OpenBSD Releases Meltdown Patch

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's -- pretty much the same approach as was taken in the Linux kernel. From a report: A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post saying the operating system's developers were working out what to do. Now he's revealed the approach used to fix the free OS: "When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace." That explanation is somewhat obscure to non-developers, but there's a more readable discussion of what the project's developers had in mind from January, here.

Re:Are we so sure it does not affect AMD?

[llamalad]

There were two recent vulnerability announcements.

Meltdown (which affects only Intel)
Spectre (which affects Intel, AMD, ARM, and probably more)

Intel has done a *great* job of making it sound like they're one and the same, and everyone's affected.

Meltdown is fixable.

Spectre isn't fully fixable yet, afaik.

On a related note, think about what Spectre really means for your public cloud workloads...

Re:Are we so sure it does not affect AMD?

[Megol]

"AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

That's technical enough. No matter how the timing is tweaked AMD isn't vulnerable.

Processors afected by Meltdown:

[williamyf]

From my blog:

Meltdown affects all Intel Processors with Out-of-Order-Execution (OOE) and, more importantly, Speculative-Execution, perhaps going back to the Original PentiumPro, and all Atom processors made after 2013 (the original Atoms were In-Order-Execution). AMD processors are immune [3], and Via (remember Via?) has remained silent. Meltdown also affects other architectures, like several ARM processors, including the up-and-coming Cortex-A75 (intended for datacenter use), as well as many others used in cellphones and appliances [5], also IBM’s POWER7+, 8 and 9 are affected [4]. But this paper is not concerned with other architectures.

[3] https://www.amd.com/en/corpora...
[4] https://www.ibm.com/blogs/psir...
[5] https://developer.arm.com/supp...

The Full Blog is here:
https://technologyunderbelly.b...