ProHoster > Blog > internet nhau > Linux 6.2 kernel kuburitswa

Linux 6.2 kernel kuburitswa

Mushure memwedzi miviri yebudiriro, Linus Torvalds akapa kuburitswa kweLinux kernel 6.2. Pakati pekuchinja kunonyanya kukosha: kugamuchirwa kwekodhi pasi peCopyleft-Inotevera rezenisi inobvumirwa, kushandiswa kweRAID5/6 muBtrfs kunovandudzwa, kubatanidzwa kwerutsigiro rweRust mutauro kunoenderera mberi, pamusoro pekudzivirira kubva kuRetbleed kurwisa kunoderedzwa, iyo kugona kudzora kushandiswa kwendangariro panguva yekunyora kunowedzerwa, imwe nzira inowedzerwa yeTCP balancing PLB (Protective Load Balancing), hybrid command flow protection mechanism (FineIBT) yawedzerwa, BPF ikozvino ine kugona kutsanangura zvayo zvinhu uye zvimiro zvedata. , iyo rv (Runtime Verification) inoshandiswa inosanganisirwa, kushandiswa kwesimba mukuitwa kweRCU kukiya kwakaderedzwa.

Iyo itsva vhezheni inosanganisira 16843 inogadzirisa kubva kune 2178 vanogadzira, iyo chigamba saizi i62 MB (shanduko dzakakanganisa 14108 mafaera, 730195 mitsetse yekodhi yakawedzerwa, 409485 mitsetse yakabviswa). Inenge 42% yeshanduko dzese dzakaunzwa mu6.2 dzine hukama nevatyairi vemidziyo, ingangoita 16% yeshanduko ine chekuita nekuvandudza kodhi yakanangana nehardware architecture, 12% ine hukama netiweki stack, 4% ine hukama nemafaira masisitimu, uye 3% zvine hukama nemukati kernel subsystems.

Makiyi matsva mu kernel 6.2:

  • Memory uye system masevhisi
    • Inotenderwa kusanganisa mukernel kodhi uye shanduko dzinopihwa pasi peCopyleft-Next 0.3.1 rezinesi. Rezinesi reCopyleft-Next rakagadzirwa nemumwe wevanyori veGPLv3 uye rinonyatsoenderana nerezinesi reGPLv2, sekusimbiswa kwemagweta eSUSE neRed Hat. Kana ichienzaniswa neGPLv2, rezinesi reCopyleft-Next rakanyanya kusimba uye riri nyore kunzwisisa (chikamu chekutanga uye kutaurwa kwezvekukanganisika zvakabviswa), inotsanangura nguva uye maitiro ekubvisa kutyorwa, uye inobvisa otomatiki zvinodikanwa zvesoftware yechinyakare. ane makore anopfuura gumi nemashanu.

      Copyleft-Inotevera zvakare ine proprietary tekinoroji yekupihwa clause, iyo, kusiyana neGPLv2, inoita kuti rezinesi iri rienderane neApache 2.0 rezinesi. Kuti ive nechokwadi chekuenderana kuzere neGPLv2, Copyleft-Inotevera inotaura pachena kuti basa rinobva pariri rinogona kupihwa pasi perezinesi reGPL mukuwedzera kune rezenisi reCopyleft-Next.

    • Chimiro chacho chinosanganisira "rv" utility, iyo inopa interface yekudyidzana kubva munzvimbo yevashandisi nevatambi veRV (Runtime Verification) subsystem, yakagadzirirwa kutarisa kushanda kwakaringana pamasisitimu akavimbika anovimbisa kusavapo kwekutadza. Verification inoitwa panguva yekumhanya nekubatanidza zvibatiso kuronda mapoinzi anotarisa mafambiro chaiwo ekuita achipesana neyakafanotemerwa referensi deterministic modhi yemuchina inotsanangura maitiro anotarisirwa ehurongwa.
    • Iyo zRAM mudziyo, iyo inobvumira iyo swap partition kuti ichengetwe mundangariro mune yakamanikidzwa fomu (chivharo chinogadzirwa mundangariro icho swapping inoitwa nekumanikidza), inoshandisa kugona kupeta mapeji uchishandisa imwe algorithm kuti isvike padanho repamusoro. ye compression. Pfungwa huru ndeyekupa sarudzo pakati akati wandei maalgorithms (lzo, lzo-rle, lz4, lz4hc, zstd), vachipa yavo yekumisikidza pakati pekumanikidza / decompression kumhanya uye compression level, kana yakakwana mumamiriro akakosha (semuenzaniso, wekumanikidza hombe. mapeji endangariro).
    • Yakawedzera iyo "iommufd" API yekubata iyo I/O memory management system - IOMMU (I/O Memory-Management Unit) kubva munzvimbo yemushandisi. Iyo API nyowani inoita kuti zvikwanise kubata I/O ndangariro peji matafura uchishandisa faira descriptors.
    • BPF inopa kugona kugadzira mhando, kutsanangura zvinhu zvako, kuvaka yako yega hierarchy yezvinhu, uye nyore kugadzira yako yega data zvimiro, senge zvakabatanidzwa zvinyorwa. Zvezvirongwa zveBPF zvinopinda mumodhi yekurara (BPF_F_SLEEPABLE), rutsigiro rwe bpf_rcu_read_{,un}lock() makiyi rwawedzerwa. Yakaitwa tsigiro yekuchengetedza task_struct zvinhu. Yakawedzerwa mepu mhando BPF_MAP_TYPE_CGRP_STORAGE, ichipa chengetedzo yenzvimbo yezvikwata.
    • Kune iyo RCU (Read-copy-update) yekuvharisa meshini, imwe sarudzo ye "simbe" callback call inoitwa, umo ma callback akati wandei anogadziriswa kamwechete uchishandisa timer mubatch mode. Kushandiswa kweiyo yakarongwa optimization kunotibvumira kudzikisa mashandisirwo emagetsi paAndroid neChromeOS zvishandiso ne5-10% nekumisa zvikumbiro zveRCU panguva dzisina basa kana kuderera mutoro pahurongwa.
    • Yakawedzerwa sysctl split_lock_mitigate yekudzora mabatiro anoita sisitimu kana yaona kupatsanurwa kukiyi kunoitika kana uchiwana isina kurongeka dhata mundangariro nekuda kweiyo data inoyambuka miviri yeCPU cache mitsetse paunenge uchiita rairo yeatomu. Kuvhara kwakadaro kunotungamirira kukuderera kukuru kwekuita. Kuisa split_lock_mitigate ku 0 kunongopa yambiro yekuti pane dambudziko, uku kuseta split_lock_mitigate ku1 kunokonzeresa maitiro akakonzeresa kuti kukiya kunonoke kuchengetedza mashandiro kune yese system.
    • Kuitwa kutsva kweqspinlock kwakagadzirirwa iyo PowerPC architecture, iyo inoratidza kushanda kwepamusoro uye kugadzirisa mamwe matambudziko ekuvhara anomuka mune akasarudzika kesi.
    • Iyo MSI (Mharidzo-Inopindira Inovhiringidza) inovhiringidza yekubata kodhi yakagadziridzwa, ichibvisa akaunganidzira matambudziko ekuvaka uye kuwedzera rutsigiro rwekusunga ega ega kumidziyo yakasiyana.
    • Kune masisitimu akavakirwa paLoongArch yekuraira seti yekuvaka anoshandiswa muLoongson 3 5000 processors uye kuita iyo itsva RISC ISA, yakafanana neMIPS neRISC-V, rutsigiro rwe ftrace, stack dziviriro, yekurara uye yekumira modes inoshandiswa.
    • Kugona kugovera mazita kunzvimbo dzekugovana ndangariro dzisingazivikanwe kwakapihwa (mazita ekare aingogona kupihwa kune yakavanzika isingazivikanwe ndangariro yakagoverwa kune yakatarwa maitiro).
    • Yakawedzera mutsva kernel command line parameter "trace_trigger", yakagadzirirwa kumutsa trace trigger inoshandiswa kusunga mirairo ine conditional inodaidzwa kana control check yatangwa (semuenzaniso, trace_trigger=”sched_switch.stacktrace if prev_state == 2β€³).
    • Izvo zvinodikanwa zveshanduro yebhinuti package zvawedzerwa. Kuvaka kernel ikozvino kunoda kanenge binutils 2.25.
    • Pakudaidza exec (), kugona kuisa maitiro munzvimbo yezita, umo nguva inosiyana kubva panguva yehurongwa, yakawedzerwa.
    • Tatanga kuendesa mamwe maitiro kubva kubazi reRust-for-Linux rine chekuita nekushandiswa kweRust mutauro semutauro wechipiri wekugadzira vatyairi uye kernel module. Rutsigiro rwerust runodzimwa nekusarudzika uye hazvikonzeri kuti Rust ibatanidzwe sezvinodiwa kernel kuvaka kutsamira. Basa rekutanga rinopihwa mukuburitswa kwekupedzisira rinowedzerwa kutsigira yakaderera-level kodhi, senge Vec mhando uye macros pr_debug!(), pr_cont!() uye pr_alert!(), pamwe neiyo procedural macro "#[vtable ]”, iyo inorerutsa kushanda nematafura ekunongedza pamabasa. Kuwedzerwa kwepamusoro-level Rust bindings pamusoro pekernel subsystems, iyo inobvumira kusikwa kwevatyairi vakazara muRust, inotarisirwa mukuburitswa mune ramangwana.
    • Iyo "char" mhando inoshandiswa mukernel yave kuziviswa isina kusaina nekusarudzika kune ese mavakirwo.
    • Iyo slab memory allocation mechanism - SLOB (slab allocator), iyo yakagadzirirwa masisitimu ane hushoma hwendangariro, yakanzi haichashandi. Panzvimbo yeSLOB, pasi pemamiriro akajairwa zvinokurudzirwa kushandisa SLUB kana SLAB. Kune masisitimu ane diki ndangariro, zvinokurudzirwa kushandisa SLUB muSLUB_TINY modhi.
  • Disk Subsystem, I/O uye File Systems
    • Kuvandudzwa kwakaitwa kuBtrfs kwakanangana nekugadzirisa dambudziko re "nyora gomba" muRAID 5/6 kushandiswa (kuedza kudzoreredza RAID kana kuputsika kukaitika panguva yekunyora uye hazvibviri kunzwisisa kuti ndeipi bhuroka iyo RAID yakanyorwa zvakanaka, izvo zvinogona kutungamira kukuparadzwa kwevharobe, inoenderana nemabhuroki akanyorwa pasi). Pamusoro pezvo, maSSD ikozvino anogonesa asynchronous kurasa mashandiro nekukasira pazvinogoneka, zvichibvumira kuvandudzwa kwekuita nekuda kwekuita zvakanaka kwemapoka ekurasa mabasa mumitsetse uye kugadzirisa kwemutsetse neashure processor. Kuvandudzwa kwekuita kwekutumira uye lseek mashandiro, pamwe neFIEMAP ioctl.
    • Iko kugona kubata kwakamisikidzwa kunyora (writeback, kumashure kuchengetedza kwe data rakashandurwa) yeblock zvishandiso zvakawedzerwa. Mune mamwe mamiriro, senge kana uchishandisa network block zvishandiso kana USB madhiraivha, usimbe kunyora kunogona kukonzera yakakura kushandiswa kweRAM. Kuti udzore maitiro ehusimbe kunyora uye kuchengetedza saizi yecache peji mukati memimwe miganhu, mitsva mitsva yakasimba_limit, min_bytes, max_bytes, min_ratio_fine uye max_ratio_fine yakaunzwa musysfs (/sys/class/bdi/).
    • Iyo F2FS faira system inoshandisa atomic kutsiva ioctl kushanda, iyo inokutendera kuti unyore data kufaira mukati meatomu imwechete kushanda. F2FS inowedzerawo chivharo cache yekubatsira kuona data yakashandiswa kana data isina kuwanikwa kwenguva yakareba.
    • Mune ext4 FS chete kukanganisa kugadziridzwa kunocherechedzwa.
    • Iyo ntfs3 faira sisitimu inopa akati wandei matsva egomo sarudzo: "nocase" yekudzora kunzwisiswa kwekesi mumafaira nemazita edhairekitori; windows_name kurambidza kusikwa kwemazita emafaira ane mavara asina kushanda kuWindows; hide_dot_files kudzora kugoverwa kweiyo yakavanzika faira label yemafaira kutanga nedoti.
    • Iyo Squashfs faira system inoshandisa "threads =" gomo sarudzo, iyo inokutendera iwe kutsanangura nhamba yeshinda kuti ifananidze decompression mashandiro. Squashfs yakaunzawo kugona kumepu maID evashandisi eakakwidzwa faira masisitimu, anoshandiswa kuenzanisa mafaera emumwe mushandisi pane yakamisikidzwa yekunze chikamu nemumwe mushandisi pane yazvino system.
    • Kuitwa kwePOSIX yekuwana control list (POSIX ACLs) yakagadziridzwa zvakare. Kuitwa kutsva uku kunobvisa nyaya dzekuvaka, kunorerutsa kugadzirisa kwecodebase, uye kunounza mamwe akachengeteka data marudzi.
    • Iyo fscrypt subsystem, iyo inoshandiswa kujekesa encryption yemafaira nemadhairekitori, yakawedzera rutsigiro rweSM4 encryption algorithm (Chinese standard GB/T 32907-2016).
    • Iko kugona kuvaka kernel pasina NFSv2 tsigiro yakapihwa (mune ramangwana vanoronga kumira zvachose kutsigira NFSv2).
    • Sangano rekutarisa kodzero dzekuwana kuNVMe zvishandiso rakashandurwa. Inopa kugona kuverenga nekunyora kune NVMe mudziyo kana iyo yekunyora iine mukana kune yakatsaurirwa faira remudziyo (kare maitiro aifanira kuve nemvumo yeCAP_SYS_ADMIN).
    • Yakabvisa CD/DVD package mutyairi, iyo yakabviswa muna 2016.
  • Virtualization uye Chengetedzo
    • Nzira itsva yekudzivirira kubva kuRetbleed vulnerability yakaitwa muIntel ne AMD CPUs, ichishandisa kudzika kwekufona, iyo isinganonoke basa zvakanyanya sekudzivirirwa kwakambovapo kubva kuRetbleed. Kugonesa iyo nyowani modhi, iyo kernel yekuraira mutsara parameter "retbleed = zvinhu" yakatsanangurwa.
    • Yakawedzera hybrid FineIBT yekuraira kuyerera yekudzivirira nzira, kusanganisa kushandiswa kweHardware Intel IBT (Indirect Branch Tracking) mirairo uye software yekudzivirira kCFI (kernel Control Flow Integrity) kuvharira kutyorwa kweyakajairwa kuuraya kurongeka (kuyerera kuyerera) semhedzisiro yekushandiswa. zvezvishandiso zvinoshandura zvibodzwa zvakachengetwa mundangariro pamabasa. FineIBT inobvumira kuurayiwa nekusvetuka kusina kunanga chete munyaya yekusvetukira kune ENDBR rairo, iyo inoiswa pakutanga chaiko kwebasa. Pamusoro pezvo, nekuenzanisa neye kCFI michina, maheshi anozotariswa kuti ave nechokwadi chekusachinja kweanongedza.
    • Yakawedzerwa zvirambidzo kuvharira kurwiswa kunonyengedza chizvarwa che "oops" nyika, mushure mezvo mabasa anonetsa anopedzwa uye nyika inodzoserwa pasina kumisa system. Nenhamba yakakura kwazvo yekufona kune iyo "oops" nyika, referensi counter inofashukira inoitika (refcount), iyo inobvumira kushandiswa kwekusagadzikana kunokonzerwa neNULL pointer dereferences. Kuti udzivirire pakurwiswa kwakadaro, muganho wakawedzerwa kune kernel yehuwandu hwehuwandu hwe "oops" zvinokonzeresa, mushure mekupfuura iyo kernel ichatanga shanduko kune "kuvhunduka" nyika inoteverwa nekutangazve, iyo isingazobvumiri kuwana nhamba yekudzokororwa inodiwa kuti ifashukire iyo refcount. Nekumisikidza, muganho unoiswa kune zviuru gumi "oops", asi kana zvichidikanwa, unogona kuchinjwa kuburikidza neoops_limit parameter.
    • Yakawedzerwa gadziriso parameter LEGACY_TIOCSTI uye sysctl legacy_tiocsti kudzima kugona kuisa data muterminal uchishandisa ioctl TIOCSTI, sezvo mashandiro aya achigona kushandiswa kutsiva mavara anopokana mune terminal yekuisa bhafa uye kutevedzera mushandisi.
    • Rudzi rutsva rwechimiro chemukati, encoded_peji, inokurudzirwa, umo mabhiti ezasi epointer anoshandiswa kuchengetedza rumwe ruzivo rwunoshandiswa kudzivirira kubva netsaona kubviswa kweinongedzo (kana kuregerera kuchidikanwa, aya ekuwedzera mabhiti anofanirwa kucheneswa kutanga) .
    • Papuratifomu yeARM64, padanho rebhutsu, zvinogoneka kugonesa kana kudzima kuisirwa kwesoftware kweShadow Stack mechanism, iyo inoshandiswa kudzivirira kubva pakunyora kero yekudzoka kubva kune basa kana buffer ichifashukira pane stack. iyo yakakosha yekudzivirira ndeyekuchengetedza kero yekudzoka mune yakaparadzana "mumvuri" stack mushure mekutonga kuendeswa kune basa uye kudzoreredza kero yakapihwa isati yabuda basa). Tsigiro yehardware uye software yekushandiswa kweShadow Stack mune imwe kernel musangano inobvumidza iwe kushandisa imwe kernel pane akasiyana maARM masisitimu, zvisinei nerutsigiro rwavo rwemirayiridzo yekusimbisa pointer. Iko kuiswa kwekushandiswa kwesoftware kunoitwa kuburikidza nekutsiviwa kwemirairo inodiwa mukodhi panguva yekurodha.
    • Yakawedzerwa rutsigiro rwekushandisa iyo asynchronous yekubuda yekuzivisa meshini paIntel processors, iyo inobvumira kuona imwe-nhanho kurwiswa pane kodhi yakaitwa muSGX enclaves.
    • Seti yekushanda inokurudzirwa inobvumira iyo hypervisor kutsigira zvikumbiro kubva kuIntel TDX (Trusted Domain Extensions) masisitimu evaenzi.
    • Iyo kernel kuvaka marongero RANDOM_TRUST_BOOTLOADER uye RANDOM_TRUST_CPU abviswa, nekuda kweinoenderana command line sarudzo random.trust_bootloader uye random.trust_cpu.
    • Iyo Landlock michina, iyo inobvumidza iwe kudzikamisa kupindirana kweboka remaitiro nekunze nharaunda, yakawedzera tsigiro yeLANDLOCK_ACCESS_FS_TRUNCATE mureza, izvo zvinoita kuti zvikwanise kudzora kuitiswa kwefaira truncation mashandiro.
  • Network subsystem
    • YeIPv6, tsigiro yePLB (Protective Load Balancing) yakawedzerwa, dhizaini yekuenzanisa mitoro pakati petiweki zvinongedzo zvine chinangwa chekudzikisa mapoinzi ekuremesa pane data data switch. Nekuchinja iyo IPv6 Flow Label, iyo PLB inongochinja nzira dzepaketi kuti ienzanise mutoro pane switch ports. Kuti uderedze kurongekazve kwepakeji, kuvhiya uku kunoitwa mushure menguva yekusashanda pese pazvinogoneka. Kushandiswa kwePLB muGoogle data centers kwakaderedza kusaenzana kwemutoro pazvikepe zvekuchinja neavhareji ye60%, kuderedza kurasikirwa kwepakiti ne33%, uye kuderedza latency ne20%.
    • Akawedzera mutyairi weMediaTek zvishandiso zvinotsigira Wi-Fi 7 (802.11be).
    • Yakawedzera rutsigiro rwe800-gigabit link.
    • Yakawedzera kugona kutumidza zita retiweki interfaces panhunzi, pasina kumira basa.
    • Kutaurwa kwekero yeIP kwakasvika pakiti yakawedzerwa kune meseji yelogi nezve SYN mafashama.
    • Kune UDP, kugona kushandisa matafura ehashi akasiyana enzvimbo dzakasiyana dzetiweki kwaitwa.
    • Pamabhiriji etiweki, tsigiro yeMAB (MAC Authentication Bypass) nzira yechokwadi yaitwa.
    • YeCAN protocol (CAN_RAW), tsigiro yeSO_MARK socket modhi yaitwa yekubatanidza fwmark-based traffic mafirita.
    • ipset inoshandisa itsva bitmask parameter iyo inokutendera kuti uise chifukidzo chinoenderana neabiti bits muIP kero (semuenzaniso, "ipset gadzira set1 hash:ip bitmask 255.128.255.0").
    • Yakawedzerwa rutsigiro rwekugadzirisa misoro yemukati mukati metunneled mapaketi kune nf_tables.
  • Zvigadzirwa
    • Iyo "accel" subsystem yakawedzerwa pamwe nekuitwa kwehurongwa hwemakomputa accelerators, ayo anogona kupihwa angave ari ega ega ASICs kana nenzira yeIP blocks mukati meSoC neGPU. Aya maaccelerator anonyanya kunangwa nekumhanyisa mhinduro yematambudziko ekudzidza muchina.
    • Iyo amdgpu mutyairi inosanganisira rutsigiro rweGC, PSP, SMU uye NBIO IP zvikamu. Kune ma ARM64 masisitimu, rutsigiro rweDCN (Display Core Inotevera) runoitwa. Kuitwa kwechidziviriro chakadzivirirwa kubuda kubva pakushandisa DCN10 kuenda kuDCN21 uye iko zvino kunogona kushandiswa pakubatanidza masikirini akawanda.
    • Iyo i915 (Intel) mutyairi yakatsigisa tsigiro yemakadhi evhidhiyo eIndel Arc (DG2/Alchemist).
    • Mutyairi weNouveau anotsigira NVIDIA GA102 (RTX 30) GPUs zvichienderana neAmpere architecture. Kune nva3 (GT215) makadhi, kugona kudzora backlight kwakawedzerwa.
    • Yakawedzerwa tsigiro yemadhiraivha asina waya yakavakirwa paRealtek 8852CU, 8821BU, 8822CU, 8822DU (USB) uye MediaTek MT8723 machipisi, Broadcom BCM7996/4377/4378 NVIDIA Bluetooth interfaces, pamwe neMotorcomm4387GERS Ethernet uye Ethernet kudzora GET8521.
    • Yakawedzerwa ASoC (ALSA System paChip) inotsigira yakavakirwa-mukati machipisi HP Stream 8, Advantech MICA-071, Dell SKU 0C11, Intel ALC5682I-VD, Xiaomi Redmi Book Pro 14 2022, i.MX93, Armada 38x, RK3588. Yakawedzera rutsigiro rweFocusrite Saffire Pro 40 audio interface. Yakawedzera Realtek RT1318 audio codec.
    • Yakawedzerwa rutsigiro rwemafoni emafoni uye mahwendefa (Xperia 10 IV, 5 IV, X uye X compact, OnePlus One, 3, 3T uye Nord N100, Xiaomi Poco F1 uye Mi6, Huawei Watch, Google Pixel 3a, Samsung Galaxy Tab 4 10.1.
    • Yakawedzerwa rutsigiro rweARM SoC uye Apple T6000 (M1 Pro), T6001 (M1 Max), T6002 (M1 Ultra), Qualcomm MSM8996 Pro (Snapdragon 821), SM6115 (Snapdragon 662), SM4250 (Snapdragon 460), 6375 dhiragoni mapuranga , SDM695 (Snapdragon 670), MSM670 (Snapdragon 8976), MSM652 (Snapdragon 8956), RK650 Odroid-Go/rg3326, Zyxel NSA351S, InnoComm i.MX310MM, Odroid Go Ultra.

Panguva imwecheteyo, iyo Latin America Yemahara Software Foundation yakagadzira vhezheni yemahara zvachose kernel 6.2 - Linux-libre 6.2-gnu, yakacheneswa yezvinhu zve firmware uye madhiraivha ane zvinhu zvemukati kana zvikamu zvekodhi, chiyero chayo chinogumira. mugadziri. Kuburitswa kutsva kunochenesa mabhurobhu matsva mumutyairi weNouveau. Blob kurodha yakaremara mumt7622, ​​mt7996 wifi uye bcm4377 bluetooth driver. Yakacheneswa mazita eblob mu dts mafaera eiyo Aarch64 architecture. Yakagadziridzwa blob yekuchenesa kodhi mune akasiyana madhiraivha uye subsystems. Yakamira kuchenesa s5k4ecgx mutyairi, sezvo yakabviswa kubva kukernel.

Source: opennet.ru

Voeg