ProHoster > Блог > izindaba ze-inthanethi > Imodeli yosongo kanye nezici zokuhlolwa kobuthakathaka ku-kernel Linux

Imodeli yosongo kanye nezici zokuhlolwa kobuthakathaka ku-kernel Linux

ULinus Torvalds uvumile idokhumenti ye-kernel echaza inqubo yokusingatha iziphazamisi ezihlobene nokuphepha, ichaza imodeli yosongo, icacisa ukuthi yiziphi iziphazamisi ze-kernel eziphathwa njengobuthakathaka, futhi ixoxa ngendlela yokusingatha iziphazamisi ezitholwe kusetshenziswa i-AI. Idokhumenti yalungiswa nguWilly Tarreau, umbhali we-HAProxy kanye nonjiniyela we-kernel osenesikhathi eside. Linux, obhekene nokugcina amagatsha amaningana e-kernel azinzile. Uhlaka lwalusekelwe ezivumelwaneni ezifinyelelwe ngesikhathi sezingxoxo zobuthakathaka obubalulekile be-kernel obutholakale muva nje (1, 2, 3, 4) obudalulwe ngaphambi kokuba kushicilelwe ama-patches futhi ngenxa ye-AI, kwadalwa khona manjalo imisebenzi yokusebenza.

Iningi leziphazamisi ezihlobene nokuphepha kufanele zixazululwe esidlangalaleni ukuze kufinyelelwe izilaleli eziningi ngangokunokwenzeka futhi kutholakale ikhambi elifanele. Uhlu oluhlukile lweposi oluyimfihlo luzosetshenziselwa ukuthumela imibiko ephuthumayo kuphela mayelana nobuthakathaka obusetshenziswa kalula, obusongela abasebenzisi abaningi, futhi buvumele ukutholwa kwamalungelo noma amakhono anwetshiwe.

Ubuthakathaka obutholakale kusetshenziswa abasizi be-AI bukhuthazwa njalo ukuba buxoxwe esidlangalaleni, njengoba izinkinga ezinjalo zivame ukutholakala ngasikhathi sinye ngabacwaningi abaningi. Kodwa-ke, ukuxhashazwa ngokwako akufanele kudalulwe embikweni; ukumane ukhulume ngokutholakala kwayo bese uyabelana ngayo ngasese ukuphendula isicelo somnakekeli kwanele.

Imithetho yokuthumela imibiko ekhiqizwe abasizi be-AI ichazwe ngokwehlukana. Imibiko enjalo ithunyelwa ngobuningi futhi ngezinye izikhathi isiza ekuboneni amaphutha ezingxenyeni zekhodi ezingabukezwanga kahle, kodwa abanakekeli bavame ukuyishaya indiva ngenxa yekhwalithi yayo ephansi kanye nokungalungi. Izidingo eziyinhloko zemibiko ekhiqizwe yi-AI yilezi:

  • Kafushane, ngaphandle kobudlabha, futhi inengqikithi kanye nemininingwane ebalulekile eshiwo ekuqaleni.
  • Umbhalo nje ocacile ongenawo amathegi e-Markdown noma umhlobiso.
  • Ukuqonda imodeli yosongo nokunikeza amaqiniso aqinisekisiwe (isb., "iphutha livumela noma yimuphi umsebenzisi ukuthola i-CAP_NET_ADMIN") kunokuqagela okungokwemfundiso kanye nokuqagela mayelana nemiphumela yobuthakathaka.
  • Ngaphambi kokuthumela umbiko, qiniseka ukuthi uhlola kahle ukusebenza kwe-AI-produce bese uqinisekisa ukuthi inkinga ingaphinde ikhiqizwe.
  • Ukuzibandakanya kwe-AI ukuthuthukisa nokuhlola ukulungiswa kwenkinga etholakele.

Ngokwezibalo zomgcini, imibiko eminingi yeziphazamiso ethunyelwe ngaphansi kwesicaba sokulungiswa kobungozi empeleni ayizona iziphazamiso futhi kufanele iphathwe njengeziphazamiso ezivamile. Kuye kwaklanywa imodeli yosongo lwe-kernel ukuze kuhlukaniswe phakathi kobungozi neziphazamiso ezivamile. LinuxPhakathi kwamakhono neziqinisekiso, ukwephulwa kwazo okungabhekwa njengobuthakathaka:

  • Ukuhlukaniswa kwezinga lomsebenzisi: ukufinyelela ifayela kuvinjelwe kumnikazi, inkumbulo yenqubo ayitholakali kwabanye abasebenzisi, i-ptrace ikhutshaziwe kwezinye izinqubo, ukuhlukaniswa kwe-IPC kanye nokuxhumana kwenethiwekhi.
  • Ukuvikelwa okusekelwe emandleni: ngaphandle kwe-CAP_SYS_ADMIN awukwazi ukushintsha ukucushwa kwe-kernel, imemori, noma isimo sesistimu; ngaphandle kwe-CAP_NET_ADMIN awukwazi ukushintsha izilungiselelo zenethiwekhi noma ukuvimba ithrafikhi; ngaphandle kwe-CAP_SYS_PTRACE awukwazi ukuqapha izinqubo zabanye abasebenzisi.
  • Isikhala segama se-ID yomsebenzisi (CONFIG_USER_NS) sivumela abasebenzisi abangenamalungelo ukudala izindawo zabo ezihlukanisiwe lapho bengenakuthonya khona isikhala segama somhlaba wonke, njengokushintsha isikhathi, ukulayisha amamojula, noma amadivayisi okufaka amabhlogo.
  • Izixhumi zokulungisa amaphutha (/proc/kmsg, perf, debugfs), lapho ulwazi oluyimfihlo lungafinyelelwa khona, zitholakala kuphela ngemva kokuba ukufinyelela okucacile sekuvunyelwe ngumlawuli.

Izici ezingabhekwa njengezibuthakathaka:

  • Ukusebenzisa amagatsha e-kernel aphelelwe yisikhathi.
  • Yakha ngezinketho zonjiniyela noma izinketho zokunciphisa ukuphepha ezivuliwe (isb. CONFIG_NOMMU).
  • Ukusetha izilungiselelo ze-sysctl ezingaphephile, izinketho zomugqa womyalo, amalungelo okufinyelela ohlelweni lwefayela, amakhono, noma ukuvumela abasebenzisi abangenamalungelo ukufinyelela izixhumi ezibonakalayo ezinelungelo (isibonelo, ukufinyelela kokubhala kuma-procfs nama-debugfs).
  • Izinkinga ezicini ezihloselwe kuphela ukuthuthukiswa kwe-kernel kanye nokulungisa amaphutha, njenge-LOCKDEP, KASAN, kanye ne-FAULT_INJECTION, ezingahloselwe ukwenziwa zisebenze ekucushweni kokukhiqiza.
  • Izinkinga kubashayeli, amamojula, kanye nezinhlelo ezingaphansi ezisesigabeni se-STAGING noma ezimakwe njengezilingayo, ezingaphephile, noma eziphukile.
  • Ukusebenzisa amamojula e-kernel eqembu lesithathu noma amafoloko e-kernel angagunyaziwe.
  • Kudinga amalungelo amaningi ngokweqile, njengokudinga ukuthi izenzo zenziwe njengempande noma ngumsebenzisi onamalungelo e-CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SYS_RAWIO, kanye ne-CAP_SYS_MODULE.
  • Ukuhlaselwa kwethiyori okudinga izimo zelebhu, izigidigidi zemizamo, ukulingisa noma ukuguqulwa kwehadiwe, izindleko ezingalingani, kanye nokulungiselelwa okungekona okungokoqobo (isb., izinhlelo ezinama-CPU cores angamashumi ezinkulungwane).
  • Ukweqa izindlela zokuphepha (njenge-ASLR) ngaphandle kokubonisa ukuxhashazwa. Ukuntuleka kokuqinisekiswa kwempikiswano kanye namakhodi okubuyisa amaphutha angenamiphumela esobala.
  • Ulwazi olungengozi luvuza ngaphezu kokulawula komhlaseli, njengedatha esele emilayezweni yamaphutha kanye nokuvuza kwekheli/isikhombisi sememori ye-kernel ngaphandle kokusetshenziswa okuqondile.
  • Amaphutha lapho kufakwa izithombe zediski ezonakele uma umshayeli engakaqinisekiswa ukuthi ufanele ukusetshenziswa nemidiya engathembekile. Izinkinga ngezithombe zediski zingatholakala futhi zilungiswe ngokusebenzisa i-fsck utility.
  • Ukuhlasela okudinga ukufinyelela ngokomzimba kwihadiwe, ukuguqulwa kwehadiwe, noma ukuxhumana kwamadivayisi ehadiwe njengamabhodi okuhlasela e-DMA kanye nabahlaziyi be-logic ngaphandle kokuthi uhlelo luhlelwe ngokuqondile ukuvikela ekuhlaselweni okunjalo (i-IOMMU).
  • Ukuhlehla kokusebenza kanye nokusebenza kuxazululwe ngokulungisa izimvume kanye nemikhawulo.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster