Gulu la ofufuza ochokera ku Yunivesite ya Virginia ndi University of California adapereka mtundu watsopano wowukira zomangira zazing'ono za Intel ndi AMD processors, zomwe zidazindikirika panthawi yaukadaulo wosinthika waukadaulo wopanda zolemba wa CPU. Njira yowukira yomwe akufunsidwa imaphatikizapo kugwiritsa ntchito kachipangizo kakang'ono ka micro-op mu purosesa, yomwe ingagwiritsidwe ntchito kupeza zidziwitso zomwe zasonkhanitsidwa panthawi yongopeka ya malangizo.
Pazolinga zokhathamiritsa, purosesa imayamba kuchita malangizo ena mwanjira yongopeka, osadikirira kuti mawerengedwe am'mbuyomu amalize, ndipo ngati iwona kuti kuneneratu sikunali koyenera, imabwezeretsa ntchitoyo kuti ikhale momwe idayambira, koma zomwe zidasinthidwa panthawiyo. kuphedwa mongopeka kumayikidwa mu cache, zomwe zili mkati mwake zitha kutsimikizika.
Zimadziwika kuti njira yatsopanoyi imapambana kwambiri kuukira kwa Specter v1, kumapangitsa kuti kuwukirako kukhale kovuta kuzindikira ndipo sikutsekedwa ndi njira zomwe zilipo kale zodzitetezera motsutsana ndi njira zapambali zomwe zimapangidwira kuti aletse ziwopsezo zomwe zimayambitsidwa ndi kuphedwa mongoyerekeza (mwachitsanzo, kugwiritsa ntchito. wa malangizo a LFENCE amalepheretsa kutulutsa m'magawo omaliza a kuphedwa kongoyerekeza, koma samateteza kutayikira kudzera muzomangamanga zazing'ono).
Njirayi imakhudza mitundu ya purosesa ya Intel ndi AMD yotulutsidwa kuyambira 2011, kuphatikiza mndandanda wa Intel Skylake ndi AMD Zen. Ma CPU amakono amaphwanya malangizo a purosesa ovuta kukhala osavuta ngati ma RISC, omwe amasungidwa mu cache yapadera. Cache iyi ndiyosiyana kwambiri ndi ma cache apamwamba kwambiri, sapezeka mwachindunji ndipo imagwira ntchito ngati mtsinje kuti mufikire mwachangu zotsatira zakusintha malangizo a CISC kukhala ma RISC ma microinstructions. Komabe, ofufuza apeza njira yopangira mikhalidwe yomwe imachitika pakapezeka mikangano ya cache ndikulola munthu kuweruza zomwe zili mu cache ya micro-operation posanthula kusiyana kwa nthawi yochitira zinthu zina.
Cache ya Micro-operation mu Intel processors yagawika molingana ndi ulusi wa CPU (Hyper-Threading), pomwe mapurosesa a AMD Zen amagwiritsa ntchito cache yogawana, yomwe imapangitsa kuti deta iwonongeke osati mkati mwa ulusi umodzi wokha, komanso pakati pa ulusi wosiyana mu SMT. (kutha kutayikira kwa data pakati pa ma code omwe akuyenda pamitundu yosiyanasiyana ya CPU cores).
Ofufuzawo apereka njira yodziwira kusintha kwa cache ya micro-operation ndi zochitika zingapo zowukira zomwe zimalola kupanga njira zobisika zotumizira deta ndikugwiritsa ntchito nambala yomwe ili pachiwopsezo kutulutsa zinsinsi, zonse mkati mwa njira imodzi (mwachitsanzo, kutulutsa deta mukamagwiritsa ntchito. khodi ya chipani chachitatu mumainjini omwe ali ndi JIT komanso pamakina enieni), komanso pakati pa kernel ndi njira zamagwiritsidwe ntchito.
Pokonzekera kusinthika kwa Specter attack pogwiritsa ntchito cache ya micro-operation, ofufuza adatha kukwaniritsa ntchito ya 965.59 Kbps ndi zolakwika za 0.22% ndi 785.56 Kbps pogwiritsira ntchito kukonza zolakwika, pakukonzekera kutayikira mkati mwa adilesi yomweyo. danga ndi mwayi. Ndi kutayikira komwe kumatenga mwayi wosiyanasiyana (pakati pa kernel ndi malo ogwiritsa ntchito), magwiridwe antchito anali 85.2 Kbps ndikuwongolera zolakwika ndi 110.96 Kbps ndi cholakwika cha 4%. Polimbana ndi mapurosesa a AMD Zen, ndikupanga kutayikira pakati pamitundu yosiyanasiyana ya CPU cores, magwiridwewo anali 250 Kbps ndi cholakwika cha 5.59% ndi 168.58 Kbps ndikuwongolera zolakwika. Poyerekeza ndi njira yachikale ya Specter v1, kuwukira kwatsopano kunali nthawi 2.6 mwachangu.
Zikuyembekezeka kuti kuteteza motsutsana ndi chiwopsezo cha micro-op cache kudzafuna kusintha komwe kungachepetse magwiridwe antchito kuposa mutathandizira chitetezo cha Specter attack. Monga kunyengerera koyenera, kulinganizidwa kuti aletse kuukira kotereku osati kuletsa caching, koma pamlingo wowunikira zolakwika ndikuzindikira madera omwe amasungidwa omwe amakhala ngati akuwukira.
Monga kuukira kwa Specter, kukonza kutayikira kuchokera ku kernel kapena njira zina kumafuna kutsatiridwa kwa malamulo angapo (zida) kumbali ya ozunzidwa, zomwe zimapangitsa kuti apereke malangizo mongopeka. Pafupifupi zida 100 zofanana zapezeka mu kernel ya Linux, zomwe zidzachotsedwa, koma zogwirira ntchito za m'badwo wawo zimapezeka nthawi ndi nthawi, mwachitsanzo, zokhudzana ndi kuyendetsa mapulogalamu opangidwa mwapadera a BPF mu kernel.
Source: opennet.ru