Cov kws tshawb fawb los ntawm Bitdefender nov vulnerability () nyob rau hauv speculative instruction execution mechanism ntawm niaj hnub CPUs, uas yog lub npe hu ua SWAPGS, uas sib haum mus rau lub npe ntawm lub processor kev qhia ua rau cov teeb meem. Qhov tsis zoo tso cai rau tus neeg tawm tsam uas tsis tsim nyog los txiav txim siab cov ntsiab lus ntawm cov chaw nco nco lossis khiav cov tshuab virtual. Teeb meem hauv Intel processors (x86_64) thiab ib nrab AMD processors uas lub ntsiab nres vector tsis tshwm sim. Yav dhau los siv txoj hauv kev los tiv thaiv Spectre thiab Meltdown vulnerabilities tsis tiv thaiv SWAPGS nres thaum siv Intel processors, tab sis kev kho twb tau npaj rau Linux, ChromeOS, Android thiab Windows.
Qhov tsis zoo yog nyob rau hauv chav kawm Spectre v1 thiab yog raws li lub tswv yim ntawm kev rov kho cov ntaub ntawv los ntawm processor cache seem tom qab speculative ua tiav cov lus qhia. Txhawm rau txhim kho kev ua tau zoo, ceg twv ua ntej ntawm cov niaj hnub CPUs siv preemptive ua tiav ntawm qee cov lus qhia uas feem ntau yuav raug tua, tab sis tsis tau tos rau kev suav ntawm txhua yam uas txiav txim siab lawv qhov kev ua tiav (piv txwv li, thaum ceg ntoo lossis kev nkag tsis tau. tseem tau suav). Yog tias qhov kev twv ua ntej tsis tau lees paub, tus processor pov tseg qhov tshwm sim ntawm qhov kev ua tiav, tab sis cov ntaub ntawv ua tiav thaum lub sijhawm nws tseem nyob hauv processor cache thiab tuaj yeem rov qab los siv txoj hauv kev los txiav txim siab cov ntsiab lus ntawm cov cache los ntawm sab raws, txheeb xyuas qhov kev hloov pauv hauv kev nkag. lub sijhawm rau cached thiab uncached cov ntaub ntawv.
Qhov peculiarity ntawm qhov kev tawm tsam tshiab yog kev siv cov xau uas tshwm sim thaum lub sij hawm speculative ua tiav ntawm SWAPGS cov lus qhia, uas yog siv nyob rau hauv kev khiav hauj lwm systems los hloov tus nqi ntawm GS sau npe thaum tswj los ntawm cov neeg siv qhov chaw mus rau lub OS kernel (GS. tus nqi siv nyob rau hauv cov neeg siv qhov chaw yog hloov nrog tus nqi siv thaum lub sij hawm ua hauj lwm nyob rau hauv lub kernel). Hauv Linux ntsiav, GS khaws cov per_cpu pointer siv los nkag mus rau cov ntaub ntawv ntsiav, thiab cov neeg siv chaw khaws cov taw qhia rau TLS (Thread Local Storage).
Txhawm rau kom tsis txhob hu rau SWAPGS cov lus qhia ob zaug thaum nkag mus rau kernel dua los ntawm qhov chaw kernel lossis thaum ua tiav cov cai uas tsis tas yuav hloov pauv GS, ib daim tshev thiab cov ceg raws cai tau ua ua ntej kev qhia. Lub tshuab ua haujlwm speculative proactively mus ua txhaum cai nrog SWAPGS cov lus qhia yam tsis tau tos rau cov txiaj ntsig ntawm daim tshev, thiab yog tias cov ceg xaiv tsis tau lees paub, pov tseg qhov tshwm sim. Yog li, qhov xwm txheej yuav tshwm sim thaum ib ceg uas tsis koom nrog SWAPGS kev ua tiav raug xaiv, tab sis thaum lub sijhawm kwv yees ua tiav tus nqi ntawm GS sau npe yuav raug hloov pauv los ntawm SWAPGS cov lus qhia thiab siv rau hauv kev ua haujlwm nco uas xaus rau hauv CPU cache.
Cov kws tshawb fawb tau npaj ob qhov xwm txheej tawm tsam uas siv cov qauv tsim tau npaj. Thawj qhov xwm txheej yog nyob ntawm qhov xwm txheej uas SWAPGS cov lus qhia tsis raug ua tiav, txawm hais tias nws tau siv los ua tiav, thiab qhov thib ob yog qhov sib txawv, thaum SWAPGS cov lus qhia raug ua tiav speculatively, txawm hais tias nws yuav tsum tsis txhob ua tiag tiag. Rau txhua qhov xwm txheej, muaj ob txoj kev xaiv rau kev siv: tus neeg tawm tsam tuaj yeem txiav txim siab tus nqi ntawm qhov chaw nyob tshwj xeeb hauv thaj chaw ntsiav, thiab tus neeg tawm tsam tuaj yeem tshawb nrhiav tus nqi tshwj xeeb ntawm qhov chaw nyob hauv cov ntsiav. Kev tawm tsam yuav siv sijhawm ntev thiab kev siv dag zog yuav xav tau ob peb teev los ua kom tiav qhov xau.
Muaj ib qho teeb meem hauv Linux kernel los ntawm kev hloov lub logic ntawm kev hu rau SWAPGS cov lus qhia (txhim kho qhov kev xav tau ntawm kev ua tiav), zoo ib yam li kev kho lwm yam Spectre v1 chav kawm tsis zoo. Qhov kev tiv thaiv ntxiv yuav tsum muaj kev cuam tshuam tsawg kawg nkaus ntawm kev ua haujlwm ntawm cov khoom ua haujlwm raug. Latency tshwm sim thaum lub sijhawm hloov pauv ntawm cov neeg siv thiab cov chaw hauv ntsiav tshuaj, uas tuaj yeem ua rau kev ua haujlwm tsis zoo thaum, piv txwv li, muaj qhov hnyav hu los ntawm daim ntawv thov lossis nquag tsim NMIs thiab cuam tshuam.
Qhov kev txhim kho yuav tsum tau txhim kho cov ntsiav hloov tshiab ntawm ob lub party system thiab qhua ib puag ncig, ua raws li qhov system reboot. Txhawm rau lov tes taw kev tiv thaiv ntawm Linux, qhov kev xaiv "nospectre_v1" tuaj yeem siv, uas tseem cuam tshuam kev ntsuas los thaiv SWAPGS qhov tsis zoo. Kev kho yog muaj raws li rau Linux kernel, uas twb muaj nyob rau hauv cov kev tso tawm , , 4.14.137, 4.9.188 thiab 4.4.188. Hloov tshiab rau Linux kev faib tawm tseem tsis tau tso tawm (, , , , , ). Hauv Windows, qhov teeb meem tau ntsiag to kho hauv . Google tuam txhab kho rau ntsiav 4.19 xa nrog ChromeOS thiab .
Raws li cov kws tshawb fawb los ntawm Bitdefender, Intel tau qhia txog qhov teeb meem rov qab rau lub Yim Hli xyoo tas los. Nws tau txiav txim siab los kho qhov teeb meem programmatically, rau cov neeg tsim tawm los ntawm Microsoft, Google thiab Linux ntsiav tau koom nrog kev sib koom ua ke ntawm kev txhim kho. Cov txheej txheem qub Intel, ua ntej Ivy Choj, nyuaj dua rau kev tawm tsam vim tsis muaj kev txhawb nqa rau WrgSBASE cov lus qhia siv hauv kev siv. ARM, POWER, SPARC, MIPS, thiab RISC-V systems tsis cuam tshuam los ntawm qhov teeb meem vim lawv tsis txhawb SWAPGS cov lus qhia.
Qhov teeb meem feem ntau cuam tshuam rau cov tswv ntawm Intel processors -
Ntawm AMD systems, tsuas yog qhov kev tawm tsam thib ob tuaj yeem rov tsim dua tshiab, uas tsuas yog txwv rau kev ua tiav ntawm tus nqi ntawm cov npe GS, uas tuaj yeem siv los nrhiav cov txiaj ntsig tshwj xeeb hauv thaj chaw nco random. Txhawm rau thaiv qhov kev xaiv tawm tsam no Txoj kev uas twb muaj lawm ntawm kev tiv thaiv Spectre v1.
Tau qhov twg los: opennet.ru