I-RFDS, ubungozi obuthinta ama-Intel E-core processors

Darkcrizt

Imizuzu ye-4

ubungozi

Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.

I-Intel isanda kumemezela, izindaba zokuthi Ngibona ubungozi i-microarchitecture (efakwe ngaphansi kwe-CVE-2023-28746) kuma-Intel Atom processors (E-core), eyaziwa ngokuthi i-RFDS (Register File Data Sampling) futhi ingozi yalokhu kuba sengcupheni isekutheni ivumela idatha esetshenziswe inqubo ebikade isebenza kumongo ofanayo we-CPU ukuthi inqunywe.

I-RFDS iwubungozi bokuthi yabelana ngokufana nokuhlaselwa kwesampula yedatha, njenge-microarchitectural data sampling (MDS), iyahluka endleleni yayo yokuchayeka kanye nedatha edaluliwe, ikhawulela idatha evela kumarekhodi aphelelwe yisikhathi.

Mayelana nokuba sengozini

Ukuhlonzwa kwe-“RFDS” kwenziwa onjiniyela be-Intel ngesikhathi socwaningo lwangaphakathi, nakuba lungekho ulwazi oluningiliziwe olunikeziwe Endleleni yokuxhashazwa kwayo, onjiniyela be-Intel baveze ukuthi umhlaseli akakwazi ukulawula ngenhloso ukukhethwa kwezinqubo ekukhishweni kwedatha, okusho ukuthi ukuvezwa kolwazi olutholakalayo ukuze lubuyiselwe akwenzeki. Kodwa-ke, ukuxhashazwa kwe-RFDS ngumlingisi ononya ongakwazi ukusebenzisa ikhodi endaweni kusistimu kungase kuholele ekucatshangweni kwamanani edatha eyimfihlo eyayisetshenziswa ngaphambilini kumalogi, okungase kube sengozini yokuvikeleka nokugcinwa kuyimfihlo kolwazi.

I-RFDS itholwe njengengxenye yomsebenzi obanzi wokuqinisekisa wangaphakathi we-Intel ekuvikelekeni kwezakhiwo ezincane. Ngokufanayo nokuhlaselwa kokubulawa kwesikhashana okusampula kwedatha, okufana ne-microarchitectural data sampling (MDS), i-RFDS ingavumela umlingisi ononya ongakwazi ukusebenzisa ikhodi endaweni kusistimu ukuthi asho amanani edatha ayimfihlo abengatholakala uma kungenjalo. evikelwe izindlela zezakhiwo. I-RFDS ihlukile ekubeni sengozini ye-MDS kukho kokubili indlela yokuchayeka kanye nedatha edaluliwe (i-RFDS iveza kuphela idatha yelogi endala). I-MDS noma i-RFDS, iyodwa, ayinikezi abadlali abanonya ikhono lokukhetha ukuthi iyiphi idatha ecatshangwayo kusetshenziswa lezi zindlela.

Kushiwo lokho lokhu kuvuza kuthinta amarejista e-vector esetshenziswa ekubetheleni, emisebenzini yokukopisha inkumbulo, nasekucubunguleni izintambo, njengasemisebenzini ye-memcpy, strcmp, kanye ne-strlen. Futhi Ukuvuza kungenzeka ngamarejista okugcina izinombolo zamaphuzu antantayo kanye nama-integers, nakuba ebuyekezwa kaningi ngesikhathi sokwenziwa komsebenzi, kunciphisa amathuba okuvuza ngawo. Okubalulekile, idatha eyinsalela ayihlali ngokuqondile kumarejista, kodwa ingakhishwa kumafayela okubhalisa kusetshenziswa amasu okuhlasela aseceleni, njengokukhuhla idatha kunqolobane ye-CPU.

I-RFDS ithinta ngokukhethekile amaphrosesa e-Atom ngokusekelwe kuma-microarchitectures I-Alder Lake, i-Raptor Lake, i-Tremont, i-Goldmont ne-Gracemont. Lawa maphrosesa awasekeli imodi ye-HyperThreading, ekhawulela ukuvuza kwedatha kumcu owodwa wokusebenzisa ngaphakathi kwengqikithi yamanje ye-CPU. Izinguquko zokubhekana nalokhu kuba sengcupheni zifakiwe ku-microcode update-microcode-20240312-staging.

Izindlela zokuvikela ngokumelene nalobu sengozini ziyafana nalezo ezisetshenzisiwe ukuvimba ukuhlaselwa okuhlonzwe ngaphambilini, njengokuthi MDS, I-SRBDS, I-TAA, i-DRPW (Irejista Yedivayisi Yokubhala Ngokwengxenye), kanye nokuhlaselwa kwe-SBDS (Isampula Yedatha Yebhafa Eyabiwe).

Ukuvikela ukuvuza kwe-kernel kanye ne-hypervisor, ngaphezu kokuvuselela i-microcode, kuyadingeka ukusebenzisa izindlela zokuvikela isoftware ezibandakanya ukusetshenziswa komyalelo we-VERW ukusula okuqukethwe kwamabhafa ezakhiwo ezincane lapho ubuya ku-kernel uya endaweni yomsebenzisi noma lapho udlulisela ukulawula kusistimu yesihambeli. Lokhu kuvikela sekuvele kusetshenziswe ku-Xen hypervisor kanye ne-Linux kernel.

Ukuze unike amandla ukuvikela ku-Linux kernel, ungasebenzisa "reg_file_data_sampling=on»uma ulayisha i-kernel. Ulwazi mayelana nokuba sengozini kanye nokuba khona kwe-microcode edingekayo ukuze kuvikelwe kungahlolwa kufayela «/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling".

Ekugcineni, uma unentshisekelo yokwazi okwengeziwe ngakho, ungaxhumana ne- imininingwane kusixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.