I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > I-Oracle ikhipha i-Unbreakable Enterprise Kernel 6

I-Oracle ikhipha i-Unbreakable Enterprise Kernel 6

Inkampani ye-Oracle kwethulwe ukukhululwa kokuqala okuzinzile I-Enterprise Kernel engaqhekeki 6 (UEK R6), ukwakhiwa okunwetshiwe kwe-Linux kernel emakethe ukuze isetshenziswe ekusabalaliseni i-Oracle Linux njengenye indlela yephakheji yesitoko esivela kuRed Hat Enterprise Linux. I-kernel itholakala kuphela kuma-architecture we-x86_64 kanye ne-ARM64 (aarch64). Ikhodi yomthombo ye-kernel, okuhlanganisa ukuhlukaniswa kweziqephu ngazinye, eshicilelwe endaweni yokugcina ye-Oracle Git yomphakathi.

I-Unbreakable Enterprise Kernel 6 isekelwe ku-kernel Linux 5.4 (I-UEK R5 ibisekelwe ku-4.14 kernel), ebuyekezwa ngezici ezintsha, ukuthuthukiswa, nokulungiswa, futhi ihlolelwe ukuhambisana nezinhlelo zokusebenza eziningi ezisebenza ku-RHEL, futhi iye yathuthukiswa ngokukhethekile ukuze isebenze nesofthiwe yezimboni ye-Oracle kanye nehadiwe. Ukufakwa kwe-UEK R6 kernel kanye namaphakheji we-src alungiselelwe i-Oracle Linux 7.x ΠΈ 8.x. Ukusekelwa kwegatsha le-6.x kunqanyuliwe, ukuze usebenzise i-UEK R6, kufanele uthuthukise isistimu ibe yi-Oracle Linux 7 (azikho izithiyo ekusebenziseni le kernel kuzinguqulo ezifanayo ze-RHEL, i-CentOS ne-Scientific Linux).

Ukhiye emisha I-Unbreakable Enterprise Kernel 6:

  • Usekelo olunwetshiwe lwamasistimu olususelwe ku-architecture ye-ARM engu-64-bit (aarch64).
  • Ukwesekwa okusetshenzisiwe kuzo zonke izici ze-Cgroup v2.
  • Uhlaka lwe-ktask lusetshenziswe ukufanisa imisebenzi ku-kernel edla izinsiza ezibalulekile ze-CPU. Isibonelo, ngosizo lwe-ktask, ukufana kwemisebenzi yokusula ububanzi bekhasi lememori noma ukucubungula uhlu lwama-inode kungahlelwa;
  • Inguqulo ehambisanayo ye-kswapd ifakiwe ukuze kucutshungulwe ukushintshwa kwekhasi ngokuhambisanayo, kunciphisa inani lokushintshwa okuqondile (okuvumelanayo). Uma inani lamakhasi ememori yamahhala lincipha, i-kswapd ihlola amakhasi angasetshenzisiwe angakhululwa.
  • Ukusekelwa kokuqinisekisa ubuqotho besithombe se-kernel kanye ne-firmware esayinwe ngedijithali lapho kulayishwa i-kernel kusetshenziswa indlela ye-Kexec (ilayisha i-kernel ohlelweni oseluvele lulayishiwe).
  • Ukusebenza kwesistimu yokulawula inkumbulo ye-virtual kuye kwathuthukiswa, ukusebenza kahle kokusula inkumbulo namakhasi e-cache kuye kwathuthukiswa, futhi ukucutshungulwa kokufinyelela kumakhasi ememori angabelwe (amaphutha ekhasi) kuye kwathuthukiswa.
  • Ukusekelwa kwe-NVDIMM kunwetshiwe, inkumbulo eshiwo unomphela manje ingasetshenziswa njenge-RAM evamile.
  • Ukushintshela kusistimu yokulungisa iphutha ye-DTrace 2.0 yenziwe, okuyinto dlulisiwe ukusebenzisa i-eBPF kernel subsystem. I-DTrace manje isebenza phezu kwe-eBPF, ngokufanayo nendlela amathuluzi okulandelela e-Linux akhona asebenza ngayo phezu kwe-eBPF.
  • Ukuthuthukiswa kwesistimu yefayela ye-OCFS2 (Oracle Cluster File System) kwenziwe.
  • Usekelo oluthuthukisiwe lwesistimu yefayela ye-Btrfs. Kwengezwe amandla okusebenzisa ama-Btrfs kuma-root partitions. Inketho yengeziwe kusifaki ukuze ukhethe ama-Btrfs lapho ufometha amadivayisi. Kwengezwe ikhono lokubeka amafayela wokupheja kuma-partitions nama-Btrfs. I-Btrfs yengeza ukusekelwa kokucindezelwa kusetshenziswa i-algorithm ye-ZStandard.
  • Ukwesekwa okungeziwe kwesixhumi esibonakalayo se-asynchronous I/O - io_uring, ephawuleka ngokusekela ukuvota kwe-I/O kanye nekhono lokusebenza kokubili ngokubhafa nangaphandle kokuphazamisa. Mayelana nokusebenza, i-io_uring isondelene kakhulu ne-SPDK futhi idlula kakhulu i-libaio lapho ukuvota kunikwe amandla. Ukuze usebenzise i-io_uring ekugcineni izinhlelo zokusebenza ezisebenza endaweni yomsebenzisi, umtapo wolwazi wokukhulula usulungisiwe, ohlinzeka ngokubophezela kwezinga eliphezulu phezu kwesixhumi esibonakalayo se-kernel;
  • Ukwesekwa kwemodi engeziwe I-Adiantum ukubethela okusheshayo kwamadrayivu.
  • Kwengezwe usekelo lokuminyanisa kusetshenziswa i-algorithm zstandard (zstd).
  • Uhlelo lwefayela lwe-ext4 lusebenzisa izitembu zesikhathi ezingama-64-bit ezinkambini ze-superblock.
  • I-XFS ihlanganisa izinsiza zokwazisa isimo sobuqotho sesistimu yefayela ngesikhathi sokusebenza kanye nokuthola isimo mayelana nokubulawa kwe-fsck ngokushesha.
  • Isitaki se-TCP siguqulelwa ku-"Isikhathi Sokuhamba Ngaphambili" esikhundleni sokuthi "Ngokushesha Ngangokunokwenzeka" lapho kuthunyelwa amaphakheji. Usekelo lwe-GRO (Generic Receive Offload) lunikwe amandla ku-UDP. Ukwesekwa okwengeziwe kokwamukela nokuthumela amaphakethe e-TCP ngemodi ye-zero-copy.
  • Ukuqaliswa kwephrothokholi ye-TLS ezingeni le-kernel (KTLS) kuhilelekile, manje engasetshenziselwa ukuthunyelwa kuphela, kodwa futhi nedatha etholiwe.
  • Inikwe amandla njenge-backend ye-firewall ngokuzenzakalela
    ama-nfttables. Ukwesekwa ongakukhetha kwengeziwe bpfilter.

  • Usekelo olungeziwe lwesistimu engaphansi ye-XDP (i-eXpress Data Path), evumela ukusebenzisa izinhlelo ze-BPF ku-Linux ezingeni lomshayeli wenethiwekhi enekhono lokufinyelela ngokuqondile ibhafa yephakethe le-DMA kanye nasesiteji ngaphambi kokuba isitaki senethiwekhi sabele isitaki se-skbuff.
  • Ithuthukisiwe futhi inikwe amandla uma usebenzisa imodi ye-UEFI Secure Boot I-Lockdown, ekhawulela ukufinyelela komsebenzisi wezimpande ku-kernel futhi ivimbe izindlela zokudlula i-UEFI Secure Boot. Isibonelo, imodi yokukhiya ikhawulela ukufinyelela ku-/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes mode debug, mmiotrace, tracefs, BPF, PCMCIA CIS (Isakhiwo Solwazi Lwekhadi), ezinye izixhumi ezibonakalayo. Irejista ye-ACPI ne-MSR ye-CPU, izingcingo eziya ku-kexec_file kanye ne-kexec_load zivinjelwe, ukushintshela kumodi yokulala kunqatshelwe, ukusetshenziswa kwe-DMA yamadivayisi we-PCI kunqunyelwe, ukungeniswa kwekhodi ye-ACPI kusuka kokuguquguqukayo kwe-EFI akuvunyelwe, ukukhohlisa nge-I / O izimbobo azivunyelwe, okuhlanganisa ukushintsha inombolo yokuphazamiseka kanye nembobo ye-I/O yembobo ye-serial.
  • Ukwesekwa okwengeziwe Kwemiyalo Ethuthukisiwe Ekhawulelwe Yegatsha Engaqondile (IBRS) ekuvumela ukuthi uvumele futhi ukhubaze ukukhishwa kwemiyalelo eqagelayo phakathi nokuphazamiseka, izingcingo zesistimu, nokushintsha kokuqukethwe. Uma i-IBRS Ethuthukisiwe isekelwa, le ndlela isetshenziselwa ukuvikela ngokumelene nokuhlaselwa kwe-Specter V2 esikhundleni se-Retpoline, njengoba inikeza ukusebenza okungcono.
  • Ukuvikelwa okuthuthukisiwe kunkomba ebhalwa yiwo wonke umuntu. Kulezo zinhla zemibhalo, ukudalwa kwamafayela e-FIFO namafayela abanikazi babasebenzisi abangafani nomnikazi wohla lwemibhalo nefulegi elinamathelayo akuvunyelwe.
  • Ngokuzenzakalelayo kumasistimu e-ARM, i-kernel address space randomization kumasistimu (KASLR) ivuliwe. I-Aarch64 inokuqinisekisa kwesikhombi okunikwe amandla.
  • Kungezwe usekelo lwe-"NVMe over Fabrics TCP".
  • Umshayeli we-virtio-pmem wengeziwe ukuze anikeze ukufinyelela kumadivayisi esitoreji amephu yesikhala samakheli afana nama-NVDIMM.

Source: opennet.ru

Engeza amazwana