OpenBSD releases Meltdown patch

And now to see it's an unwelcome imposition or a mere inconvenience

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel.

A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post saying the operating system's developers were working out what to do.

Now he's revealed the approach used to fix the free OS: “When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace.”

That explanation is somewhat obscure to non-developers, but there's a more readable discussion of what the project's developers had in mind from January, here.

Part of the OpenBSD solution used the approach employed by Matthew Dillon in his DragonFly BSD – the per-CPU page layout aspect.

It'll take testing for OpenBSD users to confirm the performance impact of the fix.

Gunther's commit note says the aim was to implement the fix “with only the minimum of kernel code and data required for the transitions to/from the kernel (still marked as supervisor-only, of course)”.

That's still challenging: earlier this month, Netflix (and dTrace) engineer Brendan Gregg ran tests on patched Linux, and found slowdowns between 0.1 per cent (bearable) and 6 per cent (important in big systems).

However, Gregg reckoned that skilled sysadmins would be able to tune their systems to cope; the same, we hope, will be true for OpenBSD. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022