Intel芯片主导了服务器和PC市场,但它们也广泛用于嵌入式应用程序中。在这些芯片中发现了一个称为熔化的严重缺陷,该修复程序可能会产生重大影响。缺陷和修复的细节仍在包裹中。但是,我们确实知道有关该问题和潜在解决方案的一些信息。所有这些都紧随英特尔管理引擎问题that affected a large number ofIntel处理器。
障碍似乎是内存管理单元(MMU)保护内存的方式,这是实现安全系统的关键。该问题涉及内核内存以及如何从常规应用程序中进行检查。解决方案是不在应用程序的虚拟内存(VM)空间中包含任何内核内存。Windows,Linux和MacOS的补丁正在进行中,其他针对的操作系统Intel平台也可能会更改。
开发人员将需要与他们的软件供应商合作进行这些更改。任何具有此缺陷在处理器上运行的虚拟内存或虚拟机器支持的操作系统都需要更改以解决它。
The Meltdown bug is now documented asCVE-2017-7574。还报道了另外两个称为幽灵的主要错误。这些包括界限检查旁路(CVE-2017-5753)和分支目标注入(CVE-2017-5715). Meltdown is found inIntelplatforms while Spectre can affectAMDand ARM Cortex-A platforms.
To Share or Not to Share
问题在于将内核保持在自己的地址空间和与应用程序共享的设计之间的设计权衡。将所有内容保留在内核自己的地址空间中意味着只有内核才能访问它,但是现在,从应用程序到内核的任何调用都需要一个重大的州交换,从而造成更多开销。这就是为什么许多微核方法在性能方面挑战像Linux这样的单片内核的困难之一。
For example, the kernel/application virtual memory split for an application in 32-bit Linux allocates the top 1 GB of virtual address space to the kernel. The application gets the remaining 3 GB. The kernel address space is mapped to physical memory in linear fashion, making it possible to easily map the addresses to physical addresses so that direct-memory-access (DMA) operations are easier to contend with.
X86体系结构还具有四环安全系统。大多数操作系统仅使用两个环。环0“主管模式”,最高的安全级别用于运行内核。环3“用户模式”是应用程序寿命的地方。虚拟内存系统允许内存块访问控制不仅考虑虚拟到物理映射,还可以考虑在块上应用哪些环访问权限。在环0上运行的任务,内核将能够访问任何内容,但是在环3上运行的应用程序将无法使用ring 0安全访问内存。这样可以防止应用程序访问内核空间中的上内存。
这种方法效果很好……到目前为止。
Another component in the MMU support is the translation lookaside buffer. This is part of the caching system that handles recent translations between virtual and physical memory. It’s also part of the security system.
IntelMMU的MMU实现了一个称为“投机执行”的功能,该功能可以为系统提供性能提升。AMDdoesn’t implement its MMU in the same way asIntel,因此问题不会发生AMDX86处理器。这是细节模糊的地方,因为研究人员,操作系统程序员和Intelare keeping the information secret until fixes can be made available to the public.
解决方案是什么?
The fix is to move a majority of the kernel space data at the top of memory that’s shared with all applications into the kernel’s own, lower memory space. Essentially, this part of the kernel operates like a conventional application from a memory-map standpoint. The MMU flaw doesn’t affect the protection of unshared areas like these.
This change means that a full context switch will be required for more kernel/system call operations, since the data needed to process the information will only be accessible using this approach.
The fix incurs additional overhead, which could potentially impact overall system performance. Numbers ranging from 5% to 30% have been tossed out, but we will have to wait for actual fixes to test those assertions. Even 5% can have an impact on embedded applications where certification, tuning, and other issues would be affected by even a small change. Likewise, changing the operating system would require recertification or testing for many critical applications.
关于缺陷的大多数讨论都与安全性和性能有关。这是合理的,因为更改对用户,大多数服务器应用程序和云提供商的影响会更好,但总体性能较低。假设它们可以安装修复程序,则对于大多数嵌入式应用程序也是如此。不幸的是,在嵌入式系统方面,更新操作系统并不总是一个选择。许多系统将需要重大回归测试甚至重新认证。有些人甚至可能需要重新设计或更改已交付的功能,因为在更改后现有的硬件性能可能不足以支持某些功能。
The level of impact will depend on the application mix running on a system. Applications that have a low number of system calls will encounter minimal overhead. It doesn’t matter whether the operations being performed are in the application or the kernel, as long as the number of transitions between the two is low. Applications with a high number of system calls could see a significant slowdown.
那么,为什么还没有解决问题,因为已经做了很多工作来解决该缺陷?任何修复程序都会在对嵌入式系统的影响方面具有相同的原因。这种大小的改变会以未知的方式影响一切。因此,确保新软件仍然可以与现有代码(包括操作系统的其余部分)正确合作至关重要。
Will everyone incorporate or have these fixes available for their systems? Probably not. The changes will likely target the latest versions of popular operating systems. Since the fix is within the OS, those still running something like Windows 95 or even Windows Vista will run into problems. One way to address the issue is to improve the security around the system such as providing external firewalls to isolate a system running current software without the fixes that would slow down the system.
苹果最近提供了一个操作系统补丁放慢了一些较旧的iPhone解决电池老化。这个生成的傅ror that Apple is providing low-cost battery replacements. We will see what impact Intel’s processor flaw will have on Intel and the rest of the world.
