Tawagar masu bincike daga Jami'ar Fasaha ta Graz (Ostiraliya) da Cibiyar Tsaron Bayanai ta Helmholtz (CISPA) sun bayyana bayanai game da rauni (CVE-2021-26318) a cikin duk na'urori na AMD wanda ke ba da damar aiwatar da ajin Meltdown. hare-haren tashoshi na gefe (da farko an ɗauka cewa masu sarrafa AMD ba su da rauni ta hanyar raunin Meltdown). A zahiri, ana iya amfani da harin don kafa hanyoyin sadarwa a ɓoye, saka idanu akan aiki a cikin kwaya, ko samun bayanai game da adireshi a cikin ƙwaƙwalwar kernel don ketare kariyar KASLR yayin amfani da lahani a cikin kwaya.
AMD yayi la'akari da cewa bai dace ba don ɗaukar matakan musamman don toshe matsalar, tun da raunin, kamar irin wannan harin da aka gano a watan Agusta, ba shi da amfani sosai a cikin yanayi na ainihi, an iyakance shi da iyakokin halin yanzu na sararin adireshin tsari kuma yana buƙatar kasancewar wasu. shirye-shiryen umarnin umarni (na'urori) a cikin kwaya. Don nuna harin, masu binciken sun loda nasu tsarin kwaya tare da na'urar da aka ƙara ta wucin gadi. A cikin ainihin yanayi, maharan na iya amfani da, alal misali, a kai a kai suna bayyana rashin ƙarfi a cikin tsarin eBPF don musanya mahimman abubuwan da suka dace.
Don karewa daga wannan sabon nau'in harin, AMD ta ba da shawarar yin amfani da amintattun dabarun coding waɗanda ke taimakawa toshe hare-haren Meltdown, kamar amfani da umarnin LFENCE. Masu binciken da suka gano matsalar sun ba da shawarar ba da damar keɓancewar tebur mai tsauri (KPTI), wanda a baya kawai ake amfani da shi don masu sarrafawa na Intel.
A lokacin gwajin, masu binciken sun sami nasarar fitar da bayanai daga kwaya zuwa tsari a cikin sararin mai amfani a cikin saurin 52 bytes a cikin sakan daya, saboda kasancewar na'urar a cikin kwaya wanda ke aiwatar da aikin "idan (offset <data_len) tmp = LUT[bayanai[kayyade] *4096];” . An gabatar da hanyoyi da yawa don maido da bayanai ta hanyar tashoshi na gefe waɗanda ke ƙarewa a cikin ma'ajin yayin aiwatar da hasashe. Hanya ta farko ta dogara ne akan nazarin karkatattun a lokacin aiwatar da umarnin processor "PREFETCH" (Prefetch + Time), na biyu kuma akan canza canjin kuzari yayin aiwatar da "PREFETCH" (Prefetch + Power).
Ka tuna cewa yanayin rashin lafiyar Meltdown na yau da kullun ya dogara ne akan gaskiyar cewa yayin aiwatar da hasashe na umarni, mai sarrafa na'ura zai iya shiga wurin bayanan sirri sannan ya watsar da sakamakon, tunda abubuwan da aka saita sun hana irin wannan damar daga tsarin mai amfani. A cikin shirin, da speculatively kashe block an rabu da babban code da wani reshe na sharadi, wanda a cikin hakikanin yanayi ko da yaushe gobara, amma saboda gaskiyar cewa sharadi bayani yana amfani da ƙididdiga darajar da processor bai sani ba a lokacin preemptive kisa. code, duk reshe zažužžukan ana aiwatar da speculatively.
Tunda ayyukan da aka aiwatar da zato suna amfani da cache iri ɗaya kamar yadda aka saba aiwatar da umarni, yana yiwuwa a lokacin aiwatar da hasashe don saita alamomi a cikin cache waɗanda ke nuna abubuwan da ke cikin ragowa guda ɗaya a cikin yanki mai zaman kansa, sannan kuma a cikin lambar da aka saba aiwatarwa don tantance ƙimar su ta hanyar lokaci. bincike yana samun damar yin amfani da bayanan da ba a adana ba.
source: budenet.ru