[RndTbl] Horrific CPU flaws (Meltdown / Spectre)
trevor at tecnopolis.ca
Thu Jan 4 02:36:27 CST 2018
As most of you probably know, new CPU bugs have just been found (1
affecting mostly Intel, 1 affecting Intel + AMD; both potentially
I wouldn't mind a MUUG discussion about this. News on the net seems to be
pretty low-caliber. Some are better than others.
https://spectreattack.com/ seems to be good... but I wouldn't hit that
site without a JS blocker. Apparently (could be a myth) these bugs can be
triggered by JS in a web page!!!
CVE/NVD doesn't seem to have ratings for this yet (still "reserved").
The good news:
>From what I read, it's a read-only attack, apparently they can dump your
entire RAM without root access. Not great, but better than a RW attack!
KPTI/Kaiser/Meltdown appears to all reference the same thing. Intel only
(so far... maybe add ARM), definitely not AMD (so far). Fix can't be done
in microcode or firmware. So it'll be patched in kernels (all OS's). OK,
great, who cares. But... the patch causes 5-30% performance hit across
the board; the more syscalls the program makes, the worse your hit. Fun.
The fix is basically move kernel page tables out of RAM when executing
user code. Then swap it back in. Joy. Hmmm, by coincidence, Intel's
very latest CPUs (unsure on definition of "latest") are rumoured to have
an instruction to make this less painful... hmmmmmmm.
Spectre seems to be more of a mystery. Apparently it allows progs to read
other prog's memory, but not kernel RAM. And no OS fix planned yet?
Affects all CPUs with out-of-order exec, which is basically everything in
the last, what, 15 years? This one worries me more. However, they say
it's harder to implement the hack, so maybe it'll turn out to be a red
herring in reality. If it's as scary as some make it sound, we could be
seriouly fskc'd because there isn't a syscall boundary to easily insert a
nice page table swap into.
Going back to my university days and my hardware architecture classes, I
find the technical side of this to be fascinating. It looks like they are
preying upon weaknesses in CPU handling of speculative loads, indirect
addressing, and long pipelines. The fact that the CPUs weren't properly
designed to not allow such insane access is quite shocking to me.
Pipelines are supposed to be thrown away after an incorrect guess.
Nothing should be leaking. Saying "we did it for performance reasons" is
quite lame. If anyone finds some good mid- / mid-high-level technical
explanations of the on-chip flaws, please post links.
It'll be interesting to see what the next gen(s) of CPUs do to
specifically address this. Given design/fab lifecycles it could be years
before new CPUs have this fixed. Surely pipelines / OOE aren't going
away. Heck, even RISC wouldn't have saved us, as they are monga pipeline
dependent. My hunch is PPC is Spectre vulnerable, but it'll be
interesting to find out more.
The above is all just my take on things after binge-reading about 8
different articles on it. If I'm wrong on something, please correct me.
Supposedly Linus has ranted on it already, but I can't find it anywhere,
so if you have a link to a Linus rant, please share.
In the meantime, get ready for all your newer/supported devices to get 5%+
slower, and all your older devices to get p0wned. Me, I'm going to jump
on that new ECC workstation I've been eyeing... I won't be able to handle
any slowdown on my current, ancient box.
Final thought... why didn't anyone figure this flaw out earlier in the
last 10 years it existed? Wonder who was exploiting it this whole time...
wonder how long Intel knew (not the "official" version). Anyone laying
bets on class-actions and/or CPU recalls? Not sure Intel could make
enough CPUs (or afford it) to replace every CPU it sold in the last 10
More information about the Roundtable