Abaphuhlisi beprojekthi yeGrsecurity Ibali elilumkisayo elibonisa indlela ukupheliswa ngokungenangqiqo kwezilumkiso zomqokeleli kunokukhokelela ekubeni sesichengeni kwikhowudi. Ekupheleni kukaMeyi, kwandululwa ukulungiswa kweLinux kernel yevektha entsha yoxhatshazo lweSpecter semngciphekweni ngokufowunela inkqubo yeptrace.
Ngethuba bevavanya i-patch, abaphuhlisi baqaphela ukuba xa besakha, umqambi ubonisa isilumkiso malunga nekhowudi yokuxuba kunye neenkcazo (isakhiwo sichazwe emva kwekhowudi, sinikezela ixabiso kwi-variable ekhoyo):
int index = n;
ukuba (n < HBP_NUM) { index = array_index_nospec(index, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
Wamnkela uLinus kwisebe lakho elilawulayo, ukusuka kwisilumkiso ngokususa inkcazo eguquguqukayo ukuya kwibhlokhi ukuba:
ukuba (n < HBP_NUM) { int index = array_index_nospec(n, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
NgoJulayi, ukulungiswa kwakhona kwathunyelwa kumasebe e-kernel azinzileyo 4.4, 4.9, 4.14, 4.19 kunye ne-5.2. Abagcini bamasebe azinzileyo nabo badibana nesilumkiso kwaye, endaweni yokujonga ukuba sele silungisiwe na kwisebe eliyintloko likaLinus, bazilungisa ngokwabo. Ingxaki kukuba ngaphandle kokucinga ngokwenene ngayo, basuka nje ukuchaza ulwakhiwo phezulu, ukwenzela ukuba umnxeba kwi-array_index_nospec, enika ukhuseleko ngokuthe ngqo ekukhuseleni, ayisasetyenziswa xa kuchazwa isakhiwo, kwaye endaweni ye-variable "index" i-variable "n" isoloko isetyenziswa:
int index = n;
ukuba (n < HBP_NUM ) { struct perf_event *bp = thread->ptrace_bps[index];
isalathisi = uluhlu_isalathisi_nospec(isalathisi, HBP_NUM);
umthombo: opennet.ru