Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Releases Meltdown Patch (theregister.co.uk)

Posted by msmash on from the better-late-than-never dept.

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's -- pretty much the same approach as was taken in the Linux kernel. From a report: A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post saying the operating system's developers were working out what to do. Now he's revealed the approach used to fix the free OS: "When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace." That explanation is somewhat obscure to non-developers, but there's a more readable discussion of what the project's developers had in mind from January, here.

44 comments

  1. AMD by 110010001000 · · Score: 2

    I am running AMD processors. Does this affect me, or only Intel processors?

    1. Re:AMD by iggymanz · · Score: 2

      this patch was for meltdown only which doesn't affect AMD; note the situation for the various types of SPECTRE are a mess, even the chip makers are floundering around. Intel put out yet another new spectre variant firmware fix *yesterday*!

    2. Re:AMD by 110010001000 · · Score: 1

      OK thanks. So Meltdown doesn't affect AMD, just Intel processors.

    3. Re:AMD by goombah99 · · Score: 2

      AMD is affected by things similar to Spectre, slightly less than Intel but still an issue. It doesn't have the specific Meltdown vulnerability.

      The real question is what does all this context switching cost in terms of speed and system resources.

      --
      Some drink at the fountain of knowledge. Others just gargle.
    4. Re:AMD by Anonymous Coward · · Score: 1

      Specifically, out of the 3, AMD is only affected by the bounds check vulnerability, not the branch target predictor nor (the worst) Meltdown.

      what does all this context switching cost in terms of speed and system resources

      To answer your question, the wiki article on KPTI says:

      (note that the PCID optimization refers to the use of this to prevent TLB flushing every time the contexts are switched)

      The overhead was measured to be 0.28% according to KAISER's original authors; a Linux developer measured it to be roughly 5% for most workloads and up to 30% in some cases, even with the PCID optimization; for database engine PostgreSQL the impact on read-only tests on an Intel Skylake processor was 7–17% (or 16–23% without PCID), while a full benchmark lost 13–19% (Coffee Lake vs. Broadwell-E). Many benchmarks have been done by Phoronix, Redis slowed by 6–7%. Linux kernel compilation slowed down by 5% on Haswell.

    5. Re:AMD by Anonymous Coward · · Score: 0

      Isn't this that 30% that keeps getting bandied about?

    6. Re:AMD by Fly+Swatter · · Score: 1

      Dear fellow reader, I am worried you are developing a memory problem: Re:Defective (Score:1) - January 8 as you already knew this at some point in the past. You might want to consult your physician.

  2. Hugs all around! by Anonymous Coward · · Score: 4, Funny

    Great work everyone!

    1. Re: Hugs all around! by Anonymous Coward · · Score: 2, Insightful

      You didnâ(TM)t get the consent required. Please report to HR or the FreeBSD board of stupidity.

    2. Re:Hugs all around! by Megol · · Score: 1

      That's harassment!

  3. BSD is dying by Anonymous Coward · · Score: 0

    she's dead jim

  4. Meltdown or Piltdown? by Anonymous Coward · · Score: 0

    Fake news! to get you to buy more C.P.U.s rather than more hookers.

  5. Well, yeah by cascadingstylesheet · · Score: 1

    Well, sure ... that's what I was going to say.

  6. Are we so sure it does not affect AMD? by SuperKendall · · Score: 1, Interesting

    I have nothing against AMD, and in general support competition for Intel...

    But are we truly sure the Meltdown approach cannot work on AMD? From all of the reading I did doing the Meltdown fiasco, it seemed like the people who came up with Meltdown thought it might work on AMD, they could just not get the timing to work quite right in a proof of concept attack the way they could with Intel...

    Is there a more detailed technical description laying out exactly why AMD processors are for sure immune to the Meltdown attack? It seemed that with something that affected so many different processors, it's strange that only AMD escaped.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Are we so sure it does not affect AMD? by XanC · · Score: 2

      Only AMD escaped? Only Intel is affected by Meltdown.

    2. Re:Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 0

      The Meltdown patch is fairly methodical. Spectre is the disaster, and AMD has not been releasing spectre mitigations. It's not clear they should---maybe retpoline is the right way to go---but this is unfortunately not a simple story of AMD being "better" because of the resources Intel is throwing at spectre, albeit in a flailing way. It's more a story of ubiquitous hubris, and slightly a story of luck.

    3. Re:Are we so sure it does not affect AMD? by llamalad · · Score: 1, Informative

      There were two recent vulnerability announcements.

      Meltdown (which affects only Intel)
      Spectre (which affects Intel, AMD, ARM, and probably more)

      Intel has done a *great* job of making it sound like they're one and the same, and everyone's affected.

      Meltdown is fixable.

      Spectre isn't fully fixable yet, afaik.

      On a related note, think about what Spectre really means for your public cloud workloads...

    4. Re:Are we so sure it does not affect AMD? by Megol · · Score: 4, Informative

      "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

      That's technical enough. No matter how the timing is tweaked AMD isn't vulnerable.

    5. Re:Are we so sure it does not affect AMD? by Megol · · Score: 2

      Intel propaganda have tried to make people think Spectre == Meltdown and so all processor manufacturers are equally affected.

      That is of course not true. But Intel have succeeded in planting that even into technical people.

    6. Re:Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 0

      What about if it doesn't "...result in a page fault."?

    7. Re:Are we so sure it does not affect AMD? by Megol · · Score: 2

      Anybody with any clue would realize that your ass is doing the talking. Spectre* is much harder to exploit than Meltdown, Meltdown essentially allow any user process to read any memory in a unpatched OS without needing to know anything specific about the system while the other attacks (Spectre) require knowledge of a certain system specific vulnerability and can then read some limited information. Big difference.

      (* which technically includes Meltdown - which AMD isn't affected by)

    8. Re:Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 0

      The main problem with spectre is that is such a vague idea.
      The suggestion that one could determine the state of private variables based on what the branch prediction loads into cache is just odd. I mean, sure, you can do that, but without branch prediction you can also wait a while until the branch happened and see if it had to fetch more memory.
      It isn't really a bug, it is just that code have side effects.
      Even if the CPU makers does something like fetch both memory segments regardless of the branch prediction the programmer still needs to make sure that each branch takes equally long time to execute, otherwise you have the exact same kind of 'vulnerability' there.
      So to prevent something like spectre you would need compiler switches to ensure that conditional code takes equally long time to execute regardless of branching and ideally that all memory you use have been pre-cached regardless of if you need it or not.
      If anything the branch prediction people complain about makes spectre harder to exploit than it would have been without it.

    9. Re: Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 0

      Then you are accessing memory that you are allowed to access.

    10. Re:Are we so sure it does not affect AMD? by bsolar · · Score: 1

      I guess in that case the memory would be accessible normally anyway. The bug is not being able to access memory you are allowed to access, but accessing memory you shouldn't be able to.

    11. Re:Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 0

      On a related note, think about what Spectre really means for your public cloud workloads...

      No thanks, I have a newborn, I miss enough sleep as is.

    12. Re:Are we so sure it does not affect AMD? by SuperKendall · · Score: 0

      Hmm, could have sworn Meltdown also affected ARM. I knew Spectre was wider spread but I thought Meltdown also crossed a few processors... guess I was misremembering that aspect.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    13. Re:Are we so sure it does not affect AMD? by SuperKendall · · Score: 1

      Thanks. That's exactly the level of information I was looking for.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    14. Re:Are we so sure it does not affect AMD? by Anonymous Coward · · Score: 1

      It's mostly Intel-specific, because Intel patented the go-marginally-faster-by-hardwiring-hardware-to-heuristically-skip-bounds-check technique that basically is the Meltdown vulnerability. IBM licensed it for some of their POWER chips. The one and only ARM core to use it is the Cortex-A75. So ARM is perfectly safe if you avoid Cortex-A75, which is easy enough.

      In practice, if it's Intel then it's probably affected, otherwise you're most likely safe.

  7. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  8. Re:Monolothic kernels only? by Anonymous Coward · · Score: 1

    If they use a single page table and have kernel memory mapped while running user mode then yes.

  9. Description ballsed up the actual description by Anonymous Coward · · Score: 0

    I know it's copied verbatim from the article, but if you read the actual developer discussion the whole stack frame thing begins to make more sense.
    Kernel mode code already uses it's own stack. This is normal. The new feature here is that they add an intermediate stack that is only used while switching the page tables, and in fact this whole stack discussion is merely an implementation detail. The actual fix here is isolating kernel and user page tables.

  10. Spectre? by Anonymous Coward · · Score: 0

    Many Linuxes have at least applied the Intel microcode patches and the kernel-level Spectre mitigations. What they have done is not adequate. It's not clear all the VM guest-guest switches are properly protected, and there are chip variant caveats, and some bits of userland need fixes which isn't done.

    Specifically, any part of the userland that runs untrusted code, like web browsers that run Javascript, should be recompiled with retpoline, and most Linuxes don't ship the correct C compiler to do that. How is OpenBSD's web browser doing? Do they even provide a retpoline-capable compiler?

    Does OpenBSD have qemu/kvm/Xen? If so, is it spectre-mitigated?

    Even beyond speculative execution attacks, these bugs call attention to the danger of cache timing attacks which may become a more fruitful class of exploits soon. But that's not a place where OpenBSD is lagging. I think they may be lagging on spectre mitigation specifically (though Linux isn't doing great, either).

    Remember this is all 8 months out. It is really kinda extreme that Google broke their standard timeline and took an 6-month head start on the industry to fix GCE. I suppose it is fair since it's their own research. If they are funding this massive highly-competent security team in house, the benefit that GCE is more secure than competitors is not unreasonable. It's a little annoying, politically, that they cooperated with their big competitors, but it's socially practical to cooperate with those who could keep secrets and who affected many users. Anyway they're not asking someone else to delay disclosure to be "responsible" which would be hypocritical. It's their own discovery. I don't think Google's going beyond what they're entitled to with how they handled this discovery, at all, so let me be clear on that since it's so fashionable for people to imagine their relation to Google as a sort of entitled serfdom, and that's bullshit. I'm just saying their odd behaviour reveals the present situation is exceptional, so OpenBSD, Linux communities, AMD and Intel (to the extent they can release ucode) are being tested in an exceptional manner right now.

    But in the response to Spectre, the result of the test is disappointing flail.

  11. Re:Monolothic kernels only? by Anonymous Coward · · Score: 0

    In other words, if they are using an Intel processor with any kernel, the answer is yes they are affected and this includes qnx and minix and etc, unless they are in some old unprotected mode which disables all the cool features like these things that are being exploited like dos 5 or something. ;)

  12. Re:Monolothic kernels only? by spth · · Score: 2

    Meltdown and Spectre are huge issues for Microkernels. For details see the answer to a question to one of the Hurd developers after the end of the FOSDEM 2018 talk on Hurd's PCI arbiter (minute 31:19 of the video)

    Philipp

  13. Processors afected by Meltdown: by williamyf · · Score: 2, Informative

    From my blog:

    Meltdown affects all Intel Processors with Out-of-Order-Execution (OOE) and, more importantly, Speculative-Execution, perhaps going back to the Original PentiumPro, and all Atom processors made after 2013 (the original Atoms were In-Order-Execution). AMD processors are immune [3], and Via (remember Via?) has remained silent. Meltdown also affects other architectures, like several ARM processors, including the up-and-coming Cortex-A75 (intended for datacenter use), as well as many others used in cellphones and appliances [5], also IBM’s POWER7+, 8 and 9 are affected [4]. But this paper is not concerned with other architectures.

    [3] https://www.amd.com/en/corpora...
    [4] https://www.ibm.com/blogs/psir...
    [5] https://developer.arm.com/supp...

    The Full Blog is here:
    https://technologyunderbelly.b...

    --
    *** Suerte a todos y Feliz dia!
  14. Re:Monolothic kernels only? by Dwedit · · Score: 1

    It affects every situation where memory is flagged as unreadable.

  15. Re:Monolothic kernels only? by Anonymous Coward · · Score: 0

    I don't think it's as bad as he is making out, since you could still use page table isolation even in a micro kernel.
    It doesn't matter if the kernel can see everything. That is the case even in the proposed BSD patch.
    What matters is that the user space processes cannot see the kernel.
    So as long as they do their memory copying from one process to another in kernel mode, then they can give the kernel access to everything and the userspace only access to the parts of the kernel needed to handle an interrupt and switch into proper kernel mode.

  16. "same approach as Linux" by nuckfuts · · Score: 1

    Describing Guenther's patch as "pretty much the same approach as was taken in the Linux kernel" makes it sounds like he just copied someone else's idea. I think the reality is that kernel developers from numerous platforms have been brainstorming approaches to Meltdown and Spectre.

    I realize this is Slashdot, but please don't try to turn Guenther's achievement into a "Woohoo LINUX!!!" story.

    1. Re:"same approach as Linux" by Anonymous Coward · · Score: 0

      People should also remember that OpenBSD developers were not given advance disclosure like some other vendors:

      https://bsd.slashdot.org/story/18/01/08/0533237/openbsds-de-raadt-pans-incredibly-bad-disclsoure-of-intel-cpu-bug

      Just in case anyone is tempted to gloat that Linux released first.

    2. Re:"same approach as Linux" by Anonymous Coward · · Score: 0

      You conveniently omitted the reason OpenBSD wasn't given advance notice: their asshat leader proved he's not trustworthy by leaking the previous early disclosure. Result: OpenBSD is now blacklisted from early disclosure.

    3. Re: "same approach as Linux" by Anonymous Coward · · Score: 1

      Are you one of those security by obscurity fucktards who thinks having only a few special mega corps and every serious black hat know while the rest of us get ass raped every day by those same black hats us9ng an unknown to us 6 month old 0-day is good practice?

      Fucking moron.

    4. Re:"same approach as Linux" by Anonymous Coward · · Score: 0

      Eh, I'm a BSD fan of sorts and I barely noticed the line.

  17. If they don't fix this meldown crap soon ... by nospam007 · · Score: 1

    ...I'll have a meltdown.