I-LVI: iklasi entsha yohlaselo lokubulawa kwabantu kwi-Intel CPUs

Darkcrizt

Imizuzu ye4

Ulwazi malunga udidi olutsha lokuhlaselwa I-LVI kumatshini ukuqikelelwa kokuqikelela okuchaphazela i-Intel, enokusetyenziselwa ukufunyanwa kwezitshixo kunye nedatha ebuthathaka kwi-Intel SGX enclaves kunye nezinye iinkqubo.

Udidi olutsha lokuhlaselwa lusekwe kubukhohlakali ngolwakhiwo olufanayo lobuchwephesha njengakwi-MDS, iSpecter kunye nokuhlaselwa kweMeltdown. Ngaxeshanye, Uhlaselo olutsha aluthintelwanga ziindlela esele zikhona Ukukhuselwa kwi-Meltdown, Specter, MDS kunye nolunye uhlaselo olufanayo.

Malunga ne-LVI

Ingxaki yachongwa ngo-Epreli wonyaka ophelileyo ngumphandi uJo Van Bulck Ukusuka kwiYunivesithi yaseLeuven, emva koko, ngokuthatha inxaxheba kwabaphandi abali-9 abavela kwezinye iiyunivesithi, iindlela ezintlanu zokuhlasela zaphuhliswa, nganye nganye ivumela ukhetho oluthile ngakumbi.

Ngapha koko, ngoFebruwari walo nyaka, i Abaphandi beBitdefender bafumanisa enye yeendlela zokuhlaselwa I-LVI kwaye ixelwe kwi-Intel.

Ukhetho lokuhlaselwa lubalasele ngokusetyenziswa kobume bobuchwephesha obuhlukeneyo, njengendawo yokugcina izinto (i-SB, iBuff Buffer), i-buffer yokuzalisa (i-LFB, i-Line Fill Buffer), i-buffer ye-FPU yokutshintsha umxholo kunye ne-cache yenqanaba lokuqala (i-L1D), eyayisetyenziswa ngaphambili kuhlaselo olufana neZombieLoad, RIDL, Fallout, LazyFP, Isandulelo, kunye neMeltdown.

Umahluko ophambili phakathi kwe- NdiyabahlaselaI-LVI kunye ne-MDS kukuba i-MDS ilawula ukuzimisela komxholo yezakhiwo ezakhiweyo ezincinci ezihlala kwindawo yokugcina izilwanyana emva kokuphatha ngempazamo okanye umthwalo kunye nokugcina imisebenzi, ngelixa Uhlaselo I-LVI ivumela umhlaseli ukuba atshintshwe kubume bobuchwephesha Ukuphembelela ukwenziwa kweekhowudi zexhoba.

Usebenzisa ezi zinto zikhohlisayo, umhlaseli unokukhupha umxholo wedatha evaliweyo kwezinye iinkqubo ngelixa esenza ikhowudi ethile kumbindi we-CPU ekujoliswe kuyo.

Ukuxhaphaza, iingxaki kufuneka zifumaneke kwikhowudi yenkqubo kwaye uthumele ulandelelwano lweekhowudi ezizodwa (izixhobo) apho ixabiso elilawulwa ngumhlaseli lilayishwa kwaye ukulayishwa kweli xabiso kubangela ukungafani okushiya isiphumo kunye nokwenza umyalelo kwakhona.

Xa kusenziwa okungafaniyo, iwindow eqikelelweyo iyavela apho idatha icutshungulwa kwigajethi.

Ngokukodwa iprosesa iqala ngokwenza isiqwenga sekhowudi (igajethi), emva koko igqiba ukuba uqikelelo aluzange luthethelele kwaye luguqule ukusebenza, kodwa idatha eqhutyiweyo Ngexesha lokwenziwa kwengqikelelo zibekwe kwindawo yokugcina i-L1D kunye neetayitile idatha yoyilo lobuchwephesha kwaye inokutsalwa kubo kusetyenziswa iindlela ezaziwayo zokumisela idatha eseleyo kwiindlela zomntu wesithathu.

Eyona ngxaki iphambili Ukuhlasela ezinye iinkqubo kunyeIndlela yokuqalisa uncedo ngokusebenzisa inkqubo yexhoba.

Okwangoku, akukho ndlela zithembekileyo zokwenza oku, kodwa kwixesha elizayo ukufunyanwa kwayo akukhutshelwa ngaphandle. Ukuza kuthi ga ngoku ukubakho kohlaselo kuqinisekisiwe kuphela kwi-Intel SGX enclaves, ezinye iimeko ziyingcingane okanye ziyaveliswa kwakhona phantsi kweemeko zokwenziwa.

Izilwanyana ezinokuthi zihlasele

  • Ukuvuza kwedatha ukusuka kwizakhiwo zekernel ukuya kwinqanaba lomsebenzisi. Ukukhuselwa kwe-Linux kernel ngokuchasene nokuhlaselwa kwe-Specter 1 kunye ne-SMAP (indlela yoKhuseleko loFikelelo kwiNkqubo yokuNgena) ukunciphisa kakhulu amathuba okuhlaselwa kwe-LVI. Ukwazisa ukhuseleko lwe-kernel olongezelelweyo kunokuba yimfuneko xa kuchongwa iindlela ezilula zokwenza uhlaselo lwe-LVI kwixa elizayo.
  • Ukuvuza kwedatha phakathi kweenkqubo ezahlukeneyo. Uhlaselo lufuna ubukho beekhowudi ezithile kwisicelo kunye nokuzimisela kwendlela yokunyusa ngaphandle kwenkqubo ekujoliswe kuyo.
  • Ukuvuza kwedatha kwimeko yokusingqongileyo ukuya kwinkqubo yeendwendwe. Uhlaselo luchazwa njengobunzima kakhulu, olufuna ukuphunyezwa kwamanyathelo anzima okuphumeza kunye noqikelelo lomsebenzi kwinkqubo.
  • Ukuvuza kwedatha phakathi kweenkqubo kwiinkqubo ezahlukeneyo zeendwendwe. I-vector yohlaselo isondele ekuququzeleleni ukuvuza kwedatha phakathi kweenkqubo ezahlukeneyo, kodwa ikwafuna iindlela ezintsokothileyo zokuphepha ukubekwa bucala phakathi kweenkqubo zeendwendwe.

Ukubonelela ngokhuseleko olusebenzayo ngokuchasene ne-LVI, utshintsho lwezixhobo kwi-CPU luyafuneka. Ngokuququzelela ukhuseleko ngokwenkqubo, ukongeza ingxelo ye-LFENCE yomqokeleli emva kwayo yonke imithwalo yokusebenza kwimemori, kunye nokutshintsha ingxelo ye-RET nge-POP, LFENCE, kunye neJMP, ilungisa ngaphezulu kakhulu; Ngokwabaphandi, ukukhuselwa kwesoftware ngokubanzi kuya kukhokelela ekonakaleni kokusebenza kwamaxesha ama-2 ukuya kwali-19.

Umthombo: https://www.intel.com


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.