uploads/2018/01/A4_Semiconductors_INTC_working-of-Spectre-and-Meltdown-1.png

Understanding the Mechanics of Spectre and Meltdown

By

Updated

How do Spectre and Meltdown work?

2018 started with the revelation of chip design flaws Spectre and Meltdown. Many tech companies released software patches to fix the issue, but the question remains whether these fixes are effective. To understand the fixes, we first have to understand the mechanics of Spectre and Meltdown. Google (GOOG), Apple (AAPL), and The Register have explained this security gap, and we’ll summarize these explanations in layman terms in this article.

Article continues below advertisement

Both Spectre and Meltdown take advantage of a loophole in the technique of “speculative execution,” which is used by chips to improve processing speed. Generally, when a program is running, it has to make a system call to switch the CPU (central processing unit) from the user mode to the kernel mode to access protected data.

Kernel memory is present in the virtual memory address spaces of all processes but not visible to user programs. After it fetches the data, the CPU switches back to the user mode and makes the sensitive data accessible from kernel memory, invisible to the program.

Advanced Micro Devices’ (AMD) software engineer Tom Lendacky explained that Intel (INTC) CPUs’ speculative execution technique allows user programs like database applications or JavaScript in web browsers to start computing tasks that processors predict could be required next. In this predictive loading of instructions, the CPU allows the user mode to read the layout or contents of protective kernel memory to some extent and complete the instruction before the privilege level security checks occur.

Article continues below advertisement

This flaw in chip design gives hackers a chance to develop user programs that can leak sensitive information from kernel memory. AMD stated that it is not impacted. In an email to the public Linux kernel listserve, Tom Lendacky wrote, “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

Suggested fixes to Spectre and Meltdown

The Register suggested that Intel can fix the security gap by completely separating kernel memory from user processes using KPTI (kernel page table isolation). KPTI would shift kernel memory to a separate address space altogether instead of hiding kernel memory from user programs.

While this separation would improve security, it would reduce PC processing speed by 5% to 30% depending on the task and the processor model. This is because switching between different address spaces for every system call would force the CPU to reload information from memory while dumping cached data, according to The Register.

Users would have to choose between performance and security because a software fix could slow the performance of a 2017 server CPU to the level of a 2013 server CPU.

Next, we’ll look at the impact of Intel’s software fixes on the performance of different chips.

Advertisement

More From Market Realist