Gulu la ofufuza ochokera ku ETH Zurich, Vrije Universiteit Amsterdam ndi Qualcomm asindikiza njira yatsopano yowukira ya RowHammer yomwe ingasinthe zomwe zili m'magawo amodzi a kukumbukira mwachisawawa (DRAM). Kuukiraku kudatchedwa Blacksmith ndipo kudadziwika kuti CVE-2021-42114. Tchipisi zambiri za DDR4 zokhala ndi chitetezo ku njira zodziwika bwino zamakalasi a RowHammer ndizosavuta kuthana ndi vutoli. Zida zoyesera makina anu kuti akhale osatetezeka zimasindikizidwa pa GitHub.
Kumbukirani kuti kuukira m'kalasi la RowHammer kumakupatsani mwayi wosokoneza zomwe zili m'makumbukidwe amunthu powerenga mozungulira deta kuchokera kumaselo okumbukira oyandikana nawo. Popeza kukumbukira kwa DRAM ndi ma cell amitundu iwiri, iliyonse imakhala ndi capacitor ndi transistor, kuwerengera mosalekeza kwa dera lomwelo la kukumbukira kumabweretsa kusinthasintha kwamagetsi ndi zolakwika zomwe zimapangitsa kutayika pang'ono kwa ma cell oyandikana nawo. Ngati kuchuluka kwa kuwerenga kuli kwakukulu, ndiye kuti selo loyandikana nalo likhoza kutaya ndalama zambiri zokwanira ndipo kusinthika kwina kotsatira sikudzakhala ndi nthawi yobwezeretsa chikhalidwe chake choyambirira, chomwe chidzatsogolera kusintha kwa mtengo wa deta yosungidwa mu selo. .
Pofuna kuteteza ku RowHammer, opanga ma chip adakonza njira ya TRR (Target Row Refresh) yomwe imateteza ku ziphuphu za maselo omwe ali m'mizere yoyandikana, koma popeza chitetezocho chinali chozikidwa pa mfundo ya "chitetezo ndi mdima," sichinathetse vutoli. muzu, koma kutetezedwa ku milandu yapadera yodziwika, zomwe zidapangitsa kuti zikhale zosavuta kupeza njira zolambalala chitetezo. Mwachitsanzo, mu May, Google inakonza njira ya Half-Double, yomwe sinakhudzidwe ndi chitetezo cha TRR, popeza kuukirako kunakhudza maselo omwe sanali pafupi ndi cholingacho.
Njira yatsopano ya Blacksmith imapereka njira yosiyana yolambalala chitetezo cha TRR, kutengera mwayi wosagwirizana ndi zingwe ziwiri kapena zingapo zowononga pama frequency osiyanasiyana kuti ziwongolere kutayikira. Kuti mudziwe njira yolowera kukumbukira yomwe imatsogolera kutayikira, fuzzer yapadera yapangidwa yomwe imasankha zokha zowukira za chip china, kusinthasintha dongosolo, kulimba komanso kusanja kwama cell.
Njira yotereyi, yomwe simakhudzana ndi kukopa ma cell omwewo, imapangitsa njira zamakono zotetezera za TRR kukhala zosagwira ntchito, zomwe mwanjira imodzi kapena zina zimagwera mpaka kuwerengera kuchuluka kwa mafoni obwereza kumaselo ndipo, zikafika pazikhalidwe zina, kuyambitsa kuyitanitsa. a maselo oyandikana nawo. Ku Blacksmith, njira yolumikizira imafalikira m'maselo angapo nthawi imodzi kuchokera kumbali zosiyanasiyana za chandamale, zomwe zimapangitsa kuti zitheke kutulutsa ndalama popanda kufikira zikhalidwe.
Njirayi idakhala yothandiza kwambiri kuposa njira zomwe zidakonzedweratu zodutsira TRR - ofufuzawo adakwanitsa kupotoza pang'ono mu 40 zomwe zidagulidwa posachedwa ma memory memory DDR4 opangidwa ndi Samsung, Micron, SK Hynix ndi wopanga osadziwika (wopangayo anali sanatchulidwe pa tchipisi 4). Poyerekeza, njira ya TRRespass yomwe idaperekedwa kale ndi ofufuza omwewo inali yothandiza pa tchipisi 13 zokha mwa 42 zomwe zidayesedwa panthawiyo.
Nthawi zambiri, njira ya Blacksmith ikuyembekezeka kugwiritsidwa ntchito ku 94% ya tchipisi ta DRAM pamsika, koma ofufuzawo akuti tchipisi zina ndizowopsa komanso zosavuta kuwukira kuposa zina. Kugwiritsa ntchito manambala owongolera zolakwika (ECC) mu tchipisi ndikuchulukitsa kuchuluka kwa kukumbukira sikumapereka chitetezo chokwanira, koma kumapangitsa kuti ntchitoyo ikhale yovuta. Ndizofunikira kudziwa kuti vutoli silingatsekeke mu tchipisi tatulutsidwa kale ndipo limafuna kukhazikitsidwa kwa chitetezo chatsopano pamlingo wa Hardware, kotero kuukirako kudzakhalabe kofunikira kwa zaka zambiri.
Zitsanzo zothandiza zikuphatikiza njira zogwiritsira ntchito Blacksmith kusintha zomwe zili patsamba lokumbukira (PTE, kulowetsa tebulo patsamba) kuti mupeze mwayi, kuwononga kiyi ya RSA-2048 yosungidwa kukumbukira mu OpenSSH (mutha kubweretsa kiyi yapagulu mu makina a munthu wina kuti agwirizane ndi kiyi yachinsinsi ya wowukirayo kuti alumikizane ndi VM ya wozunzidwayo) ndikulambalala cheke posintha kukumbukira kwa njira ya sudo kuti mupeze mwayi. Kutengera chip, zimatengera kulikonse kuyambira 3 masekondi mpaka maola angapo akuwukira kuti musinthe chandamale chimodzi.
Kuphatikiza apo, titha kuzindikira kusindikizidwa kwa dongosolo lotseguka la LiteX Row Hammer Tester poyesa njira zoteteza kukumbukira motsutsana ndi gulu la RowHammer, lopangidwa ndi Antmicro kwa Google. Chikhazikitsocho chimakhazikitsidwa pakugwiritsa ntchito FPGA kuwongolera kwathunthu malamulo omwe amaperekedwa mwachindunji ku chipangizo cha DRAM kuti athetse chikoka cha wowongolera kukumbukira. Zida ku Python zimaperekedwa kuti zigwirizane ndi FPGA. Chipata chochokera ku FPGA chimaphatikizapo gawo la kusamutsa kwa data pa paketi (imatanthawuza njira zofikira kukumbukira), Payload Executor, wowongolera wokhazikika wa LiteDRAM (amakonza malingaliro onse ofunikira pa DRAM, kuphatikiza kuyambitsa mizere ndi kukonzanso kukumbukira) ndi VexRiscv CPU. Zomwe polojekitiyi ikuchita zimagawidwa pansi pa chilolezo cha Apache 2.0. Mapulatifomu osiyanasiyana a FPGA amathandizidwa, kuphatikiza Lattice ECP5, Xilinx Series 6, 7, UltraScale ndi UltraScale+.
Source: opennet.ru