Abacwaningi baseYunivesithi yamahhala yase-Amsterdam kwaziwe ngisanda kuyithola ubungozi obusha okuyinguqulo enwetshiwe yokuba sengozini kwe-Specter-v2 kuma-Intel kanye nama-ARM processors.
Lokhu sengozini entsha, lapho babhapathizwe njenge-BHI (Umjovo Womlando Wegatsha, CVE-2022-0001), Bhb (Ibhafa Yomlando Wegatsha, CVE-2022-0002) kanye ne-Specter-BHB (CVE-2022-23960), ibonakala ngokuvumela ukuvinjelwa kwe-eIBRS kanye nezinqubo zokuvikela ze-CSV2 ezingezwe kumaphrosesa.
Ukuba sengozini kuchazwa ngokubonakaliswa okuhlukene kwenkinga efanayo, njengoba i-BHI ingukuhlasela okuthinta amazinga ahlukene wamalungelo, isibonelo, inqubo yomsebenzisi kanye ne-kernel, kuyilapho i-BHB ihlasela ezingeni elifanayo lelungelo, isibonelo, i-eBPF JIT kanye uhlamvu.
Mayelana nokuba sengozini
Ngokomqondo, I-BHI iwuhlobo olunwetshiwe lokuhlasela kwe-Specter-v2, lapho kungadlula khona ukuvikeleka okwengeziwe (I-Intel eIBRS ne-Arm CSV2) kanye ne-orchestrate ukuvuza kwedatha, ukufakwa esikhundleni kwamanani ku-buffer ngomlando wegatsha womhlaba wonke (I-Branch History Buffer), esetshenziswa ku-CPU ukuze kuthuthukiswe ukunemba kokubikezela kwegatsha. ngokucabangela umlando wezinguquko ezedlule.
Ngesikhathi sokuhlasela ngokukhohlisa ngomlando woguquko, izimo zidalelwa ukuqagela okungalungile koshintsho kanye nokwenziwa kokuqagela yemiyalelo edingekayo, umphumela wayo ufakwe kunqolobane.
Ngaphandle kokusebenzisa ibhafa yomlando wenguqulo esikhundleni sebhafa eqondiwe yenguqulo, ukuhlasela okusha kuyafana ne-Specter-v2. Umsebenzi womhlaseli uwukwenza izimo ezinjalo ukuthi ikheli, lapho wenza umsebenzi wokuqagela, kuthathwa endaweni yedatha enqunywayo.
Ngemva kokwenza ukweqa okungaqondile okucatshangelwayo, ikheli le-jump elifundwa enkumbulweni lihlala kunqolobane, ngemva kwalokho enye yezindlela zokunquma okuqukethwe kunqolobane ingasetshenziswa ukuyithola ngokusekelwe ekuhlaziyweni koshintsho lwesikhathi sokufinyelela kunqolobane futhi ingagciniwe. idatha.
Abacwaningi babonise ukuxhaphaza okusebenzayo okuvumela isikhala somsebenzisi ukuthi sikhiphe idatha engafanele kumemori ye-kernel.
Isibonelo, kukhombisa ukuthi, ngokusebenzisa ukuxhashazwa okulungiselelwe, kungenzeka kanjani ukukhipha ku-kernel buffer uchungechunge olune-hash yephasiwedi yomsebenzisi wempande, elayishwe kufayela /etc/shadow.
Ukuxhaphaza kubonisa amandla okuxhaphaza ubungozi ngaphakathi kwezinga lelungelo elilodwa (ukuhlasela kwe-kernel-to-kernel) kusetshenziswa uhlelo lwe-eBPF olulayishwe umsebenzisi. Amathuba okusebenzisa amagajethi e-Specter akhona kukhodi ye-kernel, izikripthi eziholela ekuqhutshweni kokuqagela kwemiyalelo, nazo azikhishwa.
Ukuba sengozini ivela kuma-Intel processors amaningi amanje, ngaphandle komndeni we-Atom wamaphrosesa kanye namaphrosesa amaningana e-ARM.
Ngokocwaningo, ubungozi abuzivezi kumaphrosesa we-AMD. Ukuze kuxazululwe inkinga, kuye kwahlongozwa izindlela ezimbalwa. isofthiwe yokuvimbela ukuba sengozini, engasetshenziswa ngaphambi kokuvela kokuvikelwa kwezingxenyekazi zekhompuyutha kumamodeli we-CPU azayo.
Ukuvimba ukuhlasela ngohlelo olungaphansi lwe-eBPF, sKunconywa ukukhubaza ngokuzenzakalelayo amandla okulayisha izinhlelo ze-eBPF ngabasebenzisi abangenamalungelo ngokubhala oku-1 kufayela “/proc/sys/kernel/unprivileged_bpf_disabled” noma ngokusebenzisa umyalo othi “sysctl -w kernel .unprivileged_bpf_disabled=1”.
Ukuvimba ukuhlaselwa ngamagajethi, Kunconywa ukusebenzisa umyalo we-LFENCE ezigabeni zekhodi ezingase ziholele ekubulaweni okucatshangelwayo. Kuyaphawuleka ukuthi ukucushwa okuzenzakalelayo kokusatshalaliswa okuningi kwe-Linux sekuvele kuqukethe izinyathelo zokuvikela ezidingekayo ukuze uvimbele ukuhlasela kwe-eBPF okukhonjiswe abacwaningi.
Izincomo ze-Intel zokukhubaza ukufinyelela okungafanele ku-eBPF nazo zisebenza ngokuzenzakalelayo kuqala nge-Linux kernel 5.16 futhi zizothuthelwa emagatsheni angaphambili.
Okokugcina, uma ungathanda ukwazi okwengeziwe ngakho, ungathintana nemininingwane ku isixhumanisi esilandelayo.