Kernel Update Today, Downtime

A fact about mys site which some people may not know, is that I take the unusual approach of hosting it on one of my PCs at home. The computer which acts as my Web-server, is also the one I named ‘Phoenix’, and which is still running Debian / Jessie. What this piece of trivia means in practice, is that any downtime of this one PC, also causes the site not to be accessible on the Internet. This is very different from how it would be, if I was to pay a professional hosting service.

Today, ‘Phoenix’ received a long-awaited kernel update, With which the package maintainers hope to be mitigating the ‘Meltdown’ vulnerability. What this does, is complete the work that some of the System Programmers have been doing, on the ‘Meltdown’ vulnerability, since as it stands, all the kernels on the list here have been patched now.

The fact is somewhat ironic, that ‘Phoenix’ has an AMD processor, and was therefore never directly susceptible to this form of attack. However, the computer which I name ‘Plato’ has an Intel CPU, and received its kernel update on January 5.

I congratulate the kernel-programmers on a milestone in their work.

Now an unanswered question remains, as to what will be done – if anything – about ‘Spectre’, which is a related vulnerability, in which a hypothetical attacker would ‘attack’ other processes running on the same machine, but not the kernel. The problem with ‘Spectre’, as far as I think I understand it, is that it involves “Speculative Execution” of code, but does not involve ‘system calls’ per se. What that means is that, unless somebody comes up with something brilliant, the only ways to patch that would either be to disable Speculative Execution entirely, or, switch to new chips, which have been designed with ‘Spectre’ taken into account, but which haven’t been designed yet in fact.

‘Spectre’ may also affect some AMD CPUs.

In any case, my site was unavailable from about 15h30 until 15h45.

Dirk

 

Understanding ‘Meltdown’ and ‘Spectre’ in Layman’s Terms

One of the pieces of news which many people have heard recently, but which few people fully understand, is that in Intel chip-sets in particular, but also to a lesser degree in AMD-chip-sets, and even with some ARM (Android) chip-sets, a vulnerability has been discovered by researchers, which comes in two flavors: ‘Meltdown’ and ‘Spectre’. What do these vulnerabilities do?

Well, modern CPUs have a feature which enables them to execute multiple CPU-instructions concurrently. I learned about how this works, when I was taking a System Hardware course some time ago. What happens is meant to make up for the fact that to execute one CISC-Chip instruction, typically takes up considerably more than 1 clock-cycle. So what a CISC-Chip CPU does, is to start execution on instruction 1, but during the very next clock-cycle, to fetch the opcode belonging to instruction 2 already. Instruction 1 is at that point in the 2nd clock-cycle of its own execution. And one clock-cycle later, Opcode 3 gets fetched by the CPU, while instruction 2 is in the 2nd clock-cycle, and instruction 1 is in the 3rd clock-cycle – if their is any – of each of their execution.

This pushes the CISC-Chip CPUs closer to the ideal goal of executing 1 instruction per clock-cycle, even though that ideal is never fully reached. But, because CPU-instructions contain branches, where a condition is tested first, and where, in a roundabout way, if the non-default outcome of this test happens to be true, the program ‘branches off’, to another part within the same program, according to the true logic of the CPU-instructions. The behavior of the CPU under those conditions has also been made more-concurrent, than a first-glance appraisal of the logic might permit.

When a modern CISC-Chip CPU reaches a branching instruction in the program, it will continue to fetch opcodes, and to execute the instructions which immediately follow the conditional test, according to the default assumption of what the outcome of the conditional test is likely to be. But if the test brings about a non-default logical result, which will cause the program to continue in some completely different part within its code, the work which has already been done on the partially-executed instructions is to be discarded, in a way that is not supposed to affect the logical outcome, because program flow will continue at the new address within its code. At that moment, the execution of code no longer benefits from concurrency.

This concurrent execution, of the instructions that immediately follow a conditional test, is called “Speculative Execution”.

The problem is, that Complex Instruction-Set CPUs, are in fact extremely complex in their logic, as well as the fact that their logic has been burned as such, into the transistors – into the hardware – of the CPU itself, and even the highly-skilled Engineers who design CPUs, are not perfect. So we’ve been astounded by how reliably and faithfully actual, physical CPUs execute their intricate logic, apparently without error. But now, for the first time in a long time, an error has been discovered, and it seems to take place across a wide span of CPU-types.

This error has to do with the fact that modern CPUs are multi-featured, and that in addition to having concurrent execution, they also possess Protected Memory, as well as Virtual Memory. Apparently, cleverly-crafted code can exploit Speculative Execution, together with how Virtual Memory works, in order in fact to bypass the feature which is known as Protected Memory.

It is not the assumption of modern computers, that even when a program has been made to run on your computer – or your smart-phone – It would just be allowed ‘to do anything’. Instead, Protected Memory is a feature that blocks user-space programs from accessing memory that does not belong to them. It’s part of the security framework actually built-in to the hardware, that makes up the CPU.

More importantly, user-space programs are never supposed to be able to access kernel memory.

(Updated 01/11/2018 : )

Continue reading Understanding ‘Meltdown’ and ‘Spectre’ in Layman’s Terms