ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhululwa kweKernel Linux 6.2

Ukukhululwa kweKernel Linux 6.2

Emva kweenyanga ezimbini zophuhliso, uLinus Torvalds wayikhulula i-kernel. Linux 6.2. Π‘Ρ€Π΅Π΄ΠΈ Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π·Π°ΠΌΠ΅Ρ‚Π½Ρ‹Ρ… ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΉ: Ρ€Π°Π·Ρ€Π΅ΡˆΡ‘Π½ ΠΏΡ€ΠΈΡ‘ΠΌ ΠΊΠΎΠ΄Π° ΠΏΠΎΠ΄ Π»ΠΈΡ†Π΅Π½Π·ΠΈΠ΅ΠΉ Copyleft-Next, ΡƒΠ»ΡƒΡ‡ΡˆΠ΅Π½Π° рСализация RAID5/6 Π² Btrfs, ΠΏΡ€ΠΎΠ΄ΠΎΠ»ΠΆΠ΅Π½Π° интСграция ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠΈ языка Rust, сниТСны Π½Π°ΠΊΠ»Π°Π΄Π½Ρ‹Π΅ расходы ΠΏΡ€ΠΈ Π·Π°Ρ‰ΠΈΡ‚Π΅ ΠΎΡ‚ Π°Ρ‚Π°ΠΊ Retbleed, Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ рСгулирования потрСблСния памяти ΠΏΡ€ΠΈ ΠΎΠ±Ρ€Π°Ρ‚Π½ΠΎΠΉ записи, для TCP Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ балансировки PLB (Protective Load Balancing), Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ Π³ΠΈΠ±Ρ€ΠΈΠ΄Π½Ρ‹ΠΉ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΏΠΎΡ‚ΠΎΠΊΠ° выполнСния ΠΊΠΎΠΌΠ°Π½Π΄ (FineIBT), Π² BPF появилась Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ опрСдСлСния собствСнных ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² ΠΈ структур Π΄Π°Π½Π½Ρ‹Ρ…, Π² состав Π²ΠΊΠ»ΡŽΡ‡Π΅Π½Π° ΡƒΡ‚ΠΈΠ»ΠΈΡ‚Π° rv (Runtime Verification), сниТСно энСргопотрСблСниС Π² Ρ€Π΅Π°Π»ΠΈΠ·Π°Ρ†ΠΈΠΈ Π±Π»ΠΎΠΊΠΈΡ€ΠΎΠ²ΠΎΠΊ RCU.

Inguqulelo entsha ibandakanya ukulungiswa kwe-16843 ukusuka kubaphuhlisi be-2178, ubungakanani be-patch yi-62 MB (utshintsho oluchaphazelekayo lweefayile ze-14108, i-730195 imigca yekhowudi yongezwa, i-409485 imigca yacinywa). Ngokumalunga ne-42% yazo zonke iinguqu ezifakwe kwi-6.2 zihambelana nabaqhubi besixhobo, malunga ne-16% yeenguqu zihambelana nokuhlaziya ikhowudi ethile kwi-architectures ye-hardware, i-12% inxulumene ne-stack yenethiwekhi, i-4% inxulumene neenkqubo zefayile, kunye ne-3% zinxulumene ne-kernel yangaphakathi yendlela esezantsi.

Izinto ezintsha eziphambili kwi-kernel 6.2:

  • Iinkonzo zememori kunye nenkqubo
    • Kuvumelekile ukubandakanya kwikhowudi yekernel kunye notshintsho olubonelelwe phantsi kwelayisensi ye-Copyleft-Elandelayo 0.3.1. Ilayisensi ye-Copyleft-Elandelayo yenziwe ngomnye wababhali be-GPLv3 kwaye ihambelana ngokupheleleyo nelayisensi ye-GPLv2, njengoko ingqinwe ngamagqwetha avela kwi-SUSE kunye ne-Red Hat. Xa kuthelekiswa ne-GPLv2, ilayisenisi ye-Copyleft-Elandelayo ixinene kakhulu kwaye kulula ukuyiqonda (inxalenye yentshayelelo kunye nokukhankanywa kwezinto eziyalelweyo zisusiwe), ichaza ixesha kunye nenkqubo yokuphelisa ulwaphulo-mthetho, kwaye isusa ngokuzenzekelayo iimfuno ze-copyleft zesoftware ephelelwe lixesha. uneminyaka engaphezu kwe-15 ubudala.

      I-Copyleft-Okulandelayo ikwaqulathe igatya lesibonelelo sobuxhakaxhaka bobunini, abathi, ngokungafaniyo ne-GPLv2, yenze le layisensi ihambelane nelayisenisi ye-Apache 2.0. Ukuqinisekisa ukuhambelana okupheleleyo ne-GPLv2, i-Copyleft-Elandelayo ichaza ngokucacileyo ukuba umsebenzi ophuma kwi-derivative unokubonelelwa phantsi kwelayisensi ye-GPL ukongeza kwilayisenisi ye-Copyleft-Elandelayo.

    • Ulwakhiwo lubandakanya "i-rv" eluncedo, ebonelela nge-interface yokusebenzisana ukusuka kwindawo yomsebenzisi kunye nabaphathi be-RV (i-Runtime Verification) yenkqubo ephantsi, eyenzelwe ukujonga ukusebenza okuchanekileyo kwiinkqubo ezinokwethenjelwa kakhulu eziqinisekisa ukungabikho kokungaphumeleli. Uqinisekiso lwenziwa ngexesha lokuqhuba ngokuqhoboshela izibambi kumanqaku okulandelela ajonga eyona nkqubela-phambili yophumezo ngokuchasene nemodeli emiselwe kwangaphambili yereferensi yomatshini echaza indlela yokuziphatha elindelekileyo yesistim.
    • Isixhobo se-zRAM, esivumela ulwahlulo lokutshintsha ukuba lugcinwe kwimemori kwifom ecinezelweyo (isixhobo sebhloko senziwe kwinkumbulo apho ukutshintshwa kwenziwa ngoxinzelelo), sisebenzisa ukukwazi ukupakisha kwakhona amaphepha usebenzisa enye ialgorithm ukufezekisa inqanaba eliphezulu. yoxinzelelo. Umbono ophambili kukubonelela ngokhetho phakathi kwe-algorithms ezininzi (lzo, lzo-rle, lz4, lz4hc, zstd), banikezela ngolungelelwaniso lwabo phakathi kwesantya soxinzelelo/uxinzelelo kunye nenqanaba loxinzelelo, okanye ngokwelona nqanaba liphezulu kwiimeko ezikhethekileyo (umzekelo, ukucinezela okukhulu amaphepha enkumbulo).
    • Yongeza "iommufd" API yokulawula inkqubo yokulawula imemori ye-I / O - IOMMU (I/O Memory-Management Unit) ukusuka kwindawo yomsebenzisi. I-API entsha yenza kube lula ukulawula iitafile zephepha lememori ye-I / O usebenzisa iinkcazo zefayile.
    • I-BPF ibonelela ngesakhono sokwenza iintlobo, uchaze izinto zakho, wakhe owakho ulawulo lwezinto, kwaye udale ngokuguquguqukayo ulwakhiwo lwedatha yakho, njengoluhlu oludityanisiweyo. Kwiiprogram ze-BPF eziya kwimowudi yokulala (BPF_F_SLEEPABLE), inkxaso ye-bpf_rcu_read_{,un}lock() izitshixo yongeziwe. Iphunyeziwe inkxaso yokugcina task_struct izinto. Kongezwe uhlobo lwemephu BPF_MAP_TYPE_CGRP_STORAGE, ibonelela ngogcino lwasekuhlaleni lwamaqela.
    • Для ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΠ° Π±Π»ΠΎΠΊΠΈΡ€ΠΎΠ²ΠΎΠΊ RCU (Read-copy-update) Ρ€Π΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½ ΠΎΠΏΡ†ΠΈΠΎΠ½Π°Π»ΡŒΠ½Ρ‹ΠΉ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ Β«Π»Π΅Π½ΠΈΠ²Ρ‹Ρ…Β» callback-Π²Ρ‹Π·ΠΎΠ²ΠΎΠ², Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΌ ΠΏΠΎ Ρ‚Π°ΠΉΠΌΠ΅Ρ€Ρƒ Π² ΠΏΠ°ΠΊΠ΅Ρ‚Π½ΠΎΠΌ Ρ€Π΅ΠΆΠΈΠΌΠ΅ Ρ€Π°Π·ΠΎΠΌ обрабатываСтся нСсколько callback-Π²Ρ‹Π·ΠΎΠ²ΠΎΠ². ΠŸΡ€ΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Π½ΠΎΠΉ ΠΎΠΏΡ‚ΠΈΠΌΠΈΠ·Π°Ρ†ΠΈΠΈ позволяСт Π½Π° 5-10% ΡΠ½ΠΈΠ·ΠΈΡ‚ΡŒ энСгропотрСблСниС Π½Π° устройствах Android ΠΈ ChromeOS Π·Π° счёт откладывания RCU-запросов Π²ΠΎ врСмя простоя ΠΈΠ»ΠΈ Π½ΠΈΠ·ΠΊΠΎΠΉ Π½Π°Π³Ρ€ΡƒΠ·ΠΊΠΈ Π½Π° систСму.
    • Yongezwa i-sysctl split_lock_mitigate ukulawula indlela inkqubo esabela ngayo xa ibona ukutshixa okuqhekekayo okwenzekayo xa ufikelela kwidatha engalungelelanisiweyo kwimemori ngenxa yedatha ewela imigca emibini ye-cache ye-CPU xa uqhuba umyalelo we-athomu. Izithintelo ezinjalo zikhokelela ekunciphiseni okukhulu ekusebenzeni. Ukucwangcisa u-split_lock_mitigate ukuya ku-0 kuphela kukhupha isilumkiso sokuba kukho ingxaki, ngelixa ukusetha u-split_lock_mitigate ukuya ku-1 kubangela inkqubo ebangele ukuba i-lock icothiswe ukugcina ukusebenza kwayo yonke inkqubo.
    • Uzalisekiso olutsha lwe-qspinlock lucetyiwe kuyilo lwePowerPC, olubonisa ukusebenza okuphezulu kunye nokusombulula ezinye iingxaki zokutshixa ezivela kwiimeko ezizodwa.
    • I-MSI (Isiphazamiso esiSayineyo soMyalezo) ikhowudi yokuphatha ephazamisayo iye yaphinda yasetyenziswa, isusa iingxaki eziqokelelweyo zezakhiwo kunye nokongeza inkxaso yokubophelela abaphathi ngabanye kwizixhobo ezahlukeneyo.
    • Kwiinkqubo ezisekelwe kwi-LoongArch imiyalelo yokubeka i-architecture esetyenziswe kwi-Loongson 3 5000 processors kunye nokuphumeza i-RISC ISA entsha, efana ne-MIPS kunye ne-RISC-V, ukuxhaswa kwe-ftrace, ukukhuselwa kwe-stack, ukulala kunye neendlela zokulinda ziphunyeziwe.
    • Ukukwazi ukwabela amagama kwiindawo zememori engaziwayo ekwabelwanayo kuyo kunikezelwe (ngaphambili amagama ebenokwabelwa kuphela imemori yabucala engaziwa eyabelwe inkqubo ethile).
    • Kongezwe ipharamitha yomgca womyalelo wekernel entsha β€œtrace_trigger”, eyilelwe ukuvula umkhondo osetyenziselwa ukubophelela imiyalelo enemiqathango ebizwa xa kusenziwa uqwalaselo lolawulo (umzekelo, trace_trigger=”sched_switch.stacktrace ukuba prev_state == 2β€³).
    • Iimfuno zenguqulelo yephakheji ye-binutils zandisiwe. Ukwakha i-kernel ngoku kufuna ubuncinci be-binutils 2.25.
    • Xa ufowunela u-exec(), ukukwazi ukubeka inkqubo kwindawo yegama, apho ixesha lahlukile kwixesha lenkqubo, yongezwe.
    • Начался пСрСнос ΠΈΠ· Π²Π΅Ρ‚ΠΊΠΈ Rust-for-Linux Π΄ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎΠΉ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΎΠ½Π°Π»ΡŒΠ½ΠΎΡΡ‚ΠΈ, связанной с использованиСм языка Rust Π² качСствС Π²Ρ‚ΠΎΡ€ΠΎΠ³ΠΎ языка для Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠΈ Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€ΠΎΠ² ΠΈ ΠΌΠΎΠ΄ΡƒΠ»Π΅ΠΉ ядра. ΠŸΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Rust Π½Π΅Π°ΠΊΡ‚ΠΈΠ²Π½Π° ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ ΠΈ Π½Π΅ ΠΏΡ€ΠΈΠ²ΠΎΠ΄ΠΈΡ‚ ΠΊ Π²ΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΡŽ Rust Π² число ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½Ρ‹Ρ… сборочных зависимостСй ΠΊ ядру. ΠŸΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Π½Π°Ρ Π² ΠΏΡ€ΠΎΡˆΠ»ΠΎΠΌ выпускС базовая Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΎΠ½Π°Π»ΡŒΠ½ΠΎΡΡ‚ΡŒ Ρ€Π°ΡΡˆΠΈΡ€Π΅Π½Π° возмоТностями для ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΈ Π½ΠΈΠ·ΠΊΠΎΡƒΡ€ΠΎΠ²Π½Π΅Π²ΠΎΠ³ΠΎ ΠΊΠΎΠ΄Π°, Ρ‚Π°ΠΊΠΈΡ… ΠΊΠ°ΠΊ Ρ‚ΠΈΠΏ Vec ΠΈ макросы pr_debug!(), pr_cont!() ΠΈ pr_alert!(), Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΏΡ€ΠΎΡ†Π΅Π΄ΡƒΡ€Π½Ρ‹ΠΉ макрос Β«#[vtable]Β», ΡƒΠΏΡ€ΠΎΡ‰Π°ΡŽΡ‰ΠΈΠΉ Ρ€Π°Π±ΠΎΡ‚Ρƒ с Ρ‚Π°Π±Π»ΠΈΡ†Π°ΠΌΠΈ ΡƒΠΊΠ°Π·Π°Ρ‚Π΅Π»Π΅ΠΉ Π½Π° Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ. Π”ΠΎΠ±Π°Π²Π»Π΅Π½ΠΈΠ΅ высокоуровнСвых Rust-обвязок Π½Π°Π΄ подсистСмами ядра, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Π΅ позволят ΡΠΎΠ·Π΄Π°Π²Π°Ρ‚ΡŒ ΠΏΠΎΠ»Π½ΠΎΡ†Π΅Π½Π½Ρ‹Π΅ Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Ρ‹ Π½Π° Rust, оТидаСтся Π² ΡΠ»Π΅Π΄ΡƒΡŽΡ‰ΠΈΡ… выпусках.
    • Uhlobo lwe "char" olusetyenziswe kwikernel ngoku lubhengezwe ukuba alusayinwanga ngokwendalo kulo lonke ulwakhiwo.
    • Indlela yokwabiwa kwememori ye-slab - i-SLOB (i-slab allocator), eyenzelwe iinkqubo ezinomlinganiselo omncinci wememori, ibhengezwe ukuba iphelelwe lixesha. Esikhundleni se-SLOB, phantsi kweemeko eziqhelekileyo kuyacetyiswa ukuba usebenzise i-SLUB okanye i-SLAB. Kwiinkqubo ezinememori encinci, kuyacetyiswa ukuba usebenzise i-SLUB kwimo ye-SLUB_TINY.
  • Inkqubo engaphantsi kweDisk, I/O kunye neeNkqubo zeFayile
    • Uphuculo lwenziwe kwi-Btrfs ejoliswe ekulungiseni ingxaki "yokubhala" kwi-RAID 5 / 6 ukuphunyezwa (inzame yokubuyisela i-RAID ukuba ukuphazamiseka kwenzeka ngexesha lokubhala kwaye akunakwenzeka ukuqonda ukuba yiyiphi ibhloko apho i-RAID ibhalwe ngokuchanekileyo, enokukhokelela ekutshatyalalisweni kwebhloko, ehambelana neebhloko ezibhalwe phantsi). Ukongeza, ii-SSD ngoku zenzekela ngokuzenzekelayo ukusebenza kokulahla okungahambelaniyo ngokungagqibekanga xa kunokwenzeka, ukuvumela ukuphuculwa komsebenzi ngenxa yokwahlulahlula ngokufanelekileyo imisebenzi yokulahla kwimigca kunye nokuqhutyelwa komgca ngumqhubekekisi ongasemva. Ukusebenza okuphuculweyo kokuthumela kunye nokusebenza kwe-lseek, kunye neFIEMAP ioctl.
    • Izakhono zokulawula ukubhala okumisiweyo (i-writeback, ukugcinwa kwemvelaphi yedatha etshintshileyo) kwizixhobo zebhloko zandisiwe. Kwezinye iimeko, njengaxa usebenzisa izixhobo zebhlokhi yenethiwekhi okanye ii-USB drives, ukubhala okuvila kunokubangela ukusetyenziswa kwe-RAM enkulu. Ukuze ulawule ukuziphatha kwevila ubhala kwaye ugcine ubungakanani bekhasi le-cache ngaphakathi kwemida ethile, iiparameters ezintsha ezingqongqo, i-min_bytes, max_bytes, min_ratio_fine kunye ne-max_ratio_fine ziye zaziswa kwi-sysfs (/sys/class/bdi/).
    • Inkqubo yefayile ye-F2FS isebenzisa i-atomic esikhundleni se-ioctl yokusebenza, ekuvumela ukuba ubhale idatha kwifayile ngaphakathi komsebenzi omnye we-athomu. I-F2FS yongeza i-cache yobungakanani bebhloko ukunceda ukuchonga idatha esetyenziswa ngokusebenzayo okanye idatha engakhange ifikelelwe ixesha elide.
    • Kwi-ext4 FS kuphela izilungiso zeempazamo eziqatshelweyo.
    • Π’ Ρ„Π°ΠΉΠ»ΠΎΠ²ΠΎΠΉ систСмС ntfs3 ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½ΠΎ нСсколько Π½ΠΎΠ²Ρ‹Ρ… ΠΎΠΏΡ†ΠΈΠΉ монтирования: Β«nocaseΒ» для управлСния ΡƒΡ‡Ρ‘Ρ‚ΠΎΠΌ рСгистра символов Π² ΠΈΠΌΠ΅Π½Π°Ρ… Ρ„Π°ΠΉΠ»ΠΎΠ² ΠΈ Π΄ΠΈΡ€Π΅ΠΊΡ‚ΠΎΡ€ΠΈΠΉ; windows_name для Π·Π°ΠΏΡ€Π΅Ρ‚Π° создания ΠΈΠΌΡ‘Π½ Ρ„Π°ΠΉΠ»ΠΎΠ², содСрТащих символы, нСдопустимыС для ОБ Windows; hide_dot_files для управлСния Π½Π°Π·Π½Π°Ρ‡Π΅Π½ΠΈΠ΅ΠΌ ΠΌΠ΅Ρ‚ΠΊΠΈ скрытых Ρ„Π°ΠΉΠ»ΠΎΠ² для Ρ„Π°ΠΉΠ»ΠΎΠ², Π½Π°Ρ‡ΠΈΠ½Π°ΡŽΡ‰ΠΈΡ…ΡΡ Π½Π° Ρ‚ΠΎΡ‡ΠΊΡƒ.
    • Inkqubo yefayile ye-Squashfs isebenzisa "imisonto=" ukhetho lokunyuka, elikuvumela ukuba uchaze inani lemisonto ukufanisa imisebenzi yoxinzelelo. I-squashfs yazisa kwakhona ukukwazi ukwenza imephu ye-ID yomsebenzisi kwiinkqubo zefayile ezinyusiweyo, ezisetyenziselwa ukufanisa iifayile zomsebenzisi othile kwisahlulo sangaphandle esinyusiweyo kunye nomnye umsebenzisi kwinkqubo yangoku.
    • Ukuphunyezwa koluhlu lolawulo lofikelelo lwePOSIX (POSIX ACLs) luphinde lwasetyenziswa. Ukuphunyezwa okutsha kuphelisa imiba yoyilo, kwenza lula ukugcinwa kwekhowudi, kwaye kuzisa iindidi zedatha ezikhuselekileyo.
    • I-subsystem ye-fscrypt, esetyenziselwa uguqulelo olucacileyo lweefayile kunye nezalathisi, yongeze inkxaso ye-SM4 encryption algorithm (i-Chinese standard GB / T 32907-2016).
    • Ikhono lokwakha i-kernel ngaphandle kwenkxaso ye-NFSv2 inikezelwe (kwixesha elizayo baceba ukuyeka ngokupheleleyo ukuxhasa i-NFSv2).
    • Umbutho wokujonga amalungelo okufikelela kwizixhobo zeNVMe utshintshiwe. Inika amandla okufunda nokubhala kwisixhobo seNVMe ukuba inkqubo yokubhala inokufikelela kwifayile enikezelweyo yesixhobo (ngaphambili inkqubo kwakufuneka ibenemvume yeCAP_SYS_ADMIN).
    • Kususwe umqhubi wephakheji we-CD/DVD, eyayekiswa ukusebenza ngo-2016.
  • Ukwenziwa kweVirtual kunye noKhuseleko
    • Indlela entsha yokukhusela kwi-Retbleed vulnerability iphunyeziwe kwi-Intel kunye ne-AMD CPUs, kusetyenziswa ukulandelela ubunzulu befowuni, okungacothiyo umsebenzi njengokhuseleko olukhoyo ngaphambili kwi-Retbleed. Ukwenza imo entsha isebenze, iparameter yomyalelo wekernel "retbleed=stuff" iye yacetywa.
    • Kongezwe i-hybrid FineIBT yokukhusela umyalelo wokuhamba kwendlela yokukhusela, ukudibanisa ukusetyenziswa kwe-hardware ye-Intel IBT (i-Indirect Branch Tracking) imiyalelo kunye nokukhusela isofthiwe ye-kCFI (i-kernel Control Flow Integrity) ukuvala ukuphulwa komyalelo wesiqhelo wophumezo (ulawulo lokuhamba) njengesiphumo sokusetyenziswa. yezenzo eziguqula izikhombisi ezigcinwe kwinkumbulo kwimisebenzi. I-FineIBT ivumela ukuphunyezwa ngokutsiba okungathanga ngqo kuphela kwimeko yokutsiba ukuya kumyalelo we-ENDBR, obekwe ekuqaleni komsebenzi. Ukongeza, ngothelekiso kunye nomatshini we-kCFI, iihashes ziye zikhangelwe ukuqinisekisa ukungaguquki kwezikhombisi.
    • Izithintelo ezongeziweyo ukuthintela ukuhlaselwa okuxhaphaza isizukulwana se "oops" ithi, emva kokuba imisebenzi eyingxaki igqitywe kwaye urhulumente ubuyiselwe ngaphandle kokumisa inkqubo. Ngenani elikhulu kakhulu leefowuni eziya kwimeko ye-"oops", i-counter counterflow overflow iyenzeka (i-refcount), evumela ukusetyenziswa kobuthathaka okubangelwa yi-NULL pointer dereferences. Ukukhusela uhlaselo olunjalo, umda wongezwe kwi-kernel kwinani eliphezulu lezinto ezibangela "oops", emva kokudlula apho i-kernel iya kuqalisa ukutshintshela kwi-"panic" state elandelwa yi-reboot, engayi kuvumela ukufezekisa. inani lophindaphindo olufunekayo ukuze kuphuphume ubalo kwakhona. Ngokungagqibekanga, umda umiselwe kwi-10 lamawaka "oops", kodwa ukuba unqwenela, unokutshintshwa nge-oops_limit parameter.
    • Iparamitha yoqwalaselo eyongeziweyo LEGACY_TIOCSTI kunye ne-sysctl legacy_tiocsti ukukhubaza ukukwazi ukubeka idatha kwi-terminal usebenzisa ioctl TIOCSTI, ekubeni lo msebenzi unokusetyenziselwa ukufaka endaweni yoonobumba abangenasizathu kwi-terminal igalelo buffer kunye nokulinganisa igalelo lomsebenzisi.
    • Uhlobo olutsha lwesakhiwo sangaphakathi, i-encoded_page, iyandululwa, apho amasuntswana asezantsi esalathisi asetyenziselwa ukugcina ulwazi olongezelelweyo olusetyenziselwa ukukhusela ngokuchasene nempazamo yesalathiso (ukuba isalathisi siyafuneka ngokwenene, la masuntswana ongezelelweyo kufuneka acocwe kuqala) .
    • Kwiqonga le-ARM64, kwinqanaba le-boot, kuyenzeka ukuba wenze okanye ukhubaze ukuphunyezwa kwesoftware ye-Shadow Stack mechanism, esetyenziselwa ukukhusela ekubhaleni ngaphezulu idilesi yokubuyisela emsebenzini xa kukho ukuphuphuma kwebuffer kwisitaki ( ingundoqo yokukhusela kukugcina idilesi yokubuyisela kwi-stack "isithunzi" esahlukileyo emva kokuba ulawulo ludluliselwe kumsebenzi kunye nokubuyisela idilesi enikeziweyo ngaphambi kokuphuma emsebenzini). Inkxaso ye-hardware kunye nokuphunyezwa kwesoftware ye-Shadow Stack kwindibano yekernel enye ikuvumela ukuba usebenzise i-kernel enye kwiinkqubo ezahlukeneyo ze-ARM, kungakhathaliseki ukuba yinkxaso yabo kwimiyalelo yokuqinisekisa isalathisi. Ukufakwa kokuphunyezwa kwesoftware kuqhutyelwa ngokufakela indawo yemiyalelo efunekayo kwikhowudi ngexesha lokulayisha.
    • Inkxaso eyongeziweyo yokusebenzisa indlela yesaziso sokuphuma engavumelaniyo kwiiprosesa ze-Intel, ezivumela ukukhangela uhlaselo lwenyathelo elinye kwikhowudi eyenziwe kwii-SGX enclaves.
    • Iseti yemisebenzi icetywayo evumela i-hypervisor ukuba ixhase izicelo ezivela kwi-Intel TDX (i-Trusted Domain Extensions) iinkqubo zeendwendwe.
    • Isetingi yokwakha i-kernel RANDOM_TRUST_BOOTLOADER kunye ne-RANDOM_TRUST_CPU zisusiwe, ngokuthanda umgca womyalelo ohambelanayo iinketho random.trust_bootloader kunye random.trust_cpu.
    • I-Landlock mechanism, ekuvumela ukuba unciphise intsebenziswano yeqela leenkqubo kunye nokusingqongileyo kwangaphandle, yongeze inkxaso ye-LANDLOCK_ACCESS_FS_TRUNCATE iflegi, eyenza kube lula ukulawula ukuphunyezwa kwemisebenzi yokunqunyulwa kweefayile.
  • Inkqubo engaphantsi yothungelwano
    • Kwi-IPv6, inkxaso ye-PLB (i-Protective Load Balancing) yongezwe, indlela yokulinganisa umthwalo phakathi kwamakhonkco enethiwekhi ejoliswe ekunciphiseni amanqaku okulayisha ngaphezulu kwiiswitshi zamaziko edatha. Ngokutshintsha i-IPv6 Flow Label, i-PLB itshintsha ngokungenamkhethe iindlela zepakethe ukulinganisa umthwalo kwii-switch port. Ukunciphisa ukucwangcisa kwakhona ipakethi, lo msebenzi wenziwa emva kwamaxesha okungasebenzi xa kunokwenzeka. Ukusetyenziswa kwe-PLB kumaziko edatha ye-Google kuye kwanciphisa ukungalingani komthwalo kwii-ports zokutshintsha ngomyinge we-60%, ukunciphisa ukulahleka kwepakethi nge-33%, kunye nokunciphisa i-latency nge-20%.
    • Umqhubi wongeziweyo wezixhobo zeMediaTek ezixhasa i-Wi-Fi 7 (802.11be).
    • Inkxaso eyongeziweyo ye-800-gigabit links.
    • Yongezwe ukukwazi ukuthiya ngokutsha ujongano lwenethiwekhi kubhabho, ngaphandle kokumisa umsebenzi.
    • Ukukhankanywa kwedilesi ye-IP apho ipakethe ifike yongezwe kwimiyalezo yelog malunga nokhukhula lweSYN.
    • Kwi-UDP, ukukwazi ukusebenzisa iitafile ze-hash ezahlukileyo kwiindawo zamagama ezahlukeneyo zothungelwano ziphunyeziwe.
    • Kwiibhulorho zenethiwekhi, inkxaso ye-MAB (i-MAC Authentication Bypass) indlela yokuqinisekisa iphunyeziwe.
    • Kwiprotocol ye-CAN (CAN_RAW), inkxaso ye-SO_MARK yemowudi yesokethi iphunyeziwe ukuze kufakwe izihluzo zetrafikhi ezisekelwe kwi-fwmark.
    • ipset iphumeza i parameter entsha ye bitmask ekuvumela ukuba usete imaski esekwe kumasuntswana angenasizathu kwidilesi ye IP (umzekelo, "ipset create set1 hash:ip bitmask 255.128.255.0").
    • Inkxaso eyongeziweyo yokusetyenzwa kweeheader zangaphakathi ngaphakathi kweepakethi ezichotshelwe kwi-nf_tables.
  • Izixhobo
    • Inkqubo engaphantsi kwe-"accel" yongezwa kunye nokuphunyezwa kwesakhelo se-accelerators ye-computational, enokuthi ibonelelwe mhlawumbi ngendlela ye-ASICs nganye okanye ngendlela yeebhloko ze-IP ngaphakathi kwe-SoC kunye ne-GPU. Ezi zikhawulezayo zijolise ikakhulu ekukhawuleziseni isisombululo seengxaki zokufunda koomatshini.
    • Umqhubi we-amdgpu uquka inkxaso ye-GC, i-PSP, i-SMU kunye ne-NBIO IP components. Kwiinkqubo ze-ARM64, inkxaso ye-DCN (Display Core Next) iphunyeziwe. Ukuphunyezwa kwemveliso yesikrini ekhuselweyo isusiwe ekusebenziseni i-DCN10 ukuya kwi-DCN21 kwaye ngoku ingasetyenziselwa xa udibanisa izikrini ezininzi.
    • Umqhubi we-i915 (Intel) uzinzile ukuxhaswa kwamakhadi evidiyo e-Intel Arc (DG2 / Alchemist) ecacileyo.
    • Umqhubi weNouveau uxhasa i-NVIDIA GA102 (RTX 30) GPUs esekwe kuyilo lweAmpere. Kumakhadi e-nva3 (GT215), ukukwazi ukulawula ukukhanya kwasemva kongeziwe.
    • Inkxaso eyongeziweyo yeeadaptha ezingenazingcingo ezisekelwe kwi-Realtek 8852CU, 8821BU, 8822CU, 8822DU (USB) kunye ne-MediaTek MT8723 chips, i-Broadcom BCM7996/4377/4378 i-Bluetooth interfaces, kunye ne-Motorcomm Ethernet i-Ethernet GERS4387YT
    • I-ASoC eyongeziweyo (i-ALSA System kwi-Chip) inkxaso yeetshiphusi ezakhelwe ngaphakathi HP Stream 8, Advantech MICA-071, Dell SKU 0C11, Intel ALC5682I-VD, Xiaomi Redmi Book Pro 14 2022, i.MX93, Armada 38x, RK3588. Inkxaso eyongeziweyo ye-Focusrite Saffire Pro ye-audio interface ye-40. Yongezwe i-codec yomsindo ye-Realtek RT1318.
    • Inkxaso eyongeziweyo yee-smartphones ze-Sony kunye neetafile (i-Xperia 10 IV, i-5 IV, i-X kunye ne-X compact, i-OnePlus One, i-3, i-3T kunye ne-Nord N100, i-Xiaomi Poco F1 kunye ne-Mi6, i-Huawei Watch, i-Google Pixel 3a, i-Samsung Galaxy Tab 4 10.1.
    • Inkxaso eyongeziweyo ye-ARM SoC kunye ne-Apple T6000 (M1 Pro), T6001 (M1 Max), T6002 (M1 Ultra), i-Qualcomm MSM8996 Pro (Snapdragon 821), SM6115 (Snapdragon 662), SM4250 (Snapdragon 460), 6375 snapdragon 695 iibhodi , SDM670 (Snapdragon 670), MSM8976 (Snapdragon 652), MSM8956 (Snapdragon 650), RK3326 Odroid-Go/rg351, Zyxel NSA310S, InnoComm i.MX8MM, Odroid Go Ultra.

Kwangaxeshanye, iLatin American Free Software Foundation yenze inguqulelo ye-kernel 6.2 yasimahla ngokupheleleyo - Linux-libre 6.2-gnu, ΠΎΡ‡ΠΈΡ‰Π΅Π½Π½ΠΎΠ³ΠΎ ΠΎΡ‚ элСмСнтов ΠΏΡ€ΠΎΡˆΠΈΠ²ΠΎΠΊ ΠΈ Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€ΠΎΠ², содСрТащих нСсвободныС ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚Ρ‹ ΠΈΠ»ΠΈ участки ΠΊΠΎΠ΄Π°, ΠΎΠ±Π»Π°ΡΡ‚ΡŒ примСнСния ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½Π° ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡ‚Π΅Π»Π΅ΠΌ. Π’ Π½ΠΎΠ²ΠΎΠΌ выпускС ΠΏΡ€ΠΎΠ²Π΅Π΄Π΅Π½Π° чистка Π½ΠΎΠ²Ρ‹Ρ… Π±Π»ΠΎΠ±ΠΎΠ² Π² Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Π΅ nouveau. ΠžΡ‚ΠΊΠ»ΡŽΡ‡Π΅Π½Π° Π·Π°Π³Ρ€ΡƒΠ·ΠΊΠ° Π±Π»ΠΎΠ±ΠΎΠ² Π² Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Π°Ρ… mt7622, mt7996 wifi ΠΈ bcm4377 bluetooth. ΠŸΡ€ΠΎΠ²Π΅Π΄Π΅Π½Π° чистка ΠΈΠΌΡ‘Π½ Π±Π»ΠΎΠ±ΠΎΠ² Π² dts-Ρ„Π°ΠΉΠ»Π°Ρ… для Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Ρ‹ Aarch64. ΠžΠ±Π½ΠΎΠ²Π»Ρ‘Π½ ΠΊΠΎΠ΄ чистки Π±Π»ΠΎΠ±ΠΎΠ² Π² Ρ€Π°Π·Π»ΠΈΡ‡Π½Ρ‹Ρ… Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Π°Ρ… ΠΈ подсистСмах. ΠŸΡ€Π΅ΠΊΡ€Π°Ρ‰Π΅Π½Π° чистка Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Π° s5k4ecgx, Ρ‚Π°ΠΊ ΠΊΠ°ΠΊ ΠΎΠ½ Π±Ρ‹Π» ΡƒΠ΄Π°Π»Ρ‘Π½ ΠΈΠ· ядра.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster