Masu bincike daga Bitdefender
Lalacewar nasa ne na ajin Specter v1 kuma ya dogara ne akan ra'ayin maido da bayanai daga cache mai sarrafawa wanda ya rage bayan aiwatar da umarnin. Don haɓaka aiki, sassan tsinkayar reshe na CPUs na zamani suna amfani da aiwatar da aiwatar da wasu umarni waɗanda galibi za a iya aiwatarwa, amma ba tare da jiran lissafin duk abubuwan da ke ƙayyadad da aiwatar da su ba (misali, lokacin da yanayin reshe ko sigogin samun dama ba su yi ba. duk da haka an lissafta). Idan ba a tabbatar da tsinkayar ba, mai sarrafa na'ura yana watsar da sakamakon da aka yi hasashe, amma bayanan da aka sarrafa a lokacin ya kasance a cikin cache na sarrafawa kuma za'a iya dawo da su ta hanyar amfani da hanyoyi don ƙayyade abubuwan da ke cikin cache ta hanyar tashoshi na gefe, yana nazarin canjin damar shiga. lokaci zuwa cache da bayanan da ba a adana ba.
Mahimmancin sabon harin shine amfani da leken asiri wanda ke faruwa a lokacin aiwatar da jita-jita na umarnin SWAPGS, wanda aka yi amfani da shi a cikin tsarin aiki don maye gurbin ƙimar rajistar GS lokacin da sarrafawa ya wuce daga sararin mai amfani zuwa kernel OS (GS) ana maye gurbin darajar da aka yi amfani da shi a cikin sarari mai amfani tare da ƙimar da aka yi amfani da ita yayin aiki a cikin kernel). A cikin Linux kernel, GS tana adana alamar per_cpu da ake amfani da ita don samun damar bayanan kwaya, kuma sararin samaniya yana adana masu nuni zuwa TLS (Thread Local Storage).
Don guje wa kiran umarnin SWAPGS sau biyu lokacin sake samun kernel daga sararin kwaya ko lokacin aiwatar da lambar da ba ta buƙatar canjin rajistar GS, ana yin rajista da reshe na sharadi kafin umarnin. Injin aiwatar da hasashe yana ci gaba da aiwatar da lamba tare da umarnin SWAPGS ba tare da jiran sakamakon rajistan ba, kuma idan ba a tabbatar da reshen da aka zaɓa ba, yana watsar da sakamakon. Don haka, wani yanayi na iya tasowa lokacin da aka zaɓi reshe wanda ba ya haɗa da aiwatar da SWAPGS da ƙima, amma yayin aiwatar da hasashe za a canza ƙimar rajistar GS ta umarnin SWAPGS kuma a yi amfani da shi a cikin ayyukan ƙwaƙwalwar ajiya masu dogaro waɗanda suka ƙare a cikin cache na CPU.
Masu bincike sun ba da shawarar yanayin hari guda biyu waɗanda aka shirya abubuwan amfani da su. Halin na farko ya dogara ne akan yanayin da ba a aiwatar da umarnin SWAPGS ta hanyar hasashe ba, kodayake ana amfani da shi a zahiri wajen aiwatarwa, kuma na biyu shine akasin haka, lokacin da aka aiwatar da umarnin SWAPGS da hasashe, kodayake bai kamata a aiwatar da shi a zahiri ba. Ga kowane yanayi, akwai zaɓuɓɓuka guda biyu don cin zarafi: maharin na iya ƙayyade ƙimar a takamaiman adireshin da ke yankin kernel, kuma maharin na iya nemo takamaiman ƙima a adiresoshin bazuwar a cikin kwaya. Kai hari yana ɗaukar lokaci mai tsawo kuma cin zarafi na iya buƙatar sa'o'i da yawa don kammala yatsan.
Akwai matsala a cikin kernel na Linux
Gyaran yana buƙatar shigar da sabuntawar kwaya akan tsarin runduna da mahallin baƙo, sannan tsarin sake yi. Don musaki kariya akan Linux, ana iya amfani da zaɓin "nospectre_v1", wanda kuma yana hana matakan toshe raunin SWAPGS. Ana samun gyara kamar
A cewar masu bincike daga Bitdefender, an sanar da Intel game da matsalar a watan Agustan bara. An yanke shawarar gyara matsalar ta hanyar shirye-shirye, wanda masu haɓakawa daga Microsoft, Google da Linux kernel suka shiga cikin haɗin gwiwar haɓaka gyara. Tsofaffin na'urori na Intel, gadar pre-Ivy, sun fi wahalar kai hari saboda rashin goyan bayan umarnin WRGSBASE da aka yi amfani da su wajen cin gajiyar. ARM, POWER, SPARC, MIPS, da tsarin RISC-V matsalar ba ta shafe su ba saboda basa goyan bayan umarnin SWAPGS.
Matsalar ta fi shafar masu sarrafa na'urorin Intel -
A kan tsarin AMD, yanayin harin na biyu kawai ya sami damar sake bugawa, wanda ke iyakance ga aiwatar da ƙima na ƙimar tushe na rajistar GS, wanda za'a iya amfani dashi don nemo takamaiman ƙima a cikin wuraren ƙwaƙwalwar ajiya bazuwar. Don toshe wannan zaɓin harin
source: budenet.ru