Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Intel Security

OpenBSD Releases Meltdown Patch (theregister.co.uk) 44

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's -- pretty much the same approach as was taken in the Linux kernel. From a report: A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post saying the operating system's developers were working out what to do. Now he's revealed the approach used to fix the free OS: "When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace." That explanation is somewhat obscure to non-developers, but there's a more readable discussion of what the project's developers had in mind from January, here.
This discussion has been archived. No new comments can be posted.

OpenBSD Releases Meltdown Patch

Comments Filter:
  • by 110010001000 ( 697113 ) on Friday February 23, 2018 @12:02PM (#56176147) Homepage Journal
    I am running AMD processors. Does this affect me, or only Intel processors?
    • this patch was for meltdown only which doesn't affect AMD; note the situation for the various types of SPECTRE are a mess, even the chip makers are floundering around. Intel put out yet another new spectre variant firmware fix *yesterday*!

      • OK thanks. So Meltdown doesn't affect AMD, just Intel processors.
      • I have nothing against AMD, and in general support competition for Intel...

        But are we truly sure the Meltdown approach cannot work on AMD? From all of the reading I did doing the Meltdown fiasco, it seemed like the people who came up with Meltdown thought it might work on AMD, they could just not get the timing to work quite right in a proof of concept attack the way they could with Intel...

        Is there a more detailed technical description laying out exactly why AMD processors are for sure immune to the Meltd

        • by XanC ( 644172 )

          Only AMD escaped? Only Intel is affected by Meltdown.

          • Re: (Score:2, Informative)

            by llamalad ( 12917 )

            There were two recent vulnerability announcements.

            Meltdown (which affects only Intel)
            Spectre (which affects Intel, AMD, ARM, and probably more)

            Intel has done a *great* job of making it sound like they're one and the same, and everyone's affected.

            Meltdown is fixable.

            Spectre isn't fully fixable yet, afaik.

            On a related note, think about what Spectre really means for your public cloud workloads...

            • Hmm, could have sworn Meltdown also affected ARM. I knew Spectre was wider spread but I thought Meltdown also crossed a few processors... guess I was misremembering that aspect.

              • by Anonymous Coward

                It's mostly Intel-specific, because Intel patented the go-marginally-faster-by-hardwiring-hardware-to-heuristically-skip-bounds-check technique that basically is the Meltdown vulnerability. IBM licensed it for some of their POWER chips. The one and only ARM core to use it is the Cortex-A75. So ARM is perfectly safe if you avoid Cortex-A75, which is easy enough.

                In practice, if it's Intel then it's probably affected, otherwise you're most likely safe.

          • by Megol ( 3135005 )

            Intel propaganda have tried to make people think Spectre == Meltdown and so all processor manufacturers are equally affected.

            That is of course not true. But Intel have succeeded in planting that even into technical people.

        • by Megol ( 3135005 ) on Friday February 23, 2018 @01:07PM (#56176527)

          "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

          That's technical enough. No matter how the timing is tweaked AMD isn't vulnerable.

          • Thanks. That's exactly the level of information I was looking for.

    • AMD is affected by things similar to Spectre, slightly less than Intel but still an issue. It doesn't have the specific Meltdown vulnerability.

      The real question is what does all this context switching cost in terms of speed and system resources.

      • by Anonymous Coward

        Specifically, out of the 3, AMD is only affected by the bounds check vulnerability, not the branch target predictor nor (the worst) Meltdown.

        what does all this context switching cost in terms of speed and system resources

        To answer your question, the wiki article on KPTI [wikipedia.org] says:

        (note that the PCID optimization refers to the use of this [wikipedia.org] to prevent TLB flushing every time the contexts are switched)

        The overhead was measured to be 0.28% according to KAISER's original authors; a Linux developer measured it to be roughly 5% for most workloads and up to 30% in some cases, even with the PCID optimization; for database engine PostgreSQL the impact on read-only tests on an Intel Skylake processor was 7–17% (or 16–23% without PCID), while a full benchmark lost 13–19% (Coffee Lake vs. Broadwell-E). Many benchmarks have been done by Phoronix, Redis slowed by 6–7%. Linux kernel compilation slowed down by 5% on Haswell.

    • Dear fellow reader, I am worried you are developing a memory problem: Re:Defective (Score:1) - January 8 [slashdot.org] as you already knew this at some point in the past. You might want to consult your physician.
  • by Anonymous Coward on Friday February 23, 2018 @12:06PM (#56176161)

    Great work everyone!

  • Well, sure ... that's what I was going to say.
  • Another monolithic kernel, another Meltdown patch.

    Serious question: are microkernels (Minix, Hurd, Zircon) affected in the same way? In any way?

    Problem is, when I've Googled this, I get nothing for Hurd, I get "Yay Zircon Fuchsia runs!", and I for Minix, I can only turn up results complaining about a version of Minix being part of the IME. So without being edumacated on the topic,

    • by Anonymous Coward

      If they use a single page table and have kernel memory mapped while running user mode then yes.

    • by spth ( 5126797 )

      Meltdown and Spectre are huge issues for Microkernels. For details see the answer to a question to one of the Hurd developers after the end of the FOSDEM 2018 talk on Hurd's PCI arbiter [fosdem.org] (minute 31:19 of the video)

      Philipp

    • by Dwedit ( 232252 )

      It affects every situation where memory is flagged as unreadable.

  • by williamyf ( 227051 ) on Friday February 23, 2018 @01:27PM (#56176677)

    From my blog:

    Meltdown affects all Intel Processors with Out-of-Order-Execution (OOE) and, more importantly, Speculative-Execution, perhaps going back to the Original PentiumPro, and all Atom processors made after 2013 (the original Atoms were In-Order-Execution). AMD processors are immune [3], and Via (remember Via?) has remained silent. Meltdown also affects other architectures, like several ARM processors, including the up-and-coming Cortex-A75 (intended for datacenter use), as well as many others used in cellphones and appliances [5], also IBM’s POWER7+, 8 and 9 are affected [4]. But this paper is not concerned with other architectures.

    [3] https://www.amd.com/en/corpora... [amd.com]
    [4] https://www.ibm.com/blogs/psir... [ibm.com]
    [5] https://developer.arm.com/supp... [arm.com]

    The Full Blog is here:
    https://technologyunderbelly.b... [blogspot.com]

  • Describing Guenther's patch as "pretty much the same approach as was taken in the Linux kernel" makes it sounds like he just copied someone else's idea. I think the reality is that kernel developers from numerous platforms have been brainstorming approaches to Meltdown and Spectre.

    I realize this is Slashdot, but please don't try to turn Guenther's achievement into a "Woohoo LINUX!!!" story.

Bell Labs Unix -- Reach out and grep someone.

Working...