A relatively recent benchmark on the Phoronix website, which examines the performance of various server applications, shows a 25% performance decrease on average when all anti-Spectre precautions in the Linux OS are enabled.
#Spectre meltdown code#
A wide range of measures were discussed, depending on the goals and objectives of a particular system, including the complete disabling of speculative code execution with serious consequences for CPU performance.įor most organizations whose business model depends on the performance of a large fleet of servers such performance drop will be the most noticeable impact of anti-Spectre measures.
#Spectre meltdown software#
Software solutions can be quite tricky: as an example, you can look at the possible modifications in the Linux kernel against Spectre v1 and v2. Hardware solutions were first implemented in the eighth generation of Intel processors, as well as in AMD’s Zen 2 CPUs. The new microcode covering some of the vulnerabilities has been available for Intel processors since the 2013 Haswell generation.
Often true mitigation requires a combination of firmware and software updates.
#Spectre meltdown update#
Theoretically there are three ways to make a processor vulnerability less exploitable: vendors can issue a microcode update for existing processors, they can modify new CPUs, or try to solve the problem through the software updates. Intel’s summary table lists more than 20 of these issues, in addition to the original three. Researchers continue to look for new methods for extracting secret data by exploiting the vulnerabilities of processors. But researchers have found ways to indirectly read that data.Īfter the publication of work on Spectre and Meltdown, several more similar vulnerabilities were discovered. This mechanism was considered safe, because that erroneously read “secret” was not transmitted to the program. It is stored in the cache and can be retrieved from there through side channels. POC for the Spectre v1 showed that the processor will read data that should be inaccessible by the program. If the prediction is wrong, the calculations are just discarded. If the prediction was correct, the processor resources will be used more efficiently. This mechanism was introduced more than 20 years ago, it allows you to speed up performance by executing a set of instructions even before an explicit request for their execution from the program. In all cases, researchers exploited the branch prediction system. The last argument is precisely what aroused particular interest in this seemingly theoretical scientific work.
Because of this, the speed of the data leak is extremely low. The data leak itself occurs through side channels.Practical exploitation requires a number of conditions, in particular, the code of the attacked application must allow data leakage, have a so-called “gadget,” access to which makes the attack possible.The most dangerous option is an attack through a browser when visiting an “infected” web page. Their exploitation usually involves the execution of malicious code on a vulnerable system, albeit with low privileges.Those vulnerabilities have several common features: The original August 2018 announcement revealed three vulnerabilities: Spectre v1 and v2, and Meltdown. In this post we look at the state of these hardware issues today and on their potential use to attack businesses. The researchers also showed examples of attacks using these vulnerabilities, although most of them are unlikely to be used in the wild. Since then, researchers discovered several similar flaws, that are potentially capable of leaking confidential data. Four years have passed since the first publication of the research on Spectre and Meltdown, hardware vulnerabilities in modern processors.
0 kommentar(er)
