I-Retbleed: Ukuhlasela Okusha Okucatshangelwayo Okushaya i-Intel ne-AMD

Darkcrizt

Imizuzu ye-4

Lezi zindaba zisanda kuvela lokhoIqembu labacwaningi abavela kwa-ETH Zurich bahlonze ukuhlasela okusha endleleni yokuqagela yokuqagela yokweqa okungaqondile ku-CPU, okuvumela ukukhipha ulwazi kumemori ye-kernel noma ukuhlela ukuhlaselwa kwesistimu yokusingatha emishinini ebonakalayo.

Ubungozi buqanjwe ngekhodi ethi Retbleed (sekufakwe kukhathalogi ngaphansi kwe-CVE-2022-29900, CVE-2022-29901) kanye ziyefana ngokwemvelo nokuhlasela kwe-Specter-v2.

Umehluko ufika ekuhleleni ukukhishwa okuqagelayo kwekhodi engafanele ngokucubungula umyalelo "ret" (return), othola ikheli ukuze ligxume esitakini, kunokuba ligxume ngokungaqondile kusetshenziswa umyalelo othi "jmp", ukulayisha ikheli ngekhanda noma irejista ye-CPU.

Mayelana nokuhlasela okusha kushiwo lokho umhlaseli angadala izimo zokubikezela imfoloko akulungile futhi uhlele ukugxumela okucatshangelwayo okuhlosiwe kubhulokhi yekhodi engahlosiwe ngohlelo lokusebenzisa uhlelo.

Ekugcineni, iphrosesa izonquma ukuthi ukubikezela kwegatsha akuzange kuthethelelwe futhi izobuyisela emuva ukusebenza esimweni sayo sokuqala, kodwa idatha ecutshunguliwe Ngesikhathi sokubulawa kokuqagela bayohlala endaweni yokugcina kanye namabhafa ama-microarchitectural. Uma ibhulokhi ebulawe ngephutha yenza ukufinyelela kwememori, ukwenza kwayo okucatshangelwayo kuzoholela ekufakweni kunqolobane evamile kanye nokufunda idatha kumemori.

Ukuze unqume idatha esele kunqolobane ngemva kokwenziwa kokuqagela kokusebenza, umhlaseli angasebenzisa izindlela zokunquma idatha eyinsalela ngamashaneli ezinkampani zangaphandle, isibonelo, ukuhlaziya izinguquko esikhathini sokufinyelela idatha egcinwe kunqolobane futhi engagciniwe.

Ukuze kukhishwe ulwazi ngamabomu ezindaweni ezisezingeni elihlukile lelungelo (isibonelo, kumemori ye-kernel), "amadivayisi" asetshenziswa: imibhalo ekhona ku-kernel, elungele ukufundwa kokuqagela kwedatha enkumbulweni, kuye ngezimo zangaphandle ezingathonywa. ngomhlaseli.

Ukuze uvikeleke ekuhlaselweni kwakudala kwe-Specter class, esebenzisa imiyalelo yegatsha engaqondile nenemibandela, amasistimu amaningi okusebenza asebenzisa indlela ye-"retpoline", esekelwe ekumiseleni imisebenzi yegatsha engaqondile ngomyalo othi "ret", lapho kudingeka khona ukubikezela kwesitaki esihlukile. iyunithi isetshenziswa kuma-processor, ayisebenzisi ibhulokhi yokubikezela yegatsha.

Ekwethulweni kwe-retpoline ngo-2018, ukukhohliswa kwekheli elifana ne-Specter bekukholakala ukuthi akunakusebenza ukuqagela okuqagelayo ngomyalo othi "ret".

Abacwaningi abathuthukise indlela yokuhlasela I-Retbleed ibonise ukuthi kungenzeka ukudala izimo ze-microarchitectural ukuqalisa inguquko eqagelayo kusetshenziswa imiyalelo "ret" futhi kukhishwe isethi yamathuluzi esenziwe ngomumo ukukhomba ukulandelana kwemiyalelo efanele (amagajethi) ukuze kusetshenziswe ubungozi ku-Linux kernel lapho izimo ezinjalo zivela khona.

Ngokuqhubeka kocwaningo, kwalungiselelwa ukuxhashazwa okusebenzayo okuvumela, kumasistimu ane-Intel CPUs, enqubweni engenalungelo esikhaleni somsebenzisi ukukhipha idatha engafanele kumemori ye-kernel ngenani lamabhayithi angu-219 ngomzuzwana kanye nokunemba okungu-98%.

En amaprosesa I-AMD, ukusebenza kahle kokuxhashazwa kuphezulu kakhulu, njengoba izinga lokuvuza lingu-3,9 KB ngomzuzwana. Njengesibonelo esisebenzayo, kuboniswa indlela yokusebenzisa ukuxhashazwa okuhlongozwayo ukuze kunqunywe okuqukethwe kwefayela /etc/shadow. Kuzinhlelo ezinama-Intel CPUs, ukuhlaselwa kokuthola igama le-password eliyimpande kwenziwa emizuzwini engama-28, nasezinhlelweni ezinama-AMD CPUs, emizuzwini eyi-6.

Ukuhlasela kwaqinisekiswa ezizukulwaneni eziyi-6-8 zama-Intel processors ezikhishwe ngaphambi kwe-Q2019 1 (kuhlanganise ne-Skylake), kanye nama-AMD processors asuselwa ku-Zen 1, Zen 2+, kanye ne-Zen 2021 microarchitectures ekhishwe ngaphambi kwe-QXNUMX XNUMX. Kumamodeli amaphrosesa amasha, njenge-AMD Zen3 ne-Intel Alder Lake, kanye nama-ARM processors, inkinga ivinjwe izindlela zokuvikela ezikhona. Isibonelo, ukusetshenziswa kweziqondiso ze-IBRS (Indirect Branch Restricted Speculation) kusiza ukuvikela ekuhlaselweni.

Ilungise isethi yezinguquko ze-Linux kernel kanye ne-Xen hypervisor, ezivimba inkinga ngokohlelo kuma-CPU amadala. I-Linux kernel patch ehlongozwayo ishintsha amafayela angama-68, ingeza imigqa engu-1783, futhi isuse imigqa engu-387.

Ngeshwa, ukuvikela kufaka izindleko ezinkulu: emibhalweni eyenziwe ku-AMD ne-Intel processors, ukwehla kokusebenza kulinganiselwa phakathi kuka-14% no-39%. Kungcono kakhulu ukusebenzisa ukuvikela okusekelwe emiyalweni ye-IBRS, etholakala ezizukulwaneni ezintsha zama-Intel CPUs futhi asekelwa kusukela ku-Linux kernel 4.19.

Ekugcineni, uma unentshisekelo yokwazi okwengeziwe ngakho, ungaxhumana ne- imininingwane kusixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.