Kungiyar Masu bincike daga jami’ar Virginia da California sun gabatar da wani sabon hari zuwa tsarin microarchitecture na masu sarrafawa Intel da AMD.
Hanyar kai harin yana haɗuwa da amfani da matsakaiciyar ɓoye na ƙananan aiki (micro-op cache) a cikin masu sarrafawa, waɗanda za'a iya amfani dasu don cire bayanan da suka daidaita yayin aiwatar da umarnin.
An lura cewa sabuwar hanyar da ta fi gaban Specter attack v1 dangane da aiki, yana sanya wahalar gano harin kuma ba a toshe shi ta hanyoyin da ake da su na kariya daga hare-hare ta hanyar tashoshin gefen da aka tsara don toshe raunin da aka samu ta hanyar aiwatar da umarnin.
Misali, amfani da bayanin LFENCE yana toshe kwarara a matakan gaba na aiwatar da hasashe, amma baya kare kariya daga kwararar abubuwa ta hanyar tsarin microarchitectural.
Hanyar tana shafar samfurin Intel da AMD processor da aka saki tun 2011, ciki har da Intel Skylake da AMD Zen. CPUs na zamani suna rusa umarnin sarrafa mai sarrafar zuwa mafi sauki-kamar micro-aiki, waxanda aka adana su a cikin wani kebul na daban.
Wannan ma'ajin ya bambanta da asali daga ma'aunin matakin farko, ba shi da sauƙi kai tsaye kuma yana aiki azaman rafin ajiya don saurin samun damar sakamakon ƙaddamar da umarnin CISC a cikin microinstruction RISC.
Duk da haka, masu binciken sun sami hanyar ƙirƙirar yanayin da ke faruwa yayin rikici na samun damar shiga ɓoye da bayar da damar yin hukunci kan abubuwan da ke tattare da kananan ayyukan ta hanyar nazarin bambance-bambance a lokacin aiwatar da wasu ayyuka.
Maɓallin micro-op a kan masu sarrafa Intel an raba shi dangane da zaren CPU (Hyper-Threading), yayin da masu sarrafawa AMD Zen sunyi amfani da mahimmin asusun ajiya, wanda ke haifar da yanayi don kwararar bayanai ba kawai a cikin zaren aiwatarwa ba, har ma tsakanin zaren daban a cikin SMT (malalar bayanai yana yiwuwa tsakanin lambar da ke gudana akan maɓuɓɓukan CPU masu ma'ana).
Masu binciken sun gabatar da wata hanya ta asali don gano canje-canje a cikin ɓoye na micro-ops da abubuwa daban-daban na kai hari waɗanda ke ba da damar ƙirƙirar tashoshin watsa bayanai da amfani da lambar rauni don tace bayanan sirri, duka a cikin tsari ɗaya (alal misali, don tsara hanyar kwararar bayanai yayin gudu na uku - lambar yanki a cikin injunan JIT da injunan kama-da-wane) kuma tsakanin kwaya da matakai a cikin sararin mai amfani.
Ta hanyar yin amfani da nau'ikan harin Specter ta hanyar amfani da micro-op cache, masu binciken sun sami nasarar samar da 965.59 Kbps tare da kuskuren kuskure na 0.22% da 785.56 Kbps yayin amfani da kuskuren kuskure, a yayin faruwar ruwa a cikin wannan ƙwaƙwalwar sarari. da kuma gata matakin.
Tare da malala mai zurfin matakai na dama daban daban (tsakanin kwaya da sararin mai amfani), kayan aiki shine 85,2 Kbps tare da karin kuskuren kuskure da 110,96 Kbps tare da kuskuren kuskure 4%.
Lokacin kai farmaki ga masu sarrafa AMD Zen, wanda ke haifar da ɓarkewa tsakanin maɓuɓɓukan CPU masu ma'ana, abubuwan da aka samar sun kasance 250 Kbps tare da kuskuren kuskure na 5,59% da 168,58 Kbps tare da kuskuren kuskure. Idan aka kwatanta da hanyar Specter v1 ta zamani, sabon harin ya zama ya fi sauri sau 2,6.
Rage girman kai harin micro-op cache ana tsammani don buƙatar ƙarin canje-canje na ƙasƙantar da aiki fiye da lokacin da aka kunna ikon Specter.
A matsayin sasantawa mafi dacewa, an gabatar da ita ne don toshe irin wadannan hare-haren ba ta hana nakasassu ba, amma a matakin sa ido ne da kuma gano jihohin da aka saba kai harin.
Kamar yadda yake a cikin hare-haren Specter, shirya ɓarkewar kwaya ko wasu matakai na buƙatar aiwatar da wani rubutun (na'urori) a ɓangaren wanda aka azabtar, wanda ke haifar da zartar da umarnin.
Kimanin irin waɗannan na'urori 100 aka samo a cikin kwayar Linux kuma za a cire su, amma ana samun mafita koyaushe don samar da su, misali waɗanda ke da alaƙa da ƙaddamar da shirye-shiryen BPF na musamman a cikin kwaron.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.