Iprojekthi ye-Grsecurity ipapashe iinkcukacha kunye nomboniso wendlela yokuhlaselwa kobuthathaka obutsha (CVE-2021-26341) kwiiprosesa ze-AMD ezinxulumene nokwenziwa okuqikelelwayo kwemiyalelo emva kokusebenza okungenamiqathango phambili. Ukuba uhlaselo luphumelele, ubuthathaka buvumela imixholo yemimandla yememori engafanelekanga ukuba izimisele. Ngokomzekelo, abaphandi baye balungiselela i-exploit ebavumela ukuba banqume idilesi yedilesi kwaye badlule i-KASLR (imemori ye-kernel randomization) yokukhusela indlela yokukhusela ngokwenza ikhowudi engafanelekanga kwi-ePBF kernel subsystem. Ezinye iimeko zohlaselo azinakukhutshelwa ngaphandle ezinokukhokelela ekuvuzeni kwemixholo yememori ye-kernel.
Ukuba semngciphekweni kukuvumela ukuba wenze iimeko phantsi kwazo iprosesa, ngexesha lokwenziwa kwangaphambili, iqhubekisela phambili ngokuqikelelwa ngoko nangoko emva komyalelo wokutsiba kwinkumbulo (SLS, Straight Line Speculation). Ngaphaya koko, olo lungiselelo alusebenzi kuphela kubaqhubi abatsibayo ngokwemiqathango, kodwa nakwimiyalelo ethetha ukutsiba ngokuthe ngqo okungenamiqathango, njenge-JMP, RET kunye ne-CALL. Ukulandela imiyalelo yokutsiba engenamiqathango, idatha engafanelekanga engenzelwanga ukwenziwa inokubekwa. Emva kokumisela ukuba isebe alibandakanyi ukuphunyezwa komyalelo olandelayo, iprosesa ivele ibuyisele umva urhulumente kwaye ingayihoyi ukubulawa okuqikelelwayo, kodwa umkhondo wokuphunyezwa komyalelo uhlala kwi-cache ekwabelwanayo ngayo kwaye iyafumaneka ukuze uhlalutywe kusetyenziswa iindlela zokufumana umjelo osecaleni.
Njengoko kuxhatshazo lwe-Specter-v1 sesichengeni, uhlaselo lufuna ubukho bolandelelwano oluthile lwemiyalelo (izixhobo) kwi-kernel ekhokelela ekubulaweni okuqikelelwayo. Ukuthintela ukuba sesichengeni kule meko kwehla ekuchongeni izixhobo ezinjalo kwikhowudi kunye nokongeza imiyalelo eyongezelelweyo kubo evimba ukubulawa okuqikelelwayo. Iimeko zokwenziwa okuqikelelwayo zisenokwenziwa ngeenkqubo ezingakhethi cala ezisebenza kumatshini wenyani we-eBPF. Ukuthintela ukukwazi ukwenza izixhobo zombane usebenzisa i-eBPF, kuyacetyiswa ukuba ukhubaze ukufikelela okungenalungelo kwi-eBPF kwisistim (βsysctl -w kernel.unprivileged_bpf_disabled=1β).
Ubuthathaka buchaphazela iiprosesa ezisekwe kwiZen1 kunye neZen2 microarchitecture, kubandakanya isizukulwana sokuqala kunye nesesibini se-AMD EPYC kunye ne-AMD Ryzen Threadripper processors, kunye ne-AMD Ryzen 2000/3000/4000/5000, AMD Athlon, AMD Athlon X, AMD Ryzen Threadripper I-PRO kunye ne-APU series processors A. Ukuthintela ukuphunyezwa kokuqikelelwa kwemiyalelo, kuyacetyiswa ukuba ubize i-INT3 okanye imiyalelo ye-LFENCE emva kokusebenza kwesebe (RET, JMP, CALL).
umthombo: opennet.ru