Iyo Grsecurity purojekiti yakaburitsa ruzivo uye ratidziro yenzira yekurwisa yekusagadzikana kutsva (CVE-2021-26341) muma processors e AMD ane hukama nekufungidzira kuita kwemirairo mushure mekuita kumberi kusingaverengeki. Kana kurwiswa kwacho kuchinge kwabudirira, kusazvibata kunobvumira zviri mukati menzvimbo dzekurangarira zvisingaite kuti zvitemerwe. Semuyenzaniso, vatsvakurudzi vakagadzira chibatiso chinovabvumira kuona marongero ekero uye nekupfuura iyo KASLR (kernel memory randomisation) nzira yekudzivirira nekuita isina kurongeka kodhi muPBF kernel subsystem. Mamwe mamiriro ekurwiswa haagone kutongerwa kunze izvo zvinogona kutungamira mukudonha kwe kernel memory zvirimo.
Kusagadzikana kunobvumira iwe kuti ugadzire mamiriro ayo processor, panguva yekukurumidza kuuraya, inofungidzira inogadzirisa iyo rairo nekukurumidza zvichitevera kusvetuka kuraira mundangariro (SLS, Straight Line Speculation). Uyezve, optimization yakadaro haishande chete kune vane mamiriro ekusvetuka vanoshanda, asiwo nemirayiridzo inoreva kusvetuka kusingaite, seJMP, RET uye CALL. Kutevera mirairo yekusvetuka isina magumo, data isina kurongeka isina kuitirwa kuurayiwa inogona kuiswa. Mushure mekuona kuti bazi harisanganisire kuitwa kwerairo rinotevera, processor inongodzoreredza nyika uye inofuratira fungidziro yekuuraya, asi mucherechedzo wekutevedzwa kwekuraira unoramba uri mune yakagovaniswa cache uye unowanikwa kuti uongororwe uchishandisa parutivi-chiteshi nzira dzekudzosera.
Sezvakaita nekushandiswa kweiyo Specter-v1 kusadzivirirwa, kurwiswa kunoda kuvepo kwemamwe anotevedzana emirairo (magajeti) mukernel inotungamira mukuurayiwa kwekufungidzira. Kuvhara kusazvibata mune iyi nyaya kunouya pasi pakuziva majejeti akadaro mukodhi uye nekuwedzera mamwe mirairo kwavari inovharira kuuraya kwekufungidzira. Mamiriro ekufungidzira ekuuraya anogona zvakare kugadzirwa nezvisina rusarura zvirongwa zvinomhanya mu eBPF chaiyo muchina. Kuvharisa kugona kugadzira zvigadziriso uchishandisa eBPF, zvinokurudzirwa kudzima isina mukana wekuwana eBPF muhurongwa ("sysctl -w kernel.unprivileged_bpf_disabled=1").
Kusagadzikana kunobata ma processor akavakirwa paZen1 uye Zen2 microarchitecture, kusanganisira yekutanga neyechipiri chizvarwa che AMD EPYC uye AMD Ryzen Threadripper processors, pamwe ne AMD Ryzen 2000/3000/4000/5000, AMD Athlon, AMD Athlon X, AMD Ryzen Threadri. PRO uye APU series processors A. Kuvharisa kufungidzira kwekuita kwemirairo, zvinokurudzirwa kufonera INT3 kana LFENCE mirairo mushure mekushanda kwebazi (RET, JMP, CALL).
Source: opennet.ru