I-Xen 4.14 iza nokuxhaswa kwe-stubdomain Linux, Hypervisor FS nokuningi

Darkcrizt

Imizuzu ye-4

Ngemuva kwezinyanga eziyisishiyagalombili zokukhula kwaziwa ukwethulwa kwenguqulo entsha ye I-Xen 4.14, lapho ekuthuthukisweni babambe iqhaza ezinkampanini ezinjenge-Alibaba, i-Amazon, i-AMD, i-Arm, iBitdefender, iCitrix, i-EPAM Systems, iHuawei ne-Intel.

Kulabo abangajwayelene neXen, kufanele ukwazi lokho ngumthombo ovulekile womshini wokuqapha womshini ithuthukiswe yiYunivesithi yaseCambridge. Inhloso yokuklama ukukwazi ukusebenzisa izimo ezisebenza ngokuphelele zezinhlelo zokusebenza ngendlela esebenza ngokuphelele kukhompyutha eyodwa.

Xen ihlinzeka ngokuhlukaniswa okuphephile, ukulawula izinsiza, ikhwalithi yeziqinisekiso zensizakalo nokufuduka kwemishini eshisayo ebonakalayo. Izinhlelo zokusebenza zingaguqulwa ngokusobala ukuze zisebenze i-Xen (ngenkathi igcina ukuhambisana nezinhlelo zokusebenza zomsebenzisi).

Lokhu kwenza ukuthi iXen ifinyelele ekusebenzeni okuhle okuphezulu. ngaphandle kokusekelwa okhethekile kwehadiwe. I-Intel yenze iminikelo eminingi kuXen engeze ukusekelwa kwezandiso zayo zokwakhiwa kweVT-X Vanderpool.

Lobu buchwepheshe ivumela amasistimu wokusebenza angalungisiwe ukuthi asebenze njengosokhaya ngaphakathi kwemishini ebonakalayo Xen, inqobo nje uma iseva ebonakalayo isekela izandiso ze-Intel VT noma i-AMD Pacifica.

Izici ze-Xen 1.14 Main

Kulesi sitolimende esisha enye yezinto ezintsha ezisezingeni eliphakeme yi- ukusekelwa okusha kwemodeli yedivayisi entsha ye-stubdomain Linux, ukuthi ivumela ukuhlela ukwenziwa ngaphansi komsebenzisi ohlukile ngaphandle kwamalungelo, kwehlukanisa izinto zensimbi yedom0.

Phambilini, imodeli yedivayisi "ye-qemu-yendabuko" kuphela engasetshenziswa kumodi ye-stubdomain, ekhawulela ububanzi behadiwe elingisiwe. Imodeli entshanoma kusuka ku-Linux stubomains yasungulwa ngumsebenzi weQUBES OS futhi isekela ukusetshenziswa kwabashayeli bokulingisa kusuka kuzinguqulo zakamuva ze-QEMU, kanye namakhono ezihambeli ezihambisanayo atholakala ku-QEMU.

Okwezinhlelo ezinokuxhaswa kwe-Intel EPT, ukusekelwa kokwenza Izinsimbi zomshini ezingasindi ezilula zokungena ngokushesha, isibonelo, ukuhlaziywa kwe-malware noma ukuhlolwa oku-fuzzing. Amagatsha anjengale asebenzisa imemori eyabiwe futhi angahambisi imodeli yedivayisi.

Uhlelo lokuchibiyela olubukhoma lungeze izixhumanisi kuma-id womhlangano we-hypervisor futhi lwacubungula ukuhleleka kokubhangiswa ukuze kugwenywe amachashazi agqagqene omhlangano ongafanele noma ngendlela engafanele.

Olunye ushintsho olubalulekile kufayela le- ukusekelwa kwezandiso ze-CET (I-Intel Control-flow Enforcing Technology) ukuvikela ukwenziwa kokuxhashazwa okwakhiwe kusetshenziswa amasu we-Return Oriented Programming (ROP).

Ukucushwa kungeziwe I-CONFIG_PV32 ukukhubaza ukwesekwa kwe-hypervisor izivakashi ezenzelwe i-para (i-PV) I-32-bit ngenkathi igcina ukwesekwa okungama-64-bit.

Kungezwe ukusekelwa kweHypervisor FS, isitayela se-sysf mbumbulu-FSs ukufinyelela okuhleliwe kwedatha yangaphakathi nezilungiselelo ye-hypervisor engadingi ukurekhodwa kwamarekhodi noma ukubhala ama-hypercalls.

Futhi kungeze ikhono lokusebenzisa i-Xen njengesivakashi esisebenzisa i-Hypervisor Hyper-V isetshenziswe kungxenyekazi yefu ye-Microsoft Azure. Ukuqalisa i-Xen ngaphakathi kwe-Hyper-V kukuvumela ukuthi usebenzise isitaki esijwayelekile sokwenza izinto ezindaweni zefu le-Azure futhi kwenza kube nokwenzeka ukuhambisa imishini ebonakalayo phakathi kwezinhlelo ezahlukahlukene zamafu.

Kwezinye izinguquko:

  • Kungezwe amandla okwenza isihlonzi sesistimu yezivakashi engahleliwe (izikhombi ezingenhla zenziwa ngokulandelana)
  • Ama-ID manje nawo angaqhubeka phakathi kokulondolozwa, ukubuyiselwa, kanye nokufuduka kombuso we-VM.
  • Ukukhiqizwa okuzenzakalelayo kwezixhumanisi ze-Go ngokususelwa kuzakhiwo ze-libxl.
  • OkweWindows 7, 8.x kanye no-10, kungezwe ukusekelwa kwe-KDD, insiza yokusebenzisana ne-WinDbg (Windows Debugger) debugger, ekuvumela ukuthi ulungise izindawo zeWindows ngaphandle kokunika amandla ukulungisa iphutha ohlelweni olusebenzayo lwezivakashi.
  • Kungezwe ukusekelwa kwazo zonke izinhlobo zebhodi zeRaspberry Pi 4 eza ne-4GB ne-8GB ye-RAM.
  • Kungezwe ukusekelwa kwama-processor we-AMD EPYC abizwa ngegama elithi "Milan".
  • Ukusebenza kwe-Nested virtualization lapho i-Xen isebenza ngaphakathi kwezivakashi ze-Xen- noma ze-Viridian kuthuthukisiwe.
  • Kumodi yokulingisa, ukusekelwa kwemiyalo ye-AVX512_BF16 kuyasetshenziswa.

Uma ufuna ukwazi kabanzi ngakho, ungaxhumana imininingwane ekulesi sixhumanisi esilandelayo.

Ukukhishwa kwezibuyekezo zegatsha leXen 4.14 kuzohlala kuze kube nguJanuwari 24, 2022, kanye nokukhishwa kokulungiswa kwengozi kuze kube nguJulayi 24, 2023.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.