pc hardware Spectre and Meltdown

[SEAWOLF121]

hello, I have a few questions about spectre and meltdown I just need to know what the symptoms of it could be and has it become a public thing yet. What will I do to prevent it?

 

I have a PC with: -Ryzen 5 1400 -gtx 1060 6gb -Asus b350-a

[0x1B]

TL;DR Keep your system up to date, Spectre and Meltdown had been patched already in most (if not all) distributions of GNU/Linux, MacOS, Windows, etc.

 

To understand how to defend yourself against these vulnerabilities, you first need to know what they are. In short, processors (the literal silicon) have a feature called "speculative execution", which can be abused by processes running in unprivileged context to "peek into" nearby memory which belongs to other processes memory or even the kernel. The fix is simple: since the exploit relies on proximity of the memory "chunks", the OS programmers just need to change the way memory is handled to separate each process memory and especially OS memory. That is exactly what Microsoft and Linus Torvalds did in the begging of this year and already released patches, which have been integrated in most distributions of both systems so far. I assume you are running a modern consumer version of Windows, so my advice is "just install all the updates" following the Microsoft checklist.

 

The issue arises from CPU "speculating" and starting to prepare data for the next program's share of the CPU time while the old program is still being executed, so the old program can peek into the next program's memory. The important thing here is that it is read access, not write access and effectively in order for that to happen, you have to run the specifically manufactured code on your machine in the first place. So unless you tend to download a lot of stuff from untrusted sources and running it, you are probably fine even not updating (but you should update anyway). The problem mostly affects cloud server companies as they have to run whatever clients decide to run and thus must update.

 

If you would like to know what "speculative execution" is, here is an analogy (clay = data, choice of what to make = conditional jump, burning = mathematical operations, products = products of computation).

Imagine you produce ceramic bricks, roof tiles and dishes, but the market is changing every day and you don't know what will be popular today (and products made today will go out of fashion tomorrow). To make them, you take clay from a pit in your back yard (free of charge for you), shape clay in the required product (free of charge for you) and then burn pre-formed clay in an oven (that has two modes: coll/idle burning 6 pieces of wood an hour and hot/working burning 10 pieces of wood an hour).

Thus you have two problems:

- you want to sell as much product as possible, but don't know what will be in demand,

- you have to spend some wood to run the oven all the time, you can only choose whether to have it idle (wasting little wood) or active (producing products)

Obviously, the best situation is to predict in advance what will be needed and produce it... but you can only guess and pick one of the three products. Furthermore, if the market price is high enough and you can guess well, it will always be better to burn at full power and produce something and then discard it if your speculation was wrong. Thus you have to "speculate" and "execute" only one "course of action" (aka "branch" in "execution" tree) out of possible three, but it is worth it. Also, you might not even have a choice as some of clay currently in oven needs burning, but oven is not full, so it might be better to stick in more clay because oven is already hot.

 

Turns out, modern processors achieve prediction rate of up to 98% (crazy, right?) and can thus provide a much better performance. That is partially due to the fact that CPU spends most time in loops like

int data[1000];
for (int i = 0; i <= 1000; i++) { data[i]=i; }

and in most cases you can compute the correct next value of i and place it into the register before the previous one gets written back to the cache.

 

There actually is even a set of programming techniques to make your code more "predictable" (have simpler patterns in a number of ways) so that processors would run code faster.

 

There is so much hype around the problem for few reasons:

- wide range of affected devices (pretty much everything from most manufacturers produced since 1995 up until models designed after public disclosure)

- hard to fix: initially it was believed that the only way to fix the issue is to replace the CPU altogether; now newer CPUs are rumored to get a special "no speculative execution" flag for OS to use at critical moments

- severe performance loss due to different memory management to defend against these vulnerabilities: some applications lose up to 30% of performance. Just think about it: we as a species had lost 30% of our (computational) power seemingly overnight, our development might be slowed down by 30%. Business operational costs might rise significantly, e.g. AWS experienced degraded performance after the updates and Amazon was rumored to needing to buy more hardware to compensate for it.

[porina]

From a user perspective there are not necessarily any symptoms if they are being exploited.

 

Ryzen isn't affected by Meltdown.

Ryzen is affected by Spectre. I believe in recent updates, Microsoft have put in place the software part of the mitigation. To complete, AMD are rolling out new bios with a patch in it in the near future.