Kernel 4.9 merge window highlights

The 4.8 kernel was released on October 2nd. This also marked the start of the merge window for the 4.9 kernel. The merge window is the time period when kernel subsystem maintainers send their pull requests for new features to be included in the 4.9 kernel. Here are a few features pulled into the 4.9 kernel that might be of interest for Fedora users.

Integrated Sensor Hub

Intel merged support for the Intel Integrated Sensor Hub (ISH). This enables use of sensor coprocessors on newer Intel chips. The description of the feature claims this should help with CPU power usage, since sensor processing can be offloaded to the sensor coprocessor. It remains to be seen what impact this will actually have on end users, since CPU low power modes can be affected by many parts of the system. Having this driver is an important part of getting the best possible power management on Linux.

SELinux support for overlayfs

Container technology is a hot topic everywhere. overlayfs is a union file system used to implement core parts of container technologies. Filesystems need additional hooks to work properly with SELinux, and this merge window brought in changes to add SELinux support for overlayfs. This is important to give containers additional security.

Virtually mapped stacks

As part of other ongoing security work, x86 now has an option to have virtually mapped stacks. This makes it much easier to detect stack overflows and other stack errors. With virtually mapped stacks, errors are more likely to cause faults instead of corrupting other structures. This feature also has the advantage of helping to find drivers that incorrectly using stack addresses for DMA. Several problems have been found and corrected using this patch set already, which is a positive indication that it will be useful in the future.


The arm64 architecture enabled CONFIG_DEBUG_RODATA by default. Despite the word debug in the name, this option provides important security features by marking appropriate areas of the kernel as read only and/or no execute. x86 made a similar change earlier this year. With the move to make arm64 a primary architecture in Fedora, it’s important to see arm64 continue to gain feature parity with x86.

These are just a few of the many kernel features in this merge window. LWN always provides excellent coverage of each kernel merge window in depth. These kernel features are available in Fedora Rawhide right now and will be available in Fedora stable releases in a few months when 4.9 is officially released.

Image courtesy Darrin Henein – originally posted to Unsplash here.

New in Fedora


  1. Leslie Satenstein

    Virtually mapped stacks is the item that is of most interest to me.

    From the above brief description, it appears that if I accidentally (through bad design), corrupt the calling stack of my process or function, that the system will be able to recognize the stack corruption and take diagnostic and if necessary, remedial action. I hope I can setup my own stack diagnostic before calling one of my sub-functions.

    Wow! Wow! I am anxiously looking forward to this feature.

  2. Virtually mapped stacks

    all memory that is directly accessed by the kernel is reached via addresses in the directly mapped range. That range is a large chunk of address space that is mapped to physical memory in a simple, linear fashion, so that, for all practical purposes, it looks as if the kernel is working with physical memory addresses.

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions