Kampani ya Oracle kumasulidwa koyamba kokhazikika (UEK R6), nyumba yotalikirapo ya kernel ya Linux yomwe idagulitsidwa kuti igwiritsidwe ntchito pakugawa kwa Oracle Linux ngati m'malo mwa phukusi la stock kernel kuchokera ku Red Hat Enterprise Linux. Kernel imangopezeka pa x86_64 ndi ARM64 (aarch64) zomangamanga. Khodi yochokera ku kernel, kuphatikiza kugawanika kukhala zigamba payekha, m'malo agulu a Oracle Git.
Enterprise Kernel 6 yosasweka idakhazikitsidwa ndi kernel (UEK R5 idakhazikitsidwa pa 4.14 kernel), yomwe imasinthidwa ndi zatsopano, kukhathamiritsa, ndi kukonza, ndipo yayesedwa kuti igwirizane ndi mapulogalamu ambiri omwe akuyenda pa RHEL, ndipo yakonzedwa kuti igwire ntchito ndi Oracle mafakitale mapulogalamu ndi hardware. UEK R6 kernel kukhazikitsa ndi src phukusi lokonzekera Oracle Linux ΠΈ . Thandizo la nthambi ya 6.x yathetsedwa, kuti mugwiritse ntchito UEK R6, muyenera kukweza kachitidwe ka Oracle Linux 7 (palibe zopinga kugwiritsa ntchito kernel iyi m'matembenuzidwe ofanana a RHEL, CentOS ndi Scientific Linux).
Chinsinsi Enterprise Kernel 6 yosasweka:
- Thandizo lowonjezereka la machitidwe otengera 64-bit ARM zomangamanga (aarch64).
- Kuthandizira kwazinthu zonse za Cgroup v2.
- Dongosolo la ktask lakhazikitsidwa kuti lifanane ndi ntchito mu kernel zomwe zimadya zofunikira za CPU. Mwachitsanzo, mothandizidwa ndi ktask, kufananiza kwa ntchito zochotsa masamba okumbukira kapena kukonza mndandanda wa ma inode zitha kukonzedwa;
- Mtundu wofananira wa kswapd waphatikizidwa kuti usinthe ma swaps motsatana, kuchepetsa kuchuluka kwa ma swaps achindunji (synchronous). Kuchuluka kwa masamba okumbukira aulere kumachepetsa, kswapd imayang'ana masamba osagwiritsidwa ntchito omwe amatha kumasulidwa.
- Kuthandizira kutsimikizira kukhulupirika kwa chithunzi cha kernel ndi firmware yosainidwa ndi digito pokweza kernel pogwiritsa ntchito makina a Kexec (kukweza kernel kuchokera pamakina odzaza kale).
- Kuchita kwa makina osungira kukumbukira kwakonzedwa bwino, kuyendetsa bwino kukumbukira ndi masamba a cache kwakonzedwa bwino, ndipo kukonza zopezera masamba okumbukira osagawidwa (zolakwika zamasamba) zasinthidwa.
- Thandizo la NVDIMM lakulitsidwa, kukumbukira kokhazikika komwe kutha kugwiritsidwa ntchito ngati RAM yachikhalidwe.
- Kusintha kwa DTrace 2.0 dynamic debugging system yapangidwa, yomwe kugwiritsa ntchito eBPF kernel subsystem. DTrace tsopano ikuyenda pamwamba pa eBPF, mofanana ndi momwe zida zofufuzira za Linux zilipo pamwamba pa eBPF.
- Kuwongolera kwapangidwa ku fayilo ya OCFS2 (Oracle Cluster File System).
- Thandizo labwino la fayilo ya Btrfs. Adawonjezera kuthekera kogwiritsa ntchito ma Btrfs pamagawo a mizu. Njira yawonjezedwa kwa oyika kuti musankhe Btrfs mukamakonza zida. Adawonjezera kuthekera koyika mafayilo amasamba pamagawo ndi Btrfs. Btrfs imawonjezera chithandizo cha kuponderezana pogwiritsa ntchito ZStandard algorithm.
- Thandizo lowonjezera la mawonekedwe a asynchronous I / O - io_uring, omwe ndi odziwika kuthandizira kuvota kwa I / O komanso kuthekera kogwira ntchito zonse ndi buffering komanso popanda buffering. Pankhani ya machitidwe, io_uring ili pafupi kwambiri ndi SPDK ndipo imaposa libaio pamene kuvota kwayatsidwa. Kuti mugwiritse ntchito io_uring pomaliza ntchito zomwe zikuyenda mu malo ogwiritsira ntchito, laibulale yosungiramo mabuku yakonzedwa, ndikupereka zomangira zapamwamba pa mawonekedwe a kernel;
- Anawonjezera mode thandizo kwa kubisa mwachangu kwa ma drive.
- Thandizo lowonjezera la compression pogwiritsa ntchito algorithm (zstd).
- Mafayilo a ext4 amagwiritsa ntchito masitampu a 64-bit m'minda yayikulu.
- XFS imaphatikizaponso zida zodziwitsira kukhulupirika kwa fayilo panthawi yake komanso kuti adziwe momwe fsck aphedwera pa ntchentche.
- Stack ya TCP imasinthidwa kukhala "" m'malo mwa "Mofulumira Monga N'zotheka" potumiza phukusi. Thandizo la GRO (Generic Receive Offload) limayatsidwa ndi UDP. Zowonjezera zothandizira kulandira ndi kutumiza mapaketi a TCP mumayendedwe a zero.
- Kukhazikitsidwa kwa protocol ya TLS pamlingo wa kernel (KTLS) ikukhudzidwa, yomwe tsopano ingagwiritsidwe ntchito osati kutumizidwa kokha, komanso kwa deta yolandiridwa.
- Yayatsidwa ngati backend kwa firewall mwachisawawa
nftables. Thandizo losasankha lawonjezeredwa . - Thandizo lowonjezera la XDP (eXpress Data Path) subsystem, yomwe imalola kuyendetsa mapulogalamu a BPF pa Linux pamlingo wa driver network ndi kuthekera kofikira mwachindunji pakiti ya DMA buffer komanso pasiteji pomwe netiweki isanagawire skbuff buffer.
- Zasinthidwa ndikuyatsidwa mukamagwiritsa ntchito UEFI Safe Boot mode , yomwe imalepheretsa ogwiritsa ntchito mizu kulowa mu kernel ndikutchinga njira za UEFI Secure Boot bypass. Mwachitsanzo, njira yotsekera imalepheretsa mwayi wopezeka / dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, debug mode kprobes, mmiotrace, tracefs, BPF, PCMCIA CIS (Kapangidwe ka Chidziwitso Chamakhadi), malo ena Ma registanti a CPU ACPI ndi MSR, amaletsa mafoni a kexec_file ndi kexec_load, amaletsa kugona, amaletsa kugwiritsa ntchito DMA pazida za PCI, amaletsa kulowetsa kachidindo ka ACPI kuchokera kumitundu ya EFI, salola kuti pakhale ma doko a I / O, kuphatikiza kusintha nambala yosokoneza Doko la I/O la doko la serial.
- Thandizo lowonjezera la malangizo a Enhanced Indirect Branch Restricted Speculation (IBRS) omwe amakupatsani mwayi wololeza ndikuletsa kugwiritsa ntchito malangizo mongopeka panthawi yosokoneza, kuyimba foni, komanso kusinthana. Ngati Inhanced IBRS ithandizidwa, njirayi imagwiritsidwa ntchito kuteteza ku Specter V2 m'malo mwa Retpoline, chifukwa imapereka ntchito yabwino.
- Kutetezedwa bwino pamawu olembedwa ndi aliyense. M'makalata oterowo, kupanga mafayilo a FIFO ndi mafayilo omwe ali ndi ogwiritsa ntchito omwe samafanana ndi mwini wake wa bukhuli ndi mbendera yomata ndikoletsedwa.
- Mwachikhazikitso pa machitidwe a ARM, kernel address space randomization pa systems (KASLR) imayatsidwa. Aarch64 ili ndi kutsimikizika kwa pointer.
- Thandizo lowonjezera la "NVMe over Fabrics TCP".
- Dalaivala wa virtio-pmem wawonjezedwa kuti apereke mwayi wopezeka pazida zosungiramo ma adilesi monga ma NVDIMM.
Source: opennet.ru