A bug muLinux 6.2 inotenderwa nekupfuura Specter v2 kurwisa kudzivirira

Munguva pfupi yapfuura, ruzivo rwakaburitswa nezve a kusagadzikana kwakaonekwa muLinux 6.2 kernel (yatonyorwa pasi apa CVE-2023-1998) uye chinomira pachena nekuti ndizvo dzima Specter v2 kurwisa kudzivirira iyo inobvumira kupinda mundangariro nemamwe maitiro anomhanya pane akasiyana SMT kana Hyper Threading tambo, asi pane imwecheteyo yemuviri processor core.

Kusagadzikana kunoonekwa pakati pezvimwe zvinhu nekuti inogona kushandiswa kuronga data leakage pakati virtual muchina mumafu masystem. 

Kune avo vasingazive nezve Specter, vanofanirwa kuziva izvi ndeimwe yeaviri ekutanga ekupedzisira kuuraya CPU kusasimba (imwe yacho Meltdown), iyo inosanganisira microarchitectural timeing side-channel kurwisa. Izvi zvinokanganisa mamicroprocessors emazuva ano anoita fungidziro yekusvetuka uye mamwe maitiro ekufungidzira.

Pane akawanda ma processors, kufungidzira kuurayiwa kunokonzerwa nekufanotaura kwebazi kwakashata kunogona kusiya zvinoonekwa mhedzisiro inogona kuratidza yakavanzika data. Semuyenzaniso, kana iyo pateni yekurangarira inosvika yakaitwa nekufungidzira kwakadai inoenderana neyakavanzika data, inozoitika mamiriro e data cache inoumba nzira yekudivi iyo anorwisa anogona kuburitsa ruzivo nezve yakavanzika data achishandisa nguva yekurwiswa.

Kubva pakuburitswa kweSpecter uye Meltdown muna Ndira 2018, misiyano yakati wandei uye mhando nyowani dzekusagadzikana dzine chekuita navo dzakabuda.

Iyo Linux kernel inobvumira userland maitiro ekugonesa mitigations nekufonera prctl nePR_SET_SPECULATION_CTRL, iyo inodzima iyo spec function, pamwe nekushandisa seccomp. Takaona kuti pamashini chaiwo kubva kune imwechete yakakura gore rinopa, iyo kernel ichiri kusiya nzira yekubatwa yakavhurika kurwisa mune dzimwe nguva, kunyangwe mushure mekugonesa specter-BTI kudzikiswa ne prctl. 

Nezvekusagadzikana, kunotaurwa izvozvo munzvimbo yevashandisi, kudzivirira pakurwiswa ye Specter, maitiro anogona kusarudza kudzima kuurayiwa mirairo yekufungidzira ine prctl PR_SET_SPECULATION_CTRL kana shandisa seccomp-based system call sefa.

Maererano nevatsvakurudzi vakaona dambudziko racho, optimization isiriyo mu kernel 6.2 yakasiya mashini chaiwo kubva kune imwechete yakakura mupi wegore pasina kudzivirira kwakakodzera kunyangwe kusanganisirwa kweiyo specter-BTI kurwisa ichivharira maitiro kuburikidza ne prctl. Kusagadzikana kunozviratidzawo pamaseva akajairwa ane kernel 6.2, ayo anotanga nekumisikidzwa "spectre_v2=ibrs".

Izvo zvakakosha zvekusagadzikana ndezvekuti nekusarudza nzira dzekudzivirira IBRS kana eIBRS, magadzirirwo akaitwa akaremara kushandiswa kweSTIBP (Single Thread Indirect Branch Predictors) nzira, iyo inofanirwa kuvharira kudonha kana uchishandisa Simultaneous Multi-Threading (SMT kana Hyper-Threading) tekinoroji. )

Nekudaro, iyo chete eIBRS modhi inopa dziviriro kubva pakudonha pakati petambo, kwete iyo IBRS modhi, sezvo nayo iyo IBRS bit, iyo inopa dziviriro kubva pakudonha pakati peane musoro cores, inocheneswa nekuda kwezvikonzero zvekushanda kana kutonga kuchidzokera kumushandisi wenzvimbo, izvo zvinoita. mushandisi-nzvimbo tambo dzisina kudzivirirwa pakurwiswa kubva kuSpecter v2 kirasi.

Muedzo une maitiro maviri. Anorwisa anogara achiisa chepfu kufona kusina kunanga kuti aite zvekufungidzira kukero yekwainoenda. Maitiro ekubatwa anoyera mwero wakashata wekufungidzira uye anoedza kurerutsa kurwiswa nekufonera PRCTL kana kunyora kuMSR zvakananga uchishandisa kernel module inofumura iyo MSR kuverenga nekunyora mashandiro munzvimbo yemushandisi.

Dambudziko rinobata chete Linux 6.2 kernel uye imhaka yekushandiswa kusiri iko kwekugadzirisa kwakagadzirirwa kudzikisa kukosha kwepamusoro paunenge uchishandisa dziviriro kubva kuSpecter v2. vulnerability Yakagadziriswa muyedzo yeLinux 6.3 kernel bazi.

Pakupedzisira hongu Iwe unofarira kudzidza zvakawanda nezvazvo? unogona kutarisa ruzivo mu inotevera chinongedzo.