I-Intel isanda kumemezela, izindaba zokuthi Ngibona ubungozi i-microarchitecture (efakwe ngaphansi kwe-CVE-2023-28746) kuma-Intel Atom processors (E-core), eyaziwa ngokuthi i-RFDS (Register File Data Sampling) futhi ingozi yalokhu kuba sengcupheni isekutheni ivumela idatha esetshenziswe inqubo ebikade isebenza kumongo ofanayo we-CPU ukuthi inqunywe.
I-RFDS iwubungozi bokuthi yabelana ngokufana nokuhlaselwa kwesampula yedatha, njenge-microarchitectural data sampling (MDS), iyahluka endleleni yayo yokuchayeka kanye nedatha edaluliwe, ikhawulela idatha evela kumarekhodi aphelelwe yisikhathi.
Mayelana nokuba sengozini
Ukuhlonzwa kwe-“RFDS” kwenziwa onjiniyela be-Intel ngesikhathi socwaningo lwangaphakathi, nakuba lungekho ulwazi oluningiliziwe olunikeziwe Endleleni yokuxhashazwa kwayo, onjiniyela be-Intel baveze ukuthi umhlaseli akakwazi ukulawula ngenhloso ukukhethwa kwezinqubo ekukhishweni kwedatha, okusho ukuthi ukuvezwa kolwazi olutholakalayo ukuze lubuyiselwe akwenzeki. Kodwa-ke, ukuxhashazwa kwe-RFDS ngumlingisi ononya ongakwazi ukusebenzisa ikhodi endaweni kusistimu kungase kuholele ekucatshangweni kwamanani edatha eyimfihlo eyayisetshenziswa ngaphambilini kumalogi, okungase kube sengozini yokuvikeleka nokugcinwa kuyimfihlo kolwazi.
I-RFDS itholwe njengengxenye yomsebenzi obanzi wokuqinisekisa wangaphakathi we-Intel ekuvikelekeni kwezakhiwo ezincane. Ngokufanayo nokuhlaselwa kokubulawa kwesikhashana okusampula kwedatha, okufana ne-microarchitectural data sampling (MDS), i-RFDS ingavumela umlingisi ononya ongakwazi ukusebenzisa ikhodi endaweni kusistimu ukuthi asho amanani edatha ayimfihlo abengatholakala uma kungenjalo. evikelwe izindlela zezakhiwo. I-RFDS ihlukile ekubeni sengozini ye-MDS kukho kokubili indlela yokuchayeka kanye nedatha edaluliwe (i-RFDS iveza kuphela idatha yelogi endala). I-MDS noma i-RFDS, iyodwa, ayinikezi abadlali abanonya ikhono lokukhetha ukuthi iyiphi idatha ecatshangwayo kusetshenziswa lezi zindlela.
Kushiwo lokho lokhu kuvuza kuthinta amarejista e-vector esetshenziswa ekubetheleni, emisebenzini yokukopisha inkumbulo, nasekucubunguleni izintambo, njengasemisebenzini ye-memcpy, strcmp, kanye ne-strlen. Futhi Ukuvuza kungenzeka ngamarejista okugcina izinombolo zamaphuzu antantayo kanye nama-integers, nakuba ebuyekezwa kaningi ngesikhathi sokwenziwa komsebenzi, kunciphisa amathuba okuvuza ngawo. Okubalulekile, idatha eyinsalela ayihlali ngokuqondile kumarejista, kodwa ingakhishwa kumafayela okubhalisa kusetshenziswa amasu okuhlasela aseceleni, njengokukhuhla idatha kunqolobane ye-CPU.
I-RFDS ithinta ngokukhethekile amaphrosesa e-Atom ngokusekelwe kuma-microarchitectures I-Alder Lake, i-Raptor Lake, i-Tremont, i-Goldmont ne-Gracemont. Lawa maphrosesa awasekeli imodi ye-HyperThreading, ekhawulela ukuvuza kwedatha kumcu owodwa wokusebenzisa ngaphakathi kwengqikithi yamanje ye-CPU. Izinguquko zokubhekana nalokhu kuba sengcupheni zifakiwe ku-microcode update-microcode-20240312-staging.
Izindlela zokuvikela ngokumelene nalobu sengozini ziyafana nalezo ezisetshenzisiwe ukuvimba ukuhlaselwa okuhlonzwe ngaphambilini, njengokuthi MDS, I-SRBDS, I-TAA, i-DRPW (Irejista Yedivayisi Yokubhala Ngokwengxenye), kanye nokuhlaselwa kwe-SBDS (Isampula Yedatha Yebhafa Eyabiwe).
Ukuvikela ukuvuza kwe-kernel kanye ne-hypervisor, ngaphezu kokuvuselela i-microcode, kuyadingeka ukusebenzisa izindlela zokuvikela isoftware ezibandakanya ukusetshenziswa komyalelo we-VERW ukusula okuqukethwe kwamabhafa ezakhiwo ezincane lapho ubuya ku-kernel uya endaweni yomsebenzisi noma lapho udlulisela ukulawula kusistimu yesihambeli. Lokhu kuvikela sekuvele kusetshenziswe ku-Xen hypervisor kanye ne-Linux kernel.
Ukuze unike amandla ukuvikela ku-Linux kernel, ungasebenzisa "reg_file_data_sampling=on»uma ulayisha i-kernel. Ulwazi mayelana nokuba sengozini kanye nokuba khona kwe-microcode edingekayo ukuze kuvikelwe kungahlolwa kufayela «/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling".
Ekugcineni, uma unentshisekelo yokwazi okwengeziwe ngakho, ungaxhumana ne- imininingwane kusixhumanisi esilandelayo.