Nyaya ichangobva kubuda iyoyoe boka revanotsvakurudza kubva kuETH Zurich vaona kurwisa kutsva kune yekufungidzira kuuraya nzira yekusvetuka isina kunanga muCPU, iyo inobvumira kutora ruzivo kubva kukernel memory kana kuronga kurwiswa kweiyo host system kubva kumashini chaiwo.
Kusagadzikana kwacho kwakatumidzwa zita rekuti Retbleed (yakatonyorwa pasi peCVE-2022-29900, CVE-2022-29901) uye akafanana nemasikirwo kune Specter-v2 kurwisa.
Musiyano unosvika pakuronga fungidziro yekuuraya kodhi nekugadzirisa iyo "ret" (kudzoka) rairo, iyo inotora kero kuti isvetuke kubva mudura, pane kusvetuka zvisina kunanga uchishandisa "jmp" rairo, kurodha kero kubva mundangariro kana. rejista yeCPU.
Nezvekurwiswa kutsva kunotaurwa izvozvo anorwisa anogona kugadzira mamiriro ekufembera forogo zvisizvo uye ronga kusvetukira kwehungwaru kune bhuroko rekodhi risingatariswe nekuita kwekuita kwechirongwa.
Pakupedzisira, iyo processor ichaona kuti kufanotaura kwebazi hakuna kurongeka uye kudzosera kumashure kushanda kumamiriro ayo epakutanga, asi iyo data yakagadziriswa Panguva yekufungidzira kuuraya vachagara mu cache uye microarchitectural buffers. Kana chivharo chakatemerwa zvisizvo chikaita ndangariro yekuwana, saka kufungidzira kwayo kwekufungidzira kunotungamira kuisirwa mune yakajairika cache uye kuverenga kwe data kubva mundangariro.
Kuti uone iyo data yakasara mu cache mushure mekufungidzira kwekuita kwekushanda, munhu anorwisa anogona kushandisa nzira dzekuona iyo yakasara data kuburikidza nevechitatu-bato chiteshi, semuenzaniso, kuongorora shanduko mune cached data yekuwana nguva uye isina cached.
Kuti uwane ruzivo rwemaune kubva munzvimbo dziri padanho rakasiyana (semuenzaniso, kubva kukernel memory), "midziyo" inoshandiswa: zvinyorwa zviripo mukernel, zvakakodzera kuverenga kwekufungidzira kwe data kubva mundangariro, zvichienderana nemamiriro ekunze ayo anogona kupesvedzerwa. neanorwisa.
Kudzivirira kubva kuClass Specter kirasi kurwiswa, iyo inoshandisa zvisina kunanga uye zvine zvirevo mirairo yebazi, mazhinji masisitimu anoshanda anoshandisa nzira ye "retpoline", iyo yakavakirwa pakutsiva mashandiro ebazi zvisina kunanga ne "ret" rairo, iyo iyo yakaparadzana stack mamiriro ekufanotaura anodiwa. unit inoshandiswa muma processors, haishandise bazi rekufanotaura block.
Pakuunzwa kwe retpoline muna 2018, Specter-senge kero manipulation yaifungidzirwa kunge isingaite yekufungidzira forking ne "ret" rairo.
Vatsvakurudzi vakagadzira nzira yekurwisa Retbleed yakaratidza mukana wekugadzira microarchitectural mamiriro kutanga shanduko yekufungidzira uchishandisa iyo "ret" rairo uye kuburitsa yakagadzirira-yakagadzirwa Toolkit kuona akakodzera kuraira kutevedzana (magajeti) kushandisa kusazvibata muLinux kernel umo mamiriro akadai anoonekwa.
Mukati mekudzidza, basa rekushanda rakagadzirwa iyo inobvumira, pamasisitimu ane Intel CPUs, kubva kune isina kurongeka maitiro munzvimbo yemushandisi kuburitsa data risingawirirani kubva kukernel memory pamwero we219 bytes pasekondi uye ne 98% chokwadi.
En ma processor AMD, kugona kwekushandisa kwakakwira zvakanyanya, sezvo chiyero chekuvuza chiri 3,9 KB pasekondi. Semuenzaniso unoshanda, inoratidzwa mashandisiro ekushandisa kwakarongwa kuona zviri mukati me /etc/shadow file. Pane masisitimu ane Intel CPUs, kurwiswa kwekuona mudzi password hashi kwakaitwa mumaminetsi makumi maviri nemasere, uye pane masisitimu ane AMD CPU, mumaminetsi matanhatu.
Kurwiswa uku kwakasimbiswa kune 6-8 zvizvarwa zveIntel processors izvo zvakaburitswa Q2019 1 isati yasvika (kusanganisira Skylake), uye AMD processors zvichibva paZen 1, Zen 2+, uye Zen 2021 microarchitectures dzakaburitswa QXNUMX XNUMX isati yasvika. Pamhando itsva dze processor, senge AMD Zen3 uye Intel Alder Lake, pamwe neArM processors, dambudziko rakavharwa nemaitiro ekudzivirira aripo. Semuenzaniso, kushandisa IBRS (Indirect Branch Restricted Speculation) mirayiridzo inobatsira kudzivirira kubva pakurwiswa.
Yakagadzirira seti yekuchinja kweLinux kernel uye Xen hypervisor, iyo inovharira dambudziko pahurongwa pane yekare maCPU. Iyo yakatsanangurwa Linux kernel patch inoshandura 68 mafaera, inowedzera 1783 mitsetse, uye inobvisa 387 mitsetse.
Nehurombo, dziviriro inounza mutengo wakakura wepamusoro: mumagwaro akagadzirwa pa AMD neIntel processors, kuderedzwa kwekuita kunofungidzirwa pakati pe14% ne39%. Zviri nani kushandisa dziviriro yakavakirwa pamirairo yeIBRS, inowanikwa pazvizvarwa zvitsva zveIntel CPU uye inotsigirwa kubvira Linux kernel 4.19.
Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza iyo ruzivo mune inotevera chinongedzo.