Zowopsa ziwiri zadziwika mu kernel ya Linux zomwe zimalola kuti eBPF subsystem igwiritsidwe ntchito kudutsa chitetezo ku Specter v4 attack (SSB, Speculative Store Bypass). Pogwiritsa ntchito pulogalamu ya BPF yopanda mwayi, wowukira amatha kupanga mikhalidwe yongopeka ya zochitika zina ndikuzindikira zomwe zili m'malo osasinthika a kernel memory. Oyang'anira ma subsystems a eBPF mu kernel adalandira mwayi wogwiritsa ntchito ma prototype omwe akuwonetsa kuthekera kochita ziwonetsero. Mavutowa adakonzedwa mu mawonekedwe a zigamba (1, 2), zomwe zidzaphatikizidwe muzosintha za Linux kernel. Zosintha mu zida zogawa sizinapangidwe (Debian, RHEL, SUSE, Arch, Fedora, Ubuntu).
Njira yowukira ya Specter 4 idakhazikitsidwa pakubwezeretsa deta yosungidwa mu cache ya purosesa mutataya zotsatira za kuchitidwa mongopeka kwa ntchito pokonza zosintha zolembera ndikuwerenga pogwiritsa ntchito ma adilesi osalunjika. Pamene ntchito yowerengera ikutsatira ntchito yolemba (mwachitsanzo, mov [rbx + rcx], 0x0; mov rax, [rdx + rsi]), kusintha kwa adiresi yowerengedwa kungakhale kudziwika kale chifukwa cha ntchito zofanana zomwe zikuchitika imachitidwa pafupipafupi kwambiri ndipo zowerengera zitha kuchitidwa kuchokera pa cache) ndipo purosesa imatha kuwerengera mosawerengeka musanalembe popanda kudikirira kuti kuwerengedwera kolembako kuwerengedwe.
Ngati, mutatha kuwerengera zochotserako, mphambano ya malo okumbukira kulemba ndi kuwerenga ipezeka, purosesa imangotaya zotsatira zomwe zawerengedwa kale ndikubwereza ntchitoyi. Izi zimalola malangizo owerengera kuti apeze mtengo wakale pa adilesi ina pomwe ntchito ya sitolo sinamalizidwe. Pambuyo potaya ntchito yongopeka yosatheka, zotsatira za kuphedwa kwake zimakhalabe mu cache, pambuyo pake njira imodzi yodziwira zomwe zili mu cache ingagwiritsidwe ntchito kuti mutengere kutengera kusanthula kwa kusintha kwa nthawi yofikira ku deta yosungidwa ndi yosasungidwa.
Chiwopsezo choyamba (CVE-2021-35477) chimayamba chifukwa cha zolakwika pamakina otsimikizira pulogalamu ya BPF. Kuti muteteze ku chiwopsezo cha Specter 4, wotsimikizirayo amawonjezera malangizo owonjezera pambuyo posungira zomwe zingakhale zovuta kukumbukira zomwe zimasunga mtengo wopanda pake kuti uchotse zomwe zidachitika kale. Kulemba kwachabechabe kukuyembekezeka kukhala kwachangu kwambiri ndikuletsa kuphedwa mongopeka chifukwa zimangotengera cholozera pa chimango cha BPF. Koma m'malo mwake, zidakhala zotheka kupanga mikhalidwe yomwe malangizo omwe amatsogolera kukupha mongopeka amatha kuperekedwa ntchito yosungiramo sitolo isanachitike.
Chiwopsezo chachiwiri (CVE-2021-3455) ndichifukwa choti chotsimikizira cha BPF chikazindikira kuti chikhoza kukhala chowopsa kukumbukira ntchito, sichitengera madera osadziwika a stack ya BPF, ntchito yoyamba yolembera yomwe siyitetezedwa. Izi zimatsogolera ku kuthekera kochita ntchito yowerengera mongoyerekeza, kutengera malo okumbukira omwe sanatchulidwe, musanapereke malangizo a sitolo. Kukumbukira kwatsopano kwa stack ya BPF kumaperekedwa popanda kuyang'ana zomwe zili kale m'makumbukidwe omwe adapatsidwa, ndipo pali njira isanayambe pulogalamu ya BPF kuti iwononge zomwe zili m'dera la kukumbukira zomwe zidzaperekedwa kwa stack ya BPF.
Source: opennet.ru