Gulu la ofufuza ochokera ku Technical University of Graz (Austria) ndi Helmholtz Center for Information Security (CISPA), () vekitala yatsopano yogwiritsira ntchito zida zam'mbali (L1TF), yomwe imakulolani kuti mutenge deta kuchokera kukumbukira Intel SGX enclaves, SMM (System Management Mode), malo okumbukira a OS kernel ndi makina enieni mu machitidwe a virtualization. Mosiyana ndi kuwukira koyambirira komwe kunaperekedwa mu 2018 Kusintha kwatsopano sikuli kwa ma processor a Intel ndipo kumakhudza ma CPU ochokera kwa opanga ena monga ARM, IBM ndi AMD. Kuphatikiza apo, kusinthika kwatsopano sikufuna kuchita bwino kwambiri ndipo kuwukirako kumatha kuchitika ngakhale pogwiritsa ntchito JavaScript ndi WebAssembly mumsakatuli.
Kuwukira kwa Foreshadow kumagwiritsa ntchito mwayi woti kukumbukira kukapezeka pa adilesi yomwe imapangitsa kuti pakhale chosiyana (cholakwika patsamba lomaliza), purosesa amawerengera mongoyerekeza adilesi yake ndikunyamula zomwe zili mu cache ya L1. Kufikira mwachidziwitso kumachitidwa musanamalize kufufuza kwa tebulo la tsamba la chikumbutso ndipo mosasamala kanthu za momwe tsamba latsamba lakumbukira (PTE), i.e. musanayang'ane kupezeka kwa data mu kukumbukira kwakuthupi komanso kuwerenga kwake. Pambuyo pofufuza kupezeka kwa kukumbukira, pakalibe mbendera ya Present mu PTE, ntchitoyi imatayidwa, koma deta imakhalabe mu cache ndipo ikhoza kubwezeredwa pogwiritsa ntchito njira zodziwira zomwe zili mu cache kudzera muzitsulo zam'mbali (posanthula kusintha kwa nthawi yofikira). ku data yosungidwa komanso yosasungidwa).
Ofufuza awonetsa kuti njira zomwe zilipo zodzitetezera ku Foreshadow ndizosagwira ntchito ndipo zimayendetsedwa ndi kutanthauzira kolakwika kwa vutoli. Kusatetezeka
Kuwonetseratu kungagwiritsidwe ntchito mosasamala kanthu za njira zotetezera kernel zomwe poyamba zinkawoneka zokwanira. Zotsatira zake, ofufuzawo adawonetsa kuthekera kopanga chiwonetsero chazithunzi pamakina omwe ali ndi maso akale, momwe njira zonse zodzitetezera za Foreshadow zimayatsidwa, komanso ma maso atsopano, momwe chitetezo cha Specter-v2 chokha chimayimitsidwa (pogwiritsa ntchito. njira ya Linux kernel nospectre_v2).
Zinapezeka kuti sizogwirizana ndi malangizo otengeratu pulogalamu kapena zotsatira za hardware
prefetch panthawi yofikira kukumbukira, koma zimachitika pamene zongoyerekeza za malo ogwiritsira ntchito zimalembetsa mu kernel. Kutanthauzira molakwika kwa zomwe zidayambitsa kusatetezekaku kudapangitsa kuti anthu aziganiza kuti kutayikira kwa data mu Foreshadow kumatha kuchitika kudzera mu cache ya L1, pomwe kupezeka kwa ma code ena (zida zotsogola) mu kernel kungayambitse kutayikira kwa data kunja kwa cache ya L1, mwachitsanzo, mu L3 cache.
Mbali yomwe yazindikirika imatsegulanso mwayi wopanga ziwopsezo zatsopano zomwe zimayang'ana njira zomasulira maadiresi omwe ali m'malo akutali ndikuzindikira ma adilesi ndi zidziwitso zosungidwa m'mabuku a CPU. Monga chiwonetsero, ofufuzawo adawonetsa kuthekera kogwiritsa ntchito zomwe zadziwika kuti zichotse deta kuchokera panjira imodzi kupita ku ina ndikuchita pafupifupi ma bits 10 pamphindikati pamakina okhala ndi Intel Core i7-6500U CPU. Kuthekera kwa kutulutsa zomwe zili m'kaundula wa Intel SGX kukuwonetsedwanso (zinatenga mphindi 32 kuti mudziwe mtengo wa 64-bit wolembedwa ku kaundula wa 15-bit). Mitundu ina ya ziwopsezo zidapezeka kuti zitha kukhazikitsidwa mu JavaScript ndi WebAssembly, mwachitsanzo, zinali zotheka kudziwa adilesi ya JavaScript ndikudzaza ma regista 64-bit ndi mtengo womwe umayendetsedwa ndi wowukirayo.
Kuti mulepheretse kuwukira kwa Foreshadow kudzera pa cache ya L3, njira yoteteza ya Specter-BTB (Nthambi Target Buffer) yomwe idakhazikitsidwa mu retpoline patch set ndi yothandiza. Chifukwa chake, ofufuzawo akukhulupirira kuti ndikofunikira kusiya retpoline yolumikizidwa ngakhale pamakina omwe ali ndi ma CPU atsopano omwe ali ndi chitetezo ku zovuta zomwe zimadziwika mu makina a CPU ongoyerekeza. Nthawi yomweyo, oimira Intel adanenanso kuti sakukonzekera kuwonjezera njira zodzitetezera ku Foreshadow kwa processors ndikuziwona kuti ndizokwanira kuphatikiza chitetezo ku Specter V2 ndi L1TF (Foreshadow).
Source: opennet.ru