Iqela le abaphandi abavela kwiYunivesithi yaseGraz yeTekhnoloji eOstriya kunye neZiko leHelholholtz loKhuseleko loLwazi (ICISPA), zichonge i-vector entsha yokuhlasela (L1TF), ekuvumela ukuba ukhuphe idatha kwimemori ye-Intel SGX enclaves, ii-SMMs, indawo yokusebenza yeenkumbulo ze-kernel, kunye noomatshini ababonakalayo kwiinkqubo ezibonakalayo.
Ngokungafaniyo nohlaselo lwangaphambili lweForeshadow, umahluko omtsha awuchazwanga kwiiprosesa ze-Intel kwaye uchaphazela Ii-CPUs ezivela kwabanye abavelisi ezinje nge I-ARM, IBM kunye ne-AMD. Kwakhona, ukhetho olutsha alufuni ukusebenza okuphezulu kwaye uhlaselo lunokwenziwa ngokuqhuba iJavaScript kunye neWebhu yokuHlanganisa kwisikhangeli sewebhu.
I-foreshadow ithatha ithuba lokuba xa imemori ifikeleleka kwidilesi ebonakalayo, evelisa okwahlukileyo (ukusilela kwiphepha lesiphelo), iprosesa ngokubala idilesi ebonakalayo kwaye ilayishe idatha ukuba ikwi-cache ye-L1.
Ukufikelela okucingelwayo kwenziwa ngaphambi kokuba ugqityiwe Kwitafile yamaphepha enkumbulo kwaye nokuba imeko ithini na kwiphepha lememori (PTE), oko kukuthi, ngaphambi kokuqinisekisa ukuba idatha ikwimemori ebonakalayo kwaye iyafundeka.
Emva kokugqiba ukukhangela inkumbulo, xa kungekho salathisi likhoyo kwi-PTE, Umsebenzi ulahliwe, kodwa idatha igciniwe kwaye inokufunyanwa kwakhona usebenzisa iindlela zokumisela umxholo we-cache ngamajelo asecaleni (ngokuhlalutya utshintsho kwixesha lokufikelela kwidatha egciniweyo kunye nengagcinwanga).
Abaphandi ba bonisile que iindlela ezikhoyo zokuzikhusela ngokuchasene neForeshadow azisebenzi kwaye ziyenziwa ngokuchazwa ngokungachanekanga kwengxaki.
Ubungozi beForeshadow unokuxhamla ngaphandle kokusebenzisa iindlela zokukhusela kwi-kernel ezazifudula zithathwa njengezaneleyo.
Nje ngeziphumo, Abaphandi babonisa ukuba kunokwenzeka ukwenza uhlaselo lweForeshadow kwiinkqubo ezineenkozo ezindala, apho zonke iindlela zokhuselo zeForeshadow zenziwe zasebenza, kunye neenkozo ezintsha, apho kukhuselwa kuphela iSpecter-v2 (usebenzisa i-Linux kernel option nospectre_v2).
Isiphumo sokukhetha kwangaphambili kufunyenwe ukuba asihambelani nemiyalelo yesoftware yokukhetha okanye isiphumo sokukhethwa kwangaphambili kwesixhobo ngexesha lokufikelela kwememori, kodwa endaweni yoko kuvela ekuchazekeni kokubhekiswa kweerejista zesithuba somsebenzisi kwi-kernel.
Ukuchazwa gwenxa kwesizathu sokuba sesichengeni ekuqaleni kukhokelele ekucingeni ukuba ukuvuza kwedatha kwiForeshadow kunokwenzeka kuphela nge-L1 cache, ngelixa ubukho beekhowudi ezithile (izixhobo zangaphambili) kwikernel inokuba negalelo ekuvuza kwedatha kwi-L1 i-cache, umzekelo kwi-L3 Cache.
Inqaku elityhiliweyo likwavula amathuba okwenza uhlaselo olutsha. ijolise ekuguquleleni iidilesi ezibonakalayo kwiidilesi zomzimba kwiindawo zebhokisi yesanti kwaye ichonge iidilesi kunye nedatha egcinwe kwiirejista zeCPU.
Njengeedemo, babonisa abaphandi Isakhono sokusebenzisa isiphumo esityhiliweyo ukwenza khipha idatha ukusuka kwinkqubo enye ukuya kwenye ngokuhamba malunga ne-10 bits ngomzuzwana kwinkqubo ene-Intel Core i7-6500U CPU.
Ithuba lokucoca umxholo weerekhodi likwaboniswa I-Intel SGX enclave (kuthathe imizuzu eli-15 ukumisela ixabiso elingu-32-bit elibhalwe kwirejista engama-64).
Ukuthintela uhlaselo lweForeshadow nge-L3 cache, Indlela yokukhusela iSpecter-BTB (Isibonelelo seThagethi yeSebe) iphunyezwe kuseto lwepatchine esebenzayo iyasebenza.
Ngoko ke, Abaphandi bakholelwa ukuba kubalulekile ukushiya i-retpoline yenziwe yasebenza nkqu nakwiinkqubo ezinee-CPUs ezintsha, esele zinokhuselo ngokuchasene nokuba semngciphekweni kwindlela yokusebenza yokuqikelela yemiyalelo ye-CPU.
Ngakolunye uhlangothi, Abameli be-Intel bathi abacwangcisi ukongeza amanyathelo okhuseleko ngokuchasene neForeshadow kwiiprosesa kwaye bayithathela ingqalelo eyoneleyo ukwenza ukhuseleko ngokuchasene nokuhlaselwa kweSpecter V2 kunye neL1TF (Foreshadow).
Umthombo: https://arxiv.org