Tawagar masu bincike daga ETH Zurich, Vrije Universiteit Amsterdam da Qualcomm sun buga sabon hanyar kai hari na RowHammer wanda zai iya canza abubuwan da ke cikin kowane ragi na ƙwaƙwalwar ajiyar bazuwar bazuwar (DRAM). An sanya wa harin suna Blacksmith kuma an bayyana shi da CVE-2021-42114. Yawancin kwakwalwan kwamfuta na DDR4 sanye take da kariya daga hanyoyin ajin RowHammer da aka sani a baya suna iya fuskantar matsalar. Ana buga kayan aikin don gwada tsarin ku don rauni akan GitHub.
Ka tuna cewa hare-haren ajin RowHammer yana ba ka damar karkatar da abubuwan da ke cikin juzu'in ƙwaƙwalwar ajiya ɗaya ta hanyar karatun cyclically daga ƙwayoyin ƙwaƙwalwar ajiya maƙwabta. Tunda memorin DRAM tsari ne mai girma biyu na sel, kowanne ya ƙunshi capacitor da transistor, ci gaba da karantawa na yankin ƙwaƙwalwar ajiya ɗaya yana haifar da jujjuyawar wutar lantarki da abubuwan da ke haifar da ƙarancin caji a cikin sel makwabta. Idan ƙarfin karatun yana da girma, to, tantanin halitta na maƙwabta zai iya rasa isasshe babban adadin cajin kuma sake farfadowa na gaba ba zai sami lokaci don mayar da asalinsa ba, wanda zai haifar da canji a darajar bayanan da aka adana a cikin tantanin halitta. .
Don kare kariya daga RowHammer, masana'antun guntu sun ba da shawarar tsarin TRR (Target Row Refresh), wanda ke ba da kariya daga lalata ƙwayoyin sel a cikin layuka da ke kusa, amma tunda kariyar ta dogara ne akan ka'idar "tsaro ta hanyar duhu," bai magance matsalar ba tushen, amma an kiyaye shi kawai daga sanannun lokuta na musamman, wanda ya sauƙaƙa samun hanyoyin da za a ketare kariyar. Misali, a watan Mayu, Google ya ba da shawarar hanyar Half-Double, wacce ba ta shafi kariyar TRR ba, tunda harin ya shafi sel waɗanda ba su da kusanci kai tsaye da manufa.
Sabuwar hanyar Blacksmith tana ba da wata hanya ta dabam don ƙetare kariyar TRR, dangane da samun damar da ba ta dace ba zuwa igiyoyi biyu ko fiye da masu tada hankali a mitoci daban-daban don haifar da zubewar caji. Don ƙayyadadden tsarin samun damar ƙwaƙwalwar ajiya wanda ke haifar da caji, an ƙirƙiri fuzzer na musamman wanda ke zaɓar sigogi ta atomatik don takamaiman guntu, yana bambanta tsari, ƙarfi da tsarin samun damar tantanin halitta.
Irin wannan hanyar, wacce ba ta da alaƙa da tasirin sel guda ɗaya, yana sa hanyoyin kariya na TRR na yanzu ba su da tasiri, wanda a cikin nau'i ɗaya ko wata yana tafasa ƙasa don ƙididdige adadin maimaita kira zuwa sel kuma, lokacin da aka kai wasu dabi'u, fara caji. na sel makwabta. A cikin Blacksmith, tsarin samun damar yana bazuwa cikin sel da yawa lokaci ɗaya daga ɓangarorin mabambanta na manufa, wanda ke ba da damar cimma ɗigogi na caji ba tare da kai ga ƙimar ƙima ba.
Hanyar ta zama mafi inganci fiye da hanyoyin da aka tsara a baya don ƙetare TRR - masu binciken sun sami nasarar cimma ɓata lokaci a cikin duk 40 kwanan nan sun sayi kwakwalwan ƙwaƙwalwar ajiya na DDR4 daban-daban waɗanda Samsung, Micron, SK Hynix da masana'anta da ba a sani ba suka yi ba a ƙayyade akan 4 kwakwalwan kwamfuta ba). Don kwatantawa, hanyar TRRespass da masu bincike iri ɗaya suka gabatar a baya ta yi tasiri ga 13 daga cikin kwakwalwan kwamfuta 42 da aka gwada a wancan lokacin.
Gabaɗaya, ana sa ran hanyar Blacksmith za ta yi amfani da kashi 94% na dukkan kwakwalwan kwamfuta na DRAM a kasuwa, amma masu binciken sun ce wasu kwakwalwan kwamfuta sun fi rauni kuma suna da sauƙin kai hari fiye da sauran. Amfani da lambobin gyaran kurakurai (ECC) a cikin kwakwalwan kwamfuta da ninka adadin sabunta ƙwaƙwalwar ajiya baya bayar da cikakkiyar kariya, amma yana dagula aiki. Yana da mahimmanci cewa matsalar ba za a iya toshewa a cikin kwakwalwan kwamfuta da aka riga aka saki ba kuma yana buƙatar aiwatar da sabon kariya a matakin kayan aiki, don haka harin zai ci gaba da dacewa har tsawon shekaru.
Misalai masu aiki sun haɗa da hanyoyin yin amfani da Blacksmith don canza abubuwan shigarwa a cikin tebur ɗin ƙwaƙwalwar ajiya (PTE, shigarwar tebur shafi) don samun gata na kernel, lalata maɓallin jama'a na RSA-2048 da aka adana a ƙwaƙwalwar ajiya a cikin OpenSSH (zaka iya kawo maɓallin jama'a a ciki injin kama-da-wane na wani don dacewa da maɓallin keɓaɓɓen maharin don haɗawa da VM wanda aka azabtar) da ƙetare rajistan takaddun shaida ta hanyar gyara ƙwaƙwalwar tsarin sudo don samun gata mai tushe. Dangane da guntu, yana ɗaukar ko'ina daga daƙiƙa 3 zuwa sa'o'i da yawa na lokacin harin don canza ɗan buƙatu ɗaya.
Bugu da ƙari, za mu iya lura da littafin buɗaɗɗen tsarin gwajin gwaji na LiteX Row Hammer don gwada hanyoyin kariyar ƙwaƙwalwar ajiya daga harin aji RowHammer, wanda Antmicro don Google ya haɓaka. Tsarin ya dogara ne akan amfani da FPGA don cikakken sarrafa umarnin da aka watsa kai tsaye zuwa guntu DRAM don kawar da tasirin mai sarrafa ƙwaƙwalwar ajiya. Ana ba da kayan aiki a cikin Python don hulɗa tare da FPGA. Ƙofar tushen FPGA ta haɗa da tsarin canja wurin bayanan fakiti (yana bayyana tsarin samun damar ƙwaƙwalwar ajiya), Mai aiwatar da Payload, mai sarrafa tushen LiteDRAM (yana aiwatar da duk dabarun da ake buƙata don DRAM, gami da kunna layi da sabunta ƙwaƙwalwar ajiya) da VexRiscv CPU. Ana rarraba ci gaban aikin a ƙarƙashin lasisin Apache 2.0. Ana tallafawa dandamali daban-daban na FPGA, gami da Lattice ECP5, Xilinx Series 6, 7, UltraScale da UltraScale+.
source: budenet.ru