Emva kweenyanga ezisibhozo zophuhliso
Isitshixo
- Inkxaso eyongeziweyo yemodeli yesixhobo esitsha
Linux stubdomain , ekuvumela ukuba uququzelele uphumezo phantsi komsebenzisi owahlukileyo ongenalungelo, ukwahlula amacandelo okulinganisa isixhobo kwi-Dom0. Ngaphambili, kwimowudi ye-stubdomain, kuphela imodeli yesixhobo "i-qemu-traditional" yayinokusetyenziswa, nto leyo eyayinciphisa uluhlu lwezixhobo ezilinganisiweyo. Imodeli entshaLinux stubomains yaphuhliswa yiprojekthi ye-QUBES OS kwaye ixhasa ukusetyenziswa kwabaqhubi bokulinganisa ukusuka kowona kukhutshwa kutshanje kwe-QEMU, kunye nezakhono zeendwendwe ezinxulumeneyo ezikhoyo kwi-QEMU. - Kwiinkqubo ezinenkxaso ye-Intel EPT, inkxaso yokudala amasebe alula (iifolokhwe) zoomatshini benyani ziphunyezwa ukukhangela ngokukhawuleza, umzekelo, ukuhlalutya i-malware okanye ukuvavanywa kwe-fuzzing. Ezi folokhwe zisebenzisa ukwabelana ngememori kwaye azenzi imodeli yesixhobo.
- Inkqubo ye-patch ephilayo yongezwe kwikhonkco kwii-identifiers zendibano ye-hypervisor kwaye ithathele ingqalelo indlela apho iipatches zisetyenziselwa ukuthintela ukufakwa kwindibano engafanelekanga okanye ngendlela engafanelekanga.
- Inkxaso eyongeziweyo ye-CET (i-Intel Control-flow Enforcement Technology) ulwandiso lokukhusela ngokuchasene nezenzo ezakhiwe kusetyenziswa iinkqubo ezijoliswe ekubuyiseleni (i-ROP, i-Return-Oriented Programming) ubuchule.
- Yongezwe i-CONFIG_PV32 ukuseta ukukhubaza inkxaso ye-hypervisor yeendwendwe ze-32-bit paravirtualized (PV) ngelixa ugcina inkxaso ye-64-bit.
- Inkxaso eyongeziweyo ye-Hypervisor FS, i-pseudo-FS kwisitayile se-sysfs yokufikelela okucwangcisiweyo kwidatha yangaphakathi kunye nezicwangciso ze-hypervisor, ezingadingi ii-logs okanye ukubhala ii-hypercalls.
- Kuyenzeka ukuba usebenzise iXen njengenkqubo yeendwendwe eqhuba iHyper-V hypervisor esetyenziswa kwiqonga lelifu leMicrosoft Azure. Ukubaleka i-Xen ngaphakathi kwe-Hyper-V kukuvumela ukuba usebenzise isitakhi esiqhelekileyo sokubonwa kwindawo yelifu ye-Azure kwaye yenza kube lula ukuhambisa oomatshini abakhoyo phakathi kweenkqubo ezahlukeneyo zamafu.
- Kongezwe ukukwazi ukuvelisa i-ID yesistim yeendwendwe (eyangaphambili ii-ID zenziwa ngokulandelelana). Izichongi nazo ngoku zingaqhubeleka phakathi kogcino lwelizwe le-VM, ukubuyisela, kunye nemisebenzi yokufuduka.
- Ukuveliswa ngokuzenzekela kwezibophelelo kulwimi lwesiGo olusekwe kwizakhiwo ze-libxl kunikezelwe.
- Kuba Windows 7, 8.x kunye ne-10, inkxaso ye-KDD yongezwe, into eluncedo yokusebenzisana ne-WinDbg debugger (i-Windows Debugger), ekuvumela ukuba ulungise iimeko-bume ze-Windows ngaphandle kokwenza ulungiso lweempazamo kwi-OS yeendwendwe.
- Inkxaso eyongeziweyo kuzo zonke iibhodi zeRaspberry Pi 4 ezahlukeneyo ezithunyelwa nge-4GB kunye ne-8GB RAM.
- Inkxaso eyongeziweyo ye-AMD EPYC iprosesa enekhowudi ebizwa ngokuthi "Milan".
- Ukuphuculwa kokusebenza kokubonwa kwendlwane, okuqhuba i-Xen ngaphakathi kwe-Xen- okanye iindwendwe eziseViridian.
- Kwimo yokulinganisa, inkxaso ye-AVX512_BF16 imiyalelo iphunyeziwe.
- Indibano ye-hypervisor itshintshelwe ekusebenziseni i-Kbuild.
umthombo: opennet.ru