Bafuputsi ba Univesithi ea Teknoloji ea Graz (Austria) tlhahisoleseding e mabapi le mokhoa o mocha oa ho hlasela ka mecha ea boraro (), e leng se u lumellang ho ntša tlhahisoleseding ea lekunutu ho tsoa lits'ebetsong tse ling, tsamaiso ea ts'ebetso, mechine ea sebele le li-enclave tse sirelelitsoeng (TEE, Trusted Execution Environment). Bothata bo ama li-processor tsa Intel feela. Likarolo tse thibelang bothata maobane .
Bothata ke ba sehlopha sa MDS (Microarchitectural Data Sampling) mme ke mofuta oa sejoale-joale ka May ZombieLoad litlhaselo. ZombieLoad 2.0, joalo ka litlhaselo tse ling tsa MDS, e itšetlehile ka ts'ebeliso ea mekhoa ea tlhahlobo ea likanale tse lehlakoreng ho data ho meaho e menyenyane ea meralo (mohlala, Line Fill Buffer le Store Buffer), e bolokang nakoana data e sebelisitsoeng ts'ebetsong. ho etsa mesebetsi ea Load le Store) .
Mofuta o mocha oa tlhaselo ea Zombieload ho lutla ho etsahalang nakong ea ts'ebetso ea mochini oa tšitiso ea ts'ebetso (TAA, TSX Asynchronous Abort), e kentsoeng ts'ebetsong ea TSX (Transactional Synchronization Extensions), e fanang ka lisebelisoa tsa ho sebetsa ka mohopolo oa transaction, o lumellang ho eketsa ts'ebetso ea lits'ebetso tse nang le likhoele tse ngata ka ho tlosa ts'ebetso e sa hlokahaleng ea kamahanyo (litšebelisano tsa athomo tse tšehelitsoeng tse ka amoheloang kapa tsa hlakoloa). Haeba e sitisoa, lits'ebetso tse etsoang sebakeng sa memori ea transaction lia khutlisetsoa morao.
The transaction abortion e etsahala asynchronously, 'me nakong ena likhoele tse ling li ka fihlella cache, e sebelisoang hape sebakeng sa memori ea transaction e lahliloeng. Nakong ea ho tloha qalong ho fihlela ha ho phetheloa tšebetso ea asynchronous transaction, ho ka etsahala hore maemo a ka hlaha moo processor, nakong ea ts'ebetso e inahaneloang ea ts'ebetso, a ka balang data ho tsoa ho li-buffers tsa ka hare tsa meralo le ho e fetisetsa ts'ebetsong e inahaneloang. Khohlano e tla bonoa ebe ts'ebetso e inahaneloang e lahliloe, empa data e tla lula e le ka har'a cache mme e ka khutlisoa ho sebelisoa mekhoa ea ho khutlisa cache ea lehlakore.
Tlhaselo e fella ka ho bula litšebelisano tsa TSX le ho theha maemo bakeng sa tšitiso ea bona ea asynchronous, nakong eo maemo a hlahang bakeng sa ho lutla litaba tsa li-buffers tse ka hare ka mokhoa o inahaneloang o tlatsitsoeng ke data ho tsoa ho ts'ebetso ea ho bala memori e entsoeng motheong o tšoanang oa CPU. Ho lutla ho lekanyelitsoe ho mantlha ea 'mele ea hona joale ea CPU (eo khoutu ea mohlaseli e sebetsang ho eona), empa kaha li-buffers tsa microarchitectural li arolelanoa lipakeng tsa likhoele tse fapaneng ka mokhoa oa Hyper-Threading, ho a khonahala ho ts'oara ts'ebetso ea memori e etsoang likhoeleng tse ling tsa CPU.
Tlhaselo mefuta e meng ea moloko oa borobeli, oa borobong le oa leshome oa li-processor tsa Intel Core, hammoho le Intel Pentium Gold, Intel Celeron 5000, Intel Xeon E, Intel Xeon W le moloko oa bobeli oa Intel Xeon Scalable. Li-processor tse ncha tsa Intel tse ipapisitseng le "microarchitecture" ea Cascade Lake e hlahisitsoeng ka Mmesa, eo qalong e neng e sa hlaselehe habonolo ke litlhaselo tsa RIDL le Fallout, le tsona li kotsing ea ho hlaseloa. Ntle le Zombieload 2.0, bafuputsi ba boetse ba hlokometse monyetla oa ho feta mekhoa e neng e reriloe ea ts'ireletso khahlano le litlhaselo tsa MDS, ho ipapisitsoe le ts'ebeliso ea taelo ea VERW ho hlakola litaba tsa "microarchitectural buffers" ha ba khutla kernel ho ea sebakeng sa mosebelisi kapa ha ba fetisetsa taolo ho. tsamaiso ea baeti.
Tlaleho ea Intel e bolela hore lits'ebetsong tse nang le mojaro o sa tšoaneng, bokhoni ba ho etsa tlhaselo bo thata, kaha ho tsuba ho tloha mehahong ea microarchitectural ho koahela mesebetsi eohle ea tsamaiso 'me mohlaseli a ke ke a susumetsa mohloli oa boitsebiso bo nkiloeng, ke hore. e ka bokella feela tlhahisoleseding e hlahang ka lebaka la ho lutla le ho leka ho khetholla tlhahisoleseding e molemo har'a data ena, ntle le bokhoni ba ho thibela ka boomo lintlha tse amanang le liaterese tse itseng tsa memori. Leha ho le joalo, bafuputsi ba ile ba hatisa , e sebetsang ho Linux le Windows, 'me e bontšitse bokhoni ba ho sebelisa tlhaselo ho fumana hash ea password ea motso.
ho etsa tlhaselo e tsoang ho sistimi ea baeti ho bokella lintlha tse hlahang ts'ebetsong ea litsamaiso tse ling tsa baeti, tikoloho ea baeti, hypervisor le Intel SGX enclaves.
Litokiso ho thibela ho ba kotsing ho Linux kernel codebase mme e kenyellelitsoe ho litokollo . Lintlafatso tsa Kernel le microcode le tsona li se li lokollotsoe bakeng sa kabo e kholo (, , , , , ). Bothata bo ile ba bonoa ka Mmesa mme tokiso e hokahantsoe lipakeng tsa Intel le baetsi ba sistimi ea ts'ebetso.
Mokhoa o bonolo oa ho thibela Zombieload 2.0 ke ho tima ts'ehetso ea TSX ho CPU. Tokiso e reriloeng bakeng sa kernel ea Linux e kenyelletsa likhetho tse 'maloa tsa ts'ireletso. Khetho ea pele e fana ka "tsx=on/off/auto" parameter ho laola hore na katoloso ea TSX e nolofalitsoe ho CPU (boleng ba koloi bo tima TSX feela bakeng sa li-CPU tse tlokotsing). Khetho ea bobeli ea ts'ireletso e lumelloa ke "tsx_async_abort=off/full/full,nosmt" parameter 'me e ipapisitse le ho hlakola li-buffers tsa meralo nakong ea ho fetoha ha moelelo (folakha ea nosmt e boetse e tima SMT/Hyper-Threads). Ho lekola hore na sistimi e kotsing ea ho ba kotsing, sysfs e fana ka "/sys/devices/system/cpu/vulnerabilities/tsx_async_abort" parameter.
Ntle ho moo, ka microcode enngwe () ho li-processor tsa Intel, tse boetseng li koetsoe morao-rao Lithako tsa Linux. Kotsi mohlaseli ea se nang tokelo ea ho qala ho hana tšebeletso, ho etsa hore tsamaiso e fanyehe sebakeng sa "Mochine Check Error".
Tlhaselo e kenyeletsang ho tsoa tsamaisong ea baeti.
Source: opennet.ru