What is the status of AMD and ARM processor after Spectre/Meltdown?
How can Intel, AMD and ARM escape this meltdown and spectre without replacing the chips? Is patching the only solution? Or even it has some loopholes?
In short, the problem is a hardware level bug that lets processes with lower levels of permission snoop on the memory used by everything else, including the OS kernal. Any CPU with the bug will be vulnerable to these attacks forever. The only resolution to the problem is to change how applications access memory in a way that works around the bug or hardens applications against the bug, which is what the patches do. Unfortunately, this takes a lot of processing power to do. The only way these vulnerabilities will be resolved is to completely redesign the CPUs so they work in a way that isn't vulnerable to attack. This is probably going to take a while to happen, since CPU designs take a *long* time. Most of the CPUs in computers now and that are on shelves now are vulnerable and will always be vulnerable, so patching applications and OSes is the only way to fix it.
Now, less than 2 years away, BIOS will be gone, NetBIOS will be gone, UEFI will be the only startup method for computers. I am fairly sure we will not see any x86 computers. And in Windows, only Windows 10 or an as yet unannounced successor will be available.
The change of chips is future and more of enhancements as there is need to measure performance against such flaws. It can slow the chips itself which is not the intent but most of the solution by the vendors are patching first for Meltdown that can solve it and mitigation for Spectre which is more tricky and complex. Guarding against Spectre will still need operating system and application-level changes.
I do expect the microcode patch will still be done for all chips going ahead. But operation system vendors have their own tricks to remediate such as dual page table protection, in context switching reset the branch-prediction buffers, disabling JavaScript shared buffers and adding random jitters in JS timer at the browser end, etc.
Ultimately when the new capabilities of the chip microcode is clearer, the OS community will also hop obto using them actively as another Layer of defence.
Here are some summary for the chip vendors.
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
For Intel, on Meltdown, they are recommending the operating system level fix. Future generation processors will also include the capabilities, with Intel promising a lower performance impact. There are three new capabilities in total: one to "restrict" certain kinds of branch prediction, one to prevent one HyperThread from influencing the branch predictor of the other HyperThread on the same core, and one to act as a kind of branch prediction "barrier" that prevents branches before the "barrier" from influencing branches after the barrier.
These new restrictions will need to be supported and used by operating systems; they won't be available to individual applications. Some systems appear to already have the microcode update.
Intel whitepaper
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
For AMD's chips, they aren't believed susceptible to the Meltdown flaw at all. The company also says (vaguely) that it should be less susceptible to the branch prediction attack. The array bounds problem has, however, been demonstrated on AMD systems, and for that, AMD is suggesting a very different solution from that of Intel: specifically, operating system patches. Not clear on their direction till next week the coordinated disclosure of action is released.
For ARM, on the array bounds attack, they are introducing a new instruction that provides a speculation barrier; similar to Intel's serializing instructions, the new ARM instruction should be inserted between the test of array bounds and the array access itself. ARM even provides sample code to show this.
ARM doesn't have a generic approach for solving the branch prediction attack, and, unlike Intel, it doesn't appear to be developing any immediate solution. However, the they note that many of its chips already have systems in place for invalidating or temporarily disabling the branch predictor and that operating systems should use that.
ARM's very latest high-performance design, the Cortex A-75, is also vulnerable to Meltdown attacks. The solution proposed is the same as Intel suggests and the same that Linux, Windows, and macOS are known to have implemented: change the memory mapping so that kernel memory mappings are no longer shared with user processes. ARM engineers have contributed patches to Linux to implement this for ARM chips.
ARM whitepaper
https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf?revision=966364ce-10aa-4580-8431-7e4ed42fb90b&la=en
I do expect the microcode patch will still be done for all chips going ahead. But operation system vendors have their own tricks to remediate such as dual page table protection, in context switching reset the branch-prediction buffers, disabling JavaScript shared buffers and adding random jitters in JS timer at the browser end, etc.
Ultimately when the new capabilities of the chip microcode is clearer, the OS community will also hop obto using them actively as another Layer of defence.
Here are some summary for the chip vendors.
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
For Intel, on Meltdown, they are recommending the operating system level fix. Future generation processors will also include the capabilities, with Intel promising a lower performance impact. There are three new capabilities in total: one to "restrict" certain kinds of branch prediction, one to prevent one HyperThread from influencing the branch predictor of the other HyperThread on the same core, and one to act as a kind of branch prediction "barrier" that prevents branches before the "barrier" from influencing branches after the barrier.
These new restrictions will need to be supported and used by operating systems; they won't be available to individual applications. Some systems appear to already have the microcode update.
Intel whitepaper
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
For AMD's chips, they aren't believed susceptible to the Meltdown flaw at all. The company also says (vaguely) that it should be less susceptible to the branch prediction attack. The array bounds problem has, however, been demonstrated on AMD systems, and for that, AMD is suggesting a very different solution from that of Intel: specifically, operating system patches. Not clear on their direction till next week the coordinated disclosure of action is released.
For ARM, on the array bounds attack, they are introducing a new instruction that provides a speculation barrier; similar to Intel's serializing instructions, the new ARM instruction should be inserted between the test of array bounds and the array access itself. ARM even provides sample code to show this.
ARM doesn't have a generic approach for solving the branch prediction attack, and, unlike Intel, it doesn't appear to be developing any immediate solution. However, the they note that many of its chips already have systems in place for invalidating or temporarily disabling the branch predictor and that operating systems should use that.
ARM's very latest high-performance design, the Cortex A-75, is also vulnerable to Meltdown attacks. The solution proposed is the same as Intel suggests and the same that Linux, Windows, and macOS are known to have implemented: change the memory mapping so that kernel memory mappings are no longer shared with user processes. ARM engineers have contributed patches to Linux to implement this for ARM chips.
ARM whitepaper
https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf?revision=966364ce-10aa-4580-8431-7e4ed42fb90b&la=en
ASKER
Thanks everyone for detailed explanations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No need to replace chips.
Dump X86 machines yesterday or earlier.