Ofufuza ochokera ku Bitdefender
Chiwopsezochi ndi cha kalasi ya Specter v1 ndipo kutengera lingaliro lakubwezeretsa deta kuchokera ku processor cache yotsalira pambuyo pochita mongoganizira za malangizo. Kuti apititse patsogolo magwiridwe antchito, magawo olosera anthambi a ma CPU amakono amagwiritsa ntchito kutsata malangizo ena omwe atha kuchitidwa, koma osadikirira kuwerengera zinthu zonse zomwe zimatsimikizira kuphedwa kwawo (mwachitsanzo, ngati mikhalidwe yanthambi kapena magawo olowera sizinachitike. adawerengedwa). Ngati kuneneratu sikunatsimikizidwe, purosesa imataya zotsatira za kuphedwa kongoyerekeza, koma zomwe zasinthidwa panthawiyo zimakhalabe mu cache ya purosesa ndipo zitha kubwezeretsedwanso pogwiritsa ntchito njira zodziwira zomwe zili mu cache kudzera munjira zam'mbali, kusanthula kusintha kwa mwayi wopezeka. nthawi yosungira ndi data yosasungidwa.
Chodabwitsa cha kuwukira kwatsopano ndikugwiritsa ntchito kutayikira komwe kumachitika panthawi yongopeka ya malangizo a SWAPGS, omwe amagwiritsidwa ntchito pamakina ogwiritsira ntchito kuti asinthe mtengo wa kaundula wa GS pomwe kuwongolera kumadutsa kuchokera kumalo ogwiritsa ntchito kupita ku OS kernel (the GS). mtengo womwe umagwiritsidwa ntchito pamalo ogwiritsira ntchito umasinthidwa ndi mtengo womwe umagwiritsidwa ntchito pa kernel). Mu kernel ya Linux, GS imasunga cholozera cha per_cpu chomwe chimagwiritsidwa ntchito kupeza zidziwitso za kernel, ndi malo osungira malo ogwiritsira ntchito ku TLS (Thread Local Storage).
Kuti mupewe kuyimbanso malangizo a SWAPGS kawiri mukalowanso mu kernel kuchokera ku kernel space kapena mukamayendetsa ma code omwe safunikira kusintha kwa registry ya GS, cheke ndi nthambi yokhazikika imachitidwa musanapereke malangizowo. Injini yongopeka yongopeka imapitilirabe kukhazikitsa code ndi malangizo a SWAPGS osadikirira zotsatira za cheke, ndipo ngati nthambi yosankhidwayo sinatsimikizidwe, imataya zotsatira zake. Chifukwa chake, zinthu zitha kuchitika ngati nthambi yomwe siyimaphatikizire kuphedwa kwa SWAPGS imasankhidwa mongoganizira, koma pakungoyerekeza mtengo wa kaundula wa GS udzasinthidwa ndi malangizo a SWAPGS ndikugwiritsidwa ntchito potengera kukumbukira zomwe zimathera mu cache ya CPU.
Ofufuza apereka njira ziwiri zowukira zomwe ma prototypes adakonzedwa. Chochitika choyamba chimachokera pazomwe malangizo a SWAPGS sakuchitidwa mongoganizira, ngakhale kuti amagwiritsidwa ntchito pophedwa, ndipo chachiwiri ndi chosiyana, pamene malangizo a SWAPGS akuchitidwa mongoganizira, ngakhale kuti sayenera kuphedwa. Pazochitika zilizonse, pali njira ziwiri zogwiritsira ntchito masuku pamutu: wowukirayo amatha kudziwa mtengo wake pa adilesi inayake m'dera la kernel, ndipo wowukirayo amatha kusaka mtengo wake pama adilesi osasinthika mu kernel. Kuchita chiwembu kumatenga nthawi yayitali ndipo kugwiritsa ntchito kungathe kutenga maola angapo kuti kumalize kutayikira.
Pali vuto mu Linux kernel
Kukonzekera kumafuna kukhazikitsa zosintha za kernel pamakina ochezera komanso malo ochezera alendo, ndikutsatiridwa ndi kuyambiransoko. Kuti mulepheretse chitetezo pa Linux, njira ya "nospectre_v1" ingagwiritsidwe ntchito, yomwe imalepheretsanso njira zoletsa chiwopsezo cha SWAPGS. Kukonzekera kulipo ngati
Malinga ndi ofufuza a Bitdefender, Intel adadziwitsidwa za vutoli mu Ogasiti chaka chatha. Zinaganiza zokonza vutoli mwadongosolo, zomwe opanga kuchokera ku Microsoft, Google ndi Linux kernel adachita nawo ntchito yokonzekera kukonza. Ma processor akale a Intel, pre-Ivy Bridge, ndi ovuta kwambiri kuwukira chifukwa chosowa thandizo la malangizo a WRGSBASE omwe amagwiritsidwa ntchito pochitapo kanthu. Machitidwe a ARM, POWER, SPARC, MIPS, ndi RISC-V sakhudzidwa ndi vutoli chifukwa sagwirizana ndi malangizo a SWAPGS.
Vutoli limakhudza makamaka eni ma processor a Intel -
Pa machitidwe a AMD, zochitika zachiwiri zokha zomwe zinatha kubwerezedwanso, zomwe zimangokhala zongoganizira za mtengo wamtengo wapatali wa GS registry, yomwe ingagwiritsidwe ntchito kuyang'ana zamtengo wapatali m'madera okumbukira mwachisawawa. Kuti aletse kuukira njira iyi
Source: opennet.ru