{"id":3044,"date":"2019-04-05T01:48:50","date_gmt":"2019-04-05T01:48:50","guid":{"rendered":"http:\/\/pariswells.com\/blog\/?p=3044"},"modified":"2020-04-05T01:49:25","modified_gmt":"2020-04-05T01:49:25","slug":"spector-and-meltdown","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/spector-and-meltdown","title":{"rendered":"Spector and Meltdown"},"content":{"rendered":"

Firstly, Spectre and Meltdown is a completely different class of flaws that is not the same as the traditional flaws. Hence, the industry is trying to quickly develop \u201cworkarounds\u201d to mitigate them. And as we all know, workarounds and quick fixes has their impacts, and this is what we are seeing now with all the blogs about performance issues and confusion. \u00a0This doesn\u2019t mean we don\u2019t do anything and ignore patching the flaw. We need to understand these flaws and patches, so the appropriate actions are taken.<\/p>

\u00a0<\/p>

As the industry work on better solutions, new better patches will be released and we need to know about them. Hopefully, the information below will help all of us to understand more about these vulnerabilities. Also, attached are the research papers released by Google Project Zero that started all these (if you are really interested).<\/p>

\u00a0<\/p>

Vulnerabilities summary and current mitigation approach<\/b><\/p>

Spectre : CVE-2017-5753 : Variant 1 : Bounds Check Bypass
Compiler change; recompiled binaries now part of Windows Updates<\/p>

Edge & IE11 hardened to prevent exploit from JavaScript
Silicon Microcode Update ALSO Required on Host :\u00a0No<\/b>

Spectre : CVE-2017-5715 : Variant 2 : Branch Target Injection
Calling new CPU instructions to eliminate branch speculation in risky situations
Silicon Microcode Update ALSO Required on Host :\u00a0Yes<\/b>

Meltdown : CVE-2017-5754 : Variant 3 : Rogue Data Cache Load
Isolate kernel and user mode page tables
Silicon Microcode Update ALSO Required on Host :\u00a0No<\/b><\/p>

\u00a0<\/p>

The MS<\/b>\u00a0Patch Confusion<\/b><\/p>

https:\/\/support.microsoft.com\/en-hk\/help\/4073119\/protect-against-speculative-execution-side-channel-vulnerabilities-in<\/a><\/p>

When the patch is applied to workstations the default behaviour is to enable the mitigations for both \u201cbranch target injection\u201d and \u201crogue data cache load\u201d vulnerabilities.<\/p>

\u00a0<\/p>

https:\/\/support.microsoft.com\/en-hk\/help\/4072698\/windows-server-guidance-to-protect-against-the-speculative-execution<\/a><\/p>

But when applied to servers, you have to enable these settings manually.<\/p>

\u00a0<\/p>

This can be verified by the powershell command provided by MS.<\/p>

\u00a0<\/p>

\"\"<\/p>

\u00a0<\/p>

Performance Myth<\/b><\/p>

On my Surface, when both mitigation are enabled, it slowed down my Surface significantly (feels like having HDD again, everything lags)<\/p>

\u00a0<\/p>

If you read the article in detail, you can actually override each mitigation individually or altogether.<\/p>

\"\"<\/p>

\u00a0<\/p>

Setting FeatureSettingsOverride to 0x1, disable to mitigation for \u201cbranch target injection\u201d, which is the one that (in theory) impacts on performance. After doing this, my Surface is back to normal again.<\/p>

\u00a0<\/p>

\"\"<\/p>

\u00a0<\/p>

\u00a0<\/p>

Take Away<\/b><\/p>