Baetsi ba morero oa Grsecurity pale ea tlhokomeliso e bonts'ang kamoo ho tlosa litemoso ka mokhoa o sa nahaneleng ho ka lebisang bofokoling ba khoutu. Qetellong ea Mots'eanong, ho ile ha hlahisoa tokiso bakeng sa kernel ea Linux bakeng sa vector e ncha ea ts'ebeliso ea ts'oaetso ea Specter ka mohala oa sistimi ea ptrace.
Ha ba ntse ba leka patch, bahlahisi ba ile ba hlokomela hore ha ba haha, moqapi o bontša temoso mabapi le ho kopanya khoutu le litlhaloso (mohaho o ile oa hlalosoa ka mor'a khoutu, o fana ka boleng ho phapang e teng):
int index = n;
haeba (n < HBP_NUM) { index = array_index_nospec(index, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Linus o ile a amohela ho lekala la hao, ho tloha temoso ka ho tsamaisa tlhaloso e fapaneng ho ea ho if block:
haeba (n < HBP_NUM) { int index = array_index_nospec(n, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Ka July, ho lokisoa ho ile ha boela ha fetisetsoa ho makala a kernel a tsitsitseng 4.4, 4.9, 4.14, 4.19 le 5.2. Bahlokomeli ba makala a tsitsitseng le bona ba ile ba kopana le temoso ’me, ho e-na le ho hlahloba ho bona hore na e se e lokisitsoe lekaleng le leholo la Linus, ba ile ba iketsetsa tokiso. Bothata ke hore ntle le ho nahana ka eona, ba mpa feela ho hlalosa sebopeho, e le hore pitso ea array_index_nospec, e fanang ka tšireletso ka ho toba khahlanong le ts'oaetso, ha e sa sebelisoa ha ho hlalosoa sebopeho, 'me ho e-na le "index" e feto-fetohang ho sebelisoa "n" kamehla:
int index = n;
haeba (n < HBP_NUM ){ struct perf_event *bp = thread->ptrace_bps[index];
index = array_index_nospec(index, HBP_NUM);
Source: opennet.ru