Ngemva kwezinyanga eziyisishiyagalombili zentuthuko
Ukhiye
- Kungezwe usekelo lwemodeli yedivayisi entsha
Isizinda se-Linux , okukuvumela ukuthi uhlele ukwenza ngaphansi komsebenzisi ohlukile ongenamalungelo, ohlukanisa izingxenye zokulingisa idivayisi kusukela ku-Dom0. Ngaphambilini, kumodi ye-stubdomain, kwakungasetshenziswa imodeli yedivayisi “ye-qemu-traditional” kuphela, eyayikhawulela ububanzi bezisetshenziswa ezilingisiwe. Imodeli entshaI-Linux stubomains yathuthukiswa iphrojekthi ye-QUBES OS futhi isekela ukusetshenziswa kwezishayeli zokulingisa kusukela ekukhishweni kwakamuva kwe-QEMU, kanye nekhono lezivakashi elihlobene elitholakala ku-QEMU. - Kumasistimu anosekelo lwe-Intel EPT, usekelo lokudala amagatsha angasindi (izimfoloko) zemishini ebonakalayo kusetshenziswa ukuze kuhlolwe ngokushesha, ngokwesibonelo, ukuhlaziya uhlelo olungayilungele ikhompuyutha noma ukuhlola okungaqondakali. Lezi zimfoloko zisebenzisa ukwabelana ngenkumbulo futhi azihlanganisi imodeli yedivayisi.
- Isistimu yokuchibiyela ebukhoma yengeziwe ukuze kuxhunywe izihlonzi zomhlangano we-hypervisor futhi kucatshangelwa indlela amapeshi asetshenziswa ngayo ukuze kuvinjelwe amapeshi ukuthi afakwe ekuhlanganisweni okungalungile noma ngohlelo olungalungile.
- Usekelo olungeziwe lwezandiso ze-CET (Intel Control-flow Enforcement Technology) ukuze kuvikelwe ezenzweni ezakhiwe kusetshenziswa izinhlelo ezigxile ekubuyiseleni (i-ROP, amasu we-Return-Oriented Programming).
- Kwengezwe ukulungiselelwa kwe-CONFIG_PV32 ukukhubaza usekelo lwe-hypervisor lwezivakashi ezingama-32-bit paravirtualized (PV) kuyilapho kugcinwa usekelo lwama-64-bit.
- Ukwesekwa okwengeziwe kwe-Hypervisor FS, i-pseudo-FS kusitayela se-sysfs sokufinyelela okuhlelekile kudatha yangaphakathi nezilungiselelo ze-hypervisor, engadingi ukuhlaziya izingodo noma ukubhala ama-hypercall.
- Kungenzeka ukusebenzisa i-Xen njengohlelo lwezivakashi olusebenzisa i-Hyper-V hypervisor esetshenziswa ku-Microsoft Azure cloud platform. Ukugijima i-Xen ngaphakathi kwe-Hyper-V kukuvumela ukuthi usebenzise isitaki esijwayelekile sokubonwayo ezindaweni zamafu e-Azure futhi kwenza kube nokwenzeka ukuhambisa imishini ebonakalayo phakathi kwezinhlelo zamafu ezahlukene.
- Kwengezwe amandla okukhiqiza i-ID yesistimu yesihambeli engahleliwe (okwangaphambilini ama-ID ayekhiqizwa ngokulandelana). Izihlonzi manje zingaphikelela phakathi kwe-VM yesimo sokulondoloza, ukubuyisela, kanye nemisebenzi yokuthutha.
- Ukukhiqizwa okuzenzakalelayo kokubophezela kolimi lwe-Go okusekelwe ezakhiweni ze-libxl kunikezwa.
- Ku-Windows 7, 8.x kanye no-10, usekelo lwe-KDD lwengeziwe, insiza yokusebenzisana ne-WinDbg debugger (Windows Debugger), ekuvumela ukuthi ulungise isimo se-Windows ngaphandle kokuvumela ukulungisa iphutha ku-OS yesivakashi.
- Usekelo olungeziwe lwazo zonke izinhlobo zebhodi le-Raspberry Pi 4 ezithunyelwa nge-4GB ne-8GB RAM.
- Ukwesekwa okwengeziwe kwe-AMD EPYC processors codenamed "Milan".
- Ukusebenza okuthuthukisiwe kwe-virtualization okusidleke, okusebenzisa i-Xen ngaphakathi kwe-Xen- noma izivakashi ezisekelwe e-Viridian.
- Kumodi yokulingisa, usekelo lwemiyalelo ye-AVX512_BF16 luyenziwa.
- Ukuhlanganiswa kwe-hypervisor kushintshelwe ekusebenziseni i-Kbuild.
Source: opennet.ru