The mode-switch-stat
tool measures the cost of CPU mode switch, the round
trip between user and kernel mode. At present, this tool supports x86_64
and aarch64
(ARMv8) architectures, and it would be useful to understand the performance impact
to defense against Meltdown and Spectre vulnerability.
In operating systems such as Linux, the kernel code/data is protected from direct access by user code with MMU access control mechanisms. Various attacks have been discovered exploiting kernel code bugs, leading to privilege escalation and system control. To carry out these attacks, the attacker would need to know two things:
- what the vulnerability is; and
- what the address of related kernel code and/or data is.
The kernel page-table isolation (KPTI) implementation was finally committed to the Linux kernel on Dec 29, 2017. Changes brought by KPTI can have a significant impact on performance. Early tests showed a 5% impact in most cases, with worst-case tests indicating a 50% performance hit.
Meltdown (CVE-2017-5754) allows an unprivileged user to access the complete kernel (and physical) memory of a computer. This attack is relatively simple to execute; to carry it out, attackers need to run their own program on the target system. This attack is particularly damaging to shared systems (such as cloud services), as an attacker with access to one virtual machine can use Meltdown to access other VMs on the same physical system. Meltdown is specific to Intel systems.
Spectre (CVE-2017-5753, CVE-2017-5715) is a broader vulnerability. Spectre relies on issues with speculative execution itself to be carried out. In its current form, the attack is more complicated as more prerequisites must be fulfilled. One of them is a code gadget, which must be found in a code shared by both victim and attacker. For some variants of this attack, a branch prediction CPU subsystem must be trained to redirect execution of a code to the selected gadget.
The real challenge with Spectre is its mitigation. Unlike Meltdown, Spectre
requires changes to the hardware itself. As a workaround, some vulnerable code
can be mitigated by inserting synchronization primitives (like the LFENCE
instruction on Intel platforms) which effectively stops speculative execution.
Another one is using return trampoline approach (Retpoline). This approach
requires modification of compilers and careful selection of critical locations,
which is non-trivial and cannot be easily done without human interaction; doing
otherwise would impose a significant performance penalty.
This tool requires Linux kernel headers and NumPy. For Ubuntu/Debian, you can install these packages in advance.
$ sudo apt install linux-headers-$(uname-r)
$ sudo apt install python3-numpy
Build project:
$ git clone https://github.com/eecheng87/mode-switch-stat.git
$ cd mode-switch-stat
$ make
Testing:
$ make testing
Reference output
Architecture: x86_64
Model name: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Vulnerability Meltdown: Mitigation; PTI
Avg of mode switch takes 1921.45 cycles and standard deviation is 106.92
-
ERROR: could not insert module msT.ko: Operation not permitted
Solution: Disable SecureBoot (check by
mokutil --sb-state
) -
If kernel version lower than
5.7.0
, please disable KALSR or modify macroKERNEL_VERSION
to version lower than yours. It's also fine to comment it and force includesystab.h
and calculatingsyscall_table
by adding offset to original system call table.
Add your output as comment in issue#1