Ƙungiyar masu bincike daga Jami'ar Virginia da Jami'ar California sun gabatar da wani sabon nau'i na hari akan tsarin microarchitectural na masu sarrafa Intel da AMD, wanda aka gano a lokacin injiniya na baya na ikon CPU mara izini. Hanyar kai hari da aka tsara ta ƙunshi amfani da maƙallan micro-op na tsaka-tsaki a cikin na'urori masu sarrafawa, waɗanda za a iya amfani da su don dawo da bayanan da aka tara yayin aiwatar da ƙa'idodi.
Don ingantawa, na'urar tana fara aiwatar da wasu umarni a cikin yanayin hasashe, ba tare da jiran lissafin da ya gabata ya cika ba, kuma idan ya tabbatar da cewa hasashen bai dace ba, sai ya mayar da aikin zuwa matsayinsa na asali, amma bayanan da aka sarrafa a lokacin. Ana ajiye kisa na kisa a cikin cache, wanda za'a iya tantance abin da ke ciki.
An lura cewa sabuwar hanyar ta fi girman harin Specter v1, yana sa harin yana da wahalar ganowa kuma ba a toshe shi ta hanyoyin kariya daga hare-haren tashoshi da aka tsara don toshe raunin da ya haifar da hasashe na umarnin (misali, amfani da shi. na umarnin LFENCE yana toshe leaks a cikin matakai na ƙarshe na kisa, amma baya karewa daga zubewa ta hanyar tsarin microarchitectural).
Hanyar tana shafar ƙirar ƙirar Intel da AMD waɗanda aka saki tun 2011, gami da Intel Skylake da AMD Zen jerin. CPUs na zamani suna karya hadaddun umarnin sarrafawa zuwa mafi sauƙi na RISC-kamar ƙananan ayyuka, waɗanda aka adana a cikin keɓaɓɓen cache. Wannan cache ya sha bamban da babban ma'ajiyar ma'auni, ba a samun dama kai tsaye kuma yana aiki azaman madaidaicin rafi don saurin samun sakamako na yanke umarnin CISC cikin ƙananan bayanan RISC. Koyaya, masu bincike sun sami hanyar ƙirƙirar yanayi waɗanda ke tasowa lokacin samun rikice-rikice na cache kuma suna ba mutum damar yin la'akari da abubuwan da ke cikin ma'ajin ƙaramin aiki ta hanyar nazarin bambance-bambance a lokacin aiwatar da wasu ayyuka.
Cache micro-operation a cikin na'urori na Intel an raba shi ne dangane da zaren CPU (Hyper-Threading), yayin da masu sarrafa AMD Zen ke amfani da cache ɗin da aka raba, wanda ke haifar da yanayi don zubar da bayanai ba kawai a cikin zaren kisa ɗaya ba, har ma tsakanin zaren daban-daban a cikin SMT. (yiwuwar yayyan bayanai tsakanin lambar da ke gudana akan nau'ikan CPU masu ma'ana daban-daban).
Masu bincike sun ba da shawarar wata hanya ta asali don gano canje-canje a cikin ma'ajin micro-aiki da kuma yanayin hari da yawa waɗanda ke ba da damar ƙirƙirar tashoshi na watsa bayanai da ke ɓoye da kuma amfani da lambar mara ƙarfi don zubar da bayanan sirri, duka a cikin tsari ɗaya (misali, don zubar da bayanan aiwatarwa yayin aiwatar da aiwatarwa). lambar ɓangare na uku a cikin injuna tare da JIT kuma a cikin injunan kama-da-wane), kuma tsakanin kernel da matakai a cikin sararin mai amfani.
Lokacin shirya wani bambance-bambancen harin Specter ta amfani da cache micro-operation, masu bincike sun sami damar yin aiki na 965.59 Kbps tare da ƙimar kuskure na 0.22% da 785.56 Kbps lokacin amfani da gyaran kuskure, a cikin yanayin tsara ɓarna a cikin adireshin iri ɗaya. sarari da matakin gata. Tare da ɗigowar da ke tattare da matakan gata daban-daban (tsakanin kernel da sararin mai amfani), aikin ya kasance 85.2 Kbps tare da ƙara gyara kuskure da 110.96 Kbps tare da ƙimar kuskure na 4%. Lokacin da aka kai hari kan masu sarrafa AMD Zen, ƙirƙirar ɓarna tsakanin nau'ikan CPU masu ma'ana daban-daban, aikin ya kasance 250 Kbps tare da ƙimar kuskure na 5.59% da 168.58 Kbps tare da gyara kuskure. Idan aka kwatanta da hanyar Specter v1 na gargajiya, sabon harin ya yi sauri sau 2.6.
Ana tsammanin karewa daga harin cache na micro-op zai buƙaci canje-canje waɗanda zasu rage aiki fiye da idan kun kunna kariyar harin Specter. A matsayin mafi kyawun sasantawa, an ba da shawarar toshe irin waɗannan hare-haren ba ta hanyar kashe caching ba, amma a matakin sa ido kan abubuwan da ba su da kyau da kuma gano jihohin ɓoye waɗanda suka saba da kai hari.
Kamar yadda yake a cikin hare-haren Specter, tsara ɗigogi daga kernel ko wasu matakai na buƙatar aiwatar da wasu jerin umarni (na'urori) a gefen hanyoyin waɗanda aka azabtar, wanda ke haifar da hasashe na aiwatar da umarni. Kimanin na'urori masu kama da 100 an samo su a cikin kernel na Linux, waɗanda za a cire su, amma ana samun abubuwan da suka dace don tsara su lokaci-lokaci, alal misali, dangane da gudanar da shirye-shiryen BPF na musamman a cikin kwaya.
source: budenet.ru