Bheka ukuthi uthintekile yini yi-Meltdown ne-Specter bese uzivikela !!!

Ukuncibilika kanye neSpecter Ziyimikhuba yezinsuku zakamuva, akukho okunye okukhulunywa ngakho futhi akumangalisi, njengoba cishe ziwubungozi obubaluleke kakhulu emlandweni. Zithinta kakhulu ukuphepha kwamasistimu ethu futhi uma isistimu ingeyenkampani noma unedatha efanelekile, inkinga inkulu kakhulu. Kodwa-ke, kuhlale kucatshangwa ukuthi amakhompyutha edeskithophu kuphela, ama-laptops, amaseva nama-supercomputers athintekayo, kodwa umonakalo uya phambili futhi uthinta amanye amadivaysi amaningi, njengalawo asekelwe kuma-ARM cores futhi ahlanganisa amaphilisi, ama-smartphone, kanye namadivayisi athile.IoT, izimboni , i-automation yasekhaya, ngisho nezimoto ezixhunyiwe.

Njengoba wazi kahle, akuyona into ehlukile kwiLinux nganoma iyiphi indlela, kodwa kunalokho kuthinta izinhlelo ezahlukahlukene zokusebenza, ne-Microsoft Windows ne-macOS bayathinteka kuyo, ngaphandle kokukhohlwa i-iOS ne-Android. Ngakho-ke bambalwa ababalekayo kulezi zinsongo, yize kuliqiniso ukuthi izakhiwo ezithile ze-CPU ziyasinda nokuthi uma sine-chip ye-AMD, amathuba okuxhaphaza lobu bucayi kungenzeka anciphe, kepha lokho akusho ukuthi abukho ubungozi.

Siyini isimo samanje seLinux?

I-Linux ngokuyisisekelo ihambisa umhlabaYize abaningi bekholelwa ukuthi uhlelo olungasetshenziswa kakhulu, luhlukile. Mhlawumbe yehlulekile ukuthi idalelwe ideskithophu futhi yiwona kuphela umkhakha lapho incane khona uma iqhathaniswa neWindows enamandla onke futhi iqhathaniswa nengxenye enhle uMac anayo. Uma siya kumadivayisi ashumekiwe noma ashumekiwe, amaseva, ama-supercomputer, njll., iLinux iyabusa futhi kungamaseva we-Intanethi lapho ibaluleke khona futhi ngaphandle kwayo kungashiwo ukuthi i-Intanethi izowa ...

Kungakho ku-Linux waphendula ngaphambili kunanoma yiluphi olunye uhlelo lokuxazulula izinkinga uMeltdown noSpecter abangazishiya ngemuva. Kakade linus torvalds Ukhulume ngalolu daba ngamazwi ahlabayo ku-Intel futhi uma ubheka i-LKML uzobona ukuthi yinto ekhathazayo futhi iyinsakavukela umchilo wesidwaba. Futhi indoda yakhe yesandla sokudla nenombolo yesibili ekuthuthukisweni kernel kernel, uGreg Kroah-Hartman ukwenzile futhi. Ngeminye imininingwane ungabonisana ibhulogi yakhe siqu lapho uzothola khona ulwazi olwanele.

• Meltdown: Ngokuyisisekelo uGreg ubeke amazwana mayelana ne-Meltdown kungaphela ngo-x86 ngokukhetha ukufaka i-CONFIG_PAGE_TABLE_ISOLATION, a ukuhlukaniswa kwetafula lekhasi (PTI) ukuthi amakhompyutha anama-processor we-AMD, angathinteki kuwo, kufanele agweme ukugwema izinkinga ngokusebenza. Kungenzeka wazi nokuthi amanye amakhompyutha ane-chip ye-AMD ayeke ukuqalisa ukusebenza ngoba iWindows patch idale izinkinga ezinkulu. I-PTI izofakwa ku-Linux 4.15 ngokuzenzakalela, kepha ngenxa yokubaluleka kwayo ngokuya ngezokuphepha izofakwa ezinhlotsheni ezedlule ezifana ne-LTS 4.14, 4.9 no-4.4 ... futhi ngokuhamba kwesikhathi i-patch izofakwa kwezinye izinhlobo eziningi , kepha ukubekezela ngoba kusho ukugcwala komsebenzi wabathuthukisi. Futhi zigijimela ezinkingeni ze-patch njenge-vDSO kwezinye izisetho zemishini ebonakalayo. Mayelana ne-ARM64, ethinteke kancane yiMeltdown okuyinkinga enkulu e-Intel, amachips wamadivayisi amaningi weselula namanye amadivayisi nawo adinga isichibi, yize kubonakala sengathi ngeke kuhlangane nesihlahla esikhulu se-kernel esikhathini esifushane (mhlawumbe ku-Linux 4.16, yize uGreg ephawule ukuthi kungenzeka bangaze bafike ngenxa yenani lezinto ezidingekayo ukuthi amachashazi adinga ukuvunywa) ngakho-ke kuyalulekwa ukuthi kusetshenziswe izinhlamvu ezithile, okungukuthi, i-Android Common Kernel emagatsheni ayo 3.18, 4.4 no-4.9 .
• I-Specter: enye inkinga ithinta ukwakhiwa okuningi, futhi kunzima kakhulu ukubhekana nayo. Kubukeka sengathi ngeke sibe nesixazululo esihle esikhathini esifushane futhi kuzofanele sihlangane nale nkinga isikhashana. Ezinhlobonhlobo zayo ezimbili, idinga ukuthi uhlelo lungamamakiwe futhi eminye imiphakathi yentuthuko yama-distros athile isiqalile ukukhipha iziqeshana zokuyinciphisa, kepha izixazululo ezinikeziwe ziyahlukahluka futhi okwamanje ngeke zihlanganiswe njengengxenye yegatsha elikhulu we-kernel kuze kufike Isixazululo esihle kunazo zonke ngaphambi kokuba abaklami be-CPU beze nesixazululo esihle kunazo zonke (bahlele kabusha ama-chips abo). Izixazululo zifundisiwe futhi bathola ezinye izinkinga endleleni, njengokungazi okukhulu ngeSpecter. Abathuthukisi badinga isikhathi ukuthola ukuthi bangabhekana kanjani nale nkinga, kanti noGreg uqobo uphawule wathi “Lokhu kuzoba yindawo yocwaningo eminyakeni ezayo ukuthola izindlela zokunciphisa izinkinga ezingaba khona ezibandakanya i-hardware, ezophinde izame ukubabikezela ngokuzayo ngaphambi kokuba yenzeke.".
• Chromebook- Uma unelaptop yakwaGoogle uzojabula ukwazi ukuthi ungabona isimo somsebenzi abawenzayo ukuxazulula iMeltdown kulolu hlu.

Ngingahlola kanjani kalula uma ngithintekile?

Ukuze ungahambi uzungeze amatafula wokubonisana noma uhlu lwama-microprocessors, lapha siphakamisa iskripthi ukuthi badale ukuthi bakwazi ukuhlola kalula ukuthi sithintekile yini noma cha, kufanele simane siyilande futhi siyisebenzise futhi izositshela ukuthi ngabe sisengozini evela kwaSpecter neMeltdown. Imiyalo noma izinyathelo okufanele zilandelwe zilula:

git clone https://github.com/speed47/spectre-meltdown-checker.git

cd spectre-meltdown-checker/

sudo sh spectre-meltdown-checker.sh

Ngemuva kokwenza lokhu, ibhokisi elibomvu lizovela likhombise ukuthi ngabe sisengozini yeMeltdown noma iSpecter noma inkomba eluhlaza uma kwenzeka siphephile okuhlukile kwalokhu kuba sengozini. Endabeni yami, ngokwesibonelo, ukuba ne-AMD APU (ngaphandle kokuvuselela uhlelo), umphumela ube:

Uma kwenzeka umphumela ubomvu KUNGENZEKA, funda isigaba esilandelayo ...

Yini okufanele uyenze uma ngithintekile?

Isixazululo esihle kunazo zonke, njengoba abanye besho, ukushintshela ku-CPU noma ku-microprocessor engathinteki yinkinga. Kepha lokhu akwenzeki kubasebenzisi abaningi ngenxa yokushoda kwesabelomali noma ezinye izizathu. Futhi, abakhiqizi bathanda i-Intel bayaqhubeka nokuthengisa ama-microprocessor athintekile futhi lokho kwethulwe muva nje, njengeCofi Lake, ngoba izakhiwo ezincane zivame ukuba nezikhathi ezinde zokuthuthuka futhi manje zisebenza ekwakhiweni kwezakhiwo ezincane ezizovela emakethe eminyakeni ezayo, kepha wonke amachips athengiswayo manje futhi lokho okungenzeka ukuthi kuthengisiwe ezinyangeni ezimbalwa ezizayo kuzoqhubeka nokuthinteka ezingeni lehadiwe.

Ngakho-ke, esimweni sokuhlushwa yilesi sifo futhi sidinga "ukusilungisa", asinakho okunye esingakwenza ngaphandle kokufaka isistimu yethu yokusebenza (ungakhohlwa iziphequluli, njll.), Noma ngabe yini, futhi uvuselele konke isoftware esinayo. Uma ihlelwe kahle uhlelo lokuvuselela Bekuvele kubaluleke kakhulu, manje kunanini ngaphambili kufanele uhlale wazi izibuyekezo, ngoba nazo kuzofika iziqeshana ezixazulula inkinga ye-Meltdown ne-Specter ohlangothini lwesoftware, hhayi ngaphandle kokulahleka kokusebenza njengoba besesishilo. ..

Isixazululo asixakile kumsebenzisi, akudingeki senze noma yini "ekhethekile", vele uqiniseke ukuthi unjiniyela wethu we-distro ukhiphe isibuyekezo se-Meltdown ne-Specter nokuthi siyifakile. Imininingwane engaphezulu ngayo.

Uma ufuna, ungabheka ukuthi ngabe isichibi sasifakiwe (uma sidingeka) seMeltdown ku-distro yakho ngalo myalo:

 dmesg | grep "Kernel/User page tables isolation: enabled" && echo "Tienes el parche! :)" || echo "Ooops...no tienes la actualización instalada en tu kernel! :(" 

*Qaphela i-Ubuntu kernel 4.4.0-108-genericAbanye abasebenzisi babike izinkinga kumakhompyutha abo lapho beqala ukubuyekeza ngemuva kokuvuselelwa futhi kudingeke ukuthi babuyele kunguqulo yangaphambilini. ICanonical kubonakala sengathi ixazulule ngo-4.4.0-109-generic ...

Ukulahleka kokusebenza: kube nokukhulunywa ngama-30% kwezinye izimo, kepha kuzoncika ekwakhiweni okuncane. Ezakhiweni ezindala, ukulahleka kokusebenza kungaba nzima kakhulu ngoba ukuzuza kokusebenza kwalezi zakhiwo kususelwa kakhulu ekuthuthukisweni okuhlinzekwa ukwenziwa kwe-OoOE kanye ne-TLB ... Ezakhiweni zesimanje eziningi, kukhulunywa phakathi kuka-2% no-6% kuya ngohlobo lwesoftware elisebenzisela abasebenzisi basekhaya, mhlawumbe ezikhungweni zedatha ukulahleka kuphakeme kakhulu (ngaphezu kwama-20%). Njengoba kwamukelwa yi-Intel uqobo, ngemuva kokubukela phansi obekuza kubo, ukusebenza kuma-processor ngaphambi kuka-Haswell (2015), ukwehla kokusebenza kuzoba kubi kakhulu kunalokho i-6% ngisho nakubasebenzisi abajwayelekile ...

Ungakhohlwa ukushiya imibono yakho ngokungabaza noma iziphakamiso zakho ...