Chikwata chevaongorori kubva kuETH Zurich, Vrije Universiteit Amsterdam neQualcomm vakaburitsa nzira nyowani yekurwisa yeRowHammer iyo inogona kushandura zviri mukati mezvimedu zvega zvega zvesimba zvekupinda memory (DRAM). Kurwiswa uku kwakanzi codenamed Blacksmith uye yakazivikanwa seCVE-2021-42114. Mazhinji maDDR4 machipi ane dziviriro kubva kune yaimbozivikanwa RowHammer kirasi nzira dzinosangana nedambudziko. Zvishandiso zvekuyedza masisitimu ako kusagadzikana zvinoburitswa paGitHub.
Rangarira kuti RowHammer kirasi kurwiswa kunobvumidza iwe kukanganisa zviri mukati meyemunhu ndangariro bits nekutenderera kuverenga data kubva kune akavakidzana ndangariro maseru. Sezvo DRAM ndangariro iri maviri-dimensional array emaseru, rimwe nerimwe rine capacitor uye transistor, kuita kuenderera kuverenga kwenzvimbo imwechete yekurangarira kunoguma nekushanduka kwevoltage uye anomalies izvo zvinokonzeresa kurasikirwa kudiki kwechaji mumaseru akavakidzana. Kana kuverenga kwakanyanya kwakakwirira, ipapo sero yevavakidzani inogona kurasikirwa nemutengo wakakwana wakawanda uye kutenderera kunotevera kwekuzvarwa patsva hakuzove nenguva yekudzorera mamiriro ayo ekutanga, izvo zvinozoita shanduko mukukosha kwe data yakachengetwa muchitokisi. .
Kuchengetedza kubva kuRowHammer, vanogadzira chip vakakurudzira nzira yeTRR (Target Row Refresh), inodzivirira kubva kuhuwori hwemasero mumitsara iri padyo, asi sezvo dziviriro yacho yakavakirwa pamusimboti we "kuchengetedzwa nekusviba," haina kugadzirisa dambudziko iri. mudzi, asi akadzivirirwa chete kubva kunozivikanwa akakosha kesi, izvo zvakaita kuti zvive nyore kuwana nzira dzekunzvenga dziviriro. Semuenzaniso, muna Chivabvu, Google yakaronga nzira yeHalf-Double, iyo isina kukanganiswa neTRR kuchengetedza, sezvo kurwiswa kwakabata maseru aive asiri padhuze neakananga.
Nzira itsva yeBlacksmith inopa imwe nzira yekunzvenga chengetedzo yeTRR, zvichibva pane isina-uniform yekuwana kune maviri kana anopfuura tambo dzehasha pama frequency akasiyana kukonzera kubhadharisa kuvuza. Kuti uone iyo yekurangarira yekusvika pateni inotungamira kubhadharisa kuvuza, yakasarudzika fuzzer yakagadziridzwa iyo inongozvisarudzira kurwisa paramita kune chaiyo chip, kusiyanisa kurongeka, kusimba uye kurongeka kwesero kuwana.
Maitiro akadaro, asingabatanidzi nekupesvedzera masero mamwechete, anoita kuti ikozvino nzira dzekudzivirira dzeTRR dzisashande, iyo mune imwe nzira kana imwe inovira kusvika pakuverenga nhamba yekudzokororwa kufona kumaseru uye, kana humwe hutsika hwasvikwa, kutanga recharging. yemasero ari pedyo. MuBlacksmith, iyo nzira yekuwana yakapararira kune akati wandei masero kamwechete kubva kumativi akasiyana echinangwa, izvo zvinoita kuti zvikwanise kuwana kubhadharisa kuburitswa pasina kusvika pachikumbaridzo kukosha.
Iyo nzira yakave inoshanda zvakanyanya kupfuura nzira dzakambotaurwa dzekupfuura TRR - vaongorori vakakwanisa kuwana kukanganisa zvishoma mune ese makumi mana achangobva kutenga akasiyana DDR40 memory machipisi akagadzirwa neSamsung, Micron, SK Hynix uye asingazivikanwe mugadziri (mugadziri aive isina kutaurwa pa4 machipisi). Sekuenzanisa, nzira yeTRRespass yakambotaurwa nevatsvagiri vakafanana yaingoshanda kune gumi nematatu chete kubva makumi mana nemaviri machipi akaedzwa panguva iyoyo.
Kazhinji, nzira yeBlacksmith inotarisirwa kushanda ku94% yemachipi ese eDRAM pamusika, asi vaongorori vanoti mamwe machipisi ari panjodzi uye ari nyore kurwisa kupfuura mamwe. Iko kushandiswa kwemakodhi ekugadzirisa zvikanganiso (ECC) mumachipi uye kupeta kaviri chiyero chekuvandudza ndangariro hakupe dziviriro yakakwana, asi inoomesa mashandiro. Zvinokosha kuziva kuti dambudziko harigone kuvharwa mumachipisi akatoburitswa uye rinoda kuitwa kwedziviriro nyowani padanho rehardware, saka kurwiswa kucharamba kwakakosha kwemakore mazhinji.
Mienzaniso inoshanda inosanganisira nzira dzekushandisa Blacksmith kushandura zviri mukati mememory peji tafura (PTE, peji tafura yekupinda) kuti uwane kernel ropafadzo, kukanganisa RSA-2048 yeruzhinji kiyi yakachengetwa mundangariro muOpenSSH (unogona kuunza kiyi yeruzhinji mukati. muchina wemumwe munhu wekufananidza kiyi yakavanzika yeanorwisa kuti ubatanidze kuVM yemunhu akabatwa) uye nekunzvenga zvitupa tarisa nekugadzirisa ndangariro yesudo process kuti uwane maropafadzo emidzi. Zvichienderana nechip, zvinotora chero kubva pamasekondi matatu kusvika kumaawa akati wandei enguva yekurwisa kuti uchinje chimwe chinangwa.
Pamusoro pezvo, isu tinogona kucherechedza kuburitswa kweyakavhurika LiteX Row Hammer Tester chimiro chekuyedza nzira dzekudzivirira ndangariro kurwisa RowHammer kirasi kurwiswa, yakagadziridzwa neAntmicro yeGoogle. Iyo dhizaini yakavakirwa pakushandiswa kweFPGA kudzora zvizere mirairo inofambiswa yakananga kuDRAM chip kubvisa pesvedzero yendangariro controller. Toolkit muPython inopihwa yekudyidzana neFPGA. Iyo FPGA-yakavakirwa gedhi inosanganisira module yekuchinjisa data pakiti (inotsanangura nzira yekuwana ndangariro), Payload Executor, LiteDRAM-based controller (inogadzira zvese zvinonzwisisika zvinodikanwa kuDRAM, kusanganisira mutsara activation uye ndangariro kugadzirisa) uye VexRiscv CPU. Zviitiko zvepurojekiti iyi zvakagoverwa pasi peiyo Apache 2.0 rezinesi. Akasiyana siyana eFPGA mapuratifomu anotsigirwa, anosanganisira Lattice ECP5, Xilinx Series 6, 7, UltraScale uye UltraScale+.
Source: opennet.ru