seL4 Version 9.0.0 Release

Announcing the release of seL4 9.0.0 with the following changes:

9.0.0 2018-04-11: BREAKING

Changes

  • Debugging option on x86 for syscall interface to read/write MSRs (this is an, equally dangerous, alternative to dangerous code injection)
  • Mitigation for Meltdown (https://meltdownattack.com) on x86-64 implemented. Mitigation is via a form of kernel page table isolation through the use of a Static Kernel Image with Microstate (SKIM) window that is used for trapping to and from the kernel address space. This can be enabled/disabled through the build configuration depending on whether you are running on vulnerable hardware or not.
  • Mitigation for Spectre (https://spectreattack.com) on x86 against the kernel implemented. Default is software mitigation and is the best performing so users need to do nothing. This does not prevent user processes from exploiting each other.
  • x86 configuration option for performing branch prediction barrier on context switch to prevent Spectre style attacks between user processes using the indirect branch predictor
  • x86 configuration option for flushing the RSB on context switch to prevent Spectre style attacks between user processes using the RSB
  • Define extended bootinfo header for the x86 TSC frequency
  • x86 TSC frequency exported in extended bootinfo header
  • archInfo is no longer a member of the bootinfo struct. Its only use was for TSC frequency on x86, which can now be retrieved through the extended bootinfo
  • Invocations to set thread priority and maximum control priority (MCP) have changed.
    • For both invocations, users must now provide a TCB capability auth
    • The requested MCP/priority is checked against the MCP of the auth capability.
    • Previous behavior checked against the invoked TCB, which could be subject to the confused deputy problem.
  • seL4_TCB_Configure no longer takes prio, mcp as an argument. Instead these fields must be set separately with seL4_TCB_SetPriority and seL4_TCB_SetMCPriority.
  • seL4_TCB_SetPriority and seL4_TCB_SetMCPriority now take seL4_Word instead of seL4_Uint8. - seL4_MaxPrio remains at 255.
  • seL4_TCB_SetSchedParams is a new method where MCP and priority can be set in the same sytsem call.
  • Size of the TCB object is increased for some build configurations

Upgrade notes

  • seL4_TCB_Configure calls that set priority should be changed to explicitly call seL4_TCB_SetSchedParams or SetPriority
  • seL4_TCB_Configure calls that set MCP should be changed to explicitly call seL4_TCB_SetSchedParams or seL4_TCB_SetMCPriority

Full changelog

Refer to the git log in https://github.com/seL4/seL4 using git log 8.0.0..9.0.0

More details

See the 9.0.0 manual included in the release or ask on the mailing list!