Abaphuhlisi beLinux baxoxa ngokususa iReiserFS

Yintoni iLinux kwaye yeyantoni?

uMateyu wilcox i-oracle, eyaziwa ngokwenza umqhubi we-nvme (NVM Express) kunye nendlela yokufikelela ngokuthe ngqo kwinkqubo yefayile yeDAX, icebise ukususa inkqubo yefayile ye ReiserFS kwi Linux kernel ngothelekiso ne-ext eyehliweyo kunye neenkqubo zeefayile ze-xiafs okanye ngokunciphisa ikhowudi ye-ReiserFS, kushiya kuphela inkxaso "yokufunda-kuphela".

Kuyakhankanywa ukuba isizathu sokususwa yayiyingxaki eyongezelelweyo ngohlaziyo yesiseko se-kernel, ebangelwa yinto yokuba, ngokukodwa kwi-ReiserFS, abaphuhlisi banyanzelekile ukuba bashiye isiphathi seflegi eyehliweyo AOP_FLAG_CONT_EXPAND kwi-kernel, njengoko i-ReiserFS isekuphela kwendlela yefayile esebenzisa le "bhala_qalisa" umsebenzi » kwi-Kernel.

Kwangelo xesha ukulungiswa kokugqibela kwikhowudi yeReiserFS kuqale ngo-2019, kwaye akucaci ukuba le FS ikwimfuno engakanani kwaye ukuba bayaqhubeka nokuyisebenzisa.

Ngenxa yoku, umphuhlisi we-SUSE uvumile kuba iReiserFS isendleleni eya ekuyekisweni, kodwa akucaci ukuba yehlisiwe ngokwaneleyo ukuba isuswe kwi-kernel, njengoko ikhankanya ukuba iReiserFS iyaqhubeka nokuthumela nge-openSUSE kunye ne-SLES, kodwa isiseko somsebenzisi wenkqubo yefayile sincinci kwaye siyancipha.

Kubasebenzisi bequmrhu, inkxaso yeReiserFS kwi-SUSE yayekwa kwi-3-4 kwiminyaka eyadlulayo kwaye imodyuli yeReiserFS ayiqukwanga nekernel ngokungagqibekanga. Njengokhetho, u-Ian ucebise ukuba siqale ukubonisa isilumkiso sokurhoxa xa sinyusela izahlulo zeReiserFS kwaye sithathele ingqalelo le nkqubo yefayile ilungele ukususwa ukuba akukho mntu usazisa ngomnqweno wokuqhubeka nokusebenzisa le nkqubo yefayile kunyaka okanye emibini.

Edward Shishkin, egcina inkqubo yefayile yeReiserFS, ujoyine ingxoxo wanikezela ngesiqwenga esisusa ukusetyenziswa kwe AOP_FLAG_CONT_EXPAND iflegi yekhowudi yeReiserFS. UMateyu Wilcox wamkela isiqwenga kwisakhiwo sakhe. Ke ngoko, isizathu sokususwa sisusiwe, kwaye umbuzo wokungabandakanyi i-ReiserFS kwi-kernel unokuqwalaselwa uhlehliswe ixesha elide.

Akunakwenzeka ukukhupha ngokupheleleyo umba we-ReiserFS yokuhoxiswa ngenxa yomsebenzi wokukhutshwa kwe-kernel kwiinkqubo zefayile kunye nomcimbi ongasonjululwanga we-2038.

Ngokomzekelo, ngenxa yesi sizathu, ishedyuli sele ilungisiwe ukususa uguqulelo lwesine lwefomathi yefayile ye-XFS kwi-kernel (Ifomathi entsha ye-XFS yacetywayo kwi-kernel 5.10 kwaye yatshintsha i-counter overflow ukuya kwi-2468.) Ukwakhiwa kwe-XFS v4 kuya kukhutshazwa ngokungagqibekanga kwi-2025 kwaye ikhowudi iya kususwa kwi-2030). Kucetywa ukuphuhlisa ixesha elifanayo le-ReiserFS, ukubonelela ubuncinane iminyaka emihlanu yokufudukela kwezinye iisistim zefayile okanye ifomathi yemetadata elungisiweyo.

Ngaphandle koko, Ikwavelele ethe yachazwa kwiintsuku ezimbalwa ezidlulileyo iindaba zokuba sesichengeni (CVE-2022-25636) kwi-Netfilter, enokuvumela ukwenziwa kwekhowudi yenqanaba le-kernel.

Ukuba sesichengeni kungenxa yempazamo ekubaleni ubungakanani bokuqukuqela->umthetho->isenzo.uluhlu lwamangeniso kumsebenzi we-nft_fwd_dup_netdev_offload (echazwe kwi-net/netfilter/nf_dup_netdev.c ifayile), enokubangela idatha elawulwa ngumhlaseli ubhala kwindawo yenkumbulo ngaphandle kwesithinteli esinikiweyo.

Impazamo izibonakalisa xa kumiselwa imithetho ethi "dup" kunye ne "fwd" kumatyathanga apho kusetyenziswa i-hardware ye-acceleration ye-packet processing (ukukhuphela). Ngenxa yokuba ukuphuphuma kuyenzeka ngaphambi kokuba umgaqo wokucoca ipakethi udalwe kwaye inkxaso yokukhuphela iqinisekisiwe, ubungozi buyasebenza nakwizixhobo zenethiwekhi ezingaxhasi ukukhawuleziswa kwehardware, njenge-loopback interface.

Kuyaqapheleka ukuba Ingxaki kulula ukuyisebenzisa, kuba amaxabiso ahamba ngaphaya kwesithinteli angabhala ngaphezulu isalathisi kwi-net_device isakhiwo, kunye nedatha malunga nexabiso elibhalwe ngaphezulu libuyiselwa kwindawo yomsebenzisi, ivumela iidilesi kwimemori efunekayo ukwenza uhlaselo ukuba luqinisekiswe.

Ukuxhaphaza ubungozi ifuna ukwenziwa kwemithetho ethile kwii-nftables, enokwenzeka kuphela ngamalungelo e-CAP_NET_ADMIN, anokufunyanwa ngumsebenzisi ongenalungelo kwindawo yamagama yothungelwano olwahlukileyo (Izithuba zeNatha zenethiwekhi). Ukuba sesichengeni kusenokusetyenziselwa ukuhlasela iinkqubo zokwahlula izikhongozeli.

Umzekelo wokuxhaphaza ubhengezwe ovumela umsebenzisi wasekhaya ukuba aphakamise amalungelo abo ku-Ubuntu 21.10 kunye nendlela yokhuseleko ye-KASLR ivaliwe. Ingxaki izibonakalisa njenge-kernel 5.4. Isisombululo sisafumaneka njengepetshi.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   UDiego waseJamani uGonzalez sitsho

    Umyili wefomathi yefayile ugwetywe ukusukela ngo-2008 ngokubulala owasetyhini. Kuthwa izakuphuma kunyaka ozayo. Mhlawumbi ifumana iibhetri kwaye isombulule zonke iingxaki.
    Kwimeko nayiphi na into, ngumzekelo weenzuzo zomthombo ovulekileyo ukuba iiprojekthi ziqhubeka ngaphaya kwabantu.