Jonga ukuba uyachaphazeleka yiMeltdown kunye neSpecter kwaye uzikhusele !!!

Ukunyibilika kunye neSpecial Ziziqhelo zeentsuku zamva nje, akukho nto yimbi kuthethwa ngayo kwaye ayimangalisi, kuba ibona buthathaka bubaluleke kakhulu kwimbali. Zichaphazela kakhulu ukhuseleko lweenkqubo zethu kwaye ukuba inkqubo yeyenkampani okanye unedatha efanelekileyo, ingxaki imbi kakhulu. Nangona kunjalo, kuhlala kucingwa ukuba kuphela iikhompyuter zedesktop, iilaptops, iiseva kunye nee-supercomputers ezichaphazelekayo, kodwa umonakalo uqhubeka ngakumbi kwaye uchaphazela izixhobo ezininzi, ezifana nezo zisekelwe kwi-ARM cores kwaye ziquka iipilisi, ii-smartphones, kunye nezinye izixhobo.IoT, i-industrial , i-automation yasekhaya, nkqu neemoto eziqhagamshelweyo.

Njengoko usazi kakuhle, ayisiyiyo into eyahlukileyo kwiLinux nangayiphi na indlela, kodwa ke ichaphazela iinkqubo ezahlukeneyo zokusebenzaI-Microsoft Windows kunye neMacOS ziyachaphazeleka kuyo, ngaphandle kokulibala i-iOS kunye ne-Android. Ke ngoko bambalwa ababalekayo kwezi zoyikiso, nangona kuyinyani ukuba uyilo oluthile lwe-CPU luyasinda kwaye ukuba sinayo i-chip ye-AMD, amathuba okuxhaphaza obu buthathaka mhlawumbi angaphantsi, kodwa oko akuthethi ukuba akukho bungozi.

Ithini imeko yangoku yeLinux?

I-Linux ngokusisiseko ihambisa umhlabaNangona uninzi lukholelwa ukuba yinkqubo kunqabile ukuba isetyenziswe, ichasene. Ngokucacileyo isilele kwinto yokuba yenzelwe idesktop kwaye lelo candelo kuphela apho lincinci xa kuthelekiswa neWindows ezinamandla kwaye lithelekiswa nenxalenye elungileyo iMac inayo. Ukuba siya kufakelwa okanye kwizixhobo ezifakiwe, iiseva, ii-supercomputer, njl njl, iLinux ibaluleke kakhulu kwaye yeyona seva ye-Intanethi ibaluleke kakhulu kwaye ngaphandle kwayo unokutsho ukuba i-Intanethi iya kuwa ...

Kungenxa yoko le nto kwiLinux waphendula ngaphambili kunayo nayiphi na enye inkqubo yokusombulula iingxaki ezinokushiywa nguMeltdown kunye neSpecter. Sele Linus Torvalds Uthethe ngalo mbandela ngamagama ambalwa abukhali kwi-Intel kwaye ukuba ujonga i-LKML uyakubona ukuba ngumcimbi oxhalabisayo kwaye ngumyalelo wosuku. Kwaye isandla sakhe sasekunene kunye nenombolo yesibini kuphuhliso lwe-Linux kernel, uGreg Kroah-Hartman ukwenzile naye. Ngolwazi oluthe kratya unokujonga ibhlog yakhe apho uya kufumana ulwazi olwaneleyo.

• UkuxubaNgokusisiseko uGreg uphawule ukuba ngokubhekisele kwi-Meltdown inokupheliswa ngo-x86 ngokukhetha ukubandakanya i-CONFIG_PAGE_TABLE_ISOLATION, a ukwahlulwa kwetafile yamaphepha (PTI) ukuba iikhompyuter ezineeprosesa ze-AMD, ezingachaphazelekanga kuyo, kufuneka ziphephe ukuthintela iingxaki ekusebenzeni. Usenokuba uyazi ukuba ezinye iikhompyuter ezine-chip ye-AMD ziyekile ukuqalisa ukusebenza kuba isixhobo seWindows sivelise iingxaki ezinkulu. I-PTI iya kubandakanywa kwi-Linux 4.15 ngokungagqibekanga, kodwa ngenxa yokubaluleka kwayo ngokokhuseleko iya kubandakanywa kwiinguqulelo zangaphambili ezinjenge-LTS 4.14, 4.9 kunye ne-4.4 ... , kodwa umonde kuba uthetha ukugcwala komsebenzi kubaphuhlisi. Kwaye bayasebenza kwimicimbi yamaqebengwana njenge-vDSO kolunye useto loomatshini ababonakalayo. Ngokubhekisele kwi-ARM64, ichaphazeleke kancinane yi-Meltdown eyingxaki enkulu ye-Intel, iichips zezixhobo ezininzi zeselfowuni kunye nezinye izixhobo nazo zifuna isiziba, nangona kubonakala ngathi ayizukuhlangana nomthi ophambili we-kernel kwixesha elifutshane (mhlawumbi kwiLinux 4.16, nangona uGreg evakalisile ukuba abanakuze bafike ngenxa yexabiso lezinto eziyimfuneko zokuthi iipatches zifuna ukuvunywa) kwaye ke kuyacetyiswa ukuba kusetyenziswe iinkozo ezithile, oko kukuthi, i-Android Common Kernel kumasebe ayo 3.18, 4.4 no-4.9 .
• usongo: enye ingxaki ichaphazela uyilo ngakumbi, kwaye inzima ukujongana nayo. Kubonakala ngathi asizukufumana sisombululo silungileyo kwixesha elifutshane kwaye kuya kufuneka sihlale kunye nale ngxaki okwexeshana. Kwiindidi zayo ezimbini, ifuna ukuba inkqubo ibambeke kwaye ezinye iindawo zophuhliso lwee-distros ezithile sele ziqalisile ukukhupha ii-patches ukuzinciphisa, kodwa izisombululo ezinikiweyo zahlukile kwaye okwangoku azizukudityaniswa njengenxalenye yesebe eliphambili. ye kernel kude kube Esona sisombululo sisiso sibonakalayo ngaphambi kokuba abaqulunqi be-CPU beze nesona sisombululo silungileyo (bayila kwakhona iichips zabo). Izisombululo ziye zafundwa kwaye bafumana ezinye iingxaki apha endleleni, njengokungazi okukhulu malunga neSpecter. Abaphuhlisi badinga ixesha lokufumana indlela yokujongana nengxaki, kwaye noGreg ngokwakhe uphawule wathi “Oku kuyakuba yindawo yophando kule minyaka izayo yokufumana iindlela zokunciphisa iingxaki ezinokubakho ezibandakanya izixhobo zekhompyutha, eziya kuthi zizame ukuzixela kwangaphambili ngaphambi kokuba zenzeke.«.
• Chromebooks-Ukuba unelaptop kaGoogle uyakuvuyela ukwazi ukuba ungayibona imeko yomsebenzi abawenzayo ukusombulula iMeltdown kolu luhlu.

Ujonga njani ngokulula ukuba ndiyachaphazeleka?

Ukuze ungahambi ujonge iitafile zokubonisana okanye uluhlu lwee-microprocessors, apha Siphakamisa iskripthi ukuba ziyilelwe ukuba zikwazi ukujonga ngokulula ukuba zichaphazelekile okanye akunjalo, kufuneka sizikhuphele kwaye sizisebenzise kwaye ziyakusixelela ukuba sisengozini evela kwiSpecter naseMeltdown. Imiyalelo okanye amanyathelo ekufuneka elandelwe alula:

git clone https://github.com/speed47/spectre-meltdown-checker.git

cd spectre-meltdown-checker/

sudo sh spectre-meltdown-checker.sh

Emva kokwenza oku, ibhokisi ebomvu izakuvela ukubonisa ukuba sesichengeni seMeltdown okanye iSpecter okanye isalathi esiluhlaza xa sikhuselekile Umahluko kobu buthathaka. Kwimeko yam, umzekelo, ukuba ne-AMD APU (ngaphandle kokuyihlaziya inkqubo), iziphumo ziye:

Kwimeko apho iziphumo zibomvu KUNGENZEKA, funda eli candelo lilandelayo ...

Kufuneka wenze ntoni ukuba ndiyachaphazeleka?

Esona sisombululo sisiso, njengoko abanye besitsho, kukutshintshela kwi-CPU okanye kwimicroprocessor engachatshazelwa yingxaki. Kodwa oku akwenzeki kuninzi lwabasebenzisi ngenxa yokusilela kohlahlo-lwabiwo mali okanye ezinye izizathu. Kwakhona, abavelisi abanjengo-Intel bayaqhubeka nokuthengisa ii-microprocessors ezichaphazelekayo kwaye ezo zisungulwe kutshanje, ezinjengeCofi Lake, kuba ubuchwephesha obuncinci bahlala benamaxesha amade ophuhliso kwaye ngoku basebenza kuyilo lobuchwephesha bexesha elizayo eliza kuvela kwintengiso kwiminyaka ezayo, kodwa zonke iitshipsi ezenziwa ngokurhweba ngoku kwaye Oko kuya kuthi kube kurhwebo kwiinyanga ezizayo kuya kuqhubeka kuchaphazeleka kwinqanaba lezixhobo.

Ke ngoko, kwimeko yokugula kwesi sifo kwaye sidinga "ukusilungisa", asinakukhetha ngaphandle kokufaka inkqubo yethu yokusebenza (ungalibali izikhangeli, njlnjl.), Nokuba yeyiphi na, kwaye uhlaziye zonke isoftware esinayo. Ukuba zilungiselelwe kakuhle inkqubo yohlaziyo Kwakusele kubaluleke kakhulu, ngoku kunakuqala kufuneka uhlale unolwazi ngohlaziyo, kuba nazo ziya kuza neepatches ezisombulula ingxaki ye-Meltdown kunye neSpecter kwicala lesoftware, ngaphandle kokulahleka kokusebenza njengoko besesitshilo. ..

Isisombululo asikho nzima kumsebenzisi, akufuneki senze nantoni na "ekhethekileyo", qiniseka nje ukuba umphuhlisi wosasazo lwethu ukhuphele uhlaziyo lweMeltdown kunye neSpecter kwaye siyifakile. Olunye ulwazi malunga nalo.

Ukuba uyafuna, ungajonga ukuba ngaba ipakethi ifakiwe na (ukuba iyafuneka) kwi-Meltdown kwi-distro yakho ngalo myalelo:

 dmesg | grep "Kernel/User page tables isolation: enabled" && echo "Tienes el parche! :)" || echo "Ooops...no tienes la actualización instalada en tu kernel! :(" 

*Lumkela Ubuntu kernel 4.4.0-108-genericAbanye abasebenzisi baxele iingxaki kwiikhompyuter zabo xa beqala emva kohlaziyo kwaye kuye kwafuneka babuyele kuhlobo lwangaphambili. I-Canonical ibonakala ngathi iyisombulule ngo-4.4.0-109-generic ...

Ukuphulukana nokusebenza: Kwakukho intetho ye-30% kwezinye iimeko, kodwa iya kuxhomekeka kulwakhiwo oluncinci. Kulwakhiwo oludala, ilahleko yokusebenza inokuba nzima kakhulu kuba impumelelo yokusebenza kwezi zakhiwo yoyilo ikakhulu isekwe kuphuculo olunikezwe ukwenziwa kwe-OoOE kunye ne-TLB ... Kubugcisa bale mihla, kuthethwa phakathi kwe-2% kunye ne-6. % kuxhomekeke kuhlobo lwesoftware esebenzela abasebenzisi basekhaya, ngokunokwenzeka kumaziko eenkcukacha ilahleko ziphezulu kakhulu (ngaphezulu kwama-20%). Njengoko yamkelwe yi-Intel uqobo, emva kokudlala kancinci oko kuza kubo, ukusebenza kweeprosesa ngaphambi kweHaswell (2015) ukwehla kokusebenza kuya kuba kubi kakhulu kunaleyo ye-6% nakubasebenzisi abaqhelekileyo ...

Ungalibali ukushiya izimvo zakho ngamathandabuzo okanye neengcebiso zakho ...