ProHoster > Blog > nkhani zapaintaneti > Oracle imatulutsa Unbreakable Enterprise Kernel 6

Oracle imatulutsa Unbreakable Enterprise Kernel 6

Kampani ya Oracle представила kumasulidwa koyamba kokhazikika Kampani Yosasunthika ya Kernel 6 (UEK R6), kapangidwe ka kernel kowonjezera Linux, yomwe yaikidwa kuti igwiritsidwe ntchito pogawa Oracle Linux monga njira ina m'malo mwa phukusi la kernel lokhazikika kuchokera ku Red Hat Enterprise LinuxKernel imapezeka kokha pa zomangamanga za x86_64 ndi ARM64 (aarch64). Khodi yoyambira ya Kernel, kuphatikizapo kugawa magawo osiyanasiyana, lofalitsidwa m'malo agulu a Oracle Git.

Enterprise Kernel 6 yosasweka idakhazikitsidwa ndi kernel Linux 5.4 (UEK R5 idakhazikitsidwa pa kernel 4.14), yomwe idawonjezeredwa ndi zinthu zatsopano, kukonza, ndi kukonza, ndipo idayesedwanso kuti igwirizane ndi mapulogalamu ambiri omwe akuyenda pa RHEL ndipo idakonzedwa makamaka kuti igwire ntchito ndi mapulogalamu ndi zida za Oracle zamakampani. Kukhazikitsa ndi ma phukusi a src okhala ndi kernel ya UEK R6 kwakonzedwa kuti Oracle Linux 7.x и 8.xChithandizo cha nthambi ya 6.x chayimitsidwa. Kuti mugwiritse ntchito UEK R6, muyenera kusintha makina anu kuti Oracle Linux 7 (palibe zopinga zogwiritsira ntchito kernel iyi m'mabaibulo ofanana a RHEL, CentOS ndi Sayansi Linux).

Chinsinsi zatsopano Enterprise Kernel 6 yosasweka:

  • Thandizo lowonjezereka la machitidwe otengera 64-bit ARM zomangamanga (aarch64).
  • Kuthandizira kwazinthu zonse za Cgroup v2.
  • Dongosolo la ktask lakhazikitsidwa kuti lifanane ndi ntchito mu kernel zomwe zimadya zofunikira za CPU. Mwachitsanzo, mothandizidwa ndi ktask, kufananiza kwa ntchito zochotsa masamba okumbukira kapena kukonza mndandanda wa ma inode zitha kukonzedwa;
  • Mtundu wofananira wa kswapd waphatikizidwa kuti usinthe ma swaps motsatana, kuchepetsa kuchuluka kwa ma swaps achindunji (synchronous). Kuchuluka kwa masamba okumbukira aulere kumachepetsa, kswapd imayang'ana masamba osagwiritsidwa ntchito omwe amatha kumasulidwa.
  • Kuthandizira kutsimikizira kukhulupirika kwa chithunzi cha kernel ndi firmware yosainidwa ndi digito pokweza kernel pogwiritsa ntchito makina a Kexec (kukweza kernel kuchokera pamakina odzaza kale).
  • Kuchita kwa makina osungira kukumbukira kwakonzedwa bwino, kuyendetsa bwino kukumbukira ndi masamba a cache kwakonzedwa bwino, ndipo kukonza zopezera masamba okumbukira osagawidwa (zolakwika zamasamba) zasinthidwa.
  • Thandizo la NVDIMM lakulitsidwa, kukumbukira kokhazikika komwe kutha kugwiritsidwa ntchito ngati RAM yachikhalidwe.
  • Kusintha kwa DTrace 2.0 dynamic debugging system yapangidwa, yomwe kumasuliridwa kugwiritsa ntchito njira ya eBPF kernel. DTrace tsopano ikuyenda pamwamba pa eBPF, mofanana ndi momwe ilili Linux zida zofufuzira.
  • Kuwongolera kwapangidwa ku fayilo ya OCFS2 (Oracle Cluster File System).
  • Thandizo labwino la fayilo ya Btrfs. Adawonjezera kuthekera kogwiritsa ntchito ma Btrfs pamagawo a mizu. Njira yawonjezedwa kwa oyika kuti musankhe Btrfs mukamakonza zida. Adawonjezera kuthekera koyika mafayilo amasamba pamagawo ndi Btrfs. Btrfs imawonjezera chithandizo cha kuponderezana pogwiritsa ntchito ZStandard algorithm.
  • Thandizo lowonjezera la mawonekedwe a asynchronous I / O - io_uring, omwe ndi odziwika kuthandizira kuvota kwa I / O komanso kuthekera kogwira ntchito zonse ndi buffering komanso popanda buffering. Pankhani ya machitidwe, io_uring ili pafupi kwambiri ndi SPDK ndipo imaposa libaio pamene kuvota kwayatsidwa. Kuti mugwiritse ntchito io_uring pomaliza ntchito zomwe zikuyenda mu malo ogwiritsira ntchito, laibulale yosungiramo mabuku yakonzedwa, ndikupereka zomangira zapamwamba pa mawonekedwe a kernel;
  • Anawonjezera mode thandizo adiantum kwa kubisa mwachangu kwa ma drive.
  • Thandizo lowonjezera la compression pogwiritsa ntchito algorithm zstandard (zstd).
  • Mafayilo a ext4 amagwiritsa ntchito masitampu a 64-bit m'minda yayikulu.
  • XFS imaphatikizaponso zida zodziwitsira kukhulupirika kwa fayilo panthawi yake komanso kuti adziwe momwe fsck aphedwera pa ntchentche.
  • Stack ya TCP imasinthidwa kukhala "Nthawi Yonyamuka Koyambirira" m'malo mwa "Mofulumira Monga N'zotheka" potumiza phukusi. Thandizo la GRO (Generic Receive Offload) limayatsidwa ndi UDP. Zowonjezera zothandizira kulandira ndi kutumiza mapaketi a TCP mumayendedwe a zero.
  • Kukhazikitsidwa kwa protocol ya TLS pamlingo wa kernel (KTLS) ikukhudzidwa, yomwe tsopano ingagwiritsidwe ntchito osati kutumizidwa kokha, komanso kwa deta yolandiridwa.
  • Yayatsidwa ngati backend kwa firewall mwachisawawa
    nftables. Thandizo losasankha lawonjezeredwa bpfilter.
  • Kuwonjezera thandizo la dongosolo la XDP (eXpress Data Path), lomwe limalola Linux Yendetsani mapulogalamu a BPF pamlingo wa driver wa netiweki ndi mwayi wolowera mwachindunji ku packet DMA buffer komanso pa siteji isanayambe kugawa skbuff buffer ndi netiweki stack.
  • Zasinthidwa ndikuyatsidwa mukamagwiritsa ntchito UEFI Safe Boot mode Lockdown, yomwe imalepheretsa ogwiritsa ntchito mizu kulowa mu kernel ndikutchinga njira za UEFI Secure Boot bypass. Mwachitsanzo, njira yotsekera imalepheretsa mwayi wopezeka / dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, debug mode kprobes, mmiotrace, tracefs, BPF, PCMCIA CIS (Kapangidwe ka Chidziwitso Chamakhadi), malo ena Ma registanti a CPU ACPI ndi MSR, amaletsa mafoni a kexec_file ndi kexec_load, amaletsa kugona, amaletsa kugwiritsa ntchito DMA pazida za PCI, amaletsa kulowetsa kachidindo ka ACPI kuchokera kumitundu ya EFI, salola kuti pakhale ma doko a I / O, kuphatikiza kusintha nambala yosokoneza Doko la I/O la doko la serial.
  • Thandizo lowonjezera la malangizo a Enhanced Indirect Branch Restricted Speculation (IBRS) omwe amakupatsani mwayi wololeza ndikuletsa kugwiritsa ntchito malangizo mongopeka panthawi yosokoneza, kuyimba foni, komanso kusinthana. Ngati Inhanced IBRS ithandizidwa, njirayi imagwiritsidwa ntchito kuteteza ku Specter V2 m'malo mwa Retpoline, chifukwa imapereka ntchito yabwino.
  • Kutetezedwa bwino pamawu olembedwa ndi aliyense. M'makalata oterowo, kupanga mafayilo a FIFO ndi mafayilo omwe ali ndi ogwiritsa ntchito omwe samafanana ndi mwini wake wa bukhuli ndi mbendera yomata ndikoletsedwa.
  • Mwachikhazikitso pa machitidwe a ARM, kernel address space randomization pa systems (KASLR) imayatsidwa. Aarch64 ili ndi kutsimikizika kwa pointer.
  • Thandizo lowonjezera la "NVMe over Fabrics TCP".
  • Dalaivala wa virtio-pmem wawonjezedwa kuti apereke mwayi wopezeka pazida zosungiramo ma adilesi monga ma NVDIMM.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster