Performance Meltdown | TechSNAP 351

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

What is Meltdown and Spectre

• Meltdown and Spectre

• These vulnerabilities have been present in most computers for nearly 20 years.

• Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack.

• What is a side channel?

From Wikipedia:

“… a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system.”

• Spectre and Meltdown are side-channel attacks which deduce the contents of a memory location which should not normally be accessible by using timing to observe whether another, accessible, location is present in the cache.

• Meltdown is a CPU vulnerability. It works by using modern processors’ out-of-order execution to read arbitrary kernel-memory location. This can include personal data and passwords. This functionality has been an important performance feature. It’s present in many modern processors, most noticeably in 2010 and later Intel processors. By breaking down the wall between user applications and operating system’s memory allocations, it can potentially be used to spy on the memory of other programs and the operating systems.

• Spectre breaks down the barriers between different applications. You could theoretically use it to trick applications into accessing arbitrary program, but not kernel, memory locations. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate, and it attacks even more chip architectures than Meltdown does. For now, there are no universal Spectre patches.

• Meltdown And Spectre Explained

• The timeline: How we got to Spectre and Meltdown A Timeline  

• ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown

Behind the Scenes all is not well

• How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown
• FreeBSD was made aware of Meltdown and Spectre in late December. There’s currently no ETA for mitigation.
• heads up: Fix for intel hardware bug will lead to performance regressions
• LKML: Tom Lendacky: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

Meltdown and Spectre Patch Performance Hit

• Degraded performance after forced reboot due to AWS instance maintenance
• Fortnite takes performance hit from ‘Meltdown,’ says Epic
• Meltdown & Specter: Intel downs performance

• Meltdown and Specter – Performance according to Microsoft under Win 7 and 8 worse than under Win 10

• Intel releases breakdown of performance slowdown on Windows 10 after Spectre and Meltdown patches: ~6% for 8th-gen CPUs, ~7% for 7th-gen, ~8% for 6th-gen  

Protecting our Google Cloud customers from new vulnerabilities without impacting performance

With the performance characteristics uncertain, we started looking for a “moonshot”—a way to mitigate Variant 2 without hardware support. Finally, inspiration struck in the form of “Retpoline”—a novel software binary modification technique that prevents branch-target-injection, created by Paul Turner, a software engineer who is part of our Technical Infrastructure group. With Retpoline, we didn’t need to disable speculative execution or other hardware features. Instead, this solution modifies programs to ensure that execution cannot be influenced by an attacker.

What’s the fix for Meltdown and Spectre?

• Meltdown, Spectre bug patch slowdown gets real

• Available Spectre and Meltdown patches

• PCID is now a critical performance/security feature on x86 – Google Groups

Checking yourself and the outlook for 2018

• spectre-meltdown-checker:
• Prepare yourself and your company for the fact that this could be a trend for 2018.

• Several researches converged on these flaws at once. TechSNAP predicts that means more are coming, and folks like Greg KH have suggested just as much.

• Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown – Raspberry Pi

macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password

A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.

• Major macOS High Sierra Bug Allows Full Admin Access Without Password  

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

WD My Cloud NAS devices have hard-wired backdoor

The backdoor, detailed here, lets anyone log in as user mydlinkBRionyg with the password abc12345cba.

Feedback

+ New video feed https://techsnap.systems/video

• How could I measure all of these overhead performance hits
• Perfmon
• Troubleshooting with Sysinternals Tools – Windows Sysinternals | Microsoft Docs
• ProcDump – Windows Sysinternals | Microsoft Docs

• Process Monitor – Windows Sysinternals | Microsoft Docs

• MySQL Replication Woes · Slexy.org Pastebin

• Big DELETEs – MariaDB Knowledge Base