Kwanan nan An bayyana bayanin raunin (CVE-2022-29582) a cikin aiwatar da io_uring asynchronous I/O interface, wanda aka haɗa a cikin Linux kernel tun daga sigar 5.1, wanda ke ba da damar mai amfani da ba shi da gata ya zama tushen tsarin, koda lokacin aiwatar da amfani da akwati.
Yana da kyau a faɗi hakan ya ce an ba da rahoton rashin lafiyar fiye da watanni 3 da suka gabata (kimanin farkon watan Mayu na wannan shekara), amma an fitar da cikakkun bayanai da bayyanawa kwanan nan.
Game da rauni, an ambaci cewa wannan yana faruwa lokacin samun damar toshe ƙwaƙwalwar ajiya da aka rigaya ya 'yanta, yana bayyana kansa a cikin kernels na Linux wanda ya fara da reshen 5.10.
Game da yanayin rauni CVE-2022-29582
Wannan yanayin rauni yana ba da damar samun 'yantattun ƙwaƙwalwar ajiya sakamakon yanayin tseren lokacin da ake aiwatar da lokutan ƙarewa a cikin aikin io_flush_timeouts(), wandae yana cire shigarwar lokacin ƙarewa daga lissafin kuma ya soke shi, ba tare da tabbatar da ƙirƙira da gogewar lokaci ba a lokacin.
Wasu sun riga sun ba da cikakken bayanin io_uring. Sun bayyana shi sau dubu fiye da yadda muke yi, don haka kawai za mu rufe tsarin ƙasa da yawa (duba wannan labarin Tsaro na Grapl da wannan labarin Tsaro na Flatt don babban gabatarwa).
Me yafi mahimmanci, filin opcode yana ƙayyade nau'in aikin da za a yi. Ga kowane "opcode" da ke buƙatar ta, filin fd yana ƙayyadaddun bayanin fayil akan abin da za a yi I/O da ake nema. Kusan duk kiran tsarin I/O na al'ada (karanta, aikawa, da sauransu) suna da kwatankwacin opcode asynchronous. Kowane filin yana iya ɗaukar ayyuka daban-daban dangane da aiki.
Da zarar an dawo da shi daga SQ, ana canza SQE zuwa wakilcin ciki wanda aka siffanta ta hanyar tsarin io_kiocb (shigarwar kernel/kiran fitarwa). Waɗannan abubuwa an fi sanin su da buƙatun.
Ana amfani da struct io_kiocb a matsayin daidai da SQE "shirye-shirye don ƙaddamarwa" wanda aka dogara akan shi, ta yadda kowane mai siffanta fayil ya warware don tsara fayil * s, ana haɗe takaddun shaidar mai amfani, hali (a cikin abin da muryoyin za su gudana), da dai sauransu. .
Bayan an gama aikin da ake buƙata, an rubuta shi zuwa layin gamawa (CQ) shigarwar da ta dace da SQE. Ana kiran irin wannan shigarwar shigarwar layin gamawa (CQE) kuma ya ƙunshi filayen kamar lambar kuskure da ƙimar sakamako. Aikace-aikacen sararin samaniya na mai amfani na iya jefa kuri'a ga CQ don sababbin shigarwar don tantance ko SQE da aka aiko sun gama aiki da menene sakamakonsu.
An ambaci cewa akwai wasu al'amuran da ke da sauƙin maye gurbin abu akan cigaba. Amma akwai iyakoki guda biyu:
- Dole ne a sanya LT' kuma a fara a cikin taga tseren. Wato bayan an saki LT amma kafin a kai ga wani matsayi a cikin LT da ba a iya shiga.
- LT' na iya zama wani abu mai tsarin io_kiobc. Saboda keɓewar tsibi, inda aka raba abubuwan da ke cikin tulin bisa ga nau'insu, yana da wahala a sake sanya su a matsayin wani nau'in abu na daban a cikin taga tseren.
Masu bincike sun shirya amfani mai aiki wanda baya buƙatar haɗawa da wuraren gano sunan mai amfani (wuraren sunan mai amfani) don aikin sa kuma yana iya ba da damar tushen tushen mai watsa shiri lokacin da mai amfani mara gata ya ƙaddamar da amfani a cikin keɓaɓɓen akwati.
Amfaninmu yana hari nau'in kernel 5.10.90, nau'in Google yana gudana daga nesa a lokacin. Dole ne mu daidaita amfaninmu zuwa takamaiman takamaiman sabar (4 Skylake Xeon cores @ 2.80Ghz, 16GiB RAM), amma tare da wasu tweaking, kowane injin da ke gudanar da kernel mai rauni yakamata ya zama mai amfani.
Hakanan amfani yana aiki a cikin yanayin nsjail keɓewa akan rarrabawar Google COS (Container Optimized OS) dangane da Chromium OS kuma ana amfani da shi akan Dandalin Google Cloud akan na'urori masu ƙima. An tsara amfani da shi don yin aiki tare da rassan kwaya daga 5.10 zuwa 5.12. A ƙarshe, yana da kyau a ambaci hakan matsalar da aka gyara a watan Afrilu a cikin sabuntawa 5.10.111, 5.15.34 da 5.17.3.
A ƙarshe, idan kuna sha'awar ƙarin sani game da raunin, kuna iya tuntuɓar littafin da aka buga A cikin mahaɗin mai zuwa.