Gulu la ofufuza ochokera ku Vrije Universiteit Amsterdam lapeza vuto latsopano mu microarchitecture ya ma processor a Intel ndi ARM. Vutoli ndi mtundu wowonjezereka wa Spectre-v2, zomwe zimapangitsa kuti njira zotetezera za eIBRS ndi CSV2 zidutse zomwe zawonjezeredwa ku ma processor. Kufooka kwapatsidwa mayina angapo: BHI (Branch History Injection, CVE-2022-0001), BHB (Branch History Buffer, CVE-2022-0002), ndi Spectre-BHB (CVE-2022-23960), zomwe zimafotokoza mawonekedwe osiyanasiyana a vuto lomwelo (BHI ndi kuukira komwe kumakhudza magawo osiyanasiyana a mwayi, monga njira yogwiritsira ntchito ndi kernel, pomwe BHB ndi kuukira pamlingo umodzi wa mwayi, monga eBPF JIT ndi kernel).
Ofufuza awonetsa kugwiritsa ntchito njira yogwirira ntchito yomwe imalola deta yosasinthika kuti ichotsedwe kuchokera ku kernel memory kuchokera pamalo ogwiritsira ntchito. Mwachitsanzo, akuwonetsa momwe njira yokonzekera ingagwiritsidwire ntchito kuchotsa chingwe chokhala ndi hash ya password ya root user, yoyikidwa kuchokera ku fayilo ya /etc/shadow, kuchokera ku kernel buffers. Njirayi ikuwonetsa kuthekera kogwiritsa ntchito kufooka mkati mwa mulingo umodzi wa mwayi (kuukira kwa kernel-to-kernel) pogwiritsa ntchito pulogalamu ya eBPF yomwe wogwiritsa ntchito adatsitsa. Ndizothekanso kugwiritsa ntchito zida za Spectre zomwe zilipo, njira zoyendetsera zomwe zimapangitsa kuti malangizo azichitika molakwika, m'malo mwa eBPF.
Kufooka kumeneku kumakhudza mapurosesa ambiri a Intel omwe alipo, kupatula banja la Atom. Pakati pa mapurosesa a ARM, vutoli limakhudza Cortex-A15, Cortex-A57, Cortex-A7*, Cortex-X1, Cortex-X2, Cortex-A710, Neverse N1, Neverse N2, Neverse V1, komanso mwina ma chip ena a Cortex-R. Kafukufuku akusonyeza kuti mapurosesa a AMD si ofooka. Pali njira zingapo zochepetsera mapulogalamu zomwe zaperekedwa, zomwe zingagwiritsidwe ntchito mpaka chitetezo cha hardware chitayambitsidwa m'ma CPU amtsogolo.
Kuti muletse ziwopsezo kudzera mu subsystem ya eBPF, tikukulimbikitsani kuti muletse kuthekera kwa ogwiritsa ntchito omwe alibe ufulu wotsegula mapulogalamu a eBPF mwachisawawa polemba 1 ku fayilo "/proc/sys/kernel/unprivileged_bpf_disabled" kapena kuyendetsa lamulo lakuti "sysctl -w kernel.unprivileged_bpf_disabled=1". Kuti muletse ziwopsezo kudzera mu zida zamagetsi, tikukulimbikitsani kugwiritsa ntchito malangizo a LFENCE m'magawo a ma code omwe angayambitse kuchitidwa koyerekeza. Ndikofunikira kudziwa kuti kasinthidwe kokhazikika ka magawo ambiri a Linux kakuphatikiza kale zochepetsera zofunikira zokwanira kuletsa kuukira kwa eBPF komwe kwawonetsedwa ndi ofufuza. Malangizo a Intel oletsa mwayi wopeza wopanda ufulu wopita ku eBPF amagwiritsidwanso ntchito mwachisawawa kuyambira ndi Linux kernel 5.16 ndipo adzatumizidwa ku ma kernel akale.
Mwachiganizo, BHI ndi mtundu wowonjezera wa kuukira kwa Spectre-v2, komwe kumadutsa chitetezo chowonjezera (Intel eIBRS ndi Arm CSV2) ndikutulutsa deta posintha ma values mu Branch History Buffer, buffer ya mbiri ya nthambi yapadziko lonse yomwe imagwiritsidwa ntchito mu ma CPU kuti ikonze kulondola kwa kulosera kwa nthambi poganizira mbiri ya nthambi zakale. Kuukiraku, kudzera mu kusintha mbiri ya nthambi, kumapanga mikhalidwe yoti nthambi isaloseredwe bwino komanso kutsatira malangizo ofunikira molakwika, omwe zotsatira zake zimasungidwa.
Kupatula kugwiritsa ntchito Branch History Buffer m'malo mwa Branch Target Buffer, kuukira kwatsopanoku kuli kofanana ndi Spectre-v2. Cholinga cha wowukirayo ndikupanga zinthu zomwe zimapangitsa kuti adilesi yomwe yatengedwa panthawi yofufuza itengedwe kuchokera kudera la deta yomwe yatchulidwa. Pambuyo pochita kulumpha kosadziwika bwino, adilesi yodumpha yowerengedwa kuchokera ku kukumbukira imakhalabe mu cache, pambuyo pake imatha kubwezedwa pogwiritsa ntchito njira imodzi yodziwira zomwe zili mu cache kutengera kusanthula kusiyana kwa nthawi yofikira pakati pa deta yosungidwa ndi yosasungidwa.
Source: opennet.ru
