Wata ƙungiyar masu bincike daga Jami'ar Kyauta ta Amsterdam ta buga kayan aikin Kasper da aka tsara don gano snippets code a cikin Linux kernel waɗanda za a iya amfani da su don cin gajiyar yanayin yanayin Specter-class wanda ke haifar da kisa na ƙima akan mai sarrafa. Ana rarraba lambar tushe don kayan aikin kayan aiki a ƙarƙashin lasisin Apache 2.0.
Bari mu tuna cewa don aiwatar da hare-hare irin su Specter v1, wanda ke ba da damar tantance abubuwan da ke cikin ƙwaƙwalwar ajiya, ana buƙatar kasancewa a cikin lambar gata na wasu jerin umarni (na'urori), wanda ke haifar da hasashe na aiwatar da umarni. . Don dalilai na ingantawa, mai sarrafa na'ura ya fara aiwatar da irin waɗannan na'urori a cikin yanayin hasashe, sannan ya ƙayyade cewa tsinkayar reshe ba ta dace ba kuma ta mayar da ayyukan zuwa matsayinsu na asali, amma bayanan da aka sarrafa yayin aiwatar da hasashe ya ƙare a cikin cache da microarchitectural buffers yana samuwa don dawowa daga gare su ta amfani da hanyoyi daban-daban na ƙayyade sauran bayanan ta tashoshi na ɓangare na uku.
Kayan aikin da aka samo a baya don bincika na'urori don raunin Specter, dangane da neman samfuran al'ada, sun nuna babban matakin ƙimar ƙarya, yayin da bacewar na'urori na gaske da yawa (gwaji sun nuna cewa 99% na na'urorin da aka gano ta irin waɗannan kayan aikin ba za a iya amfani da su don kai hari ba. , kuma 33% na na'urori masu aiki waɗanda zasu iya kaiwa hari ba a lura dasu ba).
Don haɓaka ingancin gano na'urori masu matsala, Kasper yana ƙididdige raunin da maharin zai iya amfani da shi a kowane mataki na kai hare-haren ajin Specter - matsalolin da ke ba da izinin sarrafa bayanai ana yin su ne (misali, musanya bayanan maharan cikin tsarin ƙirar microarchitectural don yin tasiri na kisa na gaba ta amfani da su. Hare-haren ajin LVI), samun damar yin amfani da bayanan sirri (misali, lokacin da za ku wuce iyakoki ko amfani da ƙwaƙwalwar ajiya bayan an 'yantar da shi) da ɗora bayanan sirri (misali, ta hanyar nazarin yanayin cache na processor ko amfani da hanyar MDS).
Lokacin gwaji, ana haɗe kernel tare da ɗakunan karatu na lokacin aiki na Kasper da cak da ke gudana a matakin LLVM. Tsarin binciken yana yin kwaikwayon aiwatar da ƙididdiga na ƙididdigewa, aiwatar da shi ta amfani da tsarin dawo da wuraren bincike, wanda ke aiwatar da reshen lambar da ba daidai ba, sannan kuma ya koma asalin asalin reshen kafin ya fara. Kasper kuma yana ƙoƙari ya kwaikwayi software daban-daban da lahani na hardware, yana yin nazarin tasirin gine-gine da ƙananan abubuwan ƙirƙira, da yin gwajin fuzz na yuwuwar ayyukan maharan. Don bincikar aiwatar da aiwatarwa, ana amfani da tashar DataFlowSanitizer don kwaya ta Linux, kuma don gwaji mai ban mamaki, ana amfani da fasalin fakitin syzkaller da aka gyara.
Binciken kwaya ta Linux ta amfani da Kasper ya gano na'urori 1379 da ba a san su ba waɗanda a baya waɗanda ke iya haifar da zubewar bayanai yayin aiwatar da ƙayyadaddun umarni. An lura cewa watakila wasu daga cikinsu ne kawai za su iya haifar da matsaloli na gaske, amma don nuna cewa akwai haɗari na gaske, kuma ba kawai na ka'idar ba, an ƙirƙiri samfurin aiki na amfani don ɗaya daga cikin ɓarna na lambar matsala, wanda ya haifar da bayanai. yayyo daga ƙwaƙwalwar kernel.
source: budenet.ru