Overview
Syllabus
Keynote: MDS, Fallout, Zombieland & Linux
MDS == "RIDL", "Fallout", "Zombieload", and others - CPU Hardware bugs • Variants of the same basic problem • Exploits the speculative execution model of Intel CPUs. • Discovered by many different research teams • Kernel and BIOS fixes required to fully solve
One program can read another program's data • Can cross the virtual machine boundary · Exploits "hyper threading" (SMT) issues - SMT are CPUs that usually share TLBs and L1 cache
Guessed more problems would be in this area • Disabled SMT for Intel chips in June 2018 . Repeated the plea to disable this in August 2018 • Prevented almost all MDS issues automatically • Security over performance • Huge respect!
Rogue-Inflight-Data-Load • Exploits CPU Line-fill buffers and Load ports Steal data across applications, virtual machines, secure enclaves . Kernel fix by flushing CPU buffers/ports on context switch
Fallout • Exploits CPU Store Buffers • Read kernel data from userspace Breaks ASLR (random kernel addresses) • "Meltdown" mitigation made this easier to exploit • Kernel fix by flushing CPU buffers on context switch
Exploits CPU Line-Fill buffers . Much like RIDL • Steal data across applications, virtual machines, secure enclaves • Cool logo/name and demo • Kernel fix by flushing CPU buffers on context switch
All of these mitigations slow down the system • No way yet to schedule different security domains on different physical processors (gang scheduling) • Disabling SMT mitigates most problems (not ALL!) • Must disable SMT and enable mitigations to solve completely.
Kernel fixes available on announcement date • Intel notified some kernel developers in advance . Worked together across OS vendors to solve . Much better than Spectre/Meltdown • Process still needs to improve, Debian notified 48 hours before release. • More fixes came after announcement • Update your kernel and BIOS!
If you are not using a supported Linux distribution kernel, or a stable / longterm kernel, you have an insecure system.
Taught by
Linux Foundation