Recommmended LWN article: Expediting membarrier()
Code: commit
SMB3 Direct (RDMA) support
Starting with SMB2 dialect 3.0, Microsoft introduced SMB Direct transport protocol for transferring upper layer (SMB2) payload over RDMA via Infiniband, RoCE or iWARP. This release adds support for Linux.
Code: commit
Add the x86 jailhouse hypervisor
This release adds initial platform support for the jailhouse hypervisor. The Jailhouse hypervisor is able to statically partition a multicore system into multiple so-called cells. Linux is used as boot loader and continues to run in the root cell after Jailhouse is enabled. Linux can also run in non-root cells. Jailhouse was started 4 years ago as an open-source (GPL) light-weight hypervisor that statically partitions SMP systems. It's unique in that it uses one Linux instance, the root cell, as boot loader and management console. Jailhouse targets use cases for hard real-time and safety-critical systems that KVM cannot cater due to its inherent complexity
Code: commit
PowerPC: memory protection keys
This release adds support of memory protection keys (a feature merged in Linux 4.6
Code: commit
Second part of AMD Secure Encrypted Virtualization
This release adds the hypervisor part of AMD Secure Encrypted Virtualization, a feature that allows to encrypt the memory of virtualized guests so that the host can't see it.
Code: commit