Kutshanje iindaba zavakala ukubaIqela labaphandi abavela kwi-ETH Zurich lichonge uhlaselo olutsha kwindlela eqikelelwayo yophumezo lokutsiba okungathanga ngqo kwi-CPU, evumela ukukhupha ulwazi kwimemori ye-kernel okanye ukuququzelela uhlaselo kwisistim yenginginya kumatshini obonakalayo.
Ubuthathaka bunikwe igama elithi Retbleed (sele ifakwe kwikhathalogu phantsi kweCVE-2022-29900, CVE-2022-29901) kunye ziyafana ngokwendalo kuhlaselo lweSpecter-v2.
Umahluko uphelela ekuququzeleleni ukuphunyezwa okuqikelelwayo kwekhowudi engafanelekanga ngokuqhuba i-"ret" (return) umyalelo, obuyisela idilesi ukuba itsibe kwisitaki, kunokutsiba ngokungangqalanga usebenzisa "jmp" umyalelo, ukulayisha idilesi kwimemori okanye irejista yeCPU.
Malunga nohlaselo olutsha kukhankanyiwe ukuba umhlaseli unokudala iimeko zokuqikelela ifolokhwe engalunganga kwaye uququzelele ukutsiba okuqikelelwayo ngabom kwibhloko yekhowudi engajoliswanga yingcinga yokwenziwa kwenkqubo.
Njengecebo lokugqibela, umqhubekekisi uyakumisela ukuba uqikelelo lwesebe alulunganga kwaye luza kubuyisela umva umsebenzi kwimo yayo yokuqala, kodwa idatha esetyenzisiweyo Ngexesha lokwenziwa kwengqikelelo baya kuhlala kwi cache kunye ne-microarchitectural buffers. Ukuba ibhloko eyenziwe ngempazamo yenza ufikelelo kwimemori, ngoko ukuphunyezwa kwayo okuqikelelwayo kuya kukhokelela kufakelo kwi-cache ngokubanzi kunye nokufundwa kwedatha kwimemori.
Ukumisela idatha esele kwi-cache emva kokusetyenziswa okuqikelelwayo kwemisebenzi, umhlaseli unokusebenzisa iindlela zokumisela idatha eseleyo ngokusebenzisa iziteshi zomntu wesithathu, umzekelo, ukuhlalutya utshintsho kwixesha lokufikelela kwidatha egciniweyo kwaye lingagcinwanga.
Ukutsalwa ngabom kolwazi kwiindawo ezikwinqanaba lelungelo elahlukileyo (umzekelo, kwimemori ye-kernel), "izixhobo" zisetyenziswa: izikripthi ezikhoyo kwi-kernel, zilungele ukufundwa okuqikelelwayo kwedatha kwimemori, kuxhomekeke kwiimeko zangaphandle ezinokuphenjelelwa. ngumhlaseli.
Ukukhusela kuhlaselo lweklasi yeSpecter yakudala, esebenzisa imiyalelo yesebe engathanga ngqo nenemiqathango, uninzi lweenkqubo zokusebenza zisebenzisa ubuchule be-"retpoline", obusekwe ekuthatheni indawo yemisebenzi yesebe engathanga ngqo ngomyalelo othi "ret", apho kufuneka uqikelelo olwahlukileyo lwemeko. iyunithi isetyenziswa kubaqhubekekisi, ayisebenzisi ibhloko yoqikelelo lwesebe.
Ekwazisweni kwe-retpoline ngo-2018, ukukhohlisa kwedilesi efana neSpecter kwakukholelwa ukuba ayinakwenzeka kwiforking eqikelelwayo ngomyalelo "wokuphinda".
Abaphandi abaye baphuhlisa indlela yokuhlasela I-Retbleed ibonise ukuba kunokwenzeka ukudala iimeko ze-microarchitectural ukuqalisa inguqu eqikelelwayo usebenzisa i-"ret" yomyalelo kwaye wakhulula i-toolkit esele yenziwe ukuchonga ulandelelwano olufanelekileyo lwemiyalelo (izixhobo) ukuxhaphaza ubuthathaka kwi-Linux kernel apho iimeko ezinjalo zivela khona.
Ngethuba lokufunda, umsebenzi owenziweyo walungiswa evumela, kwiinkqubo ezine-Intel CPUs, ukusuka kwinkqubo engafanelekanga kwindawo yomsebenzisi ukukhupha idatha engafanelekanga kwimemori ye-kernel ngesantya se-219 bytes ngesekhondi kunye ne-98% echanekileyo.
En Iiprosesa I-AMD, ukusebenza kakuhle kokuxhaphaza kuphezulu kakhulu, kuba izinga lokuvuza yi-3,9 KB ngesekhondi. Njengomzekelo osebenzayo, kuboniswa indlela yokusebenzisa i-exploit ecetywayo ukumisela imixholo yefayile /etc/shadow. Kwiinkqubo ezine-Intel CPUs, uhlaselo lokufumanisa i-hash ye-root password lwenziwa kwimizuzu engama-28, kwaye kwiinkqubo ezine-AMD CPUs, kwimizuzu emi-6.
Uhlaselo luqinisekisiwe kwi-6-8 izizukulwana ze-Intel processors eziye zakhululwa phambi kwe-Q2019 1 (kubandakanya iSkylake), kunye neprosesa ze-AMD ezisekwe kwiZen 1, Zen 2+, kunye neZen 2021 microarchitectures ezakhululwa ngaphambi kweQXNUMX XNUMX. Kwiimodeli ezintsha zeprosesa, njenge-AMD Zen3 kunye ne-Intel Alder Lake, kunye ne-ARM processors, ingxaki ivalwe ziindlela zokhuseleko ezikhoyo. Umzekelo, ukusetyenziswa kwe-IBRS (Indirect Branch Restricted Speculation) imiyalelo inceda ukukhusela kuhlaselo.
Ilungiselelwe iseti yotshintsho lweLinux kernel kunye neXen hypervisor, ethintela ingxaki ngokwenkqubo kwii-CPU ezindala. I-patch ye-Linux kernel ecetywayo itshintsha iifayile ze-68, yongeza imigca ye-1783, kwaye isusa imigca ye-387.
Ngelishwa, ukukhuselwa kubangela iindleko eziphezulu: kwiitekisi ezenziwe kwi-AMD kunye ne-Intel processors, ukuthotywa kwentsebenzo kuqikelelwa ukuba phakathi kwe-14% kunye ne-39%. Kukhethwa ngakumbi ukusebenzisa ukhuseleko olusekwe kwimiyalelo ye-IBRS, efumaneka kwizizukulwana ezitsha ze-Intel CPUs kwaye ixhaswa ukusukela kwi-Linux kernel 4.19.
Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwi iinkcukacha kwikhonkco elilandelayo.