Isiphazamisi ku-Linux 6.2 sivumele ukudlula ukuvikelwa kokuhlasela kwe-Specter v2

Muva nje, kukhishwe ulwazi mayelana ne-a ubungozi obukhonjwe ku-Linux 6.2 kernel (sekufakwe ohlwini ngaphansi I-CVE-2023-1998) nokugqamayo ngoba kunjalo khubaza ukuvikelwa kokuhlasela kwe-Specter v2 okuvumela ukufinyelela kumemori ngezinye izinqubo ezisebenza kuchungechunge oluhlukile lwe-SMT noma i-Hyper Threading, kodwa kumongo ofanayo wephrosesa womzimba.

Ukuba sengozini kuyaphawuleka phakathi kwezinye izinto ngoba lungasetshenziselwa hlela ukuvuza kwedatha phakathi imishini ebonakalayo ezinhlelweni zamafu. 

Kulabo abangazi ngeSpecter, kufanele bazi ukuthi lokhu ingenye yezinto ezimbili zokuba sengozini kwe-CPU yokusetshenziswa kwesikhashana (enye i-Meltdown), ebandakanya ukuhlaselwa kwesiteshi esiseceleni se-microarchitectural. Lokhu kuthinta ama-microprocessors esimanje enza izibikezelo ze-jump nezinye izinhlobo zokuqagela.

Kumaphrosesa amaningi, ukwenza okuqagelayo okuvela ekuqaguleni kwegatsha okungalungile kungashiya imiphumela emibi ebonakalayo engaveza idatha eyimfihlo. Isibonelo, uma iphethini yokufinyelelwa kwememori eyenziwe yisenzo sokuqagela esinjalo sincike kudatha eyimfihlo, isimo esiwumphumela senqolobane yedatha sakha isiteshi esiseceleni lapho umhlaseli angakhipha khona ulwazi mayelana nedatha eyimfihlo esebenzisa ukuhlasela kwesikhathi.

Kusukela kudalulwe i-Specter ne-Meltdown ngoJanuwari 2018, okuhlukile okuningana nezinhlobo ezintsha zobungozi obuhlobene nakho sekuvele.

I-Linux kernel ivumela izinqubo zezwe labasebenzisi ukunika amandla ukuncishiswa ngokushayela i-prctl nge-PR_SET_SPECULATION_CTRL, ekhubaza umsebenzi wokucaciswa, kanye nokusebenzisa i-seccomp. Sithole ukuthi emishinini ebonakalayo evela okungenani kumhlinzeki oyedwa wamafu omkhulu, i-kernel isashiye inqubo yesisulu ivuliwe ukuze ihlaselwe kwezinye izimo, ngisho nangemva kokunika amandla ukuncishiswa kwe-specter-BTI nge-prctl. 

Mayelana nokuba sengozini, kuyashiwo lokho endaweni yomsebenzisi, ukuvikela ekuhlaselweni i-Specter, izinqubo zingakhubaza ngokukhetha ukwenza imiyalelo yokuqagela ene-prctl PR_SET_SPECULATION_CTRL noma sebenzisa ukuhlunga ikholi yesistimu esekelwe ku-seccomp.

Ngokusho kwabacwaningi abahlonze inkinga, ukwenza kahle okungalungile ku-kernel 6.2 kushiye imishini ebonakalayo kusukela okungenani kumhlinzeki oyedwa wamafu omkhulu ngaphandle kokuvikelwa okufanele naphezu kokufakwa kwemodi yokuvimbela ukuhlasela kwe-specter-BTI nge-prctl. Ukuba sengozini kuphinde kubonakale kumaseva ajwayelekile ane-kernel 6.2, aqalwa ngokucushwa kwe-"spectre_v2=ibrs".

Ingqikithi yokuba sengozini iwukuthi ngokukhetha izindlela zokuvikela I-IBRS noma i-eIBRS, ukulungiselelwa okwenziwe kwakhubaza ukusetshenziswa kwendlela ye-STIBP (I-Single Thread Indirect Branch Predictors) edingekayo ukuze kuvinjwe ukuvuza lapho kusetshenziswa ubuchwepheshe be-Multi-Threading (SMT noma i-Hyper-Threading) Ngasikhathi sinye. )

Ngokulandelayo, imodi ye-eIBRS kuphela enikeza isivikelo ekuvuzeni phakathi kwemicu, hhayi imodi ye-IBRS, njengoba ngayo ibhithi ye-IBRS, enikeza isivikelo ekuvuzeni phakathi kwamacores anengqondo, iyasulwa ngenxa yezizathu zokusebenza lapho ukulawula kubuyela kumsebenzisi wesikhala, okwenza imicu yesikhala somsebenzisi engavikelekile ekuhlaselweni okuvela ekilasini le-Specter v2.

Ukuhlolwa kuqukethe izinqubo ezimbili. Umhlaseli uhlala efaka ubuthi ucingo olungaqondile ukuze aluqondise kabusha ngokuqagela ekhelini okuyiwa kulo. Inqubo yezisulu ikala izinga lokuqagela okungalungile futhi izama ukunciphisa ukuhlasela ngokubiza i-PRCTL noma ngokubhalela i-MSR ngokuqondile isebenzisa imojuli ye-kernel edalula imisebenzi yokufunda nokubhala ye-MSR endaweni yomsebenzisi.

Inkinga ithinta kuphela i-Linux 6.2 kernel futhi kungenxa yokusetshenziswa okungalungile kokulungiselelwa okudizayinelwe ukunciphisa i-overhead ebalulekile lapho kusetshenziswa ukuvikeleka ku-Specter v2. ukuba sengozini Yalungiswa egatsheni le-kernel ye-Linux 6.3 yokuhlola.

Ekugcineni yebo unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.