Intel tsatanetsatane wa zovuta ziwiri zatsopano mu ma Intel CPU omwe amabwera chifukwa cha kutayika kwa deta ya L1D cache (, L1DES — Kusankha Kuchotsa Anthu ku L1D) ndi ma vekitala (, VRS — Vector Register Sampling). Zovuta ndi za kalasi (Microarchitectural Data Sampling) ndipo zimachokera pakugwiritsa ntchito njira zowunikira za side-channel ku deta mu microarchitectural structures. AMD, ARM, ndi ma processor ena sakhudzidwa ndi mavutowa.
Ngozi yaikulu kwambiri imabwera chifukwa cha kufooka kwa L1DES, komwe Kusonkhanitsidwa kwa ma block a data osungidwa (mizere ya cache) ochotsedwa mu cache yoyamba (L1D) mu fill buffer, yomwe iyenera kukhala yopanda kanthu panthawiyi. Njira zowunikira mbali zomwe zidaperekedwa kale mu ziwopsezo zingagwiritsidwe ntchito kuzindikira deta yomwe yasungidwa mu fill buffer. (Kusankha Deta Yaing'ono Kwambiri) ndi (Transactional Asynchronous Abort). Chofunika kwambiri cha chitetezo chomwe chidagwiritsidwa ntchito kale ku
MDS ndi TAA zonse ndi zabwino pakutsuka ma microarchitectural buffers musanayambe kusintha kwa context, koma zikupezeka kuti nthawi zina deta imayikidwa mu ma buffers mutatha kutsuka, kotero MDS ndi TAA zimagwirabe ntchito.
Zotsatira zake, wowukira amatha kudziwa ngati deta yomwe yatulutsidwa kuchokera ku cache yoyamba idasinthidwa panthawi yogwiritsa ntchito pulogalamu yomwe kale inali mkati mwa CPU, kapena mapulogalamu omwe akuyenda nthawi imodzi mu ulusi wina wolondola (hyperthread) pa CPU core yomweyo (kuletsa HyperThreading kumalepheretsa kugwira ntchito kwa kuukira). Mosiyana ndi kuukirako. L1DES simalola kusankha maadiresi enieni kuti muwone, koma imalola kuyang'anira zochitika mu ulusi wina wogwirizana ndi kukweza kapena kusunga zinthu mu kukumbukira.
Kutengera ndi L1DES, magulu osiyanasiyana ofufuza apanga mitundu ingapo ya kuukira yomwe ingathandize kuchotsa chidziwitso chachinsinsi kuchokera kuzinthu zina, makina ogwiritsira ntchito, makina enieni, ndi malo otetezeka a SGX.
- Gulu la VUSec Njira yowukira ya RIDL yokhudza kufooka kwa L1DES. Ilipo , zomwe zimadutsanso njira yotetezera ya MDS yomwe Intel idapereka, yomwe imachokera pakugwiritsa ntchito malangizo a VERW kuti achotse zomwe zili mu microarchitectural buffers akabwerera kuchokera ku kernel kupita ku malo ogwiritsira ntchito kapena akamasamutsa ulamuliro ku dongosolo la alendo (ofufuza poyamba adanenetsa kuti VERW (kuchotsa microarchitectural buffers) sikunali kokwanira kuteteza ndipo kuti kukhetsa kwathunthu kwa L1 cache kumafunika pa switch iliyonse).
- timu yanga yosinthidwa poganizira za kufooka kwa L1DES.
- Ofufuza ochokera ku yunivesite ya Michigan apanga njira yawoyawo yowukira. (), zomwe zimathandiza kuchotsa chinsinsi kuchokera ku kernel ya operating system, ma virtual machines, ndi ma SGX secure enclaves. Njirayi imachokera pa pogwiritsa ntchito njira ya TSX Asynchronous Abort (TAA) kuti mudziwe zomwe zili mu fill buffer pambuyo poti deta yatuluka kuchokera ku L1D cache.
Chiwopsezo chachiwiri ndi VRS (Vector Register Sampling) Kutuluka mu buffer ya sitolo ya zotsatira za ntchito zowerengedwa kuchokera ku ma vector registers omwe asinthidwa panthawi yogwiritsa ntchito malangizo a vector (SSE, AVX, AVX-512) pa CPU core yomweyo. Kutulukaku kumachitika nthawi zina ndipo kumachitika chifukwa cha ntchito yongoganizira zomwe zimapangitsa kuti ma vector registers omwe amawonekera mu sitolo buffer achedwe ndikumalizidwa buffer itachotsedwa, osati kale. Mofanana ndi kufooka kwa L1DES, zomwe zili mu sitolo buffer zimatha kudziwika pogwiritsa ntchito MDS ndi TAA attacks.
Ofufuza ochokera ku gulu la VUSec , zomwe zimathandiza kudziwa kuchuluka kwa ma vector registers omwe amapezeka chifukwa cha kuwerengera mu ulusi wina wolondola wa CPU core yomweyo. Kufooka kwa VRS kunaonedwa kuti ndi kovuta kwambiri kuti kuukiridwe m'zochitika zenizeni ndipo kunayesedwa pamlingo wotsika kwambiri (2.8) ndi CVSS.
Chidziwitso chokhudza mavutowa chinaperekedwa kwa Intel mu Meyi 2019 ndi gulu la Zombieload lochokera ku Graz University of Technology (Austria) ndi gulu la VUSec lochokera ku Vrije Universiteit Amsterdam. Pambuyo pake, atafufuza ma vector ena a MDS attack, zofookazo zinatsimikiziridwa ndi ofufuza ena angapo. Chidziwitso chokhudza mavuto a L1DES ndi VRS sichinaphatikizidwe mu lipoti loyamba la MDS chifukwa cha kusowa kwa chokonza. Chokonza sichikupezekabe, koma nthawi yomwe anagwirizana yoti asaulule yatha.
Pofuna kuthetsa vutoli, tikukulangizani kuti musiye HyperThreading. Kuti mulepheretse kufooka kwa mbali ya kernel, tikukulimbikitsani kuti muchotse L1 cache pa chosinthira chilichonse (MSR bit MSR_IA32_FLUSH_CMD) ndikuletsa TSX extension (MSR bits MSR_IA32_TSX_CTRL ndi MSR_TSX_FORCE_ABORT).
Intel kutulutsa zosintha za microcode zomwe zikugwiritsa ntchito njira zoletsera mavutowa posachedwa. Intel ikunenanso kuti kugwiritsa ntchito njira zodzitetezera kuukira komwe kunaperekedwa mu 2018 (L1 Terminal Fault) imalola kuletsa kugwiritsa ntchito kufooka kwa L1DES kuchokera ku malo enieni. Ma processor a Intel Core, kuyambira m'badwo wachisanu ndi chimodzi (Sky, Kaby, Coffee, Whiskey, Amber Lake, ndi zina zotero), komanso mitundu ina ya Intel Xeon ndi Xeon Scalable.
Kuphatikiza apo, zitha kuzindikirika , kulola kugwiritsa ntchito njira zowukira kuti mudziwe zomwe zili mu hash yachinsinsi ya mizu kuchokera ku /etc/shadow panthawi yoyesera kutsimikizira nthawi ndi nthawi. Ngati kugwiritsa ntchito koyamba komwe kudaperekedwa kudatsimikiza hash yachinsinsi ya , ndipo itatha kugwiritsa ntchito kutayikira panthawi yogwira ntchito ya asynchronous interrupt mechanism (TAA, TSX Asynchronous Abort), idachitanso ntchito yofanana mu , kenako mtundu watsopanowu umapanga chiwembu mkati mwa masekondi anayi.
Source: opennet.ru
