Iphrojekthi ye-Grsecurity ishicilele imininingwane kanye nokuboniswa kwendlela yokuhlasela yokuba sengozini entsha (CVE-2021-26341) kumaphrosesa e-AMD ahlobene nokuqagelwa kokuqagela kwemiyalelo ngemuva kokusebenza phambili okungenamibandela. Uma ukuhlasela kuphumelela, ukuba sengozini kuvumela okuqukethwe kwezindawo zenkumbulo okungahleliwe ukuthi kunqunywe. Isibonelo, abacwaningi balungiselele ukuxhaphaza okubavumela ukuthi banqume ukwakheka kwekheli futhi badlule indlela yokuvikela ye-KASLR (kernel memory randomization) ngokwenza ikhodi engalungile ohlelweni olungaphansi lwe-ePBF kernel. Ezinye izimo zokuhlasela azikwazi ukukhishwa ezingaholela ekuvuzeni kokuqukethwe kwenkumbulo ye-kernel.
Ukuba sengozini kukuvumela ukuthi udale izimo lapho iphrosesa, ngesikhathi sokwenza kusengaphambili, icubungula ngokuqagela imiyalelo ngokushesha kulandela umyalo wokweqa kumemori (SLS, Straight Line Speculation). Ngaphezu kwalokho, ukulungiselelwa okunjalo akusebenzi kuphela kuma-opharetha okugxuma okunemibandela, kodwa futhi nemiyalo esho ukugxuma okungenamibandela okungenamibandela, njenge-JMP, RET kanye ne-CALL. Ngokulandela imiyalelo yokweqa okungenamibandela, idatha engafanele engahloselwe ukwenziwa ingafakwa. Ngemva kokunquma ukuthi igatsha alibandakanyi ukuqaliswa komyalelo olandelayo, iphrosesa ivele ihlehlise isimo futhi indibe ukubulawa okuqagelayo, kodwa umkhondo wokwenziwa kwemiyalelo uhlala kunqolobane okwabelwana ngayo futhi uyatholakala ukuze uhlaziywe kusetshenziswa amasu okuthola kabusha kwesiteshi eseceleni.
Njengokuxhashazwa kokuba sengozini kwe-Specter-v1, ukuhlasela kudinga ukuba khona kwemiyalelo ethile elandelanayo (amagajethi) ku-kernel eholela ekubulaweni okucatshangelwayo. Ukuvimbela ukuba sengozini kulesi simo kwehla ekuboneni amagajethi anjalo kukhodi nokwengeza imiyalelo eyengeziwe kuwo evimba ukubulawa okuqagelayo. Izimo zokubulawa okucatshangelwayo zingaphinda zidalwe izinhlelo ezingagunyaziwe ezisebenza emshinini wokubuka we-eBPF. Ukuze uvimbele ikhono lokwakha amagajethi kusetshenziswa i-eBPF, kuyatuswa ukukhubaza ukufinyelela okungenanjongo ku-eBPF ohlelweni (βsysctl -w kernel.unprivileged_bpf_disabled=1β).
Ukuba sengozini kuthinta amaphrosesa asuselwa ku-Zen1 neZen2 microarchitecture, okuhlanganisa isizukulwane sokuqala nesesibili se-AMD EPYC kanye ne-AMD Ryzen Threadripper processors, kanye ne-AMD Ryzen 2000/3000/4000/5000, AMD Athlon, AMD Athlon X, AMD Ryzen Threadripper Amaphrosesa ochungechunge lwe-PRO kanye ne-APU A. Ukuze uvimbele ukwenziwa kwemiyalelo okuqagelayo, kunconyiwe ukushayela i-INT3 noma imiyalelo ye-LFENCE ngemva kokusebenza kwegatsha (RET, JMP, CALL).
Source: opennet.ru