Chikwata chevaongorori kubva kuETH Zurich, Vrije Universiteit Amsterdam neQualcomm vakaburitsa nzira nyowani yekurwisa yeRowHammer iyo inogona kushandura zviri mukati mezvimedu zvega zvega zvesimba zvekupinda memory (DRAM). Kurwiswa uku kwakanzi codenamed Blacksmith uye yakazivikanwa seCVE-2021-42114. Mazhinji maDDR4 machipi ane dziviriro kubva kune yaimbozivikanwa RowHammer kirasi nzira dzinosangana nedambudziko. Zvishandiso zvekuyedza masisitimu ako kusagadzikana zvinoburitswa paGitHub.
Rangarira kuti RowHammer kirasi kurwiswa kunobvumidza iwe kukanganisa zviri mukati meyemunhu ndangariro bits nekutenderera kuverenga data kubva kune akavakidzana ndangariro maseru. Sezvo DRAM ndangariro iri maviri-dimensional array emaseru, rimwe nerimwe rine capacitor uye transistor, kuita kuenderera kuverenga kwenzvimbo imwechete yekurangarira kunoguma nekushanduka kwevoltage uye anomalies izvo zvinokonzeresa kurasikirwa kudiki kwechaji mumaseru akavakidzana. Kana kuverenga kwakanyanya kwakakwirira, ipapo sero yevavakidzani inogona kurasikirwa nemutengo wakakwana wakawanda uye kutenderera kunotevera kwekuzvarwa patsva hakuzove nenguva yekudzorera mamiriro ayo ekutanga, izvo zvinozoita shanduko mukukosha kwe data yakachengetwa muchitokisi. .
Kuchengetedza kubva kuRowHammer, vanogadzira chip vakakurudzira nzira yeTRR (Target Row Refresh), inodzivirira kubva kuhuwori hwemasero mumitsara iri padyo, asi sezvo dziviriro yacho yakavakirwa pamusimboti we "kuchengetedzwa nekusviba," haina kugadzirisa dambudziko iri. mudzi, asi akadzivirirwa chete kubva kunozivikanwa akakosha kesi, izvo zvakaita kuti zvive nyore kuwana nzira dzekunzvenga dziviriro. Semuenzaniso, muna Chivabvu, Google yakaronga nzira yeHalf-Double, iyo isina kukanganiswa neTRR kuchengetedza, sezvo kurwiswa kwakabata maseru aive asiri padhuze neakananga.
Nzira itsva yeBlacksmith inopa imwe nzira yekunzvenga chengetedzo yeTRR, zvichibva pane isina-uniform yekuwana kune maviri kana anopfuura tambo dzehasha pama frequency akasiyana kukonzera kubhadharisa kuvuza. Kuti uone iyo yekurangarira yekusvika pateni inotungamira kubhadharisa kuvuza, yakasarudzika fuzzer yakagadziridzwa iyo inongozvisarudzira kurwisa paramita kune chaiyo chip, kusiyanisa kurongeka, kusimba uye kurongeka kwesero kuwana.
Maitiro akadaro, asingabatanidzi nekupesvedzera masero mamwechete, anoita kuti ikozvino nzira dzekudzivirira dzeTRR dzisashande, iyo mune imwe nzira kana imwe inovira kusvika pakuverenga nhamba yekudzokororwa kufona kumaseru uye, kana humwe hutsika hwasvikwa, kutanga recharging. yemasero ari pedyo. MuBlacksmith, iyo nzira yekuwana yakapararira kune akati wandei masero kamwechete kubva kumativi akasiyana echinangwa, izvo zvinoita kuti zvikwanise kuwana kubhadharisa kuburitswa pasina kusvika pachikumbaridzo kukosha.
Iyo nzira yakave inoshanda zvakanyanya kupfuura nzira dzakambotaurwa dzekupfuura TRR - vaongorori vakakwanisa kuwana kukanganisa zvishoma mune ese makumi mana achangobva kutenga akasiyana DDR40 memory machipisi akagadzirwa neSamsung, Micron, SK Hynix uye asingazivikanwe mugadziri (mugadziri aive isina kutaurwa pa4 machipisi). Sekuenzanisa, nzira yeTRRespass yakambotaurwa nevatsvagiri vakafanana yaingoshanda kune gumi nematatu chete kubva makumi mana nemaviri machipi akaedzwa panguva iyoyo.
Kazhinji, nzira yeBlacksmith inotarisirwa kushanda ku94% yemachipi ese eDRAM pamusika, asi vaongorori vanoti mamwe machipisi ari panjodzi uye ari nyore kurwisa kupfuura mamwe. Iko kushandiswa kwemakodhi ekugadzirisa zvikanganiso (ECC) mumachipi uye kupeta kaviri chiyero chekuvandudza ndangariro hakupe dziviriro yakakwana, asi inoomesa mashandiro. Zvinokosha kuziva kuti dambudziko harigone kuvharwa mumachipisi akatoburitswa uye rinoda kuitwa kwedziviriro nyowani padanho rehardware, saka kurwiswa kucharamba kwakakosha kwemakore mazhinji.
Mienzaniso inoshanda inopiwa yekuti ungashandisa sei Blacksmith kugadzirisa zviri mukati mezvinyorwa mumemory page table entry (PTE) kuti uwane ma kernel privileges, uye kukuvadza public RSA-2048 key yakachengetwa muOpenSSH (unogona kuunza public key kune yemumwe munhu). muchina chaiwo (zvinoenderana nekiyi yemunhu anorwisa yekubatanidza kuVM yemunhu anenge abatwa) uye kunzvenga kutarisa kodzero nekuchinja ndangariro ye sudo process kuti uwane kodzero dzemidzi. Zvichienderana ne chip, kuchinja target bit imwe chete kunogona kutora chero kubva kumasekonzi matatu kusvika maawa akati wandei kuti kupedzwe.
Pamusoro pezvo, isu tinogona kucherechedza kuburitswa kweyakavhurika LiteX Row Hammer Tester chimiro chekuyedza nzira dzekudzivirira ndangariro kurwisa RowHammer kirasi kurwiswa, yakagadziridzwa neAntmicro yeGoogle. Iyo dhizaini yakavakirwa pakushandiswa kweFPGA kudzora zvizere mirairo inofambiswa yakananga kuDRAM chip kubvisa pesvedzero yendangariro controller. Toolkit muPython inopihwa yekudyidzana neFPGA. Iyo FPGA-yakavakirwa gedhi inosanganisira module yekuchinjisa data pakiti (inotsanangura nzira yekuwana ndangariro), Payload Executor, LiteDRAM-based controller (inogadzira zvese zvinonzwisisika zvinodikanwa kuDRAM, kusanganisira mutsara activation uye ndangariro kugadzirisa) uye VexRiscv CPU. Zviitiko zvepurojekiti iyi zvakagoverwa pasi peiyo Apache 2.0 rezinesi. Akasiyana siyana eFPGA mapuratifomu anotsigirwa, anosanganisira Lattice ECP5, Xilinx Series 6, 7, UltraScale uye UltraScale+.
Source: opennet.ru
