Retbleed: Wani Sabon Hasashen Hasashen Hasashen Kashe Intel da AMD

Darkcrizt

4 minti

Kwanan nan ne labari ya bazu cewae ƙungiyar masu bincike daga ETH Zurich sun gano wani sabon hari zuwa tsarin aiwatar da hasashe na tsalle-tsalle na kai tsaye a cikin CPU, wanda ke ba da damar cire bayanai daga ƙwaƙwalwar kernel ko shirya hari kan tsarin rundunar daga injunan kama-da-wane.

An sanya wa raunin raunin suna Retbleed (wanda aka riga aka rubuta a ƙarƙashin CVE-2022-29900, CVE-2022-29901) da sun yi kama da harin Spectre-v2.

Bambance-bambancen ya taso ne zuwa tsara aiwatar da kisa na sabani ta hanyar sarrafa umarnin "ret" (dawo), wanda ke dawo da adireshin don tsalle daga tari, maimakon yin tsalle a kaikaice ta amfani da umarnin "jmp", loda adireshin daga ƙwaƙwalwar ajiya ko CPU rajista.

Game da sabon harin an ambaci cewa maharin na iya ƙirƙirar yanayi don tsinkayar cokali mai yatsa ba daidai ba kuma tsara tsalle-tsalle na ganganci zuwa toshe lambar da ba a yi niyya ta hanyar dabarun aiwatar da shirin ba.

Daga qarshe, mai sarrafa na'ura zai tantance cewa hasashen reshe bai dace ba kuma zai dawo da aikin zuwa yanayinsa na asali, amma bayanan da aka sarrafa Yayin zartar da hukunci za su zauna a cikin cache da microarchitectural buffers. Idan tubalan da aka yi kuskure ya yi damar ƙwaƙwalwar ajiya, to, aiwatar da hasashe zai haifar da shigarwa a cikin babban cache da karanta bayanai daga ƙwaƙwalwar ajiya.

Don tantance bayanan da suka rage a cikin cache bayan aiwatar da hasashe na ayyuka, maharin na iya amfani da hanyoyi don tantance ragowar bayanan ta tashoshi na ɓangare na uku, alal misali, nazarin canje-canje a lokacin samun damar bayanan da aka adana ba cache ba.

Don fitar da bayanai da gangan daga wurare daban-daban a matakin gata daban-daban (misali, daga ƙwaƙwalwar kernel), ana amfani da "na'urori": rubutun da ke cikin kernel, wanda ya dace da ƙididdigar ƙididdiga na bayanai daga ƙwaƙwalwar ajiya, dangane da yanayin waje ana iya rinjayar shi. ta wani mahari.

Don kare kai daga hare-haren ajin Specter na gargajiya, waɗanda ke amfani da umarnin reshe kaikaice da na sharadi, yawancin tsarin aiki suna amfani da dabarar "retpoline", wacce ta dogara kan maye gurbin ayyukan reshe na kai tsaye tare da umarnin "ret", wanda don haka ana buƙatar tsinkayar yanayin tsinkaya daban. ana amfani da naúrar a cikin na'urori masu sarrafawa, baya amfani da toshe tsinkayar reshe.

A gabatarwar retpoline a cikin 2018, an yi imanin yin amfani da adireshi mai kama da Spectre ba zai yi tasiri ba don yin tsinkaya tare da koyarwar "ret".

Masu binciken da suka kirkiro hanyar harin Retbleed ya nuna yiwuwar ƙirƙirar yanayin microarchitectural don ƙaddamar da ƙwaƙƙwarar ƙima ta amfani da umarnin "ret" da kuma fitar da kayan aikin da aka shirya don gano jerin umarni masu dacewa (na'urori) don amfani da rauni a cikin kernel na Linux wanda irin waɗannan yanayi suka bayyana.

A tsawon lokacin karatun, an shirya yin amfani da aiki wanda ke ba da izini, akan tsarin tare da Intel CPUs, daga tsari mara gata a sararin mai amfani don cire bayanan sabani daga ƙwaƙwalwar kernel a ƙimar 219 bytes a sakan daya kuma tare da daidaito 98%.

En masu sarrafawa AMD, ingancin amfani ya fi girma, tunda yawan zubin yakai 3,9 KB a sakan daya. A matsayin misali mai amfani, an nuna yadda ake amfani da abin da aka tsara don tantance abubuwan da ke cikin fayil ɗin /etc/shadow. A kan tsarin tare da Intel CPUs, an kai hari don tantance tushen kalmar sirri a cikin mintuna 28, kuma akan tsarin tare da AMD CPUs, a cikin mintuna 6.

An tabbatar da harin ga tsararraki 6-8 na na'urorin sarrafa Intel waɗanda aka saki kafin Q2019 1 (gami da Skylake), da na'urori na AMD dangane da Zen 1, Zen 2+, da Zen 2021 microarchitectures waɗanda aka saki kafin QXNUMX XNUMX. A kan sababbin ƙirar ƙira, irin su AMD Zen3 da Intel Alder Lake, da kuma masu sarrafa ARM, matsalar tana toshewa ta hanyoyin kariya data kasance. Misali, yin amfani da umarnin IBRS (Reshen Ƙuntataccen Hasashen Kai tsaye) yana taimakawa kariya daga hari.

An shirya saitin canje-canje don Linux kernel da Xen hypervisor, wanda ke toshe matsalar ta hanyar shirye-shirye akan tsoffin CPUs. Facin kernel na Linux da aka tsara yana canza fayiloli 68, yana ƙara layukan 1783, kuma yana cire layukan 387.

Abin baƙin cikin shine, kariyar tana haifar da ƙima mai mahimmanci: a cikin rubutun da aka yi akan na'urori na AMD da na Intel, an kiyasta lalacewar aiki tsakanin 14% da 39%. Ya fi dacewa a yi amfani da kariya dangane da umarnin IBRS, ana samun su a cikin sabbin tsararraki na Intel CPUs kuma ana goyan bayan Linux kernel 4.19.

A ƙarshe, idan kuna da sha'awar sanin ƙarin abubuwa game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.