Intel tlhahisoleseling mabapi le likotsi tse peli tse ncha ho Intel CPUs tse bakoang ke ho lutla ha data ho cache ea L1D (, L1DES - L1D Eviction Sampling) le lirejisete tsa vector (, VRS - Sampling Register ea Vector). Bofokoli ke ba sehlopha (Microarchitectural Data Sampling) 'me e thehiloe holim'a ts'ebeliso ea mekhoa ea ho hlahloba litsela tse ka thōko ho data ka mekhoa e menyenyane ea meralo. AMD, ARM le li-processor tse ling ha li amehe ke mathata.
Kotsi e kholo ka ho fetisisa ke ho ba kotsing ea L1DES, e leng ho lokisa li-blocks tsa data e bolokiloeng (cache line), e lelekiloeng ho cache ea boemo ba pele (L1D), ho Fill Buffer, eo mothating ona e lokelang ho ba le letho. Ho fumana lintlha tse lutseng ka har'a buffer ea ho tlatsa, re ka sebelisa mekhoa ea tlhahlobo ea liteishene tse neng li reriloe nakong e fetileng litlhaselong. (Microarchitectural Data Sampling) le (Transactional Asynchronous Abortion). Moko oa ts'ireletso e kentsoeng pele khahlanong le
MDS le TAA ka ho phunya li-buffers tsa meaho e menyenyane pele maemo a fetoha, empa ho ile ha fumaneha hore tlas'a maemo a mang datha e kenyelletsoa ka har'a li-buffers kamora ts'ebetso ea flush, kahoo mekhoa ea MDS le TAA e ntse e sebetsa.
Ka lebaka leo, mohlaseli a ka khona ho fumana data e ntšitsoeng ho cache ea boemo ba pele e fetotsoeng nakong ea ts'ebetso ea ts'ebeliso eo pele e neng e le mothating oa hona joale oa CPU, kapa lits'ebetso tse tsamaisanang le likhoele tse ling tse utloahalang (hyperthread) ho CPU e tšoanang. mantlha (ho thibela HyperThreading ho fokotsa katleho ea tlhaselo). Ho fapana le tlhaselo ,L1DES ha e lumelle ho khethoa ha liaterese tse khethehileng tsa 'mele bakeng sa tlhahlobo, empa e fana ka bokhoni ba ho shebella ts'ebetso ea likhoele tse ling tse utloahalang tse amanang le, ho kenya kapa ho boloka boleng mohopolong.
Ho ipapisitsoe le L1DES, lihlopha tse fapaneng tsa lipatlisiso li thehile mefuta e mengata ea tlhaselo e ka ntšang tlhahisoleseling e tebileng lits'ebetsong tse ling, sistimi ea ts'ebetso, mechini ea sebele le li-enclave tsa SGX tse sirelelitsoeng.
- Sehlopha sa VUSec Mokhoa oa tlhaselo oa RIDL bakeng sa ho ba kotsing ea L1DES. E fumaneha , eo hape e fetang mokhoa oa ts'ireletso oa Intel oa MDS o reriloeng, o ipapisitseng le ho sebelisa taelo ea VERW ho hlakola likahare tsa li-buffers tsa microarchitectural ha o khutla ho tloha kernel ho ea sebakeng sa mosebelisi kapa ha o fetisetsa taolo ho sistimi ea baeti (qalong bafuputsi ba ne ba tsitlella hore VERW (ho hlakola microarchitectural). buffers) bakeng sa ts'ireletso ha ea lekana 'me e hloka ho hlakoloa ka botlalo ha cache ea L1 ho switch e' ngoe le e 'ngoe ea maemo).
- sehlopha e ntlafalitsoeng ea ka ho ela hloko bofokoli ba L1DES.
- Bafuputsi Univesithing ea Michigan ba iketselitse mokhoa oa bona oa ho hlasela (), e leng se u lumellang ho ntša boitsebiso ba lekunutu ho kernel ea tsamaiso ea ts'ebetso, mechine ea sebele le li-enclave tsa SGX tse sirelelitsoeng. Mokhoa o thehiloe ho e nang le mochini oa tšitiso ea ts'ebetso ea asynchronous (TAA, TSX Asynchronous Abort) ho fumana se ka hare ho buffer ea ho tlatsa kamora ho lutla ha data ho cache ea L1D.
Kotsi ea Bobeli ea VRS (Vector Register Sampling). ka ho lutla ka har'a polokelo ea polokelo (Store Buffer) ea liphetho tsa ts'ebetso ea ho bala ho tsoa ho lirekoto tsa vector tse fetotsoeng nakong ea ts'ebetso ea litaelo tsa vector (SSE, AVX, AVX-512) mokokotlong o tšoanang oa CPU. Ho lutla ho etsahala tlasa maemo a sa tloaelehang haholo 'me ho bakoa ke taba ea hore ts'ebetso e inahaneloang e bakang ponahatso ea boemo ba lirejistara tsa vector polokelong ea polokelo e liehile mme e phetheloa kamora hore buffer e hlakoloe, eseng pele ho eona. Joalo ka ts'oaetso ea L1DES, likahare tsa polokelo ea polokelo li ka khethoa ho sebelisoa mekhoa ea tlhaselo ea MDS le TAA.
Bafuputsi ba sehlopha sa VUSec , e u lumellang ho tseba boleng ba li-register tsa vector tse fumanoeng ka lebaka la lipalo ho khoele e 'ngoe e hlakileng ea mantlha e tšoanang ea CPU. Khampani ea Intel Bofokoli ba VRS bo ne bo nkoa bo rarahane haholo hore bo ka etsa litlhaselo tsa 'nete 'me bo behile boemo bo tlase ba ho teba (2.8 CVSS).
Litaba li ile tsa tlaleheloa Intel ka Mots'eanong 2019 ke sehlopha sa Zombieload se tsoang Univesithing ea Tekheniki ea Graz (Austria) le sehlopha sa VUSec se tsoang Univesithing ea Free ea Amsterdam, mme bofokoli bo ile ba tiisoa hamorao ke bafuputsi ba bang ba 'maloa kamora ho sekaseka li-vector tse ling tsa tlhaselo ea MDS. Tlaleho ea pele ea MDS e ne e sa kenyelletsa tlhahisoleseling mabapi le mathata a L1DES le VRS ka lebaka la khaello ea tokiso. Tokiso ha e fumanehe hona joale, empa nako eo ho lumellanoeng ka eona ea ho se senole e felile.
E le mokhoa oa ho sebetsa, ho kgothaletswa ho thibela HyperThreading. Ho thibela ho ba kotsing ka lehlakoreng la kernel, ho sisinyeha hore ho hlophisoe cache ea L1 ho switjha e ngoe le e ngoe ea moelelo (MSR bit MSR_IA32_FLUSH_CMD) le ho tima katoloso ea TSX (MSR bits MSR_IA32_TSX_CTRL le MSR_TSX_FORCE_ABORT).
Intel lokolla ntlafatso ea microcode ka ts'ebetsong ea mekhoa ea ho thibela mathata nakong e tlang e haufi. Intel e boetse e hlokomela hore ts'ebeliso ea mekhoa ea ts'ireletso ea tlhaselo e hlahisitsoeng ka 2018 (L1 Terminal Fault) e u lumella ho thibela ts'ebeliso ea ts'oaetso ea L1DES ho tsoa libakeng tse fumanehang. Tlhaselo Li-processor tsa Intel Core ho tloha molokong oa botšelela (Sky, Kaby, Coffee, Whisky, Amber Lake, joalo-joalo), hammoho le mefuta e meng ea Intel Xeon le Xeon Scalable.
Ho phaella moo, e ka hlokomeloa , ho u lumella ho sebelisa mekhoa ea tlhaselo ho fumana tse ka har'a motso oa password hash ho tloha /etc/shadow nakong ea liteko tsa netefatso ea nako le nako. Haeba ts'ebetso e reriloeng qalong e ne e tseba hore password hash in , 'me ka mor'a ho sebelisa ho lutla nakong ea ts'ebetso ea "asynchronous interruption mechanism" (TAA, TSX Asynchronous Abort) e entse ts'ebetso e ts'oanang ho , ebe mofuta o mocha o etsa tlhaselo ka metsotsoana e 4.
Source: opennet.ru