Gulu la ofufuza ochokera ku ETH Zurich lazindikira kuukira kwatsopano pamakina ongoyerekeza akusintha kwachindunji mu CPU, zomwe zimapangitsa kuti zitheke kutulutsa zidziwitso kuchokera ku kukumbukira kwa kernel kapena kukonza kuwukira kwa makina omwe akukhala nawo pamakina enieni. Zomwe zili pachiwopsezo ndi codenamed Retbleed (CVE-2022-29900, CVE-2022-29901) ndipo zili pafupi ndi chilengedwe ku kuwukira kwa Specter-v2. Kusiyanaku kumabwera chifukwa cha kukhazikitsidwa kwa kachidindo kongoganizirako pokonza malangizo a "ret" (kubwerera), omwe amatenga adilesi kuti idumphe kuchokera pamndandanda, m'malo modumpha mwachindunji pogwiritsa ntchito malangizo a "jmp", kutsitsa adilesi kuchokera. kukumbukira kapena kaundula wa CPU.
Wowukira atha kupanga zolosera zakusintha kolakwika ndikukonzekera kusintha kongoganizira, kongoyerekeza kupita ku block ya code yomwe sinaperekedwe ndi malingaliro apulogalamu. Pamapeto pake, purosesayo iwona kuti kuneneratu kwa nthambi sikunali koyenera ndipo kubweza ntchitoyo kuti ikhale momwe idalili poyamba, koma zomwe zidakonzedwa panthawi yakupha mongopeka zidzathera mu cache ndi microarchitectural buffers. Ngati chipika chomwe chaphedwa molakwika chikafika pamtima, ndiye kuti kuphedwa kwake mongopeka kumapangitsa kuti deta yowerengedwa kuchokera pamtima isungidwe mu cache yogawana.
Kuti mudziwe zambiri zomwe zatsala mu cache pambuyo pa zochitika zongopeka, wowukira angagwiritse ntchito njira zam'mbali kuti adziwe zotsalira, monga kusanthula kusintha kwa nthawi yofikira ku data yosungidwa ndi yosasungidwa. Kuchotsa mwadala zambiri kuchokera kumadera omwe ali pamwayi wina (mwachitsanzo, kuchokera ku kernel memory), "zida zamakono" zimagwiritsidwa ntchito - mndandanda wa malamulo omwe amapezeka mu kernel omwe ali oyenera kuwerenga mongoganizira zomwe zimachokera pamtima kutengera zochitika zakunja zomwe zingakhudzidwe ndi wowukira.
Kuteteza ku zida za Specter class zomwe zimagwiritsa ntchito malangizo ongodumphira komanso osalunjika, makina ambiri ogwiritsira ntchito amagwiritsa ntchito njira ya "retpoline", yomwe imachokera pakusintha kulumpha kosalunjika ndi malangizo a "ret", omwe mapurosesa amagwiritsa ntchito gawo lina lolosera zamtundu wina. osagwiritsa ntchito chipika cholosera nthambi. Pamene retpoline idayambitsidwa mu 2018, adakhulupirira kuti kusintha kwa ma adilesi ngati Specter sikunali kothandiza panthambi yongopeka pogwiritsa ntchito malangizo a "ret".
Ofufuza omwe adapanga njira yowukira ya Retbleed adawonetsa kuthekera kopanga mikhalidwe yaying'ono kuti ayambitse kusintha kongoyerekeza pogwiritsa ntchito malangizo a "ret" ndikusindikiza zida zomwe zidapangidwa kuti zizindikire mndandanda wa malangizo (zida) zoyenera kugwiritsa ntchito chiwopsezo cha Linux kernel, momwe mikhalidwe yotere imawonekera.
Pakafukufuku, ntchito yogwirira ntchito idakonzedwa yomwe imalola, pamakina omwe ali ndi Intel CPUs, kuchotsa deta yosasinthika kuchokera ku kukumbukira kwa kernel kuchokera kuzinthu zopanda pake mu malo ogwiritsira ntchito pa liwiro la 219 bytes pamphindi ndi 98% molondola. Pa mapurosesa a AMD, kugwiritsa ntchito bwino kwake ndikokwera kwambiri - kutayikira ndi 3.9 KB pamphindikati. Monga chitsanzo chothandiza, tikuwonetsa momwe tingagwiritsire ntchito zomwe zaperekedwa kuti tidziwe zomwe zili mu fayilo ya /etc/shadow. Pamakina omwe ali ndi Intel CPUs, kuwukira kuti adziwe dzina lachinsinsi la ogwiritsa ntchito mumphindi 28, komanso pamakina okhala ndi AMD CPU - mu mphindi 6.
Kuwukiraku kwatsimikiziridwa kwa mibadwo 6-8 ya ma processor a Intel omwe adatulutsidwa Q3 2019 isanachitike (kuphatikiza Skylake), ndi mapurosesa a AMD kutengera Zen 1, Zen 1+, ndi Zen 2 microarchitectures zomwe zidatulutsidwa Q2021 3 isanachitike. M'mitundu yatsopano ya purosesa monga AMD ZenXNUMX ndi Intel Alder Lake, komanso ma processor a ARM, vuto latsekedwa ndi njira zotetezera zomwe zilipo. Mwachitsanzo, kugwiritsa ntchito malangizo a IBRS (Indirect Branch Restricted Speculation) kumathandiza kuti musavutike.
Kusintha kwakonzedwa kwa Linux kernel ndi Xen hypervisor, zomwe zingatseke vutoli mu mapulogalamu pa ma CPU akale. Chigawo chomwe chikufunidwa cha Linux kernel chimasintha mafayilo 68, kuwonjezera mizere 1783, ndikuchotsa mizere 387. Tsoka ilo, chitetezo chimatsogolera kumitengo yayikulu - m'malemba omwe amapangidwa pa AMD ndi Intel processors, kuchepa kwa magwiridwe antchito akuyerekezedwa kuchokera ku 14% mpaka 39%. Ndikwabwino kugwiritsa ntchito chitetezo kutengera malangizo a IBRS, omwe amapezeka m'mibadwo yatsopano ya Intel CPUs ndikuthandizidwa kuyambira ndi Linux kernel 4.19.
Pa ma processor a Intel, kulowetsa maadiresi kwa kulumpha kongoyerekeza kumachitika chifukwa cha mawonekedwe omwe amawoneka ngati kusefukira kumachitika kudzera m'munsi (kutsika kwapansi) mu Return Stack Buffer. Izi zikachitika, malangizo a "ret" amayamba kugwiritsa ntchito malingaliro osankha maadiresi ofanana ndi omwe amagwiritsidwa ntchito podumpha wamba. Malo opitilira chikwi apezeka mu Linux kernel yomwe imapanga mikhalidwe yoyambira kubweza koteroko ndipo imapezeka kudzera pama foni.
Pa mapurosesa a AMD, kuwongolera mongopeka kwa malangizo a "ret" kumachitika popanda kutengera chosungira chapadera (Return Address Stack) ndipo gawo lolosera la nthambi limawona malangizo a "ret" osati ngati kubwereranso, koma ngati nthambi yosadziwika. , ndipo, moyenerera, amagwiritsa ntchito deta kulosera zakusintha kosalunjika. Pazifukwa izi, pafupifupi ntchito iliyonse ya "ret" yomwe ingapezeke kudzera pa foni yam'manja imatha kugwiritsidwa ntchito.
Kuphatikiza apo, nkhani ina yadziwikanso mu AMD CPUs (CVE-2022-23825, Chisokonezo cha Nthambi) yokhudzana ndi kukhazikitsidwa kwa nthambi zopeka - mikhalidwe yolosera nthambi imatha kuchitika ngakhale popanda malangizo anthambi ofunikira, omwe amalola kukopa kutengera kwanthambi. popanda malangizo "ret". Izi zimasokoneza kwambiri kukhazikitsidwa kwa chitetezo ndipo zimafunikira kuyeretsa mwachangu kwa bafa yolosera nthambi. Kuonjezera chitetezo chokwanira ku kernel kukuyembekezeka kuonjezera pamwamba ndi 209%.
Source: opennet.ru