Vatsvagiri kubva kuBitdefender kusagadzikana kutsva () mune yekufungidzira kuraira kwekuita maCPUs emazuva ano, ayo anonzi SWAPGS, anoenderana nezita reiyo processor rairo rinokonzera dambudziko. Kusagadzikana anorwisa asina mukana anogona kuona zviri mukati mekernel memory nzvimbo kana kumhanya chaiwo muchina. Dambudziko muIntel processors (x86_64) uye zvishoma AMD processors iyo huru yekurwisa vector isingaoneke. Nzira dzakamboitwa dzekurwisa kusadzivirirwa kweSpecter uye Meltdown hazvidziviriri pakurwiswa kweSWAPGS kana uchishandisa Intel processors, asi zvigadziriso zvakatorongwa zveLinux, ChromeOS, Android uye Windows.
Kusagadzikana ndekweSpecter v1 kirasi uye yakavakirwa papfungwa yekudzoreredza data kubva kune processor cache yasara mushure mekufungidzira kwekuita kwemirairo. Kuti uvandudze mashandiro, zvikamu zvekufanotaura kwebazi zvemazuva ano maCPU anoshandisa preemptive execution yemamwe mirairo angango itwa, asi pasina kumirira kuverengwa kwezvinhu zvese zvinotaridza kuurayiwa kwavo (semuenzaniso, kana mamiriro ebazi kana maparamita ekuwana asina. zvakaverengerwa). Kana kufanotaura kusina kusimbiswa, processor inorasa mhedzisiro yekufungidzira kuurayiwa, asi iyo data yakagadziriswa mukati mayo inoramba iri mu processor cache uye inogona kudzoreredzwa uchishandisa nzira dzekuona zviri mukati mecache kuburikidza nematanho emativi, kuongorora shanduko yekuwana. nguva yekuchengeta uye isina kuvharwa data.
Iyo yakasarudzika yekurwiswa kutsva iko kushandiswa kwekudonha kunoitika panguva yekufungidzira kuurayiwa kweiyo SWAPGS rairo, iyo inoshandiswa mumashandisirwo masisitimu kutsiva kukosha kweiyo GS regisheni kana kutonga kunopfuura kubva munzvimbo yemushandisi kuenda kuOS kernel (iyo GS). kukosha kunoshandiswa munzvimbo yevashandisi kunotsiviwa nehuwandu hunoshandiswa panguva yekushanda mu kernel ). MuLinux kernel, GS inochengetedza per_cpu pointer inoshandiswa kuwana kernel data, uye mushandisi nzvimbo inochengeterwa mapoikira kuTLS (Thread Local Storage).
Kuti udzivise kufonera iyo SWAPGS rairo kaviri paunenge uchiwana kernel zvakare kubva ku kernel space kana pakuita kodeti isingade shanduko yerejista yeGS, cheki uye bazi rine mamiriro anoitwa pamberi pekuraira. Injini yekufungidzira yekuuraya inoenderera mberi nekuita kodhi neiyo SWAPGS rairo isina kumirira mhedzisiro yecheki, uye kana bazi rakasarudzwa rikasasimbiswa, rinorasa mhedzisiro. Nekudaro, mamiriro ezvinhu anogona kuitika kana bazi risingasanganisire SWAPGS kuuraya rakasarudzwa zvekufungidzira, asi panguva yekufungidzira kukosha kweiyo GS regisheni ichashandurwa neiyo SWAPGS rairo uye inoshandiswa mukutsamira ndangariro mashandiro ayo anoguma muCPU cache.
Vatsvagiri vakurudzira mamiriro maviri ekurwiswa ayo anoshandisa prototypes akagadzirirwa. Mamiriro ekutanga anoenderana nemamiriro ezvinhu apo iyo SWAPGS rairo haina kuitwa zvekufungidzira, kunyangwe ichinyatso shandiswa mukuurayiwa, uye yechipiri ndiyo yakapesana, kana iyo SWAPGS rairo richiitwa zvekufungidzira, kunyangwe isingafanirwe kuurayiwa. Pachiitiko chega chega, pane zvingasarudzwa zviviri zvekushandisa: uyo anorwisa anogona kuona kukosha pane imwe kero munzvimbo yekernel, uye anorwisa anogona kutsvaga kukosha kwakakosha pamakero asina kurongeka mukernel. Kuita kurwisa kunotora nguva yakareba uye kubata kungada maawa akati wandei kuti kupedze kuvuza.
Pane dambudziko muLinux kernel nekushandura pfungwa yekudaidza iyo SWAPGS rairo (kuvharira fungidziro kuuraya), zvakafanana nekugadziriswa kweimwe Specter v1 kirasi kusasimba. Kudzivirirwa kwakawedzerwa kunotarisirwa kuve nekukanganisa kushoma pakuita kweakajairwa mabasa. Latency inoitika panguva yekuchinja kwechikamu pakati pemushandisi uye kernel nzvimbo, izvo zvinogona kukonzera kusashanda zvakanaka kana, semuenzaniso, pane inorema system yekufona kubva kune application kana chizvarwa cheNMIs uye chinokanganisa.
Iyo gadziriso inoda kuisa kernel yekuvandudza pane ese ari maviri system yevaenzi uye nharaunda dzevaenzi, inoteverwa nehurongwa reboot. Kudzima dziviriro paLinux, iyo "nospectre_v1" sarudzo inogona kushandiswa, iyo zvakare inodzima matanho ekuvharidzira kusazvibata kweSWAPGS. Iyo yekugadzirisa inowanikwa se yeLinux kernel, iyo yakatoverengerwa mukuburitswa , , 4.14.137, 4.9.188 uye 4.4.188. Zvigadziriso zveLinux kugovera hazvisati zvaburitswa (, , , , , ) PaWindows, dambudziko rakagadziriswa chinyararire . Google Company gadzirisa kernel 4.19 inotumirwa neChromeOS uye .
Sekureva kwevanoongorora kubva kuBitdefender, Intel yakaudzwa nezvedambudziko muna Nyamavhuvhu gore rapfuura. Zvakasarudzwa kuti zvigadzirise dambudziko racho, iro vagadziri kubva kuMicrosoft, Google uye Linux kernel vakabatanidzwa mukugadzirisa kwakarongeka kwekugadzirisa. Vakuru Intel processors, pre-Ivy Bridge, yakanyanya kuoma kurwisa nekuda kwekushomeka kwerutsigiro rweiyo WRGSBASE rairo rinoshandiswa mukubiridzira. ARM, POWER, SPARC, MIPS, uye RISC-V masisitimu haana kukanganiswa nedambudziko nekuti haatsigire iyo SWAPGS rairo.
Dambudziko rinonyanya kubata varidzi veIntel processors -
Pamasisitimu e AMD, chiitiko chechipiri chekurwisa chete chakakwanisa kudhindwa, icho chinongogumira pakufungidzira kugadziridzwa kweiyo base kukosha kweiyo GS rejista, iyo inogona kushandiswa kutsvaga chaiyo hunhu munzvimbo dzendangariro. Kuvharisa sarudzo iyi yekurwisa nzira dziripo dzekudzivirira kubva kuSpecter v1.
Source: opennet.ru