Vagadziri veGrsecurity project ngano yeyambiro inoratidza kuti kubviswa kusina kufunga kweyevero dzemuunganidzi kunogona kutungamira mukusagadzikana mukodhi. Pakupera kwaChivabvu, gadziriso yakarongedzerwa iyo Linux kernel kune nyowani vector yekushandiswa kweSpecter vulnerability kuburikidza ne ptrace system call.
Ndichiri kuyedza chigamba, vagadziri vakacherekedza kuti pakuvaka, mugadziri anoratidza yambiro nezve kusanganisa kodhi uye tsananguro (iyo dhizaini yakatsanangurwa mushure meiyo kodhi, ichipa kukosha kune iripo shanduko):
int index = n;
kana (n < HBP_NUM) { index = array_index_nospec(index, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Linus akabvuma kune davi ratenzi wako, kubva payambiro nekufambisa tsananguro inoshanduka kuenda ku if block:
kana (n < HBP_NUM) { int index = array_index_nospec(n, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Muna Chikunguru, kugadzirisa kwakaiswawo kune yakagadzikana kernel matavi 4.4, 4.9, 4.14, 4.19 uye 5.2. Vachengeti vemapazi akatsiga vakasanganawo neyambiro uye, panzvimbo pekutarisa kuti vaone kana yakanga yatogadziriswa mubazi raLinus, vakazvigadzirisa ivo pachavo. Dambudziko nderekuti pasina kunyatsofunga nezvazvo, vanongodaro kutsanangura chimiro kumusoro, kuitira kuti kudanwa ku array_index_nospec, iyo inopa zvakananga dziviriro kubva panjodzi, haichashandiswi pakutsanangura chimiro, uye pachinzvimbo che "index" chinja "n" chinogara chichishandiswa:
int index = n;
kana (n < HBP_NUM ){ struct perf_event *bp = thread->ptrace_bps[index];
index = array_index_nospec(index, HBP_NUM);
Source: opennet.ru