ProHoster > Блог > labaran intanet > Sakin ƙwayoyin cuta Linux 5.6

Sakin ƙwayoyin cuta Linux 5.6

Bayan watanni biyu na ci gaba, Linus Torvalds gabatar sakin kwaya Linux 5.6Daga cikin manyan canje-canje: haɗa hanyar haɗin VPN WireGuard, tallafin USB4, wuraren suna na lokaci, ikon ƙirƙirar masu sarrafa cunkoso na TCP ta amfani da BPF, tallafin farko ga MultiPath TCP, gyaran kernel don matsalar shekarar 2038, tsarin "bootconfig", ZoneFS.

Sabuwar sigar ta ƙunshi gyara 13702 daga masu haɓakawa 1810,
girman faci - 40 MB (canje-canjen sun shafi fayilolin 11577, an ƙara layukan lambar 610012,
294828 an cire layuka). Kusan 45% na duk an gabatar da su a cikin 5.6
canje-canje suna da alaƙa da direbobin na'ura, kusan kashi 15% na canje-canje suna
Halin sabunta lambar musamman ga kayan gine-ginen kayan aiki, 12%
hade da tari na cibiyar sadarwa, 4% tare da tsarin fayil da 3% tare da ciki
kernel subsystems.

Main sababbin abubuwa:

  • Tsarin hanyar sadarwa
    • Kara aiwatar da wani VPN dubawa WireGuard, wanda aka aiwatar bisa ga hanyoyin ɓoye bayanai na zamani (ChaCha20, Poly1305, Curve25519, BLAKE2s), yana da sauƙin amfani, ba tare da rikitarwa ba, ya tabbatar da kansa a cikin manyan aiwatarwa da yawa kuma yana ba da babban aiki (sau 3,9 cikin sauri). OpenVPN ta hanyar fitarwa). WireGuard Ana amfani da manufar hanyar sarrafa maɓallan ɓoyewa, wanda ya haɗa da ɗaure maɓalli na sirri ga kowane hanyar sadarwa da amfani da maɓallan jama'a don ɗaurewa. Musayar maɓallan jama'a don kafa haɗi yayi kama da SSH. Dole ne don aiki WireGuard abubuwan asali na ɓoye bayanai Yana da aka ɗauka daga ɗakin karatu tutiya a matsayin wani ɓangare na daidaitattun API na Crypto da включены cikin gindi 5.5.
    • An fara haɗakar abubuwan da suka wajaba don tallafawa MPTCP (MultiPath TCP), haɓaka ƙa'idar TCP don tsara aikin haɗin TCP tare da isar da fakiti a lokaci guda tare da hanyoyi da yawa ta hanyoyin mu'amalar cibiyar sadarwa daban-daban waɗanda ke da alaƙa da adiresoshin IP daban-daban. Don aikace-aikacen cibiyar sadarwa, irin wannan haɗaɗɗen haɗin yana kama da haɗin TCP na yau da kullun, kuma MPTCP yana aiwatar da duk dabarun rabuwar kwarara. Multipath TCP za a iya amfani dashi don haɓaka kayan aiki da haɓaka aminci. Misali, ana iya amfani da MPTCP don tsara watsa bayanai akan wayar hannu ta amfani da hanyoyin haɗin Wi-Fi da 4G lokaci guda, ko don rage farashi ta hanyar haɗa sabar ta amfani da mahaɗa masu arha da yawa maimakon mai tsada ɗaya.
    • Kara goyan baya ga tsarin sarrafa layin hanyar sadarwa sch_ets (Ingantaccen Zaɓin Watsawa, IEEE 802.1Qaz), wanda ke ba da damar rarraba bandwidth tsakanin nau'ikan zirga-zirga. Idan nauyin da ke kan wani nau'in zirga-zirga yana ƙasa da bandwidth da aka keɓe, to ETS yana ba da damar sauran azuzuwan zirga-zirga don amfani da bandwidth da ake samu (mara amfani). Qdisc sch_ets an saita shi azaman horo na PRIO kuma yana amfani da azuzuwan zirga-zirga don ayyana ƙaƙƙarfan iyakokin bandwidth da aka raba. ETS yana aiki azaman haɗin horo KAFIN и DRR - idan akwai ƙarancin azuzuwan zirga-zirga, ana amfani da PRIO, amma idan babu zirga-zirga a cikin layin, yana aiki kamar DRR.
    • An ƙara sabon nau'in shirye-shiryen BPF BPF_PROG_TYPE_STRUCT_OPS, wanda ke ba ku damar aiwatar da masu sarrafa aikin kwaya ta hanyar BPF. A halin yanzu, ana iya amfani da wannan fasalin don aiwatar da algorithms sarrafa cunkoso na TCP a cikin tsarin shirye-shiryen BPF. A matsayin misali samarwa Shirin BPF tare da aiwatar da algorithm Farashin DCTCP.
    • An karɓa cikin ainihin canji, kayan aikin fassara dasauran tare da ioctl () don amfani netlink dubawa. Sabuwar hanyar sadarwa tana sauƙaƙa don ƙara haɓakawa, inganta sarrafa kurakurai, ba da damar aika sanarwar lokacin da canje-canjen jihohi, sauƙaƙe hulɗar tsakanin kwaya da sararin mai amfani, kuma yana rage adadin jerin sunayen da ake buƙatar aiki tare.
    • Ƙaddara aiwatar da tsarin gudanarwar jerin gwanon hanyar sadarwa ta FQ-PIE (Flow Queue PIE), da nufin rage mummunan tasirin fakitin buffer na tsaka-tsaki akan kayan sadarwar gefen (bufferbloat). FQ-PIE yana nuna babban inganci lokacin amfani da tsarin tare da modem na USB.
  • Tsarin Disk, I/O da Tsarin Fayil
    • Don tsarin fayil na Btrfs kara da cewa aiwatar da asynchronous na aikin DISCARD (alamar tubalan da ba sa buƙatar a adana su a zahiri). Da farko, an gudanar da ayyukan DISCARD tare da juna, wanda zai iya haifar da lalacewa ta hanyar aiki saboda faifan da ke jiran kammala umarni masu dacewa. Aiwatar da Asynchronous yana ba ku damar jira don kammala DISCARD kuma kuyi wannan aikin a bango.
    • A cikin XFS za'ayi Tsaftace lambar da ta yi amfani da tsoffin ƙidayar lokaci 32-bit (nau'in time_t an maye gurbin shi da time64_t), yana haifar da matsalar 2038. Kafaffen kurakurai da lalacewar ƙwaƙwalwar ajiya waɗanda suka faru akan dandamali 32-bit. An sake yin aiki da lambar don yin aiki tare da ƙarin halaye.
    • To ext4 tsarin fayil gabatar Haɓaka ayyuka masu alaƙa da sarrafa kulle inode yayin ayyukan karantawa da rubutawa. Inganta aikin sake rubutawa a yanayin I/O kai tsaye. Don sauƙaƙe gano matsalolin, ana adana lambobin kuskure na farko da na ƙarshe a cikin babban katange.
    • A tsarin fayil na F2FS aiwatar ikon adana bayanai a cikin nau'i mai matsewa. Don fayil ɗaya ko kundin adireshi, ana iya kunna matsawa ta amfani da umurnin "chatr +c file" ko "chatr +c dir; taba dir/file". Don matsawa duka ɓangaren, zaku iya amfani da zaɓin "-o compress_extension=ext" a cikin mai amfani.
    • Kwayar ta ƙunshi tsarin fayil ZoneFS, wanda ke sauƙaƙa aikin ƙananan matakan aiki tare da na'urorin ajiyar yanki. Yanki masu motsi suna nufin na'urori akan faifan maganadisu mai wuya ko NVMe SSDs, wurin ajiya wanda aka raba shi zuwa yankuna waɗanda ke haɗa ƙungiyoyin tubalan ko sassa, waɗanda kawai ake ba da izinin ƙarin bayanan jeri, suna sabunta duk rukunin tubalan. Western Digital ne ya haɓaka FS ZoneFS kuma yana haɗa kowane yanki a cikin tuƙi tare da fayil ɗin daban wanda za'a iya amfani dashi don adana bayanai a cikin ɗanyen yanayi ba tare da magudi ba a fannin da matakin toshe, watau. Yana ba da damar aikace-aikace don amfani da fayil ɗin API maimakon isa ga na'urar toshe kai tsaye ta amfani da ioctl.
    • A cikin NFS, an kashe ɓangarori masu hawa kan UDP ta tsohuwa. Ƙara goyon baya don ikon kwafin fayiloli kai tsaye tsakanin sabobin, wanda aka bayyana a cikin ƙayyadaddun NFS 4.2. An ƙara sabon zaɓin dutsen "softreval", wanda ke ba da damar amfani da ƙimar sifa da aka adana idan akwai gazawar uwar garken. Misali, lokacin tantance wannan zaɓi, bayan babu uwar garken, zai kasance yana yiwuwa a matsa tare da hanyoyi a cikin ɓangaren NFS da samun damar bayanan da suka zauna a cikin cache.
    • An aiwatar inganta aikin tsarin fs-verity, wanda aka yi amfani da shi don saka idanu da daidaito da amincin fayilolin mutum ɗaya. Ƙara saurin karatun bi-da-biyu godiya ga amfani da bishiyar hash na Merkle. An inganta aikin FS_IOC_ENABLE_VERITY lokacin da babu bayanai a cikin ma'ajin (an yi amfani da riga-kafi na karanta shafukan da ke da bayanai).
  • Hankali da Tsaro
    • An daina amfani da ikon kashe tsarin SE.Linux yayin aiki, da kuma nan gaba, sauke kayan da aka riga aka kunna na SELinux za a haramta. Don kashe SELinux Za ku buƙaci ku wuce sigar "selinux=0" akan layin umarnin kernel.
    • Kara goyan bayan wuraren suna don lokaci (filayen suna), yana ba ku damar ɗaure yanayin agogon tsarin zuwa akwati (CLOCK_REALTIME,
      CLOCK_MONOTONIC, CLOCK_BOOTTIME), yi amfani da lokacin ku a cikin akwati kuma, lokacin ƙaura kwandon zuwa wani mai masaukin baki, tabbatar da cewa karatun CLOCK_MONOTONIC da CLOCK_BOOTTIME ba su canzawa (yi la'akari da lokacin bayan lodawa, tare da ko ba tare da la'akari da kasancewa cikin yanayin barci ba. ).
    • An cire tafkin toshewa /dev/ bazuwar. Halin /dev/random yayi kama da /dev/urandom dangane da hana toshe entropy bayan ƙaddamar da tafkin.
    • Kwayar kwaya ta haɗa da direba wanda ke ba da damar tsarin baƙo da ke aiki da VirtualBox don hawa kundayen adireshi da mahallin mai watsa shiri ke fitarwa (VirtualBox Shared Folder).
    • An ƙara saitin faci zuwa tsarin tsarin BPF (Mai aikawa BPF), lokacin amfani da tsarin Retpoline don karewa daga hare-haren ajin Specter V2, yana ba ku damar haɓaka haɓakar kiran shirye-shiryen BPF lokacin da abubuwan da ke tattare da su suka faru (misali, yana ba ku damar hanzarta kiran masu sarrafa XDP lokacin da fakitin cibiyar sadarwa ya iso).
    • Ƙara direba don tallafawa TEE (Trusted Execution Environment) wanda aka gina a cikin AMD APUs.
  • Ƙwaƙwalwar ajiya da sabis na tsarin
    • BPF ya ƙara tallafi don ayyukan duniya. Ana aiwatar da ci gaba a matsayin wani yunƙuri na ƙara tallafi ga ɗakunan karatu na ayyuka waɗanda za a iya haɗa su cikin shirye-shiryen BPF. Mataki na gaba zai kasance don tallafawa haɓaka haɓaka mai ƙarfi wanda ke ba da damar ɗaukar ayyukan duniya, gami da maye gurbin ayyukan da ke gudana a duniya yayin da ake amfani da su. Tsarin tsarin BPF kuma yana ƙara goyan baya ga bambance-bambancen aikin taswira (an yi amfani da shi don adana bayanan dagewa), wanda ke goyan bayan aiwatarwa a yanayin tsari.
    • An kara Na'urar "cpu_cooling" tana ba ku damar sanyaya CPU mai zafi ta hanyar sanya shi cikin rashin aiki na ɗan gajeren lokaci.
    • Ƙara tsarin kira bude2(), wanda ke ba da saiti na ƙarin tutoci don iyakance ƙudurin hanyar fayil (haramcin ƙetare wuraren tsaunuka, alamomin alamomi, hanyoyin sihiri (/ proc/PID/fd), abubuwan haɗin "../").
    • Don tsarin iri daban-daban dangane da babban gine-gine. LITTLE, haɗakarwa masu ƙarfi da ƙarancin inganci na CPU cores a cikin guntu ɗaya, an saita siginar uclamp_min lokacin aiwatar da ayyuka na ainihin lokaci (ya fito a cikin kernel 5.3 akwai wata hanya don tabbatar da kaya). Wannan siga yana tabbatar da cewa mai tsarawa zai sanya aikin akan ainihin CPU wanda ke da isasshen aiki.
    • An saki kwaya daga matsalolin 2038. Maye gurbin na ƙarshe da suka rage, waɗanda suka yi amfani da nau'in 32-bit (sa hannu int) nau'in time_t don ma'aunin lokaci na epochal, wanda, la'akari da rahoton daga 1970, yakamata ya cika a 2038.
    • Ci gaba da inganta yanayin I/O asynchronous io_ringa cikin abin da bayar da tallafi don sabbin ayyuka: IORING_OP_FALLOCATE (ajiye wuraren da babu kowa), IORING_OP_OPENAT,
      IORING_OP_OPENAT2,
      IORING_OP_CLOSE (budewa da rufe fayiloli),
      IORING_OP_FILES_UPDATE (ƙara da cire fayiloli daga lissafin shiga da sauri),
      IORING_OP_STATX (buƙatar bayanin fayil),
      IORING_OP_KARATUN,
      IORING_OP_WRITE (sauƙaƙan analogues na IORING_OP_READV da IORING_OP_WRITEV),
      IORING_OP_FADVISE,
      IORING_OP_MADVISE (bambance-bambancen kira na posix_fadvise da mahaukaci), IORING_OP_SEND,
      IORING_OP_RECV (aikawa da karɓar bayanan hanyar sadarwa),
      IORING_OP_EPOLL_CTL (yi aiki akan masu siffanta fayilolin epoll).
    • Ƙara tsarin kira pidfd_getfd(), ƙyale tsari don dawo da bayanin fayil don buɗaɗɗen fayil daga wani tsari.
    • An aiwatar tsarin "bootconfig", wanda ke ba da izini, ban da zaɓuɓɓukan layin umarni, don ƙayyade sigogi na kernel ta hanyar fayil ɗin saiti. Don ƙara irin waɗannan fayiloli zuwa hoton initramfs, ana ba da shawarar amfani da bootconfig. Ana iya amfani da wannan fasalin, misali, don saita kprobes a lokacin taya.
    • An sake fasalin tsarin jira don rubutawa da karanta bayanai a cikin bututun da ba a bayyana sunansa ba. Canjin ya ba da damar hanzarta ayyuka kamar haɗin kai na manyan ayyuka. Koyaya, haɓakawa na iya haifar da yanayin tsere a cikin GNU saboda kwaro a cikin sakin 4.2.1, wanda aka gyara a sigar 4.3.
    • An ƙara tutar PR_SET_IO_FLUSHER zuwa prctl(), wanda za'a iya amfani da shi don yiwa ayyukan da ba su da ƙwaƙwalwar ajiya alama waɗanda bai kamata su kasance ƙarƙashin iyaka lokacin da tsarin ya yi ƙasa da ƙwaƙwalwar ajiya ba.
    • Dangane da fasahar da ake amfani da ita a Android Tsarin rarrabawar ƙwaƙwalwar ION yana da tsarin da aka aiwatar dma-buf tsibi, wanda ke ba ka damar sarrafa rabon abubuwan buffers na DMA don raba wuraren ƙwaƙwalwar ajiya tsakanin direbobi, aikace-aikace da tsarin tsarin daban-daban.
  • Hardware architectures
    • Ƙara goyon baya ga tsawo na E0PD, wanda ya bayyana a cikin ARMv8.5 kuma yana ba da damar kariya daga hare-haren da suka danganci aiwatar da umarni akan CPU. Sakamakon kariyar tushen E0PD a cikin ƙananan sama fiye da KPTI (Kernel Page Table Isolation) kariya.
    • Don tsarin da ya danganci gine-ginen ARMv8.5, an ƙara goyan bayan koyarwar RNG, yana ba da dama ga janareta na lambar bazuwar hardware. A cikin kwaya, ana amfani da umarnin RNG don samar da entropy lokacin fara janareta-bazuwar lamba ta kernel.
    • Goyan bayan da aka cire don MPX (Kariyar Kariyar Memory) da aka ƙara a cikin kwaya 3.19 kuma yana ba ku damar tsara dubawa na masu nuni don tabbatar da cewa an mutunta iyakokin wuraren ƙwaƙwalwar ajiya. Ba a yi amfani da wannan fasaha sosai a cikin masu tarawa ba kuma an cire su daga GCC.
    • Don gine-ginen RISC-V, tallafi ga KASan (Kernel address sanitizer) an aiwatar da kayan aikin gyara kurakurai, wanda ke taimakawa gano kurakurai lokacin aiki tare da ƙwaƙwalwar ajiya.
  • Kayan aiki
    • An aiwatar da tallafin ƙayyadaddun bayanai Kebul na USB 4.0, wanda ya dogara da ka'idar Thunderbolt 3 kuma yana samar da kayan aiki har zuwa 40 Gbps, yayin da yake ci gaba da dacewa da baya tare da USB 2.0 da USB 3.2. Ta misali da tsãwa Kebul na USB 4.0 yana ba ku damar ramin ladabi daban-daban akan kebul guda ɗaya tare da mai haɗawa Nau'in-C, gami da PCIe, Display Port, da USB 3.x, da kuma aiwatar da software na ladabi, kamar waɗanda ke kafa hanyoyin haɗin yanar gizo tsakanin masu masaukin baki. Aiwatarwar ta dogara ne akan abin da aka riga aka haɗa a cikin kernel. Linux Ana sabunta direban Thunderbolt kuma an daidaita shi don yin aiki tare da masu masauki da na'urori masu jituwa da USB4. Canje-canjen sun kuma ƙara tallafi ga na'urorin Thunderbolt 3 ga aiwatar da software na Connection Manager, wanda ke da alhakin ƙirƙirar ramuka don haɗa na'urori da yawa ta hanyar tashar jiragen ruwa ɗaya.
    • A cikin direban amdgpu kara da cewa goyan bayan farko don HDCP 2.x (Kariyar abun ciki na Dijital mai girma-bandwidth) kwafin fasahar kariyar. Ƙara goyon baya ga guntu AMD Pollock ASIC dangane da Raven 2. An aiwatar da ikon sake saita GPU don dangin Renoir da Navi.
    • Direban DRM don katunan bidiyo na Intel kara da cewa DSI VDSC goyon bayan kwakwalwan kwamfuta dangane da Ice Lake da Tiger Lake microarchitecture, LMEM mmap (na'urar ƙwaƙwalwar ajiyar gida) an aiwatar da shi, an inganta fassarar VBT (Bidiyo BIOS Table), an aiwatar da goyon bayan HDCP 2.2 don kwakwalwan Coffee Lake.
    • An ci gaba da aiki akan haɗa lambar direban amdkfd (don GPUs masu hankali, kamar Fiji, Tonga, Polaris) tare da direban amdgpu.
    • An sake yin aikin direban k10temp, yana ƙara tallafi don nuna ƙarfin lantarki da sigogi na yanzu don AMD Zen CPUs, da kuma faɗaɗa bayanai daga na'urori masu auna zafin jiki da aka yi amfani da su a cikin Zen da Zen 2 CPUs.
    • A cikin direban nouveau kara da cewa goyan baya don tabbatar da yanayin shigar da firmware don NVIDIA GPUs dangane da Turing microarchitecture (GeForce RTX 2000), wanda ya ba da damar ba da damar tallafi don haɓakar 3D don waɗannan katunan (zazzage firmware na hukuma tare da sa hannun dijital na NVIDIA ana buƙatar). Ƙara tallafi don injin zane na TU10x. An warware matsalolin HD Audio.
    • Ƙara goyon baya don matsawa bayanai lokacin da aka watsa ta hanyar DisplayPort MST (Tsarin-Tsarin-Tsarin Ruwa).
    • An kara sabon direba"ku 11k»don kwakwalwan kwamfuta mara waya ta Qualcomm mai goyan bayan 802.11ax.
      Direba ya dogara ne akan tari na mac80211 kuma yana tallafawa wurin samun dama, wurin aiki da hanyoyin kumburin hanyar sadarwa.
    • Ta hanyar sysfs, ana ba da damar yin amfani da karatun firikwensin zafin jiki wanda ake iya karantawa akan rumbun kwamfyuta na zamani da SSDs.
    • An ƙaddamar gagarumin canje-canje ga tsarin sauti na ALSA, da nufin kawar da lambar matsalolin 2038 (kaucewa amfani da nau'in 32-bit time_t a cikin snd_pcm_mmap_status da snd_pcm_mmap_control musaya). Ƙara goyon baya don sababbin codecs na odiyo
      Qualcomm WCD9340/WCD9341, Realtek RT700, RT711, RT715, RT1308, Ingenic JZ4770.
    • Kara direbobi don bangarorin LCD Logic PD 28, Jimax8729d MIPI-DSI, igenic JZ4770, Sony acx424AKP, Leadtek LTK500HD1829, Xinpeng XPP055C272, AUO B116XAK01, GiantPlus940 GPM0
      BOE NV140FHM-N49.
      Satoz SAT050AT40H12R2,
      Saukewa: LS020B1DD01D.
    • Kara goyan bayan allon ARM da dandamali na Gen1 Amazon Echo ( tushen OMAP3630), Samsung Galaxy S III mini (GT-I8190), Allwinner Emlid Neutis, Libre Computer ALL-H3-IT, PineH64 Model B, Aibretech Amlogic GX PC,
      Armada SolidRun Clearfog GTR, NXPGateworks GW59xx,
      Tolino Shine 3 mai karanta eBook,
      Embedded Artists COM (i.MX7ULP), SolidRun Clearfog CX/ITX da HoneyComb (LX2160A), Google Coral Edge TPU (i.MX8MQ),
      Rockchip Radxa Dalang Carrier, Radxa Rock Pi N10, VMRC RK3399Pro SOM
      ST Ericsson HREF520, Inforce 6640, SC7180 IDP, Atmel/Microchip AM9X60 (ARM926 SoC, Kizboxmini), ST stm32mp15, AM3703/AM3715/DM3725, ST Ericsson ab8505, ST Ericsson ab9863, Unisoc. Ƙara tallafi don mai sarrafa PCIe da aka yi amfani da shi a cikin Rasberi Pi 7180.

A lokaci guda kuma, Cibiyar Software na Kyauta ta Latin Amurka kafa
zaɓi Kwayar cuta gaba daya kyauta 5.6 - Linux-liber 5.6-gnu, An share daga firmware da abubuwan direba masu ƙunshe da abubuwan da ba su da kyauta ko sassan lambobi, iyakar abin da masana'anta ke iyakancewa. Sabuwar sakin tana hana ɗaukar nauyi a cikin direbobi don AMD TEE, ATH11K da Mediatek SCP. An sabunta lambar tsaftacewa a cikin AMD PSP, amdgpu da nouveau direbobi da tsarin ƙasa.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster