This kernel half is shared between every process, using just one set of page table entries for every process. Traditionally, the accessible memory given to each process is split in half the bottom half, with a per-process page table, belongs to the process. Operating systems use structures called page tables to map between process or kernel memory and the underlying physical memory. Meltdown is fixed by changing how operating systems handle memory. Meltdown applies to Intel's x86 and Apple's ARM processors it will also apply to ARM processors built on the new A75 design. With Meltdown, an attack that builds on the same principles, this information can leak data within the kernel memory. With the Spectre attack, this information can be used to, for example, leak information within a browser (such as saved passwords or cookies) to a malicious JavaScript. These small changes can be measured, disclosing information about the data and instructions that were used speculatively. This is meant to be transparent to programs, but it turns out that this speculation slightly changes the state of the processor. If they guess correctly, they win some extra performance if they guess wrong, they throw away their speculatively calculated results. They will make assumptions about which way branches in the code are taken and speculatively compute results accordingly. To recap: modern high-performance processors perform what is called speculative execution. They did the right thing.Further Reading “Meltdown” and “Spectre:” Every modern processor has unfixable security flaws "Despite the performance impact, AWS was protecting its customers. "We’re still investigating the longer term impact on our system," Branch's Chan says. In fact, AWS pushed out yet another refinement on Friday to improve performance right as this story went live. Even after all of its struggles and the money it had to spend to handle the problem, Branch says it sympathizes with AWS, and everyone working to deploy the patches. "We sell performance, so if it was going to slow us down that would have a very big impact on our business."Īnd though installing the Meltdown and Spectre patches has been an enormous effort and caused real grief, many in the industry remain upbeat about the challenge. "You’re suddenly in an emergency situation where there’s kind of a fog of war," Cumming says. "The mystery reboots from just a few weeks earlier suddenly made sense."įor its part, Cloudflare, which claims to manage almost 10 percent of internet requests worldwide, says that in the end it managed the performance issues with the Meltdown and Spectre patches by putting extensive resources into testing the fixes before pushing them out. "At some point someone floated the hypothesis that it was an underlying performance issue due to the Spectre and Meltdown patches being applied by AWS," Chan says. The team kept Branch's services operational by reworking some of their architecture, and purchasing more server capacity from AWS to stabilize the workloads. We were seemingly chasing a non-existent bug in our system." "We spent a few days eliminating possibilities one after another, but were unable to find a root cause. "We had six engineers crammed in a small war room all staring at charts, deploy logs, revision histories, and latency graphs looking for the cause," Chan says. But the server slowdowns a few weeks later presented a more pressing concern. An unexpected round of AWS server reboots in December had already struck Ian Chan, Branch's director of engineering, as odd. In the early days of 2018, the engineering team at the mobile services company Branch noticed slowdowns and errors with its Amazon Web Services cloud servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |