Ib pawg ntawm cov kws tshawb fawb los ntawm Technical University of Dresden tau txheeb xyuas qhov tsis zoo (CVE-2020-12965) hauv AMD processors raws li Zen + thiab Zen 2 microarchitectures, uas tso cai rau Meltdown chav nres tsheb. Nws tau pib xav tias AMD Zen + thiab Zen 2 processors tsis raug cuam tshuam rau Meltdown qhov tsis zoo, tab sis cov kws tshawb fawb tau txheeb xyuas qhov ua tau zoo uas ua rau muaj kev nkag mus rau qhov chaw nco tiv thaiv thaum siv cov chaw nyob tsis yog canonical virtual.
AMD64 architecture siv tsuas yog thawj 48 khoom ntawm qhov chaw nyob virtual thiab tsis quav ntsej txog 16 khoom ntxiv. Nws tau teev tias cov khoom 48 txog 63 yuav tsum ib txwm luam tus nqi ntawm ntsis 47 (kos npe me ntsis ntxiv). Yog tias qhov xwm txheej no raug ua txhaum cai thiab kev sim ua kom nkag mus rau qhov chaw nyob nrog qhov tsis txaus ntseeg ntawm cov khoom siv sab saud, tus processor tsim qhov kev zam. Rov ua dua cov khoom siv sab sauv ua rau muaj qhov chaw nyob tau muab faib ua ob ntu - qis dua (los ntawm 0 txog 00007FFFFFFFFFFFF), uas cov khoom sab saud raug teeb tsa rau 800000000000, thiab ib qho sab saud (los ntawm FFFF1 rau FFFFFFFFFFFFFFFF), uas. tag nrho cov saum toj kawg nkaus yog teem rau XNUMX.
Chaw nyob poob rau hauv cov blocks teev npe hu ua canonical, thiab qhov chaw nyob tsis raug nrog cov ntsiab lus ntawm cov khoom sab sauv hu ua non-canonical. Qhov qis dua ntawm qhov chaw nyob canonical feem ntau yog faib rau cov txheej txheem cov ntaub ntawv, thiab cov khoom siv sab saud yog siv rau cov ntaub ntawv kernel (kev nkag mus rau cov chaw nyob no los ntawm cov neeg siv qhov chaw raug thaiv ntawm qhov muaj cai sib cais).
Classic Meltdown vulnerability yog raws li qhov tseeb hais tias thaum lub sij hawm speculative ua tiav cov lus qhia, tus processor tuaj yeem nkag mus rau thaj chaw cov ntaub ntawv ntiag tug thiab muab pov tseg qhov tshwm sim vim tias cov cai tswjfwm txwv tsis pub nkag los ntawm tus neeg siv cov txheej txheem. Nyob rau hauv qhov kev pab cuam, lub speculatively executed block yog cais los ntawm lub ntsiab code los ntawm ib tug conditional ceg, uas nyob rau hauv tiag tiag tej yam kev mob yeej ib txwm tua hluav taws, tab sis vim lub fact tias cov conditional nqe lus siv ib tug xam tus nqi uas tus processor tsis paub thaum lub sij hawm preemptive execution. txoj cai, tag nrho cov kev xaiv ceg yog nqa tawm speculatively.
Txij li thaum speculatively executed kev khiav hauj lwm siv tib lub cache raws li ib txwm ua raws li cov lus qhia, nws yog ua tau thaum lub sij hawm speculative execution los teem cov cim nyob rau hauv lub cache uas muaj kev cuam tshuam cov ntsiab lus ntawm ib tug neeg cov khoom nyob rau hauv ib tug private nco cheeb tsam, thiab ces nyob rau hauv ib txwm executed code los txiav txim lawv tus nqi los ntawm lub sij hawm. tsom xam nkag mus rau cached thiab uncached cov ntaub ntawv.
Ib qho tshwj xeeb ntawm qhov tsis muaj zog tshiab uas cuam tshuam rau AMD Zen + thiab Zen 2 processors yog tias CPUs tso cai rau kev nyeem ntawv thiab sau cov haujlwm uas nkag mus rau lub cim xeeb siv cov chaw nyob tsis raug cai, tsuas yog tsis quav ntsej txog 16 khoom. Yog li, thaum lub sij hawm speculative code execution, tus processor ib txwm siv tsuas yog qis dua 48 khoom, thiab qhov siv tau ntawm qhov chaw nyob yog txheeb xyuas nyias. Yog tias, thaum txhais qhov tsis yog-canonical virtual chaw nyob mus rau qhov chaw nyob hauv lub cev hauv kev txhais lus tsis sib xws (TLB), qhov kev sib tw raug kuaj pom hauv qhov chaw nyob ntawm qhov chaw nyob, tom qab ntawd qhov kev xav ntawm kev thauj khoom yuav rov qab los ntawm tus nqi yam tsis suav nrog cov ntsiab lus. ntawm sab sauv 16 khoom, uas tso cai rau bypassing nco sib koom ntawm threads. Tom qab ntawd, kev ua haujlwm yuav raug suav tias tsis raug thiab muab pov tseg, tab sis lub cim xeeb nkag yuav ua tiav thiab cov ntaub ntawv yuav xaus rau hauv cache.
Thaum lub sijhawm sim, siv cov txheej txheem ntawm kev txiav txim siab cov ntsiab lus ntawm FLUSH + RELOAD cache, cov kws tshawb fawb tau tuaj yeem npaj cov channel rau cov ntaub ntawv zais hloov pauv ntawm qhov ceev ntawm 125 bytes ib ob. Ntxiv nrog rau AMD chips, qhov teeb meem tseem cuam tshuam rau tag nrho Intel processors, uas muaj kev cuam tshuam rau classic Meltdown vulnerability. Tib cov tswv yim uas pab thaiv Meltdown tawm tsam, xws li siv LFENCE cov lus qhia, tuaj yeem siv los tiv thaiv hom kev tawm tsam tshiab no. Piv txwv li, yog tias Intel processor suav nrog kho vajtse tiv thaiv Meltdown lossis lub kaw lus muaj kev tiv thaiv software, tom qab ntawd cov kev teeb tsa no tsis raug rau qhov kev tawm tsam tshiab.
Nyob rau tib lub sijhawm, cov kws tshawb fawb tau sau tseg tias, piv rau Intel cov txheej txheem, cov txheej txheem ntawm AMD cov txheej txheem txwv tsis pub muaj kev tawm tsam tiag, tab sis tsis suav nrog kev siv cov txheej txheem tshiab ua ke nrog lwm qhov kev tawm tsam microarchitectural kom lawv cov txiaj ntsig tau zoo. Tshwj xeeb, qhov kev tawm tsam tsis tso cai rau ib tus los txiav txim siab cov ntsiab lus ntawm thaj chaw nco ntawm cov ntsiav thiab lwm cov txheej txheem, tab sis tsuas yog txwv rau kev muaj peev xwm nkag mus rau lwm cov xov ntawm tib qhov kev pab cuam uas khiav hauv tib qhov chaw nco virtual.
Txij li thaum ib qho kev pab cuam uas tsis muaj qhov tsis zoo muaj peev xwm nkag mus rau nws cov xov, los ntawm qhov ua tau zoo ntawm kev pom cov qauv yog qhov txaus siab rau kev hla kev cais sandbox thiab teeb tsa kev cuam tshuam nrog kev ua haujlwm ntawm lwm cov xov hauv cov kev pab cuam uas tso cai rau kev ua tiav ntawm cov neeg thib peb. code, xws li web browsers thiab JIT cav . Cov kws tshawb fawb tau tshuaj xyuas qhov tsis zoo ntawm SpiderMonkey JavaScript cav thiab Linux ntsiav los tawm tsam, tab sis tsis pom cov kab lis kev cai yooj yim uas tuaj yeem siv los ua kev tawm tsam. Ntxiv nrog rau kev tawm tsam cov ntawv thov, cov txheej txheem kuj tseem siv tau los yuam cov ntaub ntawv tsis txaus ntseeg ntawm microarchitectural ntsiab ntawm processor thaum siv lwm yam microarchitectural vulnerabilities.
Tau qhov twg los: opennet.ru