Chirongwa munguva pfupi yapfuura Grsecurity yakaziviswa kuburikidza nechinyorwa ruzivo uye demo nzira yekurwisa yekusagadzikana kutsva (yakatonyorwa se CVE-2021-26341) mu AMD processors ane hukama nekuita kwekufungidzira mirairo mushure mekusagadziriswa kusvetuka-mberi mashandiro.
Kunetseka inobvumira processor kuti iite zvekufungidzira iwo rairo nekukurumidza mushure mekusvetuka (SLS) kuraira mundangariro panguva yekufungidzira kuuraya. Panguva imwecheteyo, optimization yakadaro haishande chete kune vane mamiriro ekusvetuka vanoshanda, asi zvakare nemirayiridzo inosanganisira kusvetuka kusingaite, seJMP, RET, uye CALL.
Mirayiridzo yebazi isina zvimiro inogona kuteverwa nedata isina kurongeka iyo isina kuitirwa kuurayiwa. Mushure mekuona kuti bazi harisanganisire kuitwa kwechirevo chinotevera, iyo processor inongodzosera kumashure nyika uye inofuratira kufungidzira kuurayiwa, asi iyo yekuteedzera yekuraira inoramba iri mune yakajairika cache uye inowanikwa kuti iongororwe uchishandisa parutivi-chaneru nzira dzekutora.
AMD inopa gadziriso yeyakakurudzirwa kudzikiswa, iyo G-5 kudzikisira, mu "Software Techniques for Managing Speculation mu AMD processors" whitepaper. Iyo G-5 kudzikisira inobatsira kugadzirisa zvinogona kuitika zvine chekuita nekufungidzira maitiro emirairo yebazi.
AMD processors inogona kuita mirairo kwenguva pfupi ichitevera isina magumo bazi remberi izvo zvinogona kukonzera cache chiitiko
Sezvo nekushandiswa kweSpecter-v1, kurwiswa kunoda kuvepo kwemamwe akatevedzana yemirairo (magajeti) mu kernel, izvo zvinotungamira kukuuraya kwekufungidzira.
Muchiitiko ichi, kuvharidzira kusagadzikana kunodzika kusvika pakuziva zvishandiso zvakadaro mukodhi uye nekuwedzera mimwe mirairo kwavari inovharira kuuraya kwekufungidzira. Mamiriro ekufungidzira ekuuraya anogona zvakare kugadzirwa uchishandisa asiri-yakasarudzika zvirongwa zvinomhanya pamushini weBPF chaiwo.
Kuferefeta uku kwakakonzera kuwanikwa kwekusagadzikana kutsva, CVE-2021-26341. [1] , yatichakurukura zvakadzama munyaya ino. Semazuva ese, isu tinozotarisa pane tekinoroji maficha ekusagadzikana, kudzikisira kunoratidzwa ne AMD, uye nekubata zvinhu.
Kuvhara kugona kuvaka zvishandiso uchishandisa eBPF, zvinokurudzirwa kudzima mukana usina mukana weBPF muhurongwa ("sysctl -w kernel.unprivileged_bpf_disabled=1").
Kusagadzikana kunobata ma processor akavakirwa paZen1 uye Zen2 microarchitecture:
Desk
- AMD Athlon™ X4 processor
- AMD Ryzen ™ Threadripper ™ PRO processor
- XNUMXnd Generation AMD Ryzen ™ Threadripper™ processors
- XNUMXrd Generation AMD Ryzen ™ Threadripper™ processors
- XNUMXth Generation AMD A-yakatevedzana APU
- AMD Ryzen™ 2000 Series Desktop processors
- AMD Ryzen™ 3000 Series Desktop processors
- AMD Ryzen™ 4000 Series Desktop processors ine Radeon™ Graphics
Mobile
- AMD Ryzen™ 2000 Series Mobile processor
- AMD Athlon™ 3000 Series Mobile processors ine Radeon™ Graphics
- AMD Ryzen™ 3000 Series Mobile processors kana XNUMXnd Generation AMD Ryzen™ Mobile processors ine Radeon™ Graphics.
- AMD Ryzen™ 4000 Series Mobile processors ine Radeon™ Graphics
- AMD Ryzen™ 5000 Series Mobile processors ine Radeon™ Graphics
Chromebook
- AMD Athlon™ Mobile processors ine Radeon™ Graphics
Server
- Chekutanga Chizvarwa AMD EPYC™ processors
- XNUMXnd Generation AMD EPYC™ processors
Zvinonzi kana kurwiswa kwabudirira, kusadzivirirwa kunobvumira zviri mukati menzvimbo dzekurangarira zvisizvo kuti zvitemerwe.
Nekuda kwekusagadzikana uku, zvinogoneka kuona mabhenefiti ekodhi anovaka ane mashoma asi anogona kushandiswa SLS zvishandiso pane akanganisa maCPU. Sezvinoratidzwa nemuenzaniso weBPF, zvinogoneka zvakare kushandisa kusazvibata nemaoko-akavakwa, ega majekiseni. Iyo yakaratidzwa nzira inogona kushandiswa, semuenzaniso, kutyora iyo KASLR kudzikiswa kweLinux kernel.
Semuenzaniso, vatsvakurudzi vakagadzirira kushandiswa kunokubvumira kuti uone marongerwo ekero uye kudarika iyo KASLR (kernel memory randomization) nzira yekudzivirira nekuita kodhi pasina ropafadzo muBPF kernel subsystem, kuwedzera kune Zvimwe zviitiko zvekurwisa zvinogona kudonha. zviri mukati mekernel memory hazvirambidzwe.
Finalmente kana iwe uchida kuziva zvishoma nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.