Chiwopsezo chadziwika mu Linux 6.2 kernel (CVE-2023-1998) yomwe imalepheretsa chitetezo ku Specter v2 zomwe zimalola mwayi wokumbukira njira zina zomwe zikuyenda pazingwe zosiyanasiyana za SMT kapena Hyper Threading, koma pachimake purosesa. Chiwopsezo, mwa zina, chingagwiritsidwe ntchito kukonza kutayikira kwa data pakati pa makina owoneka bwino pamakina amtambo. Nkhaniyi imakhudza kernel ya Linux 6.2 yokha ndipo imayambitsidwa ndi kukhazikitsidwa kolakwika kwa kukhathamiritsa komwe kumapangidwira kuchepetsa kuchulukira kwakukulu mukamagwiritsa ntchito chitetezo ku Specter v2. Kusatetezekako kudakhazikitsidwa munthambi yoyesera ya Linux 6.3 kernel.
Pamalo ogwiritsira ntchito, kuti muteteze motsutsana ndi Specter, njira zitha kuletsa mwachisawawa kutsata malangizo ongoyerekeza ndi prctl PR_SET_SPECULATION_CTRL kapena kugwiritsa ntchito seccomp-based system sefa. Malinga ndi ofufuza omwe adazindikira vutoli, kukhathamiritsa kolakwika mu kernel ya 6.2 kunasiya makina pafupifupi amtundu umodzi waukulu wopereka mtambo wopanda chitetezo choyenera, ngakhale kuphatikizika kwa njira yotsekereza ya spectre-BTI kudzera pa prctl. Chiwopsezochi chimawonekeranso pamaseva okhazikika omwe ali ndi 6.2 kernel, yomwe imayendetsedwa pogwiritsa ntchito "spectre_v2=ibrs".
Chofunikira pachitetezochi ndikuti posankha njira zodzitchinjiriza za IBRS kapena eIBRS, kukhathamiritsa komwe kudapangidwa kudalepheretsa kugwiritsa ntchito makina a STIBP (Single Thread Indirect Branch Predictors), omwe ndi ofunikira kuletsa kutayikira mukamagwiritsa ntchito ukadaulo wowerengera nthawi imodzi (SMT kapena Hyper-Threading). ). Panthawi imodzimodziyo, mawonekedwe a eIBRS okha ndi omwe amapereka chitetezo kuti asatayike pakati pa ulusi, koma osati mawonekedwe a IBRS, popeza ndi IBRS bit, zomwe zimapereka chitetezo ku zowonongeka pakati pazitsulo zomveka, zimachotsedwa chifukwa cha ntchito pamene ulamuliro umabwerera kumalo ogwiritsira ntchito, zomwe zimapangitsa kuti ulusi wa danga usatetezedwe ku gulu la Specter v2.
Source: opennet.ru