Abacwaningi abavela e-Technical University of Graz (Austria) ulwazi mayelana nendlela entsha yokuhlasela ngokusebenzisa iziteshi zezinkampani zangaphandle (), okuvumela ukuthi ukhiphe ulwazi oluyimfihlo kwezinye izinqubo, isistimu yokusebenza, imishini ebonakalayo kanye nezindawo ezivikelekile (TEE, Trusted Execution Environment). Inkinga ithinta kuphela ama-Intel processors. Izingxenye zokuvimba inkinga izolo .
Inkinga ingeyesigaba se-MDS (Microarchitectural Data Sampling) futhi inguqulo yesimanje ngoMeyi ZombieLoad ukuhlasela. I-ZombieLoad 2.0, njengokunye ukuhlasela kwe-MDS, incike ekusetshenzisweni kwamasu okuhlaziya isiteshi esiseceleni kudatha ezakhiweni ze-microarchitectural (isibonelo, i-Line Fill Buffer kanye ne-Store Buffer), egcina isikhashana idatha esetshenziswe kule nqubo. yenza imisebenzi ye-Lay and Store) .
Okuhlukile okusha kwe-Zombieload yokuhlasela ekuvuzeni okwenzeka ngesikhathi sokusebenza komshini wokuphazamiseka kokusebenza okungavumelaniyo (i-TAA, TSX Asynchronous Abort), esetshenziswe kusandiso se-TSX (Transactional Synchronization Extensions), esihlinzeka ngamathuluzi okusebenza ngenkumbulo yokuthengiselana, okuvumela ukwandisa ukusebenza izinhlelo zokusebenza ezinezintambo eziningi ngokususa ukusebenza kokuvumelanisa okungadingekile (imisebenzi esekelwayo ye-athomu engamukelwa noma ichithwe). Uma kuphazamiseka, imisebenzi eyenziwa endaweni yenkumbulo yokwenziwayo ibuyiselwa emuva.
Ukuhoxiswa kokwenziwe kwenzeka ngendlela efanayo, futhi phakathi nalesi sikhathi eminye imicu ingafinyelela inqolobane, ebuye isetshenziswe endaweni yenkumbulo yokwenziwayo elahliwe. Phakathi nesikhathi kusukela ekuqaleni kuya ekuqedeni kwangempela kokuchithwa kwe-asynchronous transaction, kungenzeka ukuthi izimo zingavela lapho iphrosesa, ngesikhathi sokwenza okuqagelayo kokusebenza, ingafunda idatha kusuka kumabhafa angaphakathi e-microarchitectural futhi ayidlulisele ekusebenzeni kokuqagela. Ukungqubuzana kuzobe sekutholwa futhi umsebenzi wokuqagela ulahlwe, kodwa idatha izohlala kunqolobane futhi ingabuyiswa kusetshenziswa amasu okuthola inqolobane yeshaneli eseceleni.
Ukuhlasela kubilisa ekuvuleni ukuthengiselana kwe-TSX nokudala izimo zokuphazamiseka kwayo okungavumelaniyo, lapho izimo ziphakama zokuvuza okuqukethwe kwamabhafa angaphakathi agcwaliswe ngokuqagela ngedatha evela emisebenzini yokufunda inkumbulo eyenziwa kumongo ofanayo we-CPU. Ukuvuza kukhawulelwe kumongo wamanje we-CPU (lapho kusebenza khona ikhodi yomhlaseli), kodwa njengoba amabhafa e-Microarchitectural abiwa phakathi kwemicu ehlukene kumodi ye-Hyper-Threading, kungenzeka ukuvuza imisebenzi yenkumbulo eyenziwa kwezinye izintambo ze-CPU.
Ukuhlasela ezinye izinhlobo zesizukulwane sesishiyagalombili, sesishiyagalolunye neseshumi se-Intel Core processors, kanye ne-Intel Pentium Gold, Intel Celeron 5000, Intel Xeon E, Intel Xeon W kanye nesizukulwane sesibili se-Intel Xeon Scalable. Amaphrosesa amasha e-Intel asekelwe esakhiweni esincanyana seCascade Lake esethulwe ngo-Ephreli, ekuqaleni ebesingathinteki ekuhlaselweni yi-RIDL neFallout, nawo angahlaselwa. Ngaphezu kwe-Zombieload 2.0, abacwaningi baphinde bahlonza ukuthi kungenzeka kudlule izindlela ezihlongozwayo zokuvikela ekuhlaselweni kwe-MDS, ngokususelwa ekusetshenzisweni komyalo we-VERW ukusula okuqukethwe kwama-buffers we-microarchitectural lapho bebuya ku-kernel beya endaweni yomsebenzisi noma lapho bedlulisela ukulawula uhlelo lwezivakashi.
Umbiko we-Intel uthi ezinhlelweni ezinomthwalo we-heterogeneous, ikhono lokufeza ukuhlasela linzima, njengoba ukuvuza okuvela ezakhiweni ze-microarchitectural kuhlanganisa wonke umsebenzi ohlelweni futhi umhlaseli akakwazi ukuthonya umthombo wedatha ekhishiwe, i.e. ingaqongelela kuphela ulwazi oluvela ngenxa yokuvuza bese izama ukuhlonza ulwazi oluwusizo phakathi kwale datha, ngaphandle kwekhono lokuthola imininingwane ehlobene namakheli athile enkumbulo. Nokho, abacwaningi banyathelisa , esebenza ku-Linux ne-Windows, futhi ibonise amandla okusebenzisa ukuhlasela ukuze kutholwe i-hashi yephasiwedi yomsebenzisi oyimpande.
ukwenza ukuhlasela okuvela kusistimu yesivakashi ukuze kuqoqwe idatha evela ekusebenzeni kwamanye amasistimu wezihambeli, indawo yokusingatha, i-hypervisor kanye ne-Intel SGX enclaves.
Ilungisa ukuvimbela ukuba sengozini ku-Linux kernel codebase futhi ifakwe ekukhishweni . I-Kernel kanye nezibuyekezo ze-microcode nazo sezivele zikhishelwe ukusatshalaliswa okukhulu (, , , , , ). Inkinga yatholwa ngo-Ephreli futhi kwahlanganiswa ukulungiswa phakathi kwe-Intel nabathuthukisi besistimu yokusebenza.
Indlela elula yokuvimba i-Zombieload 2.0 ukukhubaza ukwesekwa kwe-TSX ku-CPU. Ukulungiswa okuhlongozwayo kwe-Linux kernel kuhlanganisa izinketho ezimbalwa zokuvikela. Inketho yokuqala inikeza ipharamitha ethi “tsx=on/off/auto”, ekuvumela ukuthi ulawule ukuthi isandiso se-TSX sivuliwe yini ku-CPU (inani elizenzakalelayo likhubaza i-TSX kuma-CPU asengozini kuphela). Inketho yesibili yokuvikela inikwe amandla ipharamitha ye-“tsx_async_abort=off/full/full,nosmt” futhi isekelwe ekusuleni amabhafa ezakhiwo ezincane phakathi nokushintsha umongo (ifulegi le-nosmt liphinde likhubaze i-SMT/Hyper-Threads). Ukuze uhlole ukuthi ingabe isistimu isengozini yokuba sengozini, i-sysfs inikeza ipharamitha ethi “/sys/devices/system/cpu/vulnerabilities/tsx_async_abort”.
Futhi ku i-microcode omunye () kuma-Intel processors, nawo avinjiwe kwakamuva Izihluthulelo ze-Linux. Ukuba sengozini umhlaseli ongenamalungelo ukuze aqalise ukwenqatshelwa kwesevisi, okubangela isistimu ukuthi ilenge kusimo sokuthi "Iphutha Lokuhlola Umshini".
Ukuhlasela kuhlanganise kusuka ohlelweni lwezivakashi.
Source: opennet.ru