meltdown and spectre

331 views
Skip to first unread message

r0ller

unread,
Jan 4, 2018, 3:46:27 AM1/4/18
to minix3
Hi All,

Just out of mere curiosity: would any of these hit minix or is it already prevented by design?

Thanks&regards,
r0ller

Jean-Baptiste Boric

unread,
Jan 4, 2018, 8:02:22 AM1/4/18
to minix3
Hi,
 
Just out of mere curiosity: would any of these hit minix or is it already prevented by design?

I'll only hazard a guess for meltdown.

Meltdown requires both access to a precise enough time source and having the kernel mapped (but off-limits from user-mode) in the address space. I'd say MINIX3 is vulnerable, since TSD in CR4 is not set (so user-space mode has access to RDTSC) and we don't have a 4G/4G split (the micro-kernel is mapped in every address space). Also, we don't have kernel ASLR, so that makes exploitation even easier.

Besides the entire micro-kernel state, the micro-kernel maps parts of user-mode processes's address spaces while performing memory grant operations. If these can be successfully attacked by meltdown, that would be bad news.

Jean-Baptiste Boric

r0ller

unread,
Jan 4, 2018, 9:48:31 AM1/4/18
to minix3
Hi Jean-Baptiste,

Interesting... Thanks!

Best regards,
r0ller

Sambuc Lionel

unread,
Jan 8, 2018, 1:23:16 AM1/8/18
to MINIX3 Google Group
Dear R0ller,


For more information, there is a nice arstechnica article which
summarise things:

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

There are two issues:
1. Meltdown

This is the one for which there is a clear fix, which is NOT to map
the kernel into the userland processes.

MINIX already does that almost entirely, by design as the OS
services are in separate userland processes.

All that is mapped, is the microkernel itself, as mentioned by
Jean-Baptiste, as well as the pagetable directory and some buffers
while processing specific kernelcalls.

Unless I am mistaken, as I have not read the patches being applied
in the Linux kernel and other OSes, they do more or less the same,
except that all the kernel services are mapped in a single address
space.

The speed impact of having two context switches per system call is
what MINIX, and any microkernel, have been paying for years.

We could adapt the microkernel to go even further, and only map a
single 4kB page, but I am not sure of how much this would change
compared to what we have now.

2. Spectr

This is the tricky one, which can't be entirely protected against
right now. This will need a precise analysis of the whole kernel
AND system libraries, AND specific applications to protect against
it.

That one, MINIX is certainly as vulnerable as any other OS,
microkernel or not.


Kind regards,

Lionel Sambuc

------------------------------------------------------------------------
> --
> You received this message because you are subscribed to the Google Groups "minix3" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to minix3+un...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

r0ller

unread,
Jan 8, 2018, 3:07:07 AM1/8/18
to minix3
Hi Lionel,

Thanks for the link, I read that yesterday evening:)

Concerning your answers:

1) That's what I thought as well when used the term in my question "by design":)

2) Kind of expected as well but wasn't sure.

Thanks again for the clarification!

Best regards,
r0ller
Reply all
Reply to author
Forward
0 new messages