Achọpụtala adịghị ike na Linux kernel (CVE-2021-33624) nke na-enye ohere iji usoro eBPF mee ihe iji gbochie nchebe megide adịghị ike klaasị Specter, nke na-eme ka o kwe omume ịchọpụta ọdịnaya nke ebe nchekwa n'ihi ịmepụta ọnọdụ maka ọnọdụ ndị ahụ. speculative ogbugbu nke ụfọdụ arụmọrụ. Mwakpo Specter chọrọ ọnụnọ nke usoro iwu dị na koodu nwere ikike nke na-eduga na mmezu ntuziaka. Site n'ijikwa mmemme BPF ebufe maka ogbugbu, ọ ga-ekwe omume ịmepụta ntuziaka ndị yiri ya na eBPF wee wepụta ọdịnaya nke ebe nchekwa kernel na mpaghara aka ike nke ebe nchekwa anụ ahụ site na ọwa akụkụ.
A na-akpata adịghị ike ahụ site na ntụpọ dị na onye nyocha, nke a na-eji achọpụta njehie na ọrụ anabataghị na mmemme BPF. Onye nyocha ahụ na-akọwapụta ụzọ ogbugbu koodu enwere ike, mana ọ na-amafe nhọrọ alaka nke na-anabataghị site n'echiche nke semantics nke ụkpụrụ ụlọ setịpụrụ ụkpụrụ. Mgbe ị na-eme mmemme BPF, nhọrọ ngalaba ndị dị otú ahụ nke onye nyocha na-etinyeghị n'uche nwere ike buru amụma na-ezighi ezi site na onye nrụpụta wee gbuo ya n'ụdị ntule. Dịka ọmụmaatụ, mgbe ị na-enyocha ọrụ "ibu", onye nyocha ahụ na-atụ anya na ntuziaka ahụ na-eji ndebanye aha na adreesị nke uru ya na-adị mgbe niile n'ime ókèala a kapịrị ọnụ, mana onye na-awakpo nwere ike ịmepụta ọnọdụ n'okpuru ebe onye nrụpụta ga-anwa ịrụ ọrụ na-enweghị atụ. adreesị nke na-emezughị ọnọdụ nkwenye.
Nsogbu a na-apụta kemgbe ewepụtara kernel 4.15 ma edoziwo ya n'ụdị patches (1, 2, 3, 4). Ọdịmma ahụ ka edoghị anya na nkesa (Debian, RHEL, Ubuntu, Fedora, SUSE, Arch).
Na mgbakwunye, ị nwere ike ịdeba ama ndetu gbasara mmetụta arụmọrụ nke ngwaọrụ iji chebe megide adịghị ike Specter. Ihe ndetu a na-achikota nsonaazụ njikarịcha nke rr (Record and Replay) debugger, nke emebere na Mozilla iji dozie mperi siri ike ikwugharị na Firefox. Ịchekwa oku sistemụ eji lelee ịdị adị nke akwụkwọ ndekọ aha belatara ọrụ "rr Source" maka ọrụ nnwale ahụ site na nkeji 3 19 sekọnd ruo 36 sekọnd.
Onye na-edepụta njikarịcha ahụ kpebiri ịlele ka arụmọrụ ga-esi gbanwee ka ọ kwụsịrị nchedo Specter. Mgbe emechara sistemụ ahụ na oke “mitigations=off”, oge igbu “rr source” na-enweghị njikarịcha bụ 2 nkeji 5 sekọnd (ugboro 1.6 ngwa ngwa), yana njikarịcha ọ bụ 33 sekọnd (9% ngwa ngwa). N'ụzọ na-akpali mmasị, iwepu nchekwa Specter abụghị naanị belata oge mmebe koodu na ọkwa kernel site na ugboro 1.4 (site na 2m9s ruo 1m32s), mana belatara oge igbu egbu na oghere onye ọrụ (site na 1m9s ruo 0m33s), ikekwe n'ihi mbelata arụmọrụ CPU cache ọrụ yana TLB. malitegharịa mgbe agbanyere nchedo Specter.
isi: opennet.ru