Meltdown / Spectre Discussion

[jgreco]

One interesting possibility is to effectively trust non-jailed processes while treating jailed processes to their own, sanitized page tables.

Not really interesting because it isn't plausible. iX doesn't really have the resources to go coding significant revamps to FreeBSD, so whatever ends up happening will be what comes from upstream. Upstream, in FreeBSD, the need is for this to work for both jailed and non-jailed processes.

Don't mind me, if I sound disagreeable, it's just that I'm angry at having burned a huge amount of time and resources on preparing for an out-of-cycle upgrade. I'm whippin' two big hypervisors to death doing build testing while also trying to engineer an 11.1R build, damn FreeBSD is taking more space in 11.*... and this isn't even the real work.

 

[Bidule0hm]

What would happen if we disable the predictive feature only for load instructions for the kernel memory?

 

[jgreco]

What would happen if we disable the predictive feature only for load instructions for the kernel memory?

We'd end up with ice cream for everyone?

 

[acp]

We'd end up with ice cream for everyone?

Mint chocolate chip?

Sent from my Nexus 5X using Tapatalk

 

[Ericloewe]

Not really interesting because it isn't plausible. iX doesn't really have the resources to go coding significant revamps to FreeBSD, so whatever ends up happening will be what comes from upstream. Upstream, in FreeBSD, the need is for this to work for both jailed and non-jailed processes.

Don't mind me, if I sound disagreeable, it's just that I'm angry at having burned a huge amount of time and resources on preparing for an out-of-cycle upgrade. I'm whippin' two big hypervisors to death doing build testing while also trying to engineer an 11.1R build, damn FreeBSD is taking more space in 11.*... and this isn't even the real work.

It's also interesting in vanilla FreeBSD, so such an option sounds at least plausible.

As for performance penalties, how is that looking for your (customers') workloads?

 

[jgreco]

It's also interesting in vanilla FreeBSD, so such an option sounds at least plausible.

I don't see a significant use case. I'm one of the people who've been deploying jail workloads basically since phk introduced them, and they're not real mainstream. It is more usual to have a shared shell box or other multiuser environment where there is actually significant risk in the main host environment. By comparison, a lot of the time when you've put something in a jail, it's already isolated, which means you don't really have a significant risk of an intruder trying to break out of a jail.

As for performance penalties, how is that looking for your (customers') workloads?

We'll have to see when a patch becomes available.

Back in the '90's, I created the earliest example of an appliance-version of FreeBSD that I'm aware of, which Andrzej Bialecki took and morphed into PicoBSD, which eventually led to NanoBSD. I've been a fan of small appliance-style devices for many years, and this is reflected in the system designs I've done. I do not like the monster, complex, unreproducible systems that many people seem to run. Most of the workloads I deploy these days are in independent VM's, and usually part of the design concept is that it is possible for someone to break into one of my hardened systems, but that this should not give them "keys to the kingdom" - that is, free and easy access to other systems. In as many cases as I can reasonably manage, workloads are running inside a /bin/sh-less jail on a single-task VM, which means "wicked hard to break into," but I still assume that'll happen eventually, and the rest of the systems have to assume that this is a possibility. It's the whole "plan for it" thing. So for a lot of the things I run, this whole thing is an exercise in near-pointlessness. But for other stuff, especially shell servers, it is definitely a concern.

FreeNAS has the potential to suffer some performance hits. Protocols such as NFS and (thankfully) iSCSI run in the kernel, but Samba is a big userland issue.

 

[Mirfster]

Wow, this is all just a gigantic cluster isn't it? Wondering if there are any CPUs out yet that are not affected by this? Also, what type of recourse will the vendors provide; like any credit for trading in a CPU or something?

I love my old cheap equipment and sure as heck am not looking forward to having to buy new stuff... :(

 

[acp]

Wondering if there are any CPUs out yet that are not affected by this?

The 6502 so far isn't impacted so Bender won't be hacked :)

Sent from my Nexus 5X using Tapatalk

 

[jgreco]

The 6502 so far isn't impacted so Bender won't be hacked :)

I'm oddly relieved that I'm not the only one who thought of that. Incidentally, earlier upthread where I made reference to

train wreck many of us have feared as CPU's have gone from a few thousand transistors (really!) to billions.

I was actually talking about the 6502 with its 3510 transistors (a number I recite from memory, what does that say!)

 

[Ericloewe]

On the other hand, Bender is extremely susceptible to side-channel attacks using magnets...

 

[jgreco]

Well, we did use cassette tape for data transfer in that era.

 

[Ericloewe]

Here's a nice little explanation of the basics for those not familiar with CPU architectures:

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

 

[Revan]

There are some news about Meltdown and Spectre from the FreeBSD developers:
https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html

 

[Ericloewe]

This thread is now the thread about this subject. If there are still any isolated open threads, please report them so that we can clean up. Should any existing threads have useful information that's missing here, please report them so we can fix it. Or just post it yourself.

 

[fracai]

I'd suggest changing the thread title to be more relevant to the issue. Something like "Meltdown / Spectre Discussion"

 

[LTCM]

I only kinda understand what's going on but I have a couple of questions.

Did Intel's design of cpus with this flaw gain them any performance edge over rivals? Maybe I'm a conspiracy theorist, but I'm having thoughts that Intel built a (near) monopoly using cpus which traded security for performance; aka they cut corners. And now that the flaw is public, they will encourage you to replace those chips...with brand new Intel products!

Will this flaw cause enterprise users to flood the market with used equipment?

Tell me straight up - is this news so bad that it may cause any of you IT pros to consider switching to AMD? I know Intel has fixed their new chips but come on, you cannot tell me you don't feel at least a little sour taste from team blue right now.

 

[acp]

Did Intel's design of cpus with this flaw gain them any performance edge over rivals? Maybe I'm a conspiracy theorist, but I'm having thoughts that Intel built a (near) monopoly using cpus which traded security for performance; aka they cut corners. And now that the flaw is public, they will encourage you to replace those chips...with brand new Intel products!

Replacing it with what? All current designs are impacted. It will take years before New silicon will be available that isn't impacted.

As for the other reasons, I will wait for the lifetime movie.

Will this flaw cause enterprise users to flood the market with used equipment?

The older stuff, probably (pre haswell,)

Tell me straight up - is this news so bad that it may cause any of you IT pros to consider switching to AMD?

No. While amd isn't impacted with meltdown, they are still vulnerable to Spectre. I'm sure there are other avenues that have yet to be discovered.

I know Intel has fixed their new chips but come on, you cannot tell me you don't feel at least a little sour taste from team blue right now.

Depends what what you are calling fixing. Meltdown requires major rework to every os kernel. Spectre they have released microcode but you are at the mercy of your bios vendor. Web browser are being tweeked to prevent certain kind of attacks.

From what I gathered if you are on anything older than haswell you are screwed.

Intel just doesn't handle bad news very well. See fdiv bug and f00f bug.

I seen that powerpc has also been tested and is vulnerable to sprectre. As if you need another reason to retire that iMac lol


Ars has a good article about the fixes

https://arstechnica.com/gadgets/201...e-and-meltdown-patches-will-hurt-performance/

Just goes to show you that it isn't just software where security needs to be a designed consideration

Sent from my Nexus 5X using Tapatalk

 

[Ericloewe]

Did Intel's design of cpus with this flaw gain them any performance edge over rivals?

At the very least, it's die space they save for other things. It's a cut corner that makes things easier for them - they're not alone, though, and it's more a situation in which AMD went the extra mile, since some ARM designs (Cortex A75, Apple's architectures) are also vulnerable to meltdown.

Spectre they have released microcode but you are at the mercy of your bios vendor.

No, OSes can also upload microcode to the CPU, so that's not a problem.

 

[acp]

No, OSes can also upload microcode to the CPU, so that's not a problem.

Microsoft so far says they won't do it. I know some Linux distros are going to do it. I suspect so will freebsd. They are playing catch-up due to late notification.

As long as dos get it, right? Lol


Sent from my Nexus 5X using Tapatalk

 

[WorBlux]

I seen that powerpc has also been tested and is vulnerable to sprectre. As if you need another reason to retire that iMac lol

Looks like the G3 and G4 are pretty safe. You'd need pretty good info about the memory layout, and a lot of time. G5 looks possible but still tricky. The newer ISA's are more at risk.

https://tenfourfox.blogspot.com/2018/01/is-powerpc-susceptible-to-spectre-yep.html