BHI: sabon yanayin yanayin yanayin Specter wanda ke shafar Intel da ARM

Masu bincike a Jami'ar Kyauta ta Amsterdam sanar kwanan nan samu daya sabon rauni wanda shine tsawaita sigar raunin Spectre-v2 a kan masu sarrafa Intel da ARM.

Wannan sabon rauni, wanda sun yi baftisma a matsayin BHI (Alurar Tarihin Reshe, CVE-2022-0001), bhb ba (Buffer Tarihin Reshe, CVE-2022-0002) da Spectre-BHB (CVE-2022-23960), ana siffanta shi ta hanyar ba da izinin kewaya hanyoyin kariya na eIBRS da CSV2 da aka ƙara zuwa masu sarrafawa.

An bayyana raunin da ya faru a cikin bayyanar cututtuka daban-daban na wannan matsala, kamar yadda BHI wani hari ne wanda ya shafi matakan gata daban-daban, alal misali, tsarin mai amfani da kernel, yayin da BHB hari ne a matakin gata guda, misali, eBPF JIT da kwaya.

Game da rauni

Ra'ayi, BHI shine tsawaita bambance-bambancen harin Spectre-v2, wanda za a ketare ƙarin kariya (Intel eIBRS da Arm CSV2) da ƙaddamar da bayanan bayanan, maye gurbin dabi'u a cikin buffer tare da tarihin reshe na duniya (Buffer History Buffer), wanda ake amfani da shi a cikin CPU don inganta daidaiton tsinkayar reshe. ta hanyar la'akari da tarihin sauyin da suka gabata.

A yayin harin ta hanyar magudi tare da tarihin canji, an halicci yanayi don tsinkayar da ba daidai ba na canji da kuma kisa na umarnin da ake buƙata, wanda sakamakonsa aka ajiye a cikin cache.

Ban da amfani da buffer tarihin sigar maimakon sigar buffer manufa, sabon harin yayi kama da Specter-v2. Aikin maharin shi ne ya haifar da irin wannan yanayi wanda adireshin, lokacin yin aikin hasashe, ana ɗaukar shi daga yankin bayanan da ake tantancewa.

Bayan yin tsalle-tsalle na kai tsaye, adireshin tsalle da aka karanta daga ƙwaƙwalwar ajiya ya kasance a cikin cache, bayan haka za a iya amfani da ɗaya daga cikin hanyoyin tantance abubuwan da ke cikin cache don dawo da shi bisa la'akari da canjin lokacin samun damar cache da kuma ɓoye shi. data.

Masu bincike sun nuna amfani da aiki wanda ke ba da damar sararin samaniya don cire bayanan sabani daga ƙwaƙwalwar kernel.

Misali, yana nuna yadda, ta yin amfani da shirye-shiryen amfani, yana yiwuwa a fitar da igiya daga kernel buffers tare da zanta na kalmar sirrin mai amfani, wanda aka loda daga fayil /etc/shadow file.

Amfanin yana nuna ikon yin amfani da rauni a cikin matakin gata guda ɗaya ( harin kwaya zuwa kwaya) ta amfani da shirin eBPF mai amfani. Yiwuwar amfani da na'urorin Specter na yanzu a cikin lambar kernel, rubutun da ke haifar da hasashe na aiwatar da umarni, shima ba a yanke hukunci ba.

Ularfafawa yana bayyana akan mafi yawan na'urorin sarrafa Intel na yanzu, ban da dangin Atom na masu sarrafawa da kuma a cikin da yawa na masu sarrafa ARM.

Dangane da bincike, raunin ba ya bayyana kansa akan masu sarrafa AMD. Don magance matsalar, an gabatar da hanyoyi da yawa. software don toshe raunin, wanda za'a iya amfani dashi kafin bayyanar kariya ta hardware a cikin ƙirar CPU na gaba.

Don toshe hare-hare ta hanyar tsarin eBPF, sAna ba da shawarar a kashe ta tsohuwa ikon loda shirye-shiryen eBPF ta masu amfani marasa gata ta hanyar rubuta 1 zuwa fayil "/proc/sys/kernel/unprivileged_bpf_disabled" ko ta hanyar aiwatar da umarnin "sysctl -w kernel .unprivileged_bpf_disabled=1".

Don toshe hare-hare ta na'urori, ana ba da shawarar yin amfani da umarnin LFENCE a cikin sassan code wanda zai iya haifar da kisa na hasashe. Yana da kyau a lura cewa tsarin tsoho na yawancin rarrabawar Linux ya riga ya ƙunshi matakan kariya masu dacewa don toshe harin eBPF da masu binciken suka nuna.

Shawarwari na Intel don hana rashin gata zuwa eBPF suma suna aiki ta tsohuwa farawa da Linux kernel 5.16 kuma za a tura su zuwa rassan farko.

A ƙarshe, idan kuna sha'awar samun damar ƙarin sani game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin bin hanyar haɗi.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.