Intel ruzivo nezve huviri hutsva husina kunaka muIntel CPUs hunokonzerwa nekudonha kwedata kubva kuL1D cache (, L1DES - L1D Eviction Sampling) uye marejitari evector (, VRS - Vector Register Sampling). Kusagadzikana ndekwekirasi (Microarchitectural Data Sampling) uye yakavakirwa pakushandiswa kwenzira dzeparutivi-chiteshi nzira dzekuongorora kune data mune microarchitectural zvimiro. AMD, ARM uye mamwe ma processor haana kukanganiswa nematambudziko.
Ngozi huru ndeyekusagadzikana kweL1DES, iyo kugadzirisa kwezvivharo zvecached data (cache line), yakadzingwa kubva padanho rekutanga cache (L1D), muFill Buffer, iyo panguva ino inofanira kunge isina chinhu. Kuti titarise iyo data yakagadzika mune yekuzadza buffer, isu tinogona kushandisa nzira dzepadivi-chiteshi nzira dzekuongorora dzakambotaurwa mukurwiswa. (Microarchitectural Data Sampling) uye (Transactional Asynchronous Abortion). Izvo zvakakosha zvezvakamboitwa kudzivirira kubva
MDS neTAA mukugezera madiki mabuffers asati achinja mamiriro ezvinhu, asi zvinozoitika kuti pasi pemamwe mamiriro data inonyungudutswa mumabuffer mushure mekuvhiyiwa, saka nzira dzeMDS neTAA dzinoramba dzichishanda.
Nekuda kweizvozvo, munhu anorwisa anogona kuwana kucherechedzwa kwedata rakadzingwa kubva padanho rekutanga cache iro rakashandurwa panguva yekuitwa kwechikumbiro chaigara chiripo cheCPU core, kana maapplication ari kushanda achienderana mune dzimwe tambo dzine musoro (hyperthread) pane imwechete CPU. musimboti (kuremadza HyperThreading kunoderedza kusashanda kwekurwisa). Kusiyana nekurwisa ,L1DES haitenderi kusarudzwa kweadhirosi chaiyo, kero kuti iongororwe, asi inopa kugona, kungotarisa chiitiko mune dzimwe tambo dzine musoro dzine chekuita ne, kurodha kana kuchengeta hunhu mundangariro.
Zvichienderana neL1DES, zvikwata zvakasiyana-siyana zvekutsvagisa zvakagadzira akati wandei kurwisa izvo zvinogona kuburitsa ruzivo rwakadzama kubva kune mamwe maitiro, sisitimu yekushandisa, michina chaiyo uye yakachengetedzwa SGX enclaves.
- VUSec Team RIDL yekurwisa nzira yekusagadzikana kweL1DES. Available , iyo inodarika zvakare Intel's yakarongwa MDS yekudzivirira nzira, iyo yakavakirwa pakushandisa iyo VERW rairo kujekesa zviri mukati me microarchitectural buffers pakudzoka kubva ku kernel kuenda kunzvimbo yemushandisi kana pakuendesa kutonga kune yevaenzi sisitimu (vaongorori pakutanga vakasimbirira kuti VERW (kubvisa microarchitectural). buffers) yekudzivirira haina kukwana uye inoda kukwenenzverwa kweL1 cache pane yega yega chinja chinja).
- chikwata update yangu tichifunga nezvekusagadzikana kweL1DES.
- Vatsvagiri paYunivhesiti yeMichigan vakagadzira yavo nzira yekurwisa (), iyo inokutendera kuti utore ruzivo rwakavanzika kubva kune inoshanda sisitimu kernel, chaiwo michina uye yakachengetedzwa SGX enclaves. Nzira yacho inobva pane ine mashandiro easynchronous kukanganisa kwekushanda (TAA, TSX Asynchronous Abort) kuona zviri mukati mekuzadza buffer mushure mekudonha kwedata kubva kuL1D cache.
Chechipiri VRS (Vector Register Sampling) kusagadzikana ine kudonha mukati mekuchengetedza buffer (Store Buffer) yemhedzisiro yekuverenga mashandiro kubva kune vector marejista yakashandurwa panguva yekuitwa kweiyo vector rairo (SSE, AVX, AVX-512) pane imwechete CPU musimboti. Kubvinza kwacho kunoitika pasi pemamiriro ezvinhu asina kujairika uye kunokonzerwa nenyaya yekuti fungidziro inoshanda inoguma nekuratidzwa kwemamiriro evector marejista mubhafa yekuchengetera inononoka uye inopera mushure mekunge buffer yacheneswa, uye kwete pamberi payo. Zvakafanana nekusagadzikana kweL1DES, zviri mukati mekuchengetedza buffer zvinogona kutsanangurwa uchishandisa MDS uye TAA maitiro ekurwisa.
Vatsvagiri kubva kuboka reVUSec , iyo inokutendera kuti uone kukosha kwevector marejista akawanikwa semhedzisiro yekuverenga mune imwe inonzwisisika tambo yeiyo yakafanana CPU musimboti. Intel Kambani Kusagadzikana kweVRS kwainzi kwakaomarara kuita kurwiswa chaiko uye kupihwa mwero wakaderera wekuomarara (2.8 CVSS).
Nyaya idzi dzakataurwa kuIntel muna Chivabvu 2019 nechikwata cheZombieload kubva kuTechnical University yeGraz (Austria) uye neVUSec timu kubva kuFree University yeAmsterdam, uye kusadzivirirwa kwacho kwakazosimbiswa nevamwe vaongorori vakati wandei mushure mekuongorora mamwe MDS kurwisa mavheji. Chirevo chekutanga cheMDS hachina kusanganisira ruzivo nezveL1DES neVRS matambudziko nekuda kwekushaikwa kwekugadzirisa. Iyo gadziriso haisipo izvozvi, asi iyo yakabvumiranwa-pane yekusaburitsa nguva yapera.
Sekugadzirisa, zvinokurudzirwa kudzima HyperThreading. Kuvhara kusazvibata padivi rekernel, zvinokurudzirwa kuseta zvakare L1 cache pane yega yega shanduko (MSR bit MSR_IA32_FLUSH_CMD) uye kudzima iyo TSX yekuwedzera (MSR bits MSR_IA32_TSX_CTRL uye MSR_TSX_FORCE_ABORT).
Intel kuburitsa microcode update nekushandiswa kwemaitiro ekuvharisa matambudziko munguva pfupi iri kutevera. Intel inocherekedzawo kuti kushandiswa kwenzira dzekudzivirira kurwisa kwakakurudzirwa muna 2018 (L1 Terminal Fault) inokutendera kuti uvhare kushandiswa kweiyo L1DES kusagadzikana kubva kune chaiwo nharaunda. Attack Intel Core processors kutanga kubva kuchizvarwa chechitanhatu (Sky, Kaby, Kofi, Whisky, Amber Lake, nezvimwewo), pamwe nemamwe maIntel Xeon uye Xeon Scalable modhi.
Uyezve, inogona kucherechedzwa , zvichikubvumira kushandisa nzira dzekurwisa kuti uone zviri mukati memudzi password hash kubva /etc/shadow panguva yenguva yekuyedza yechokwadi. Kana iyo yekutanga yakafungidzirwa kushandiswa yakasarudza password hash in , uye mushure mekushandisa kuvuza panguva yekushanda kweasynchronous interruption mechanism (TAA, TSX Asynchronous Abort) yakaita oparesheni yakafanana mu. , ipapo iyo nyowani nyowani inoita kurwisa mumasekonzi mana.
Source: opennet.ru