I-LVI: isigaba esisha sokuhlaselwa kokuqagela kokuqagela kuma-Intel CPUs

Darkcrizt

Imizuzu ye-4

Imininingwane mayelana isigaba esisha sokuhlaselwa I-LVI kumshini ukwenziwa kokuqagela okuthinta i-Intel, engasetshenziselwa ukutholakala kokhiye nedatha ebucayi kusuka kuma-Intel SGX enclaves nezinye izinqubo.

Isigaba esisha sokuhlaselwa sisekelwe ekukhohliseni ngezinhlaka ezifanayo zokwakhiwa njengasekuhlaselweni kwe-MDS, Specter neMeltdown. Ngesikhathi esifanayo, ukuhlaselwa okusha akuvinjelwe izindlela ezikhona ukuvikelwa kwi-Meltdown, Specter, MDS nokunye ukuhlaselwa okufanayo.

Mayelana ne-LVI

Inkinga yahlonzwa ngo-Ephreli wangonyaka odlule ngumcwaningi uJo Van Bulck kusuka eNyuvesi yaseLeuven, ngemuva kwalokho, ngokubamba iqhaza kwabaphenyi abayi-9 abavela kwamanye amanyuvesi, izindlela ezinhlanu eziyisisekelo zokuhlasela zakhiwa, ngayinye evumela izinketho ezithile ezithile.

Noma kunjalo, ngoFebhuwari walo nyaka, i- Abaphenyi beBitdefender bathole enye yezinketho zokuhlaselwa I-LVI wayibika ku-Intel.

Izinketho zokuhlaselwa zihlukaniswa ngokusetshenziswa kwezakhiwo ezahlukahlukene ezincane, njenge-Store Buffer (i-SB, i-Store Buffer), i-Fill Buffer (i-LFB, i-Line Fill Buffer), i-FPU Context Switch Buffer, ne-First Level Cache (L1D), esetshenziswe ngaphambilini ekuhlaselweni okufana neZombieLoad, RIDL, Fallout, LazyFP, Foreshadow, kanye Ukuncibilika.

Umehluko omkhulu phakathi kwe- NgiyabahlaselaI-LVI ne-MDS ukuthi i-MDS ilawula ukuzimisela kokuqukethwe yezinhlaka zokwakha ezincane ezihlala kunqolobane ngemuva kokuphathwa noma ukuphathwa kokuqagelwa kwephutha lokucabanga, ngenkathi Ukuhlaselwa I-LVI ivumela umhlaseli ukuthi afakwe endaweni yezakhiwo ezincane kakhulu ukuthonya ukwenziwa kokuqagela okwalandela kwekhodi yesisulu.

Usebenzisa lezi zikhohlisi, umhlaseli angakhipha okuqukethwe kwezakhiwo zedatha evaliwe kwezinye izinqubo ngenkathi enza ikhodi ethile kumongo we-CPU eqondisiwe.

Ngokuxhashazwa, izinkinga kufanele zitholakale kwikhodi yenqubo bese uthumela ukulandelana kwamakhodi akhethekile (amagajethi) lapho inani elilawulwa ngabahlaseli lilayishwa khona futhi ukulayishwa kwaleli nani kubangela okuhlukile okulahla umphumela bese kusebenze kabusha ukufundiswa.

Lapho kucutshungulwa okuhlukile, iwindi lokucabangela liyavela lapho idatha icutshungulwa kugajethi ihlungwa.

Ikakhulu iprosesa liqala ukusebenzisa ucezu lwekhodi ngokuqagela (igajethi), bese inquma ukuthi isibikezelo asilungisiswanga futhi siguqula ukusebenza, kepha idatha esetshenzisiwe Ngesikhathi sokubulawa kokuqagela zifakwa kunqolobane ye-L1D nakuma-buffers idatha yesakhiwo esincane futhi ingakhishwa kubo kusetshenziswa izindlela ezaziwayo zokunquma idatha eyinsalela eziteshini ezivela eceleni.

Ubunzima obukhulu ukuhlasela ezinye izinqubo futhiindlela yokuqalisa usizo ngokuphatha inqubo yesisulu.

Njengamanje, azikho izindlela ezinokwethenjelwa zokwenza lokhu, kepha ngokuzayo ukutholwa kwayo akukhiywa ngaphandle. Kuze kube manje ukuthi kungenzeka ukuthi kuhlaselwe sekuqinisekisiwe kuphela kuma-Intel SGX enclaves, ezinye izimo zingezethiyori noma ziyazala kabusha ngaphansi kwezimo zokwenziwa.

Izithwali zokuhlasela ezingaba khona

  • Ukuvuza kwemininingwane kusuka kuzakhiwo ze-kernel kuya kwinqubo yezinga lomsebenzisi. Ukuvikelwa kwe-Linux kernel ngokumelene nokuhlaselwa kweSpecter 1 kanye nendlela yokuvikela ye-SMAP (Supervisor Mode Access Prevention) kwehlise kakhulu amathuba okuhlaselwa kwe-LVI. Ukwethula ukuvikelwa kwe-kernel okungeziwe kungadingeka lapho kukhonjwa izindlela ezilula zokwenza ukuhlasela kwe-LVI ngokuzayo.
  • Ukuvuza kwedatha phakathi kwezinqubo ezahlukahlukene. Ukuhlaselwa kudinga ukuba khona kwamazwibela ekhodi athile kuhlelo lokusebenza nokuzimisela kwendlela yokuphakamisa okuhlukile kunqubo eqondiwe.
  • Idatha iyavuza kusuka endaweni yokusingathwa kuya kusistimu yezivakashi. Lokhu kuhlaselwa kubhekwa njengokuyinkimbinkimbi kakhulu, okudinga ukwenziwa kwezinyathelo ezimbalwa okunzima ukuzisebenzisa nokuqagela okwenziwayo ohlelweni.
  • Ukuvuza kwedatha phakathi kwezinqubo ezinhlelweni ezahlukahlukene zezivakashi. I-vector yokuhlasela iseduze nokuhlela ukuvuza kwedatha phakathi kwezinqubo ezahlukahlukene, kepha futhi kudinga ukukhohlisa okuyinkimbinkimbi ukugwema ukuhlukaniswa phakathi kwezinhlelo zezivakashi.

Ukuhlinzeka ngokuvikelwa okuphumelelayo kwi-LVI, izinguquko ze-Hardware kwi-CPU ziyadingeka. Ngokuhlela ukuvikelwa ngokohlelo, ngokungeza isitatimende se-compiler LFENCE ngemuva kwawo wonke umsebenzi wokulayisha kusuka kwimemori, nokufaka isitatimende se-RET nge-POP, LFENCE, ne-JMP, kulungisa ngaphezulu kakhulu; Ngokusho kwabaphenyi, ukuvikelwa okuphelele kwesoftware kuzoholela ekwehlisweni kokusebenza kwezikhathi ezi-2-19.

Umthombo: https://www.intel.com


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.