Inkampani ye-Oracle
I-Unbreakable Enterprise Kernel 6 isekelwe ku-kernel
Ukhiye
- Usekelo olunwetshiwe lwamasistimu olususelwe ku-architecture ye-ARM engu-64-bit (aarch64).
- Ukwesekwa okusetshenzisiwe kuzo zonke izici ze-Cgroup v2.
- Uhlaka lwe-ktask lusetshenziswe ukufanisa imisebenzi ku-kernel edla izinsiza ezibalulekile ze-CPU. Isibonelo, ngosizo lwe-ktask, ukufana kwemisebenzi yokusula ububanzi bekhasi lememori noma ukucubungula uhlu lwama-inode kungahlelwa;
- Inguqulo ehambisanayo ye-kswapd ifakiwe ukuze kucutshungulwe ukushintshwa kwekhasi ngokuhambisanayo, kunciphisa inani lokushintshwa okuqondile (okuvumelanayo). Uma inani lamakhasi ememori yamahhala lincipha, i-kswapd ihlola amakhasi angasetshenzisiwe angakhululwa.
- Ukusekelwa kokuqinisekisa ubuqotho besithombe se-kernel kanye ne-firmware esayinwe ngedijithali lapho kulayishwa i-kernel kusetshenziswa indlela ye-Kexec (ilayisha i-kernel ohlelweni oseluvele lulayishiwe).
- Ukusebenza kwesistimu yokulawula inkumbulo ye-virtual kuye kwathuthukiswa, ukusebenza kahle kokusula inkumbulo namakhasi e-cache kuye kwathuthukiswa, futhi ukucutshungulwa kokufinyelela kumakhasi ememori angabelwe (amaphutha ekhasi) kuye kwathuthukiswa.
- Ukusekelwa kwe-NVDIMM kunwetshiwe, inkumbulo eshiwo unomphela manje ingasetshenziswa njenge-RAM evamile.
- Ukushintshela kusistimu yokulungisa iphutha ye-DTrace 2.0 yenziwe, okuyinto
dlulisiwe ukusebenzisa i-eBPF kernel subsystem. I-DTrace manje isebenza phezu kwe-eBPF, ngokufanayo nendlela amathuluzi okulandelela e-Linux akhona asebenza ngayo phezu kwe-eBPF. - Ukuthuthukiswa kwesistimu yefayela ye-OCFS2 (Oracle Cluster File System) kwenziwe.
- Usekelo oluthuthukisiwe lwesistimu yefayela ye-Btrfs. Kwengezwe amandla okusebenzisa ama-Btrfs kuma-root partitions. Inketho yengeziwe kusifaki ukuze ukhethe ama-Btrfs lapho ufometha amadivayisi. Kwengezwe ikhono lokubeka amafayela wokupheja kuma-partitions nama-Btrfs. I-Btrfs yengeza ukusekelwa kokucindezelwa kusetshenziswa i-algorithm ye-ZStandard.
- Ukwesekwa okungeziwe kwesixhumi esibonakalayo se-asynchronous I/O - io_uring, ephawuleka ngokusekela ukuvota kwe-I/O kanye nekhono lokusebenza kokubili ngokubhafa nangaphandle kokuphazamisa. Mayelana nokusebenza, i-io_uring isondelene kakhulu ne-SPDK futhi idlula kakhulu i-libaio lapho ukuvota kunikwe amandla. Ukuze usebenzise i-io_uring ekugcineni izinhlelo zokusebenza ezisebenza endaweni yomsebenzisi, umtapo wolwazi wokukhulula usulungisiwe, ohlinzeka ngokubophezela kwezinga eliphezulu phezu kwesixhumi esibonakalayo se-kernel;
- Ukwesekwa kwemodi engeziwe
I-Adiantum ukubethela okusheshayo kwamadrayivu. - Kwengezwe usekelo lokuminyanisa kusetshenziswa i-algorithm
zstandard (zstd). - Uhlelo lwefayela lwe-ext4 lusebenzisa izitembu zesikhathi ezingama-64-bit ezinkambini ze-superblock.
- I-XFS ihlanganisa izinsiza zokwazisa isimo sobuqotho sesistimu yefayela ngesikhathi sokusebenza kanye nokuthola isimo mayelana nokubulawa kwe-fsck ngokushesha.
- Isitaki se-TCP siguqulelwa ku-"
Isikhathi Sokuhamba Ngaphambili " esikhundleni sokuthi "Ngokushesha Ngangokunokwenzeka" lapho kuthunyelwa amaphakheji. Usekelo lwe-GRO (Generic Receive Offload) lunikwe amandla ku-UDP. Ukwesekwa okwengeziwe kokwamukela nokuthumela amaphakethe e-TCP ngemodi ye-zero-copy. - Ukuqaliswa kwephrothokholi ye-TLS ezingeni le-kernel (KTLS) kuhilelekile, manje engasetshenziselwa ukuthunyelwa kuphela, kodwa futhi nedatha etholiwe.
- Inikwe amandla njenge-backend ye-firewall ngokuzenzakalela
ama-nfttables. Ukwesekwa ongakukhetha kwengeziwebpfilter . - Usekelo olungeziwe lwesistimu engaphansi ye-XDP (i-eXpress Data Path), evumela ukusebenzisa izinhlelo ze-BPF ku-Linux ezingeni lomshayeli wenethiwekhi enekhono lokufinyelela ngokuqondile ibhafa yephakethe le-DMA kanye nasesiteji ngaphambi kokuba isitaki senethiwekhi sabele isitaki se-skbuff.
- Ithuthukisiwe futhi inikwe amandla uma usebenzisa imodi ye-UEFI Secure Boot
I-Lockdown , ekhawulela ukufinyelela komsebenzisi wezimpande ku-kernel futhi ivimbe izindlela zokudlula i-UEFI Secure Boot. Isibonelo, imodi yokukhiya ikhawulela ukufinyelela ku-/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes mode debug, mmiotrace, tracefs, BPF, PCMCIA CIS (Isakhiwo Solwazi Lwekhadi), ezinye izixhumi ezibonakalayo. Irejista ye-ACPI ne-MSR ye-CPU, izingcingo eziya ku-kexec_file kanye ne-kexec_load zivinjelwe, ukushintshela kumodi yokulala kunqatshelwe, ukusetshenziswa kwe-DMA yamadivayisi we-PCI kunqunyelwe, ukungeniswa kwekhodi ye-ACPI kusuka kokuguquguqukayo kwe-EFI akuvunyelwe, ukukhohlisa nge-I / O izimbobo azivunyelwe, okuhlanganisa ukushintsha inombolo yokuphazamiseka kanye nembobo ye-I/O yembobo ye-serial. - Ukwesekwa okwengeziwe Kwemiyalo Ethuthukisiwe Ekhawulelwe Yegatsha Engaqondile (IBRS) ekuvumela ukuthi uvumele futhi ukhubaze ukukhishwa kwemiyalelo eqagelayo phakathi nokuphazamiseka, izingcingo zesistimu, nokushintsha kokuqukethwe. Uma i-IBRS Ethuthukisiwe isekelwa, le ndlela isetshenziselwa ukuvikela ngokumelene nokuhlaselwa kwe-Specter V2 esikhundleni se-Retpoline, njengoba inikeza ukusebenza okungcono.
- Ukuvikelwa okuthuthukisiwe kunkomba ebhalwa yiwo wonke umuntu. Kulezo zinhla zemibhalo, ukudalwa kwamafayela e-FIFO namafayela abanikazi babasebenzisi abangafani nomnikazi wohla lwemibhalo nefulegi elinamathelayo akuvunyelwe.
- Ngokuzenzakalelayo kumasistimu e-ARM, i-kernel address space randomization kumasistimu (KASLR) ivuliwe. I-Aarch64 inokuqinisekisa kwesikhombi okunikwe amandla.
- Kungezwe usekelo lwe-"NVMe over Fabrics TCP".
- Umshayeli we-virtio-pmem wengeziwe ukuze anikeze ukufinyelela kumadivayisi esitoreji amephu yesikhala samakheli afana nama-NVDIMM.
Source: opennet.ru