Kusagadzikana mu io_uring kwakabvumira mushandisi asina mvumo kuti ave midzi kunyangwe mumidziyo

Munguva pfupi yapfuura ruzivo rwekusagadzikana rwakaburitswa (CVE-2022-29582) mukuitwa kweiyo io_uring asynchronous I/O interface, inosanganisirwa muLinux kernel kubvira vhezheni 5.1, iyo inobvumira mushandisi asina rusarura kuti ave mudzi pahurongwa, kunyangwe kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzo.

Zvakakodzera kutaura izvozvo akati kusadzivirirwa kwakataurwa pamusoro pemwedzi mitatu yapfuura (inenge kutanga kwaMay gore rino), asi ruzivo ruzere uye kuburitswa kwakangoburitswa nguva pfupi yadarika.

Nezvekusagadzikana, zvinonzi izvi zvinoitika kana uchiwana block yememori yakatosunungurwa, inozviratidza muLinux kernels kutanga nebazi 5.10.

Nezve kunetseka CVE-2022-29582

Uku kunetseka inobvumira kupinda kune yakasunungurwa ndangariro semhedzisiro yemamiriro enhangemutange kana uchibata nguva yekubuda mu io_flush_timeouts() basa, iroe inobvisa nguva yekupinda kubva pane rondedzero uye kuidzima, pasina kuratidza kusikwa uye kubviswa kweiyo nguva yekupera panguva iyoyo.

Tsananguro yakagadziridzwa yeio_uring yakatopihwa nevamwe. Vanozvitsanangura zvakapetwa kachuru pane zvatinoita, saka isu tichangovhara iyo subsystem zvakanyanya (ona ichi Grapl Chengetedzo chinyorwa uye ichi Flatt Chengetedzo chinyorwa chesumo huru).

Chii chinonyanya kukosha, iyo opcode field inosarudza rudzi rwekushanda kwekuita. Kune yega yega "opcode" inoida, iyo fd ndima inotsanangura iyo faira descriptor pakuita iyo yakakumbirwa I/O. Anenge ese akajairwa I/O system mafoni (verenga, sendto, nezvimwewo) ane yakaenzana asynchronous opcode. Munda wega wega unogona kutora mabasa akasiyana zvichienderana nekushanda.

Kana yadzoserwa kubva kuSQ, SQE inoshandurwa kuita inomiririra yemukati inotsanangurwa neiyo struct io_kiocb (kernel input/output call back). Zvinhu izvi zvinowanzozivikanwa sezvikumbiro.

struct io_kiocb inoshandiswa seyakafanana neSQE "yakagadzirira-yekutanga" payakavakirwa, apo chero faira rinotsanangura rinogadziriswa kugadzira mafaera*, zvitupa zvemushandisi zvakasungirirwa, hunhu (umo macores achamhanya), nezvimwe. .

Mushure mekunge basa rakumbirwa rapera, rinonyorerwa kumutsara wekupedzisa (CQ) chinyorwa chinoenderana neSQE. Kupinda kwakadaro kunonzi kupedzisa queue entry (CQE) uye ine minda yakadai sekodhi kodhi uye kukosha kwemhedzisiro. Iyo mushandisi nzvimbo yekushandisa inogona kuvhota iyo CQ yezvinyorwa zvitsva kuona kana maSQE akatumirwa apedza kugadzirisa uye kuti mhedzisiro yavo yaive yei.

Izvo zvinotaurwa izvo pane mamwe mascenario ayo ari nyore kutsiva chinhu pakufambira mberi. Asi pane zvipingamupinyi zviviri:

  • LT' inofanirwa kupihwa uye kutangwa mujaho hwindo. Izvi zvinoreva, mushure mokunge LT yasunungurwa asi isati yasvika pane imwe nzvimbo muLT iyo isingachasviki.
  • LT' inogona kungova imwe struct io_kiocb chinhu. Nekuda kwekuparadzaniswa kwemurwi, uko zvinhu zviri mumurwi zvinopatsanurwa zvichienderana nerudzi rwazvo, zvakanyanya kuoma kuti uzvitumirezve semhando yechinhu chakasiyana mukati mehwindo remujaho.

Vatsvakurudzi vakagadzirira kushandiswa kwekushanda iyo isingade kuisirwa nzvimbo dzemazita emushandisi (mazita emushandisi) pakushanda kwayo uye inogona kupa midzi yekuwana kune mugamuchiri kana mushandisi asina rusaruro atanga kushandiswa mumudziyo uri wega.

Kubiridzira kwedu kwakanangana nekernel vhezheni 5.10.90, vhezheni yeGoogle yaive ichimhanya kure panguva iyoyo. Isu taifanira kugadzirisa kushandiswa kwedu kune zvakatemwa sevhavha (4 Skylake Xeon cores @ 2.80Ghz, 16GiB RAM), asi neimwe tweaking, chero muchina unomhanyisa kernel iri munjodzi unofanirwa kushandiswa.

Iko kushandiswa kunoshandawo munharaunda ye nsjail yakasarudzika paGoogle COS (Container Optimized OS) kugovera zvichibva paChromium OS uye inoshandiswa paGoogle Cloud Platform paCompute Engine virtual machines. Iko kushandiswa kwakagadzirirwa kushanda nematavi ekernel kubva pa5.10 kusvika 5.12. Pakupedzisira, zvakakodzera kutaura izvozvo dambudziko rakagadziriswa muna Kubvumbi mune zvinyorwa 5.10.111, 5.15.34 uye 5.17.3.

Chekupedzisira, kana iwe uchida kuziva zvakawanda nezvekusagadzikana, unogona kubvunza chinyorwa chakaitwa Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako