Iqembu labaphenyi bezokuphepha, eziningi zazo ezibambe iqhaza ekutholeni ubungozi bokuqala beMeltdown neSpecter, ithuthukise uhlobo olusha lokuhlaselwa kweziteshi ezivela eceleni.
Lokhu kuhlasela kwenziwa ngokususelwa ekuhlaziyweni kokuqukethwe kwesilondolozi sekhasi, equkethe imininingwane etholakele ngenxa yokufinyelela kohlelo lokusebenza kumadiski, ama-SSD, namanye amadivayisi okukhiya.
Ngokungafani nokuhlaselwa kweSpecter, ukuba sengozini okusha akubangelwa izinkinga zehadiwe, kepha kuphela kuthinta ukusetshenziswa kwesoftware kwenqolobane yekhasi futhi ibonakala ku-Linux (I-CVE-2019-5489), IWindows nezinye izindlela eziningi ezisebenzayo.
Ngokusebenzisa izingcingo zesistimu ye-mincore (Linux) neQueryWorkingSetEx (Windows) ukuthola ukuthi kukhona yini ikhasi lememori kunqolobane yekhasi lohlelo, umhlaseli wendawo ongenalutho angalandelela ukufinyelela okuthile kwememori kwezinye izinqubo.
Ukuhlaselwa kukuvumela ukuthi ulandelele ukufinyelela ezingeni le-block Ama-kilobytes ama-4 anokulungiswa kwesikhathi kwama-microsecond ama-2 ku-Linux (izilinganiso ezingama-6.7 ngomzuzwana) nama-nanosecond angama-446 ku-Windows (izilinganiso ezingama-223 ngomzuzwana).
Inqolobane yekhasi iqoqa idatha ehlukahlukene, kufaka phakathi okukhishwayo kwefayela okwenziwayo, imitapo yolwazi eyabiwe, idatha elayishwe kudiski, amafayela enziwe ngememori nolunye ulwazi olugcinwa kudiski futhi lusetshenziswe uhlelo lokusebenza nezinhlelo zokusebenza.
Ngabe lokhu kuhlasela kumayelana nani?
Ukuhlasela kusekelwe eqinisweni lokuthi zonke izinqubo zisebenzisa i-cache yekhasi lesistimu ejwayelekile futhi ukutholakala noma ukungabi khona kwemininingwane kule cache kunganqunywa ngokushintsha ukubambezeleka kokufunda idatha disk noma ubheke izingcingo zesistimu ezishiwo ngenhla.
Amakhasi alondolozwe angabukwa endaweni yememori ebonakalayo esetshenziswa izinqubo eziningi (ngokwesibonelo, ikhophi elilodwa kuphela lomtapo wolwazi owabiwe ongaba khona kwimemori ebonakalayo, ekhonjiswa kwimemori ebonakalayo yezinhlelo zokusebenza ezahlukahlukene).
Ngenkathi yokuskrola imininingwane yenqolobane yekhasi bese uyigcwalisa lapho ulayisha idatha ejwayelekile evela kudiski, ungahlaziya isimo samakhasi afanayo kwimemori ebonakalayo yezinye izinhlelo zokusebenza.
Uhlelo lwe-mincore neQueryWorkingSetEx lubiza ukuthi kube lula kakhulu ukuhlaselwa ngokukuvumela ukuthi unqume ngokushesha ukuthi imaphi amakhasi ememori avela ebangeni lekheli elinikeziwe akhona kunqolobane yekhasi.
Njengoba usayizi webhlokhi elibukiwe (i-4Kb) likhulu kakhulu ukunquma okuqukethwe nge-iteration ngayinye, ukuhlaselwa kungasetshenziselwa kuphela ukuhanjiswa kwedatha ekusithekeni.
Ukunciphisa amandla wokusebenza kwe-cryptographic ngokulandela indlela yokuziphatha kwe-algorithm, ukuhlola izindlela ezijwayelekile zokufinyelela kwimemori yezinqubo ezaziwayo, noma ukuqapha ukuqhubeka kwenqubo ethile.
Ukuhlelwa kwedatha kwimemori lapho umhlaseli aziwa khona (Isibonelo, uma okuqukethwe okuyisisekelo kwebhafa kwaziwa ekuqaleni ngesikhathi sokuphuma ebhokisini lokufakazela ubuqiniso, unganquma i-Arola ngokuya ngophawu lokuphanga ngesikhathi sokungenelela kwakho komsebenzisi.)
Ngabe sikhona isixazululo esimelene nalokhu?
Yebo, uma sekuvele kunesixazululo esivela ku-Linux Lolu hlobo locwaningo lusiza ukuthola izinkinga ngaphambi kokuba abanye abanezinhloso eziyingozi basebenzise zona.
Okwe-Linux kernel, isixazululo sesivele sitholakala njengesiqeshana, esivele sitholakala kuchaziwe futhi kubhalwe lapha.
Endabeni ye Windows 10, inkinga yalungiswa ekwakhiweni kokuhlolwa (Insider Preview Build) 18305.
Ukusetshenziswa okusebenzayo kokuhlaselwa kohlelo lwasendaweni okukhonjiswe ngabaphenyi kufaka phakathi ukwakhiwa kwesiteshi sokudlulisa idatha kusuka ezindaweni ezingazodwa, ukuzilibazisa kwezinto zesikrini esibonakalayo (ngokwesibonelo, izingxoxo zokufakazela ubuqiniso), incazelo yokuchofoza izinkinobho nokubuyiselwa okwenziwe ngokuzenzakalela amaphasiwedi wesikhashana).