Eric Bigers, m'modzi mwa omwe amapanga Adiantum cipher komanso woyang'anira Linux kernel fscrypt subsystem, adakonza zokhala ndi zigamba zoletsa zovuta zachitetezo zomwe zimabwera chifukwa cha ma processor a Intel omwe samatsimikizira nthawi zonse zophatikizika pazosinthidwa zosiyanasiyana. Vuto likuwoneka mu ma processor a Intel kuyambira ndi banja la Ice Lake. Vuto lofananalo limawonedwa mu ma processor a ARM.
Kukhalapo kwa kudalira kwa nthawi yoperekera malangizo pazambiri zomwe zakonzedwa mu malangizowa zimawonedwa ndi wolemba zigamba ngati chiwopsezo cha mapurosesa, popeza khalidwe lotere silingatsimikizire chitetezo cha ntchito za cryptographic zomwe zimachitika mudongosolo. Zochita zambiri za cryptographic ma aligorivimu zapangidwa kuti zitsimikizire kuti deta siikhudza nthawi yoperekera malangizo, ndipo kuphwanya khalidweli kungapangitse kuti pakhale zowukira zapambali zomwe zimabwezeretsa deta kutengera kusanthula kwa nthawi yake.
Mwachidziwitso, kudalira kwa data pa nthawi yothamanga kungagwiritsidwenso ntchito kuyambitsa zigawenga kuti mudziwe zambiri za kernel kuchokera kumalo ogwiritsira ntchito. Malinga ndi Eric Bigers, nthawi yoperekera nthawi zonse siyimaperekedwa mwachisawawa ngakhale malangizo omwe amawonjezera ndi XOR, komanso malangizo apadera a AES-NI (chidziwitso chosatsimikiziridwa ndi mayeso, malinga ndi deta ina, pali kuchedwa kwa chimodzi). kuzungulira pakuchulutsa vekitala ndi kuwerengera pang'ono).
Kuti aletse khalidweli, Intel ndi ARM apereka mbendera zatsopano: PSTATE bit DIT (Data Independent Timing) ya ARM CPUs ndi MSR bit DOITM (Data Operand Independent Timing Mode) ya Intel CPUs, kubwezera khalidwe lakale ndi nthawi yophatikizira nthawi zonse. Intel ndi ARM amalimbikitsa kuteteza chitetezo monga momwe amafunikira pa code yovuta, koma zenizeni, kuwerengera kofunikira kumatha kuchitika kulikonse mu kernel ndi malo ogwiritsira ntchito, kotero tikuganiza zopangitsa mitundu ya DOITM ndi DIT pa kernel yonse nthawi zonse.
Kwa ma processor a ARM, nthambi ya Linux 6.2 kernel yatenga kale zigamba zomwe zimasintha mawonekedwe a kernel, koma zigambazi zimawonedwa kuti ndizosakwanira chifukwa zimangophimba khodi ya kernel ndipo sizisintha momwe amagwirira ntchito. Kwa ma processor a Intel, kuphatikizidwa kwa chitetezo kudakali pagawo lowunikira. Kukhudzika kwa chigamba pakugwira ntchito sikunayesedwebe, koma molingana ndi zolemba za Intel, kupatsa mwayi kwa DOITM kumachepetsa magwiridwe antchito (mwachitsanzo, poletsa kukhathamiritsa kwina, monga kutsitsa kwapadera) komanso m'mitundu yamtsogolo ya purosesa, kuchepa kwa magwiridwe antchito kumatha kuwonjezeka. .
Source: opennet.ru