Chiwopsezo chadziwika mu Linux kernel (CVE-2021-33624) yomwe imalola kuti eBPF subsystem igwiritsidwe ntchito kudutsa chitetezo ku ziwopsezo za gulu la Specter, zomwe zimapangitsa kuti zitheke kudziwa zomwe zili mkati mwa kukumbukira chifukwa chopanga mikhalidwe ya kuchita mongopeka kwa ntchito zina. Kuwukira kwa Specter kumafuna kukhalapo kwa malamulo angapo mu code yamwayi yomwe imatsogolera kumayendedwe ongoyerekeza a malangizo. Pogwiritsa ntchito mapulogalamu a BPF omwe amaperekedwa kuti aphedwe, ndizotheka kupanga malangizo ofanana mu eBPF ndikutulutsa zomwe zili mu kernel memory ndi madera osagwirizana a kukumbukira thupi kudzera m'njira zam'mbali.
Chiwopsezocho chimayamba chifukwa cha zolakwika mu zotsimikizira, zomwe zimagwiritsidwa ntchito kuti zizindikire zolakwika ndi ntchito zosavomerezeka mu mapulogalamu a BPF. Wotsimikizirayo amawerengera njira zomwe zingatheke kuphatikizira ma code, koma amadumpha zosankha zanthambi zomwe sizikuvomerezeka kuchokera kumalingaliro a semantics a kamangidwe ka malangizo. Pochita pulogalamu ya BPF, zosankha zanthambi zotere zomwe sizikuganiziridwa ndi wotsimikizira zitha kuneneratu molakwika ndi purosesa ndikuchitidwa mongoyerekeza. Mwachitsanzo, posanthula ntchito ya "katundu", wotsimikizira amayembekeza kuti malangizowo agwiritse ntchito kaundula ndi adilesi yomwe mtengo wake umakhala mkati mwa malire omwe atchulidwa, koma wowukira amatha kupanga zinthu zomwe purosesa amayesa kuchita ntchito mongopeka. adilesi yomwe siyikukwaniritsa zotsimikizira.
Vutoli lakhala likuwonekera kuyambira pomwe kernel 4.15 idatulutsidwa ndipo idakhazikitsidwa ngati zigamba (1, 2, 3, 4). Chiwopsezocho chimakhalabe chosakhazikika pakugawa (Debian, RHEL, Ubuntu, Fedora, SUSE, Arch).
Kuphatikiza apo, mutha kuzindikira cholembedwa chokhudza magwiridwe antchito a zida zoteteza ku zovuta za Specter. Cholembachi chikufotokozera mwachidule zotsatira za kukhathamiritsa kwa rr (Record ndi Replay) debugger, yomwe idapangidwapo ku Mozilla kuti ithetse zolakwika zovuta kubwereza mu Firefox. Kusunga ma foni am'makina omwe amagwiritsidwa ntchito kuti awone ngati alipo adachepetsa magwiridwe antchito a "rr sources" pulojekiti yoyeserera kuchoka pa mphindi 3 masekondi 19 mpaka masekondi 36.
Wolemba kukhathamiritsa adaganiza zowunika momwe magwiridwe antchito angasinthire ataletsa chitetezo cha Specter. Pambuyo poyambitsa dongosolo ndi "mitigations=off" parameter, nthawi yogwiritsira ntchito "rr sources" popanda kukhathamiritsa inali mphindi 2 masekondi 5 (nthawi 1.6 mofulumira), ndipo ndi kukhathamiritsa kunali masekondi 33 (9% mofulumira). Chosangalatsa ndichakuti, kulepheretsa chitetezo cha Specter sikungochepetsa nthawi yogwiritsira ntchito ma code pa kernel ndi nthawi 1.4 (kuchokera ku 2m9s mpaka 1m32s), komanso kuchepetsa nthawi yogwiritsa ntchito (kuchokera ku 1m9s mpaka 0m33s), mwina chifukwa chakuchepetsa magwiridwe antchito a CPU cache ndi TLB. imayambiranso pamene chitetezo cha Specter chayatsidwa.
Source: opennet.ru