Meltdown and Spectre Exploits Create Havoc
2017 MAY HAVE BEEN THE YEAR OF THE CPU, but 2018 has kicked off with some serious problems. Researchers have published details on two new exploits: Meltdown and Spectre. Reading through the whitepapers is like a crash course in CPU architectural design, a
While Meltdown is perhaps the more serious of the two, Spectre may haunt CPU designers for years to come. Both use similar core ideas, with Meltdown attacking via the CPU’s ability to do out-of-order execution (OOOE), while Spectre comes at things via speculative execution. Nearly all modern CPUs utilize these techniques to improve performance, which sometimes results in processors partially executing code that ends up being discarded. Things get cleaned up before the results of any code are finalized, and normally there’s no cause for alarm. The problem is that Meltdown uses the code that partially executes to affect the cache hierarchy, so even though the final execution result is correct, the internal states of the CPU caches get altered.
Meltdown uses knowledge of Intel CPU architectures, combined with a “bad” instruction that shouldn’t execute—but which does get partially executed—to figure out the contents of any part of system memory. I’m simplifying, but a memory access instruction is executed, with the results discarded later in the CPU pipeline. The prefetch logic of processors will still start to try to grab data from memory into the cache, however, and the exploit uses a Flush+Reload cache attack to figure out the secret value in the referenced memory. Meltdown has been demonstrated reading any memory in a system at around 500kB/s—not extremely fast, but fast enough if the memory contains usernames and passwords.
Spectre is more difficult to use, and requires code tailored for each microprocessor architecture. The whitepaper states that Spectre on a Haswell processor was able to execute up to 188 simple instructions that shouldn’t normally run. The bigger issue with Spectre is that variants should be able to work on nearly any modern processor. Future chips will also likely be susceptible to this sort of attack.
The good news in all of this is that the researchers contacted the microprocessor companies, and work has been done to patch the system firmware as well as various operating systems to block the exploits. If that were the end of the story, it wouldn’t be so bad, but those fixes come with compromises.
The biggest compromise is in performance. Depending on the workload, Intel has reported a performance drop of 0–25 percent, which means in some cases your processor just became as slow as a three-generations-earlier part. For most home users, the impact on performance is likely to be much lower, typically less than 5 percent. Gaming is included in this, so you’re unlikely to see big drops in frame rates. Servers don’t get off so easily, and cloud servers could be hit hard. That stands to reason, because before the patch, the Meltdown attack allowed one virtual machine (VM) to dump all the memory in use by any other VM—including passwords and other sensitive data, with no indication of a breach.
Perhaps most surprising is how far back the potential exploits reach. We’re just hearing about them now, but Spectre attacks may be viable on hardware dating all the way back to the original Pentium Pro— over 20 years! Thankfully, Google’s Project Zero helped find these holes so they can be plugged, but if your PC is more than five years old, you should probably start looking for an upgrade. But, then, you should have been doing that regardless.
The bigger issue with Spectre is that variants could work on nearly any modern processor.
Jarred Walton has been a PC and gaming enthusiast for over 30 years.