Iprojekthi kutshanje I-Grsecurity yaziswa ngempapasho iinkcukacha kunye nedemo indlela yohlaselo yokuba sesichengeni okutsha (sele zidweliswe njenge I-CVE-2021-26341) kwiiprosesa ze-AMD ezinxulumene nokwenziwa kwemiyalelo eqikelelwayo emva kwemisebenzi yokutsibela phambili ngaphandle kwemiqathango.
Ukuba sesichengeni ivumela umqhubekekisi ukuba aqhube ngokuqikelela Umyalelo ngoko nangoko emva kokutsiba (SLS) umyalelo kwinkumbulo ngexesha lokwenziwa kokuqikelela. Kwangaxeshanye, olo lungiselelo alusebenzi nje kuphela kubaqhubi be-jump enemiqathango, kodwa nakwimiyalelo ebandakanya ukutsiba okuthe ngqo okungenamiqathango, njenge-JMP, RET, kunye ne-CALL.
Imiyalelo yesebe engenamiqathango inokulandelwa yidatha engafanelekanga engenzelwanga ukwenziwa. Emva kokugqiba ukuba isebe alibandakanyi ukuphunyezwa kwengxelo elandelayo, iprosesa iqengqelekela nje umva urhulumente kwaye ayihoyi ukubulawa okuqikelelwayo, kodwa umkhondo wokuphunyezwa komyalelo uhlala kwi-cache jikelele kwaye iyafumaneka ukuze uhlalutywe kusetyenziswa iindlela zokufumana i-channel-channel.
I-AMD ibonelela ngohlaziyo lonciphiso olucetyiswayo, unciphiso lwe-G-5, kwiphepha elimhlophe elithi "iSoftware Techniques yokuLawula ukuThetha kwiiProsesa ze-AMD". Unciphiso lwe-G-5 lunceda ukujongana nobuthathaka obunokubakho obunxulunyaniswa nokuziphatha okuqikelelwayo kwemiyalelo yesebe.
Abaqhubekekisi be-AMD banokwenza imiyalelo okwethutyana kulandela isebe eliya phambili elingenamiqathango elinokukhokelela kumsebenzi we-cache
Njengokusetyenziswa kweSpecter-I-v1, uhlaselo lufuna ubukho bolandelelwano oluthile yemiyalelo (izixhobo) kwi-kernel, ekhokelela ekubulaweni okuqikelelwayo.
Kule meko, ukuvala ubuthathaka kubilisa ekuchongeni izixhobo ezinjalo kwikhowudi kunye nokongeza imiyalelo eyongezelelweyo kubo evimba ukubulawa okuqikelelwayo. Iimeko zokwenziwa okuqikelelwayo zisenokwenziwa kusetyenziswa iinkqubo ezingabonelelwanga kakuhle ezisebenza kumatshini wenyani we-eBPF.
Olu phando lubangele ukufunyanwa kobuthathaka obutsha, CVE-2021-26341 [1] , esiza kuxubusha ngokubanzi kweli nqaku. Njengesiqhelo, siza kugxila kwimiba yobugcisa yokuba sesichengeni, uthomalaliso olucetyiswe yi-AMD, kunye nemiba yoxhatshazo.
Ukuthintela ukukwazi ukwakha izixhobo usebenzisa i-eBPF, kucetyiswa ukuba kucinywe ufikelelo olungenalungelo kwi-eBPF kwinkqubo ("sysctl -w kernel.unprivileged_bpf_disabled=1").
Ukuba sesichengeni kuchaphazela abaqhubekekisi abasekwe kwiZen1 kunye neZen2 microarchitecture:
Desk
- I-AMD Athlon™ X4 iprosesa
- I-AMD Ryzen ™ iThreadripper ™ PRO Prosesa
- IsiZukulwana sesibini se-AMD Ryzen™ iThreadripper™ iiProsesa
- IsiZukulwana sesi-XNUMX seeProsesa ze-AMD Ryzen™ Threadripper™
- Isizukulwana sesi-XNUMX se-AMD A-series APU
- I-AMD Ryzen™ 2000 yeeProsesa zeDesktop eziSetyenzisiweyo
- I-AMD Ryzen™ 3000 yeeProsesa zeDesktop eziSetyenzisiweyo
- I-AMD Ryzen™ 4000 yeeProcessors zeDesktop ezineRadeon™ Graphics
Ifowuni
- I-AMD Ryzen™ 2000 Series Prosesa yeSelfowuni
- I-AMD Athlon™ 3000 yeeProsesa zeSelfowuni ezineRadeon™ Graphics
- I-AMD Ryzen™ 3000 yeeProsesa zeSelfowuni okanye iSizukulwana se-XNUMX se-AMD Ryzen™ iiProcessors eziSelfowuni ezineRadeon™ Graphics.
- I-AMD Ryzen™ 4000 yeeProsesa zeSelfowuni ezineRadeon™ Graphics
- I-AMD Ryzen™ 5000 yeeProsesa zeSelfowuni ezineRadeon™ Graphics
Chromebook
- I-AMD Athlon™ Iiprosesa zeselfowuni ezineRadeon™ Graphics
Umncedisi
- IsiZukulwana sokuqala se-AMD EPYC™ iiProsesa
- IiProsesa ze-AMD EPYC™ zesiZukulwana sesi-XNUMX
Kukhankanyiwe ukuba uhlaselo luphumelele, ukuba semngciphekweni kuvumela umxholo weendawo zenkumbulo ezingafanelekanga ukuba zimiselwe.
Ngenxa yobu sesichengeni, kuyenzeka ukuba kuchongwe abakhi bekhowudi engalunganga ebumba umda kodwa onokusetyenziswa izixhobo ze-SLS kwii-CPU ezichaphazelekayo. Njengoko kubonisiwe ngomzekelo we-eBPF, kunokwenzeka kwakhona ukuxhaphaza ubuthathaka kunye nezixhobo ezakhiwe ngesandla, ezizitofayo. Indlela ebonisiweyo ingasetyenziswa, umzekelo, ukwaphula i-KASLR yokunciphisa i-Linux kernel.
Ngokomzekelo, abaphandi baye balungiselela i-exploit evumela ukuba ugqibe i-beko yedilesi kwaye udlule i-KASLR (imemori ye-kernel randomization) yokukhusela indlela yokukhusela ngokwenza ikhowudi ngaphandle kwamalungelo kwi-subsystem ye-eBPF kernel, ukongeza kwezinye iimeko zohlaselo ezinokuvuza. imixholo yenkumbulo ye-kernel ayikhutshelwa ngaphandle.
Gqibela ukuba unomdla wokwazi ngakumbi kancinci ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.