the impact of meltre and specdown on microkernel systems
play

The impact of Meltre and Specdown on microkernel systems Matthias - PowerPoint PPT Presentation

Nov 29, 2022 •143 likes •621 views

The impact of Meltre and Specdown on microkernel systems Matthias Lange, Kernkonzept GmbH, FOSDEM 2019 We need to talk about Meltre and Specdown. Conf call with customer, early 2018 The impact of Meltdown and Spectre on the L4Re

  1. The impact of Meltre and Specdown on microkernel systems Matthias Lange, Kernkonzept GmbH, FOSDEM 2019

  2. “We need to talk about Meltre and Specdown.” –Conf call with customer, early 2018

  3. The impact of Meltdown and Spectre on the L4Re microkernel system

  4. Questions • Where we prepared? • Did microkernel design principles protect or help us? • What’s the impact of implemented mitigations?

  5. Questions - Spoiler • Where we prepared? No • Did microkernel design principles protected or helped us? A little bit 😦 • What’s the impact of implemented mitigations?

  6. Meltdown & Spectre Set of vulnerabilities in modern CPUs

  7. Meltdown

  8. Classic virtual address space layout 4 GB Kernel 3 GB User 0

  9. Classic virtual address space layout 4 GB Kernel 1:1 3 GB User 0

  10. L4Re’s virtual address space layout • Fiasco reserves fixed amount of memory for itself • Not all physical memory is mapped in the kernel • Uses big pages for mapping • Mapping may include user memory

  11. L4Re’s virtual address space layout 4 GB Kernel 1:1 3 GB User 0

  12. Solution: Kernel address space • Move kernel into its own address space • Fiasco uses a CPU local address space • User address space only maps absolutely necessary parts • GDT, TSS, entry / exit stack, UTCBs

  13. Benchmarks - PTI

  14. Benchmarks - Meta • Baseline • Fiasco GitHub commit 566cc120, January 1st, 2018 • Head • Fiasco GitHub commit 591c8c0b, January 7th, 2019 • Compiler: kernel clang 6, userland gcc 7.3 • Core i7-5700EQ, 2.60GHz • Contact me if interested in raw data

  15. Benchmarks - Scenario 1 iperf3 iperf3 L4Linux L4Linux L4Re Microkernel

  16. Benchmarks - Scenario 2 iperf3 iperf3 L4Linux L4Linux virtio p2p link L4Re Microkernel

  17. Micro benchmarks - pingpong, PTI Baseline 2018 PTI 4000 3.371 3000 2.586 2000 1.759 1.561 1000 963 422 0 IPC inter AS Context switch Thread switch (intra)

  18. Benchmarks - Scenario 1, PTI Baseline 2018 PTI 10 9,37Gbit/s 9,27Gbit/s 7,5 5 2,5 0 iperf3

  19. Benchmarks - Scenario 2, PTI Baseline 2018 PTI 6 5,14Gbit/s 4,5 3 3,17Gbit/s 1,5 0 iperf3

  20. Spectre

  21. Spectre • Indirect branch prediction speculatively access data causing side effects

  22. Spectre NG • Speculative access to FPU state while current context is not the owner • Fiasco uses lazy FPU switching

  23. Spectre NG - Mitigation • Fiasco now supports eager switching on x86 • Does this incur any performance loss?

  24. Benchmarks - Eager FPU switching

  25. Micro benchmarks - pingpong, PTI, eager FPU Baseline 2018 PTI PTI, eager FPU 4000 3.729 3.371 3000 2.918 2.586 2000 1.759 1.561 1.149 1000 963 422 0 IPC inter AS Context switch Thread switch (intra)

  26. Benchmarks - Scenario 1, PTI, eager FPU Baseline 2018 PTI PTI, eager FPU 10 9,37Gbit/s 9,27Gbit/s 9Gbit/s 7,5 5 2,5 0 iperf3

  27. Benchmarks - Scenario 2, PTI, eager FPU Baseline 2018 PTI PTI, eager FPU 6 5,14Gbit/s 4,5 3 3,17Gbit/s 3,12Gbit/s 1,5 0 iperf3

  28. Spectre continued • Most variants do not work across process boundaries • Usually code execution required

  29. Spectre continued - Mitigations • Fiasco mitigations • Indirect branch prediction barrier at kernel entry • Full prediction barrier at context switch • (microcode loading functionality)

  30. 😦 Benchmarks - IBRS

  31. Micro benchmarks - pingpong, IBRS Baseline 2018 PTI PTI, eager FPU PTI, IBRS, eager FPU 18000 16.601 13500 9000 8.820 4500 3.729 3.371 2.918 2.638 2.586 1.759 1.561 422 963 1.149 0 IPC inter AS Context switch Thread switch (intra)

  32. Benchmarks - Scenario 1, IBRS Baseline 2018 PTI PTI, eager FPU PTI, IBRS, eager FPU 10 9,37Gbit/s 9,27Gbit/s 9Gbit/s 7,5 7,68Gbit/s 5 2,5 0 iperf3

  33. Benchmarks - Scenario 2, IBRS Baseline 2018 PTI PTI, eager FPU PTI, IBRS, eager FPU 6 5,14Gbit/s 4,5 3 3,17Gbit/s 3,12Gbit/s 1,5 1,28Gbit/s 0 iperf3

  34. Foreshadow L1 Terminal Fault

  35. L1 Terminal Fault • Affects OS / SMM, VT-x and SGX • SGX not supported in L4Re • Don’t care • SMM needs to protect itself

  36. L1 Terminal Fault - L4Re mitigations • OS • Fiasco is not vulnerable • We zero our PTEs • VT-x is nasty • Microcode update • New MSR and new instruction for L1D flush • Flush L1D on every vmresume

  37. Benchmarks - Sorry, no benchmarks for L1TF.

  38. But there is one more thing …

  39. One more thing • All features / mitigations are configurable • You can turn off • PTI • Eager FPU • IBRS • How does this compare to the 2018 baseline?

  40. Micro benchmarks - pingpong Baseline 2018 PTI PTI, eager FPU PTI, IBRS, eager FPU Baseline 2019 18000 13500 9000 4500 0 IPC inter AS Context switch Thread switch (intra)

  41. Micro benchmarks - pingpong Baseline 2018 Baseline 2019 PTI PTI, eager FPU 4000 3.729 3.371 3000 2.918 2.586 2000 1.759 1.733 1.561 1.422 1.149 1000 963 422 425 0 IPC inter AS Context switch Thread switch (intra)

  42. Benchmarks - Scenario 1 Baseline 2018 Baseline 2019 PTI PTI, eager FPU 10 9,37Gbit/s 9,29Gbit/s 9,27Gbit/s 9Gbit/s 7,5 5 2,5 0 iperf3

  43. Benchmarks - Scenario 2 Baseline 2018 Baseline 2019 PTI PTI, eager FPU 6 5,14Gbit/s 5,14Gbit/s 4,5 3 3,17Gbit/s 3,12Gbit/s 1,5 0 iperf3

  44. Conclusion

  45. “Fiasco is still not the fastest microkernel in the world.” – Me

  46. Conclusion • Some bugs did not hit as hard • “missing” features helped us • Dramatic performance impact • Consider alternatives compared to microcode • Reconsider existing legacy implementations • Removed IO page fault • What to expect in the future? How can we proactively act? • gcc vs. clang

Recommend

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP 9/01 CHORUS: a new Look at Microkernel- based Operating Systems OS structuring: modular set of system servers which sit on top of a minimal

599 views • 42 slides
Introduction to a microkernel microkernel maybe self supporting initially they are built on a host

Introduction to a microkernel microkernel maybe self supporting initially they are built on a host

slide 1 gaius Introduction to a microkernel microkernel maybe self supporting initially they are built on a host and downloaded to a target during Operating systems we will be developing a microkernel which has been written in: Modula-2, C and

526 views • 28 slides
Microkernel-based Operating Systems - Introduction Bjoern Doebel Dresden, Oct 9 th 2007 Lecture

Microkernel-based Operating Systems - Introduction Bjoern Doebel Dresden, Oct 9 th 2007 Lecture

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Microkernel-based Operating Systems - Introduction Bjoern Doebel Dresden, Oct 9 th 2007 Lecture Goals Provide deeper understanding of OS mechanisms

333 views • 12 slides
Towards Real-Time Checkpoint/Restore for Migration in L4 Microkernel based Operating Systems

Towards Real-Time Checkpoint/Restore for Migration in L4 Microkernel based Operating Systems

Towards Real-Time Checkpoint/Restore for Migration in L4 Microkernel based Operating Systems Sebastian Eckl, M.Sc. David Werner, M.Sc. Alexander Weidinger, B.Sc. Prof. Dr. Uwe Baumgarten Technische Universitt Mnchen Informatics

554 views • 28 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de

Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de

Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de Fabian Seiberling Fabian.b.Seiberling@student.hs-rm.de 1st Wiesbaden Workshop on 13.02.2014 Advanced Microkernel Operating Systems Table of

580 views • 27 slides
Unit 15: Experimental Microkernel Systems 15.1. The Amoeba Distributed Operating System AP 9/01

Unit 15: Experimental Microkernel Systems 15.1. The Amoeba Distributed Operating System AP 9/01

Unit 15: Experimental Microkernel Systems 15.1. The Amoeba Distributed Operating System AP 9/01 The Amoeba Distributed Operating System Research vehicle for distributed and parallel operating systems, runtime systems, languages, and

549 views • 20 slides
Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske <

Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske <

Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske < norman.feske@genode-labs.com > Outline 1. Why do we need another operating system? 2. Genode entering the picture 3. Architectural Principles 4. Core -

1.28k views • 99 slides
Temporal reflection and reflective scheduling for the L4 microkernel WIRTES workshop - Pisa, 2

Temporal reflection and reflective scheduling for the L4 microkernel WIRTES workshop - Pisa, 2

Temporal reflection and reflective scheduling for the L4 microkernel WIRTES workshop - Pisa, 2 July 2007 Sergio Ruocco ruocco@disco.unimib.it Nomadis mobile systems Lab. Universit degli Studi di Milano-Bicocca Research overview Feb 2004

498 views • 30 slides
Capability Wrangling Made Easy: Debugging on a Microkernel with Valgrind Aaron Pohle, Bjrn

Capability Wrangling Made Easy: Debugging on a Microkernel with Valgrind Aaron Pohle, Bjrn

Dept. of Computer Science, Institute of System Architecture, Operating Systems Group Capability Wrangling Made Easy: Debugging on a Microkernel with Valgrind Aaron Pohle, Bjrn Dbel, Michael Roitzsch, Hermann Hrtig Technische Universitt

442 views • 22 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Controlling hardware from a microkernel consider a microkernel which controls a robot: robot the

Controlling hardware from a microkernel consider a microkernel which controls a robot: robot the

Low lev el control in a HLL slide 1 gaius Controlling hardware from a microkernel consider a microkernel which controls a robot: robot the software has to tell the robot where to move Low lev el control in a HLL slide 2 gaius Controlling

729 views • 30 slides
seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser

seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser

seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser FOSDEM, Bruxelles, 2020-02-02 https://trustworthy.systems What is seL4? seL4: Assurance and Performance The worlds first operating- Worlds

253 views • 23 slides
A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University

A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University

The Hebrew University of Jerusalem A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University Jerusalem (HUJI) Hermann Hrtig TU Dresden, Operating Systems Group (TUDOS) Wolfgang Nagel TU Dresden, Center

1.04k views • 51 slides
Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher <

Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher <

Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher < alexander.boettcher@genode-labs.com > Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion

941 views • 55 slides
GCC and Assembly language during the construction of an operating system kernel, microkernel, or

GCC and Assembly language during the construction of an operating system kernel, microkernel, or

slide 1 gaius GCC and Assembly language during the construction of an operating system kernel, microkernel, or embedded system it is vital to be able to access some of the microprocessor attribute unavailable in a high level language for

717 views • 27 slides
Preliminary Investigations into a Microkernel OSAL for cFS Gregor Peach, Joseph Espy, Zach Day,

Preliminary Investigations into a Microkernel OSAL for cFS Gregor Peach, Joseph Espy, Zach Day,

Preliminary Investigations into a Microkernel OSAL for cFS Gregor Peach, Joseph Espy, Zach Day, Gabriel Parmer , Alex Maloney Gerald Fry*, Curt Wu* The George Washington University * Charles River Analytics Acknowledgements: This material is

858 views • 38 slides
Microkernel Hypervisor for a Hybrid ARM-FPGA Platform Khoa D. Pham, Abhishek K. Jain, Jin Cui,

Microkernel Hypervisor for a Hybrid ARM-FPGA Platform Khoa D. Pham, Abhishek K. Jain, Jin Cui,

Microkernel Hypervisor for a Hybrid ARM-FPGA Platform Khoa D. Pham, Abhishek K. Jain, Jin Cui, Suhaib A. Fahmy , Douglas L. Maskell School of Computer Engineering Nanyang Technological University, Singapore (in collaboration with TUM CREATE,

307 views • 18 slides
The Hierarchical Microkernel: Existing Approaches A Flexible and Robust OS Architecture

The Hierarchical Microkernel: Existing Approaches A Flexible and Robust OS Architecture

HM OS Architecture Stefan Winter Problem Statement The Hierarchical Microkernel: Existing Approaches A Flexible and Robust OS Architecture Proposed Solution Summary Stefan Winter, Martin Tsarev, Neeraj Suri DEEDS Group, TU Darmstadt

332 views • 20 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
A microkernel written in Rust Porting the UNIX-like Redox OS to Arm v8.0 Robin Randhawa Arm

A microkernel written in Rust Porting the UNIX-like Redox OS to Arm v8.0 Robin Randhawa Arm

Objectives Introduction Rust Redox A microkernel written in Rust Porting the UNIX-like Redox OS to Arm v8.0 Robin Randhawa Arm February 2019 Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust

1.26k views • 89 slides
The Impact of Weights on the Performance of Server Load Balancing (SLB) Systems Jrg Jung

The Impact of Weights on the Performance of Server Load Balancing (SLB) Systems Jrg Jung

The Impact of Weights on the Performance of Server Load Balancing (SLB) Systems Jrg Jung University of Potsdam Institute for Computer Science Operating Systems and Distributed Systems March 2013 1 Outline 1 Introduction .. .. .. ..

1.22k views • 27 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides
The Microkernel Executive Hardware Application processes devices kernel (library) keyboard

The Microkernel Executive Hardware Application processes devices kernel (library) keyboard

slide 1 gaius The Microkernel Executive Hardware Application processes devices kernel (library) keyboard User Proc 1 Debug library (Debug) screen Process control (Executive) Ke yboard handling User Proc 2 (TTIO) Timer General

480 views • 14 slides

More recommend