Ofufuza ochokera ku Bitdefender kusatetezeka kwatsopano () mu njira yongopeka yopangira malangizo a ma CPU amakono, omwe amatchedwa SWAPGS, omwe amafanana ndi dzina la malangizo a purosesa omwe amayambitsa vutoli. Kusatetezeka lolani wowukira wopanda mwayi kuti adziwe zomwe zili m'malo okumbukira kernel kapena kugwiritsa ntchito makina enieni. Vuto mu Intel processors (x86_64) ndi pang'ono Mapurosesa a AMD omwe vekitala yayikulu sikuwoneka. Njira zomwe zidakhazikitsidwa m'mbuyomu zothana ndi zovuta za Specter ndi Meltdown sizimateteza ku kuwukira kwa SWAPGS mukamagwiritsa ntchito ma processor a Intel, koma zosintha zakonzedwa kale za Linux, ChromeOS, Android ndi Windows.
Chiwopsezochi ndi cha kalasi ya Specter v1 ndipo kutengera lingaliro lakubwezeretsa deta kuchokera ku processor cache yotsalira pambuyo pochita mongoganizira za malangizo. Kuti apititse patsogolo magwiridwe antchito, magawo olosera anthambi a ma CPU amakono amagwiritsa ntchito kutsata malangizo ena omwe atha kuchitidwa, koma osadikirira kuwerengera zinthu zonse zomwe zimatsimikizira kuphedwa kwawo (mwachitsanzo, ngati mikhalidwe yanthambi kapena magawo olowera sizinachitike. adawerengedwa). Ngati kuneneratu sikunatsimikizidwe, purosesa imataya zotsatira za kuphedwa kongoyerekeza, koma zomwe zasinthidwa panthawiyo zimakhalabe mu cache ya purosesa ndipo zitha kubwezeretsedwanso pogwiritsa ntchito njira zodziwira zomwe zili mu cache kudzera munjira zam'mbali, kusanthula kusintha kwa mwayi wopezeka. nthawi yosungira ndi data yosasungidwa.
Chodabwitsa cha kuwukira kwatsopano ndikugwiritsa ntchito kutayikira komwe kumachitika panthawi yongopeka ya malangizo a SWAPGS, omwe amagwiritsidwa ntchito pamakina ogwiritsira ntchito kuti asinthe mtengo wa kaundula wa GS pomwe kuwongolera kumadutsa kuchokera kumalo ogwiritsa ntchito kupita ku OS kernel (the GS). mtengo womwe umagwiritsidwa ntchito pamalo ogwiritsira ntchito umasinthidwa ndi mtengo womwe umagwiritsidwa ntchito pa kernel). Mu kernel ya Linux, GS imasunga cholozera cha per_cpu chomwe chimagwiritsidwa ntchito kupeza zidziwitso za kernel, ndi malo osungira malo ogwiritsira ntchito ku TLS (Thread Local Storage).
Kuti mupewe kuyimbanso malangizo a SWAPGS kawiri mukalowanso mu kernel kuchokera ku kernel space kapena mukamayendetsa ma code omwe safunikira kusintha kwa registry ya GS, cheke ndi nthambi yokhazikika imachitidwa musanapereke malangizowo. Injini yongopeka yongopeka imapitilirabe kukhazikitsa code ndi malangizo a SWAPGS osadikirira zotsatira za cheke, ndipo ngati nthambi yosankhidwayo sinatsimikizidwe, imataya zotsatira zake. Chifukwa chake, zinthu zitha kuchitika ngati nthambi yomwe siyimaphatikizire kuphedwa kwa SWAPGS imasankhidwa mongoganizira, koma pakungoyerekeza mtengo wa kaundula wa GS udzasinthidwa ndi malangizo a SWAPGS ndikugwiritsidwa ntchito potengera kukumbukira zomwe zimathera mu cache ya CPU.
Ofufuza apereka njira ziwiri zowukira zomwe ma prototypes adakonzedwa. Chochitika choyamba chimachokera pazomwe malangizo a SWAPGS sakuchitidwa mongoganizira, ngakhale kuti amagwiritsidwa ntchito pophedwa, ndipo chachiwiri ndi chosiyana, pamene malangizo a SWAPGS akuchitidwa mongoganizira, ngakhale kuti sayenera kuphedwa. Pazochitika zilizonse, pali njira ziwiri zogwiritsira ntchito masuku pamutu: wowukirayo amatha kudziwa mtengo wake pa adilesi inayake m'dera la kernel, ndipo wowukirayo amatha kusaka mtengo wake pama adilesi osasinthika mu kernel. Kuchita chiwembu kumatenga nthawi yayitali ndipo kugwiritsa ntchito kungathe kutenga maola angapo kuti kumalize kutayikira.
Pali vuto mu Linux kernel posintha malingaliro oyitanitsa malangizo a SWAPGS (kutsekereza kuphedwa kongoyerekeza), mofanana ndi kuwongolera zovuta zina za Specter v1 class. Chitetezo chowonjezera chikuyembekezeka kukhala ndi zotsatira zochepa pakugwira ntchito kwanthawi zonse. Kuchedwa kumachitika panthawi yosinthira pakati pa wogwiritsa ntchito ndi kernel space, zomwe zingayambitse kusagwira bwino ntchito pamene, mwachitsanzo, pali kuyitana kolemetsa kuchokera ku ntchito kapena kubadwa kawirikawiri kwa NMIs ndi kusokoneza.
Kukonzekera kumafuna kukhazikitsa zosintha za kernel pamakina ochezera komanso malo ochezera alendo, ndikutsatiridwa ndi kuyambiransoko. Kuti mulepheretse chitetezo pa Linux, njira ya "nospectre_v1" ingagwiritsidwe ntchito, yomwe imalepheretsanso njira zoletsa chiwopsezo cha SWAPGS. Kukonzekera kulipo ngati kwa Linux kernel, yomwe yaphatikizidwa kale pazotulutsa , , 4.14.137, 4.9.188 ndi 4.4.188. Zosintha zamagawidwe a Linux sizinatulutsidwebe (, , , , , ). Pa Windows, vutoli lidakonzedwa mwakachetechete . Google Company konzekerani kernel 4.19 yotumizidwa ndi ChromeOS ndi .
Malinga ndi ofufuza a Bitdefender, Intel adadziwitsidwa za vutoli mu Ogasiti chaka chatha. Zinaganiza zokonza vutoli mwadongosolo, zomwe opanga kuchokera ku Microsoft, Google ndi Linux kernel adachita nawo ntchito yokonzekera kukonza. Ma processor akale a Intel, pre-Ivy Bridge, ndi ovuta kwambiri kuwukira chifukwa chosowa thandizo la malangizo a WRGSBASE omwe amagwiritsidwa ntchito pochitapo kanthu. Machitidwe a ARM, POWER, SPARC, MIPS, ndi RISC-V sakhudzidwa ndi vutoli chifukwa sagwirizana ndi malangizo a SWAPGS.
Vutoli limakhudza makamaka eni ma processor a Intel -
Pa machitidwe a AMD, zochitika zachiwiri zokha zomwe zinatha kubwerezedwanso, zomwe zimangokhala zongoganizira za mtengo wamtengo wapatali wa GS registry, yomwe ingagwiritsidwe ntchito kuyang'ana zamtengo wapatali m'madera okumbukira mwachisawawa. Kuti aletse kuukira njira iyi Njira zomwe zilipo zodzitetezera ku Specter v1.
Source: opennet.ru