Iqela labaphandi abavela kwi-Technical University yaseDresden lichonge ubuthathaka (CVE-2020-12965) kwiiprosesa ze-AMD ezisekelwe kwiZen + kunye neZen 2 microarchitectures, evumela ukuhlaselwa kweklasi ye-Meltdown. Ekuqaleni kwakucingelwa ukuba i-AMD Zen + kunye ne-Zen 2 iprosesa azikho semngciphekweni we-Meltdown, kodwa abaphandi bachonge into ekhokelela ekufikeleleni okuqikelelwayo kwiindawo zememori ezikhuselweyo xa usebenzisa iidilesi ezingezizo eze-canonical.
Uyilo lwe-AMD64 lusebenzisa kuphela i-bits yokuqala ye-48 yedilesi yenyani kwaye ayihoyi i-bits ye-16 eseleyo. Kuxelwe ukuba amasuntswana ama-48 ukuya kuma-63 kufuneka asoloko ekhuphela ixabiso le-bit 47 (uphawu lolwandiso lwebit). Ukuba le meko yaphulwa kwaye kwenziwa inzame yokufikelela kwidilesi enexabiso elingenasizathu leebits eziphezulu, iprosesa yenza okungafaniyo. Ukuzalisa ngokuphindaphindiweyo ama-bits aphezulu kubangela ukuba indawo yedilesi ekhoyo yahlulwe ibe ziibhloko ezimbini - enye ephantsi (ukusuka kwi-0 ukuya kwi-00007FFFFFFFFFFFFFFFF), apho ii-bits eziphezulu zibekwe kwi-800000000000, kunye nephezulu (ukusuka kwi-FFFF1 ukuya kwi-FFFFFFFFFFFFFFFFFF), onke amasuntswana aphezulu asetwe ku-XNUMX.
Iidilesi eziwela ngaphakathi kweebhloko ezikhankanyiweyo zibizwa ngokuba yi-canonical, kwaye iidilesi ezingachanekanga ezinemixholo engafanelekanga yeebhithi eziphezulu zibizwa ngokuba yi-non-canonical. Uluhlu olusezantsi lweedilesi ze-canonical ngokuqhelekileyo zabelwe idatha yenkqubo, kwaye uluhlu oluphezulu lusetyenziselwa idatha ye-kernel (ukufikelela kwezi dilesi ukusuka kwindawo yomsebenzisi kuvaliwe kwinqanaba lokwahlulwa kwelungelo).
Ubuthathaka beklasikhi beMeltdown busekwe kwinto yokuba ngexesha lokwenziwa kwemiyalelo eqikelelwayo, umqhubekekisi unokufikelela kwindawo yedatha yabucala kwaye emva koko alahle isiphumo kuba amalungelo amiselweyo athintela ufikelelo olunjalo kwinkqubo yomsebenzisi. Kwinkqubo, ibhloko eyenziwe ngokuqikelelwayo yahlulwe kwikhowudi ephambili lisebe elinemiqathango, eliphantsi kweemeko zokwenyani lihlala livutha umlilo, kodwa ngenxa yokuba inkcazo enemiqathango isebenzisa ixabiso elibaliweyo ukuba iprosesa ingayazi ngexesha lokuphunyezwa kwangaphambili. ikhowudi, zonke iinketho zesebe zenziwa ngokuqikelelwa.
Ukusukela ukuba imisebenzi eqikelelwayo kusetyenziswa ugcino olufanayo njengemiyalelo eyenziwa ngokuqhelekileyo, kuyenzeka ngexesha lophunyezo oluqikelelwayo ukuseta abamakishi kwindawo efihlakeleyo ebonisa imixholo yamasuntswana kwindawo yenkumbulo yabucala, kwaye emva koko kwikhowudi eqhutywa ngokwesiqhelo ukumisela ixabiso labo ngokusebenzisa ixesha. Uhlalutyo lufikelela kwi-cached kunye nedatha engagcinwanga.
Uphawu lobuthathaka obutsha obuchaphazela i-AMD Zen+ kunye ne-Zen 2 processors kukuba ii-CPU zivumela ukuba kuqikelelwe ukufunda nokubhala imisebenzi efikelela kwimemori isebenzisa iidilesi ezingezizo eze-canonical ezingasebenziyo, ukungahoyi nje iibits ezili-16 eziphezulu. Ngaloo ndlela, ngexesha lokwenziwa kwekhowudi eqikelelwayo, iprosesa ihlala isebenzisa kuphela ama-bits angama-48 aphantsi, kwaye ukunyaniseka kwedilesi kuhlolwe ngokwahlukileyo. Ukuba, xa uguqulela idilesi yenyani engeyiyo yecanonical kwidilesi yendawo kwi-associative translation buffer (TLB), umdlalo ufunyenwe kwindawo yecanonical yedilesi, ngoko umsebenzi oqikelelwayo womthwalo uya kubuyisela ixabiso ngaphandle kokuthathela ingqalelo imixholo. amasuntswana ali-16 aphezulu, evumela ukugqitha ukwabelana ngenkumbulo phakathi kwemisonto. Emva koko, umsebenzi uya kuthathwa njengongasebenziyo kwaye ulahlwe, kodwa ukufikelela kwimemori kuya kugqitywa kwaye idatha iya kuphelela kwi-cache.
Ngexesha lovavanyo, usebenzisa ubuchule bokumisela imixholo ye-FLUSH + RELOAD cache, abaphandi bakwazi ukuququzelela umjelo wokudluliselwa kwedatha efihliweyo ngesantya se-125 bytes ngomzuzwana. Ukongeza kwi-chips ze-AMD, ingxaki ikwachaphazela zonke iiprosesa ze-Intel, ezinokuthi zichaphazeleke kwi-classic Meltdown vulnerability. Ubuchule obufanayo obunceda ukuvimba ukuhlaselwa kwe-Meltdown, njengokusebenzisa imiyalelo ye-LFENCE, ingasetyenziselwa ukukhusela kulolu hlobo olutsha lokuhlaselwa. Umzekelo, ukuba iprosesa ye-Intel ibandakanya ukhuseleko lwehardware ngokuchasene ne-Meltdown okanye inkqubo inokhuseleko lwesoftware oluvunyiweyo, ngoko ke ulungelelwaniso olunjalo aluchaphazeleki kulwahlulo olutsha lohlaselo.
Ngelo xesha, abaphandi bayaqaphela ukuba, xa kuthelekiswa ne-Intel processors, i-architecture ye-AMD processors inciphisa ithuba lokuqhuba uhlaselo lwangempela, kodwa alubandakanyi ukusetyenziswa kwendlela entsha ngokudibanisa nolunye uhlaselo lwe-microarchitectural ukwandisa ukusebenza kwabo. Ngokukodwa, uhlaselo olucetywayo aluvumeli umntu ukuba amisele imixholo yeendawo zememori ye-kernel kunye nezinye iinkqubo, kodwa zilinganiselwe kumandla okufumana ukufikelela kwezinye iintambo zeprogram efanayo eqhuba kwindawo efanayo yememori ebonakalayo.
Ekubeni inkqubo engenasichengeni inamandla okufumana ukufikelela kwimisonto yayo, ngokwembono ebonakalayo indlela inomdla wokudlula ukwahlula kwebhokisi yesanti kunye nokulungelelanisa ukuphazamisana nomsebenzi weminye imisonto kwiinkqubo ezivumela ukuphunyezwa komntu wesithathu. ikhowudi, njengezikhangeli zewebhu kunye neenjini zeJIT. Abaphandi bavavanye ukuba semngciphekweni kwenjini yeSpiderMonkey JavaScript kunye neLinux kernel ukuhlasela, kodwa abafumananga ukulandelelana kwekhowudi esengozini enokusetyenziswa ukwenza uhlaselo. Ukongeza kwizicelo ezihlaselayo, indlela inokuphinda isetyenziswe ukunyanzela ukuhamba kwedatha okungamkelekanga phakathi kwezinto ezincinci zeprosesa ngexesha lokuxhaphazwa kobunye ubuthathaka bezakhiwo ezincinci.
umthombo: opennet.ru