Kusagadzikana kwakaonekwa muLinux kernel (CVE-2021-33624) iyo inobvumira iyo eBPF subsystem kuti ishandiswe kunzvenga dziviriro kubva kune Specter class njodzi, izvo zvinoita kuti zvikwanise kuona zviri mukati mendangariro semhedzisiro yekugadzira mamiriro eiyo kufungidzira kwekuita kwemamwe mabasa. Iyo Specter kurwisa inoda kuvepo kweimwe nhevedzano yemirairo mune yakasarudzika kodhi inotungamira kune yekufungidzira kuita kwemirairo. Nekugadzirisa zvirongwa zveBPF zvinofambiswa kuti zviitwe, zvinokwanisika kugadzira mirairo yakafanana muBPF uye kuburitsa zviri mukati mekernel memory uye nzvimbo dzinopokana dzendangariro dzemuviri kuburikidza nematanho epadivi.
Kusagadzikana kunokonzerwa nekukanganisa mune verifier, iyo inoshandiswa kuona zvikanganiso uye isingagamuchirwe chiitiko muzvirongwa zveBPF. Iyo verifier inoverengera dzingangoitika kodhi nzira dzekuita, asi inosvetuka sarudzo dzemapazi dzisingagamuchirwe kubva pakuona kweiyo semantics yemirairo set architecture. Paunenge uchiita chirongwa cheBPF, sarudzo dzakadai dzemapazi dzisina kuverengerwa neveverifier dzinogona kufanotaurwa zvisizvo ne processor uye kuurayiwa nenzira yekufungidzira. Semuenzaniso, kana uchiongorora mashandiro e "mutoro", mutsigiri anotarisira kuti rairo inoshandisa rejista ine kero iyo kukosha kwayo kunogara kuri mukati memiganhu yakatarwa, asi munhu anorwisa anogona kugadzira mamiriro ayo processor ichaedza kuita zvekufungidzira kuita oparesheni. kero isingaenderane nemamiriro ekuongorora.
Dambudziko rave richionekwa kubva pakaburitswa kernel 4.15 uye rakagadziriswa muchimiro chezvigamba (1, 2, 3, 4). Kusagadzikana kunoramba kusingagadziriswe mukugovera (Debian, RHEL, Ubuntu, Fedora, SUSE, Arch).
Pamusoro pezvo, iwe unogona kucherechedza chinyorwa nezve mashandiro anoita maturusi ekudzivirira kubva kuSpecter kusasimba. Chinyorwa chinopfupisa mhedzisiro ye optimization ye rr (Rekodhi uye Replay) debugger, iyo yakambogadzirwa muMozilla kugadzirisa yakaoma-ku-kudzokorora zvikanganiso muFirefox. Kuchengeta iyo system inofona yakashandiswa kutarisa kuvepo kwemadhairekitori kwakaderedza iyo "rr masosi" mashandiro epurojekiti yebvunzo kubva pamaminetsi matatu 3 masekonzi kusvika 19 masekonzi.
Munyori wekugadzirisa akafunga kutarisa kuti kuita kwaizochinja sei mushure mekudzima Specter kuchengetedza. Mushure mekutambisa sisitimu ne "mitigations = off" parameter, nguva yekuuraya ye "rr masosi" pasina optimization yaive 2 maminetsi 5 masekonzi (1.6 nguva nekukurumidza), uye nekugadzirisa yaive 33 masekonzi (9% nekukurumidza). Sezvineiwo, kudzima Specter dziviriro hakungodzikisire kodhi nguva yekuuraya pa kernel ne 1.4 nguva (kubva pa2m9s kusvika 1m32s), asiwo nehafu yenguva yekuuraya munzvimbo yemushandisi (kubva pa1m9s kusvika 0m33s), pamwe nekuda kwekudzikisira kugona kweCPU cache mashandiro uye TLB. reset kana Specter dziviriro yagoneswa.
Source: opennet.ru