A rack of Pi 3s… possibly the only cloud computers immune to Spectre?
There’s been a lot of activity in the news regarding two new security issues called Meltdown and Spectre.
The security issues are newsworthy because they’re different to any security issues we’ve seen before. They’re not an issue in software, but in your computer itself. As a result the vulnerabilities cross multiple operating systems – Windows/Linux/OSX and multiple devices – Laptop/Desktop/Server/Phone, and they’re also a lot harder to fix. Meltdown affects only Intel processors. Spectre also affects AMD, Power, RISC and some ARM CPUs.
If you’d like to know how the vulnerabilities work, Eben Upton wrote up a clear explanation for Raspberry Pi – the only common functional computer that isn’t affected.
At present the fixes for Meltdown are effective but can cause significant slowdowns. Fixes for Spectre are incomplete and we have had reports that they can cause instability in Haswell and Broadwell families of Intel CPUs (which we own). Spectre is difficult and slow to exploit because it relies on reading memory one bit at a time. At 1500bytes/second a full memory dump of one of our virtual server hosts (256GB RAM) would take around six years to complete.
Both issues allow information leakage so that lower priority processes on a server can read secret data from higher priority processes on the same CPU. Any computer that accepts instructions from an untrustworthy source is at risk. We’ve reviewed the impact across all of our services, and have applied or will be applying patches as required. The impact on live hosting platforms is as follows:
Shared hosting servers
Our web hosting and shell account hosting platforms may have untrustworthy users on them. These servers have already been fully patched against Meltdown and fixes for Spectre will be applied as they become available.
Virtual server hosts
Our Virtual Server Cloud uses KVM with hardware virtualisation which is not vulnerable to Meltdown. Spectre patches are being worked on for the kernel which require new microcode for the CPU. KVM will also need to be updated to fully patch. When these updates are available and have been demonstrated to be stable we will be applying them to our host servers.
This will require a restart of our VM hosts and all guest VMs. Customers will be notified in advance of requiring a restart and each of our datacentres will be restarted at a different time to minimise disruption to customers with split site services.
Virtual server guests
Whilst the use of KVM with hardware virtualisation ensures that Meltdown cannot be used to break the isolation between virtual server guests, virtual servers themselves are potentially vulnerable to both Meltdown and Spectre. Customers should ensure that their servers are patched and rebooted if they have untrusted users or execute untrusted code.
Dedicated servers are at no significant risk unless you allow untrusted third parties to upload and execute code. If that’s the case managed customers can contact email@example.com and we’ll apply the Meltdown and Spectre fixes and reboot as a mutually convenient time.
Raspberry Pi 3 servers
As mentioned above, the Raspberry Pi is not affected and no action is needed.
All other systems