I-Kasper, isithwebuli sedivayisi sekhodi yokuqagela ku-Linux kernel

Darkcrizt

Imizuzu ye-4

Iqembu abacwaningi abavela e-Free University of Amsterdam baveze ngeposi lebhulogi ithuluzi elibizwa "casper" okugqamisa ukuthi kunjalo yakhelwe ukukhomba amazwibela ekhodi ku-Linux kernel engasetshenziswa ukuxhaphaza Ukuba sengozini kwe-Specter class okubangelwa ukukhishwa kwekhodi eqagelayo yiphrosesa.

Kulabo abangalwazi lolu hlobo lokuhlaselwa, kufanele bakwazi lokho ubungozi bekilasi obufana ne-Specter v1 buvumela ukunquma okuqukethwe yinkumbulo, umbhalo othile (amagajethi) uyadingeka ngekhodi ekhethekile, okuholela ekukhishweni kokuqagela kweziyalezo.

Ukuze wenze kahle, iprosesa iqala ukusebenzisa amadivaysi anjalo ngendlela yokuqagelanoma, bese inquma ukuthi ukubikezela kwegatsha akuzange kuthethelelwe futhi ibuyisela ukusebenza esimweni sayo sangempela, kodwa idatha ecutshungulwe ngesikhathi sokuqagela ihlezi kunqolobane kanye namabhafa e-microarchitecture futhi iyatholakala ukuze ikhishwe kusetshenziswa izindlela ezihlukahlukene zokunquma idatha eyinsalela ngokusebenzisa okwesithathu- iziteshi zephathi.

Amathuluzi Okuskena Igajethi ngokusekelwe emaphethini etholakala ngaphambilini ngokuba sengozini kweSpectre ibonise izinga eliphezulu kakhulu lezinto ezingamanga, kuyilapho amagajethi amaningi angempela elahlekile (ukuhlolwa kwabonisa ukuthi ama-99% amagajethi atholwe amathuluzi anjalo awakwazanga ukusetshenziselwa ukuhlasela, futhi ama-33% asebenzayo awazange abonwe imishini ekwazi ukuholela ekuhlaselweni).

Sethula i-Kasper, isithwebuli sedivayisi yokukhipha eyesikhashana (noma eqagelwayo). Isebenzisa izinqubomgomo zokuhlaziya inkohlakalo ukumodela umhlaseli okwazi ukuxhaphaza ubungozi obuthile besofthiwe/izingxenyekazi zekhompuyutha ngendlela yesikhashana. 

Mayelana noCasper

Ukwenza ngcono ikhwalithi ukuhlonzwa kwemishini eyinkinga, I-Kasper imodela ubungozi obungasetshenziswa umhlaseli esinyathelweni ngasinye sokuhlasela kwe-Specter-class: izinkinga ziyamodela ukuze kuvunyelwe ukulawulwa kwedatha (isibonelo, ukufaka idatha yomhlaseli endaweni yezakhiwo ezincane ukuze kuthonye ukubulawa okucatshangelwayo okwalandela) kusetshenziswa ukuhlasela kwesigaba se-LVI , ukufinyelela olwazini olubucayi (ngokwesibonelo, lapho isigcinalwazi siphumile emikhawulweni noma inkumbulo isetshenziswa ngemva kokuthi isikhululiwe), futhi ivuze ulwazi olubucayi (isibonelo, ngokuhlaziya isimo senqolobane yokucubungula noma kusetshenziswa indlela ye-MDS ).

Yenza isibonelo somhlaseli okwazi ukulawula idatha (isb, ngokubhucunga inkumbulo noma umjovo wenani le-LVI), ukufinyelela izimfihlo (isb, ngokufinyelela ngaphandle kwemingcele noma usebenzise ngemva kwamahhala) futhi udalule lezi zimfihlo (isb, ngokusekelwe kunqolobane, i-MDS- ezisekelwe, noma iziteshi eziyimfihlo ezisekelwe embonweni). 

Lapho wenza ukuhlolwa, amalabhulali wesikhathi sokusebenza othintana ne-kernel by Kasper futhi baqinisekise ukuthi basebenza ezingeni le-LLVM. Ngesikhathi sokuqinisekisa, ukwenziwa kwekhodi okuqagelayo kulingiswe indlela yokubuyisela indawo yokuhlola, esebenzisa ngokuqondile imfoloko yekhodi ebikezelwe ngokungalungile, ngemva kwalokho ibuyela esimweni sayo sangempela ngaphambi kokuba imfoloko iqale.

U-Kasper uphinde azame ukumodela ubungozi obuhlukahlukene be-software kanye ne-hardware, ihlaziya umthelela wemiphumela yezakhiwo kanye nezakhiwo ezincane futhi yenza izivivinyo ezididayo zezenzo zomhlaseli ezingaba khona. Ukuze kuhlaziywe ukugeleza kokubulawa, imbobo ye-DataFlowSanitizer ye-Linux kernel iyasetshenziswa, futhi ezivivinyweni ezixakile, inguqulo elungisiwe yephakheji ye-syzkaller.

Ngenxa yalokhu, uKasper uthole amadivaysi ayi-1.379 angaziwa ngaphambilini ku-Linux kernel eqine kakhulu. Siqinisekise lokho esikutholile ngokubonisa ukuxhashazwa kobufakazi bomqondo owodwa kuya komunye wemishini etholiwe.

Ngenkathi kuthwetshulwa i-Linux kernel nge-Kasper, kuhlonzwe izisetshenziswa ezazingaziwa ngaphambilini eziyi-1379, ezingase ziholele ekuputshuzweni kwedatha ngesikhathi kukhishwa imiyalelo eqagelayo.

Kuyaphawulwa ukuthi mhlawumbe ezinye zazo kuphela ezingaveza izinkinga zangempela, kodwa ukukhombisa ukuthi kunengozi yangempela, futhi hhayi nje ithiyori, i-prototype esebenzayo yokuxhaphaza yathuthukiswa enye yezinhlamvu zekhodi eziyinkinga, okuholele ekutheni ukuvuza kolwazi lwenkumbulo ye-kernel.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho mayelana neKasper, kufanele ukwazi lokho ikhodi yomthombo Isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.

Umthombo: https://www.vusec.net


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.