Intel ozi gbasara adịghị ike ọhụrụ abụọ dị na Intel CPUs kpatara site na mwepu data sitere na cache L1D (, L1DES - L1D Nchụpụ nchụpụ) na ndekọ vector (, VRS - Vector Register Sampling). Ọdịdamma bụ nke klaasị (Microarchitectural Data Sampling) ma dabere na ntinye nke ụzọ nyocha nke ọwa n'akụkụ iji nweta data n'ụdị microarchitectural. AMD, ARM na ndị ọzọ processors adịghị emetụta nsogbu.
Ihe egwu kachasị njọ bụ adịghị ike L1DES, nke idozi ngọngọ nke data echekwara (akara cache), nke a chụpụrụ na cache ọkwa mbụ (L1D), na Fill Buffer, nke n'oge a kwesịrị ịbụ ihe efu. Iji chọpụta data nke dabara na nchekwa ndochi, anyị nwere ike iji ụzọ nyocha akụkụ ọwa nke akwadoro na mbuso agha. (Microarchitectural Data Sampling) na (Asynchronous ite ime na-eme njem). Ihe kachasị mkpa nke nchebe etinyere na mbụ megide
MDS na TAA n'ịgbanye ihe nchekwa microarchitectural tupu ịgbanwuo ọnọdụ, mana ọ tụgharịrị na n'ọnọdụ ụfọdụ data a na-atụgharị n'ime nchekwa nchekwa mgbe arụchara ọrụ ahụ, yabụ ụzọ MDS na TAA ka dị.
N'ihi ya, onye na-awakpo nwere ike nweta nchọpụta nke data ewepụrụ na cache ọkwa mbụ nke gbanwere n'oge mmebe nke ngwa nke jibu CPU core ugbu a, ma ọ bụ ngwa na-agba ọsọ na eriri ndị ọzọ ezi uche dị na ya (hyperthread) na otu CPU. isi (ịkwụsị HyperThreading na-ebelata arụmọrụ ọgụ ọ bụla). N'adịghị ka mbuso agha , L1DES anaghị ekwe ka nhọrọ nke kpọmkwem anụ ahụ, adreesị maka nnyocha, ma ọ na-enye ike ,passively nyochaa ọrụ na ndị ọzọ ezi uche eri metụtara , loading ma ọ bụ na-echekwa ụkpụrụ n'ime ebe nchekwa.
Dabere na L1DES, ndị otu nyocha dị iche iche ewepụtala ụdị ọgụ dị iche iche nwere ike wepụta ozi dị nro site na usoro ndị ọzọ, sistemụ arụmọrụ, igwe mebere na mkpuchi SGX echekwara.
- Otu VUSec Usoro mbuso agha RIDL maka adịghị ike L1DES. Dị , nke na-agafekwa usoro nchebe MDS nke Intel tụrụ aro, nke dabere na iji ntuziaka VERW iji kpochapụ ọdịnaya nke microarchitectural buffers mgbe ị na-alọta site na kernel gaa na ohere onye ọrụ ma ọ bụ mgbe ị na-ebufe njikwa na usoro ndị ọbịa (ndị nchọpụta na-ekwusi ike na mbụ na VERW (na-ehichapụ microarchitectural). buffers) maka nchebe ezughi oke ma choro nchacha nke cache L1 na ngbanwe onodu obula).
- otu emelitere m na-eburu n'uche adịghị ike L1DES.
- Ndị na-eme nchọpụta na Mahadum Michigan ewepụtala ụzọ ọgụ nke ha (), nke na-enye gị ohere iwepu ozi nzuzo na kernel sistemụ arụmọrụ, igwe mebere yana mkpuchi SGX echedoro. Usoro dabere na ya na usoro maka nkwụsịtụ arụ ọrụ (TAA, TSX Asynchronous Abort) iji chọpụta ọdịnaya nke ihe nchekwa njuputa mgbe mwepu data sitere na cache L1D.
VRS nke abụọ (Vector Register Sampling) adịghị ike na ntapu n'ime nchekwa nchekwa (Store Buffer) nke nsonaazụ nke ịgụ ọrụ site na ndekọ vector gbanwere n'oge mmebe nke ntụziaka vector (SSE, AVX, AVX-512) na otu isi CPU. The ntapu na-eme n'okpuru a pụtara obere set nke ọnọdụ na-akpata site na eziokwu na a speculative ọrụ nke na-eme ka echiche nke ala nke vector ndekọ na nchekwa nchekwa na-egbu oge na-agwụcha mgbe ihe nchekwa na-ekpochapụ, na ọ bụghị n'ihu ya. Yiri adịghị ike nke L1DES, enwere ike ikpebi ọdịnaya nke nchekwa nchekwa site na iji usoro ọgụ MDS na TAA.
Ndị nyocha sitere na otu VUSec , nke na-enye gị ohere ikpebi ụkpụrụ nke ndekọ vector enwetara n'ihi ngụkọ na eri ezi uche ọzọ nke otu isi CPU. Ụlọ ọrụ Intel A na-ahụta adịghị ike VRS dị oke mgbagwoju anya iji mee ezigbo mwakpo wee kenye ọkwa kacha nta nke ịdị njọ (2.8 CVSS).
Ndị otu Zombieload sitere na Technical University of Graz (Austria) na ndị otu VUSec sitere na Mahadum Free nke Amsterdam kọọrọ Intel na May 2019, na ọtụtụ ndị nyocha ndị ọzọ mechara gosipụta adịghị ike ahụ mgbe ha nyochachara ndị ọzọ na-ebuso agha MDS. Akụkọ MDS mbụ etinyeghị ozi gbasara nsogbu L1DES na VRS n'ihi enweghị ndozi. Ndozi ahụ adịghị ugbu a, mana oge nkwenye na-abụghị nkwupụta agwụla.
Dị ka ihe na-arụ ọrụ, a na-atụ aro ka ị gbanyụọ HyperThreading. Iji gbochie adịghị ike n'akụkụ kernel, a na-atụ aro ka ịtọgharịa cache L1 na mgba ọkụ ọ bụla (MSR bit MSR_IA32_FLUSH_CMD) wee gbanyụọ ndọtị TSX (MSR bits MSR_IA32_TSX_CTRL na MSR_TSX_FORCE_ABORT).
Intel wepụta mmelite microcode na mmejuputa usoro iji gbochie nsogbu n'ọdịnihu dị nso. Intel kwukwara na iji ụzọ nchebe ọgụ tụrụ aro na 2018 (L1 Terminal Fault) na-enye gị ohere igbochi nrigbu nke adịghị ike L1DES site na gburugburu mebere. Mwakpo Ndị nrụpụta Intel Core malite na ọgbọ nke isii (Sky, Kaby, Coffee, Whiskey, Amber Lake, wdg), yana ụfọdụ ụdị Intel Xeon na Xeon Scalable.
Ọzọkwa, enwere ike ịdeba ya , na-enye gị ohere iji ụzọ ọgụ iji chọpụta ọdịnaya nke mgbọrọgwụ okwuntughe hash si /etc/shadow n'oge mbọ nyocha oge. Ọ bụrụ na nrigbu ahụ echere na mbụ kpebiri hash paswọọdụ , na mgbe itinye ntanye ahụ n'oge ọrụ nke usoro nkwụsịtụ asynchronous (TAA, TSX Asynchronous Abort) rụrụ ọrụ yiri nke ahụ na , mgbe ahụ, ọhụrụ variant na-eme mwakpo na 4 sekọnd.
isi: opennet.ru
