U-Jann Horn ovela ethimbeni le-Google Project Zero, owake wakhomba ubungozi be-Specter kanye ne-Meltdown, ushicilele indlela yokusebenzisa ubungozi (CVE-2021-4083) kumqoqi wezibi we-Linux kernel. Ukuba sengozini kungenxa yesimo somjaho lapho kuhlanzwa izichazi zefayela kumasokhethi e-unix futhi ngokunokwenzeka kuvumele umsebenzisi wasendaweni ongenalo ilungelo ukuthi asebenzise ikhodi yakhe ezingeni le-kernel.
Inkinga iyathakazelisa ngoba iwindi lesikhathi okwenzeka ngalo isimo somjaho lalilinganiselwa ukuthi lincane kakhulu ukuthi lingakwazi ukudala ukuxhashazwa kwangempela, kodwa umbhali wocwaningo ubonise ukuthi ngisho nobuthakathaka obunjalo bokungabaza ekuqaleni bungaba umthombo wokuhlaselwa kwangempela uma umdali oxhashazwayo ene amakhono adingekayo kanye nesikhathi. U-Yann Horn ubonise ukuthi, ngosizo lwe-filigree manipulations, unganciphisa kanjani isimo somjaho esenzeka lapho ubiza imisebenzi ye-close() ne-fget() kanyekanye ibe sengozini yokusebenzisa ngemva kwamahhala futhi ufinyelele kudatha esivele ikhululiwe. isakhiwo ngaphakathi kwe-kernel.
Isimo somjaho senzeka phakathi nenqubo yokuvala isichazi sefayela ngenkathi ubiza u-close() kanye ne-fget() ngesikhathi esifanayo. Ikholi yokuvala () ingase yenzeke ngaphambi kokuthi i-fget () ikhishwe, okuzodidanisa umqoqi kadoti ngoba, ngokusho kwe-refcount, isakhiwo sefayela ngeke sibe nezinkomba zangaphandle, kodwa sizohlala sinamathele kumchazi wefayela, i.e. Umqoqi kadoti uzocabanga ukuthi unokufinyelela okukhethekile esakhiweni, kodwa empeleni, isikhathi esifushane, ukungena okusele kuthebula lesichazi sefayela kusazokhomba ukuthi isakhiwo sikhululiwe.
Ukuze kwandiswe amathuba okuba ungene esimweni somjaho, kwasetshenziswa amaqhinga ambalwa, okwenza kwaba nokwenzeka ukukhulisa amathuba okuphumelela kokuxhashazwa afike ku-30% lapho kwethulwa ukulungiselelwa okuqondene nesistimu ethile. Isibonelo, ukwandisa isikhathi sokufinyelela isakhiwo esinezincazelo zefayela ngamakhulu amaningana ama-nanoseconds, idatha yakhishwa kunqolobane yokucubungula ngokufaka udoti inqolobane ngomsebenzi komunye umnyombo we-CPU, okwenze kwaba nokwenzeka ukubuyisa isakhiwo enkumbulweni kunokusuka. i-cache ye-CPU esheshayo.
Isici sesibili esibalulekile kwakuwukusetshenziswa kweziphazamiso ezikhiqizwe isibali sikhathi sezingxenyekazi zekhompyutha ukuze kwandiswe isikhathi sesimo somjaho. Isikhathi sikhethiwe ukuze isibambi esiphazamisayo sidubule uma kwenzeka isimo somjaho futhi siphazamise ukusetshenziswa kwekhodi isikhathi esithile. Ukuze kuqhutshekwe kubambezeleke ukubuyiselwa kokulawula, cishe ukufakwa kwezinkulungwane ezingu-50 kulayini wokulinda kwenziwe kusetshenziswa i-epoll, edinga ukusesha ngesibambi esiphazamisayo.
Indlela yokusebenzisa ubungozi idalulwe ngemuva kwezinsuku ezingama-90 zokungadaluli. Inkinga ivela kusukela ku-kernel 2.6.32 futhi yalungiswa ekuqaleni kukaDisemba. Ukulungiswa kufakwe ku-kernel 5.16 futhi kwadluliselwa emagatsheni e-LTS e-kernel namaphakheji e-kernel ahlinzekwe ekusatshalalisweni. Kuyaphawuleka ukuthi ubungozi buphawulwe ngesikhathi sokuhlaziywa kwenkinga efanayo CVE-2021-0920, ezibonakalisa kumqoqi wezibi lapho kucutshungulwa ifulegi le-MSG_PEEK.
Source: opennet.ru