Jann Horn daga ƙungiyar Google Project Zero, wanda ya taɓa gano raunin Specter da Meltdown, ya buga wata dabara don yin amfani da rauni (CVE-2021-4083) a cikin mai tara shara na Linux. Rashin lahani ya faru ne saboda yanayin tsere lokacin tsaftace bayanan fayil akan soket ɗin unix kuma mai yuwuwar baiwa mai amfani mara gata na gida damar aiwatar da lambar su a matakin kernel.
Matsalar tana da ban sha'awa domin taga lokacin da yanayin tseren ya faru an kiyasta cewa ya yi ƙanƙara don ƙirƙirar fa'idodi na gaske, amma marubucin binciken ya nuna cewa ko da irin wannan lahani na shakku na farko na iya zama tushen hare-hare na gaske idan mahaliccin da ya yi amfani da shi ya yi. da zama dole basira da lokaci. Yann Horn ya nuna yadda, tare da taimakon manipulations na filigree, zaku iya rage yanayin tseren da ke faruwa lokacin kiran ayyukan kusa () da fget() lokaci guda zuwa cikin rashin lahani mara amfani da cikakken amfani da kuma samun damar yin amfani da bayanan da aka riga aka warware. tsari a cikin kwaya.
Yanayin tsere yana faruwa yayin aiwatar da rufe bayanin fayil yayin kiran kusa() da fget() a lokaci guda. Kira don rufe() na iya faruwa kafin a aiwatar da fget(), wanda zai rikitar da mai tara shara saboda, bisa ga refcount, tsarin fayil ɗin ba zai sami nassoshi na waje ba, amma zai ci gaba da kasancewa a haɗe zuwa bayanin fayil ɗin, watau. Mai tattara shara zai yi tunanin cewa yana da damar yin amfani da shi na musamman, amma a zahiri, na ɗan lokaci kaɗan, sauran shigarwar da ke cikin tebur mai kwatanta fayil ɗin har yanzu zai nuna tsarin da aka 'yanta.
Don ƙara yuwuwar shiga cikin yanayin tsere, an yi amfani da dabaru da yawa, waɗanda suka ba da damar haɓaka yuwuwar nasarar cin gajiyar zuwa 30% lokacin gabatar da ƙayyadaddun ƙayyadaddun tsarin. Misali, don ƙara lokacin samun dama ga tsari tare da masu bayanin fayil da ɗaruruwan nanoseconds da yawa, an fitar da bayanai daga cache ɗin mai sarrafawa ta hanyar zubar da cache tare da aiki akan wani tushen CPU, wanda ya ba da damar maido da tsarin daga ƙwaƙwalwar ajiya maimakon daga. cache CPU mai sauri.
Siffa mai mahimmanci ta biyu ita ce amfani da katsewa da mai ƙidayar kayan aiki ya haifar don ƙara lokacin yanayin tseren. An zaɓi lokacin don mai kula da katse ya kunna wuta lokacin da yanayin tsere ya katse aiwatar da lambar na ɗan lokaci. Don kara jinkirta dawowar sarrafawa, an samar da kusan shigarwar dubu 50 a cikin layin jiran aiki ta hanyar amfani da epoll, wanda ke buƙatar bincika ta hanyar mai kula da katsewa.
An bayyana dabarar yin amfani da raunin bayan kwanaki 90 na rashin bayyanawa. Matsalar ta bayyana tun daga kernel 2.6.32 kuma an gyara shi a farkon Disamba. An haɗa gyaran a cikin kernel 5.16 kuma an tura shi zuwa rassan LTS na kwaya da fakitin kwaya waɗanda aka kawo cikin rarrabawa. Abin lura ne cewa an gano raunin yayin nazarin irin wannan matsala CVE-2021-0920, wacce ke bayyana kanta a cikin mai tattara shara lokacin sarrafa tutar MSG_PEEK.
source: budenet.ru