Kutshanje iindaba ziye zaqhekeka kuchongwe ubuthathaka obubini Kwi-linux kernel leyo vumela ukusebenzisa inkqubo esezantsi I-eBPF yokudlula kukhuseleko ngokuchasene nokuhlaselwa kweSpecter 4 (I-SSB, iVenkile yokuGqibela yokuGcina). Kukhankanyiwe ukuba ngokusebenzisa inkqubo ye-BPF engafumanekiyo, umhlaseli angenza iimeko zokwenza intelekelelo yemisebenzi ethile kwaye amisele umxholo weendawo ezingalunganga zememori ye-kernel.
Inkqubo yokuhlaselwa kweSpecter 4 ixhomekeke ekubuyiseleni idatha ebanjwe kwindawo yokugcina iprosesa emva kokulahla iziphumo zokwenza intelekelelo xa kusenziwa imisebenzi yokufundwa kunye nokubhalwa kokunxibelelana kusetyenziswa indlela ethe ngqo.
Xa umsebenzi ofundwayo ulandela umsebenzi wokubhala, iseti yendlela yokufunda isenokuba sele isaziwa ngenxa yokusebenza okufanayo (imisebenzi efundwayo yenziwa rhoqo kwaye ukufundwa kunokwenziwa kwi-cache) kwaye iprosesa inokufunda ngokuthelekisayo ngaphambi kokubhala, ngaphandle kokulinda ulwalathiso lokubhaliweyo olungangqalanga oluza kubalwa.
Ukuba, emva kokubala i-offset, indawo enqamlezileyo yeendawo zokubhala nokubhala ifunyenwe, iprosesa iya kulahla iziphumo ezifundwayo esele zifunyenwe ngokuzicingela kwaye iphinda lo msebenzi. Lo msebenzi uvumela ukufundwa kokufunda ukufikelela kwixabiso langaphambili kwicala elithile ngelixa ugcino lusalindile.
Emva kokulawula urhwebo olusilelayo lokuqikelela, umkhondo wokuphunyezwa kwayo uhlala kwindawo efihlakeleyo, emva koko Enye yeendlela zokumisela imixholo efihlakeleyo inokusetyenziselwa ukuyifumana kwakhona ngokusekwe kuhlalutyo lotshintsho kwixesha lokufikelela kwi-cache kunye nedatha egciniweyo.
Qaphela ukuba isihloko ngasinye sinokuxhatshazwa ngokuzimeleyo kwesinye, kuxhomekeke kuso kwiimpazamo ezingadluliyo.
Ii-PoCs kwabelwane ngazo ngasese nabagcini benkqubo esezantsi ye-BPF ukuya ukunceda kuphuhliso lwamalungiselelo.
Ubungozi bokuqala I-CVE-2021-35477: kubangelwa sisiphene kwinkqubo yokuqinisekisa inkqubo ye-BPF. Ukuzikhusela kuhlaselo lweSpecter 4, isitsheki songeza umyalelo ongezelelweyo emva kokugcina umsebenzi onokuba yingxaki kwimemori, sigcina ixabiso elingu-zero ukuseta intsebenzo yangaphambili.
Kwakucingelwa ukuba umsebenzi wokubhala ongu-zero uza kukhawuleza kakhulu kwaye uya kuthintela ukwenziwa kwenkohliso njengoko kuxhomekeke kuphela kwisikhombisi sesakhelo se-BPF. Kodwa, enyanisweni, kwakunokwenzeka ukudala iimeko apho umyalelo okhokelela ekusebenzisweni okucingelwayo unexesha lokuphumeza ngaphambi kokugcina ukhuseleko.
Ubungozi besibini I-CVE-2021-3455: inxulumene nenyani yokuba xa umvavanyi we-BPF efumanisa ukuba inokuba yingozi ukugcina imisebenzi kwimemori, iindawo ezingachazwanga zesitaki seBPF, umsebenzi wokuqala wokubhala apho ungakhuselwanga khona, ungakhathalelwa.
Eli nqaku likhokelela kwinto enokwenzeka yokwenza umsebenzi wokufundela ocingelwayo, kuxhomekeke kwindawo yememori engachazwanga, ngaphambi kokwenza umyalelo wevenkile. Inkumbulo entsha yesitaki seBPF yabiwa ngaphandle kokujonga umxholo osele ukwimemori eyabelweyo, kwaye kwinqanaba ngaphambi kokuba inkqubo ye-BPF iqale, kukho indlela yokulawula umxholo wendawo yememori, eya kuthi yabelwe yona isitaki seBPF.
Isisombululo esikhoyo sisebenzisa ubuchule bokunciphisa ukuze siqhubeke icetyiswa ngabathengisi be-CPU kwaye iyafumaneka kwi-kernel ephambili Indawo yokugcina git.
Okokugqibela, kuyakhankanywa ukuba abagcini beenkqubo ezisezantsi ze-eBPF kwi-kernel bafumane ukufikelela kwiprototype exhaphazayo ebonisa ukubakho kokwenza uhlaselo.
Iingxaki zilungiswe ngohlobo lweepatches, eziza kubandakanywa kuhlaziyo olulandelayo lwe-Linux kernel, ke uhlaziyo lonikezelo olwahlukeneyo luya kuqala ukufika kwiintsuku ezimbalwa ezizayo.
Umthombo: https://www.openwall.com/