Ithimba labacwaningi abavela kwa-ETH Zurich, Vrije Universiteit Amsterdam kanye ne-Qualcomm bashicilele indlela entsha yokuhlasela ye-RowHammer engashintsha okuqukethwe kwezingcezu ngazinye zenkumbulo yokufinyelela okungahleliwe (i-DRAM). Lokhu kuhlasela kuqanjwe ngekhodi elithi Blacksmith futhi kukhonjwe njenge-CVE-2021-42114. Ama-chips amaningi e-DDR4 ahlome ngesivikelo ezindleleni zekilasi le-RowHammer ezaziwayo ngaphambilini angazithola esenkingeni. Amathuluzi okuhlola amasistimu akho ngobungozi ashicilelwe ku-GitHub.
Khumbula ukuthi ukuhlasela kwesigaba se-RowHammer kukuvumela ukuthi uhlanekezele okuqukethwe kwezingcezu zememori ngayinye ngokufunda idatha ngomjikelezo kumaseli enkumbulo angomakhelwane. Njengoba inkumbulo ye-DRAM iwuxhaxha lwamaseli anezinhlangothi ezimbili, ngalinye liqukethe i-capacitor ne-transistor, ukufunda okuqhubekayo kwendawo yenkumbulo efanayo kubangela ukuguquguquka kwe-voltage kanye nokudidayo okubangela ukulahleka kweshaji okuncane kumaseli angomakhelwane. Uma umfutho wokufunda uphakeme, khona-ke iseli elingumakhelwane lingase lilahlekelwe inani elikhulu ngokwanele lenkokhelo futhi umjikelezo wokuvuselela olandelayo ngeke ube nesikhathi sokubuyisela isimo sawo sokuqala, okuzoholela ekushintsheni kwenani ledatha egcinwe esitokisini. .
Ukuze kuvikelwe i-RowHammer, abakhiqizi bama-chip bahlongoza indlela ye-TRR (Target Row Refresh) evikela ekonakaleni kwamaseli emigqeni eseduze, kodwa njengoba ukuvikela kwakusekelwe kumgomo "wokuphepha ngokufiphala," ayizange iyixazulule inkinga impande, kodwa ivikelwe kuphela ezimweni ezikhethekile ezaziwayo, okwenze kwaba lula ukuthola izindlela zokudlula isivikelo. Isibonelo, ngoMeyi, i-Google ihlongoze indlela ye-Half-Double, engazange ithintwe ukuvikelwa kwe-TRR, kusukela ukuhlasela kuthinte amaseli ayengasondelene ngokuqondile nokuhlosiwe.
Indlela entsha ye-Blacksmith inikeza indlela ehlukile yokudlula ukuvikela kwe-TRR, ngokusekelwe ekufinyeleleni okungajwayelekile kumayunithi ezinhlamvu ezimbili noma ngaphezulu ezihlaseli ngamaza ahlukene ukuze kubangele ukuvuza kweshaji. Ukunquma iphethini yokufinyelela inkumbulo eholela ekuvuzeni kokushaja, kuye kwasungulwa i-fuzzer ekhethekile ekhetha ngokuzenzakalelayo imingcele yokuhlasela ye-chip ethile, eshintsha ukuhleleka, ukushuba kanye nokuhleleka kokufinyelela kweseli.
Indlela enjalo, engahlotshaniswa nokuthonya amaseli afanayo, yenza izindlela zamanje zokuvikela i-TRR zingasebenzi, okuthi ngandlela thize zibilise ekubaleni inani lezingcingo eziphindaphindiwe kumaseli futhi, lapho amanani athile efinyelelwa, aqalise ukushajwa kabusha. yamaseli angomakhelwane. Ku-Blacksmith, iphethini yokufinyelela isatshalaliswa kumaseli amaningana ngesikhathi esisodwa ukusuka ezinhlangothini ezihlukene zethagethi, okwenza kube nokwenzeka ukuzuza ukuvuza kweshaji ngaphandle kokufinyelela amanani omkhawulo.
Le ndlela ibonakale iphumelela kakhulu kunezindlela ezihlongozwe ngaphambilini zokudlula i-TRR - abacwaningi bakwazile ukuzuza ukuhlanekezela kancane kuwo wonke ama-memory chips angama-40 asanda kuthengwa yi-Samsung, iMicron, i-SK Hynix kanye nomakhi ongaziwa (umkhiqizi wayengumkhiqizi. akucaciswanga kuma-chips angu-4). Ukuze uqhathanise, indlela ye-TRRespass eyayihlongozwe abacwaningi abafanayo yayisebenza kuma-chips angu-4 kuphela kwangu-13 ahlolwe ngaleso sikhathi.
Ngokuvamile, indlela yeBlacksmith kulindeleke ukuthi isebenze ku-94% wawo wonke ama-chip e-DRAM emakethe, kodwa abacwaningi bathi amanye ama-chips asengozini kakhulu futhi kulula ukuwahlasela kunamanye. Ukusetshenziswa kwamakhodi okulungisa amaphutha (ECC) kuma-chip kanye nokuphinda kabili izinga lokuvuselela inkumbulo akunikezeli ukuvikeleka okuphelele, kodwa kwenza umsebenzi ube nzima. Kuyaphawuleka ukuthi inkinga ayikwazi ukuvinjelwa kuma-chips asevele ekhululiwe futhi idinga ukuqaliswa kokuvikelwa okusha ezingeni le-hardware, ngakho-ke ukuhlasela kuzohlala kusebenza iminyaka eminingi.
Izibonelo ezisebenzayo zifaka phakathi izindlela zokusebenzisa i-Blacksmith ukuze uguqule okuqukethwe kuthebula lekhasi lememori (PTE, ukufakwa kwethebula lekhasi) ukuze uthole amalungelo e-kernel, ukonakalisa ukhiye womphakathi we-RSA-2048 ogcinwe kumemori ku-OpenSSH (ungaletha ukhiye womphakathi umshini womunye umuntu ukuze ufanise nokhiye oyimfihlo womhlaseli ukuze uxhume ku-VM yesisulu) futhi udlule ukuhlolwa kwemininingwane ngokulungisa inkumbulo yenqubo ye-sudo ukuze uthole amalungelo ezimpande. Kuye nge-chip, kuthatha noma yikuphi ukusuka kumasekhondi angu-3 ukuya emahoreni ambalwa esikhathi sokuhlasela ukushintsha kancane kancane okuhlosiwe.
Ukwengeza, singaqaphela ukushicilelwa kohlaka oluvulekile lwe-LiteX Row Hammer Tester lokuhlola izindlela zokuvikela inkumbulo ekuhlaselweni kwekilasi le-RowHammer, elakhiwe i-Antmicro ye-Google. Uhlaka lusekelwe ekusetshenzisweni kwe-FPGA ukulawula ngokugcwele imiyalo edluliselwa ngqo ku-chip ye-DRAM ukuze kuqedwe ithonya lesilawuli senkumbulo. Ikhithi yamathuluzi kuPython inikezwa ukuze kusetshenziswe i-FPGA. Isango elisekelwe ku-FPGA lihlanganisa imojula yokudluliswa kwedatha yephakethe (ichaza amaphethini okufinyelela kumemori), Ifa Lomthwalo wemfanelo, isilawuli esisekelwe ku-LiteDRAM (sicubungula wonke ama-logic adingekayo ku-DRAM, okuhlanganisa ukwenza kusebenze umugqa nokuvuselela inkumbulo) kanye ne-VexRiscv CPU. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0. Kusekelwa amapulatifomu e-FPGA ahlukahlukene, okuhlanganisa i-Lattice ECP5, i-Xilinx Series 6, 7, i-UltraScale ne-UltraScale+.
Source: opennet.ru