Ukuba sengozini (CVE-6.2-2023) kukhonjwe ku-Linux kernel 1998, ekhubaza ukuvikela ekuhlaselweni kweSpecter v2, okuvumela ukufinyelela kwinkumbulo yezinye izinqubo ezisebenza ngemicu ehlukene ye-SMT noma ye-Hyper Threading, kodwa kuphrosesa efanayo yomzimba. umnyombo. Ukuba sengozini, phakathi kwezinye izinto, kungasetshenziswa ukudala ukuvuza kwedatha phakathi kwemishini ebonakalayo kumasistimu wamafu. Inkinga ithinta kuphela i-Linux 6.2 kernel futhi ibangelwa ukuqaliswa okungalungile kokulungiselelwa okudizayinelwe ukunciphisa i-overhead ebalulekile yokusebenzisa ukuvikela kwe-Specter v2. Ukuba sengozini kwalungiswa egatsheni lokuhlola le-Linux 6.3 kernel.
Esikhaleni somsebenzisi, ukuze kuvikelwe ekuhlaselweni kwe-Specter, izinqubo zingakhubaza ngokukhetha ukuqagela kwemiyalelo kusetshenziswa i-prctl PR_SET_SPECULATION_CTRL noma zisebenzise ukuhlunga ucingo lwesistimu ngokusekelwe kumshini we-seccomp. Ngokwabacwaningi abahlonze inkinga, ukwenza kahle okungalungile ku-kernel 6.2 kushiye imishini ebonakalayo okungenani yomhlinzeki oyedwa omkhulu wamafu ngaphandle kokuvikelwa okufanele, naphezu kokufakwa kwemodi yokuvimbela ukuhlasela kwe-spectre-BTI nge-prctl. Ukuba sengozini kuphinda kubonakale kumaseva avamile ane-kernel 6.2, uma kulayishwa kusetshenziswa isilungiselelo esithi βspectre_v2=ibrsβ.
Ingqikithi yokuba sengozini iwukuthi lapho kukhethwa izindlela zokuvikela ze-IBRS noma ze-eIBRS, ukulungiselelwa okwethulwe kukhubaze ukusetshenziswa komshini we-STIBP (Single Thread Indirect Branch Predictors), okudingekayo ukuze uvimbele ukuvuza lapho kusetshenziswa ubuchwepheshe bokufunda okuningi ngasikhathi sinye (i-SMT noma i-Hyper- Uchungechunge). Kodwa-ke, imodi ye-eIBRS kuphela enikeza isivikelo ekuvuzeni phakathi kwemicu, kodwa hhayi imodi ye-IBRS, njengoba kulokhu ibhithi ye-IBRS, ehlinzeka ngokuvikeleka ekuvuzeni phakathi kwamacores anengqondo, iyasulwa ngenxa yezizathu zokusebenza lapho ukulawula kubuyela endaweni yomsebenzisi, okwenza imicu esikhaleni somsebenzisi engavikelekile ekuhlaselweni kwe-Specter v2.
Source: opennet.ru