Berlin, January 10th, 2018
Meltdown and Spectre (KB4056891-7)
One thing is for sure— The recently discovered processor bugs Meltdown und Spectre have shaken the IT world. This is to inform our customers about their impact on our real-time environment. On the previously mentioned website is the following general statement: "Am I affected by the vulnerability? – Most certainly, yes."
It is less the bugs themself but Microsoft's reaction to them with their security updates (e. g. KB4056891 and KB4056894). These will generally affect all users who continue to use shared real-time, meaning everyone running real-time code with Kithara RealTime Suite on the same logical CPU as Windows. Going forward this will not be technically feasible anymore since these security updates prevent any real-time interrupts on logical CPUs that are controlled by Windows.
Solution 1: Not installing the mentioned security updates. We would advise against this method.
Solution 2: For all real-time processes, only use the dedicated real-time mode. In this mode, the real-time code runs exclusively on a separate logical CPU, which no other external software has any access to. Our customers find the necessary update to version 10.04a in their service portal.
Users of the Kithara RealTime Suite in dedicated mode are NOT affected, as long as the version is at least 10.04k or 10.05 and later!
Many of our long-standing customers already know that, for years, we have been recommending to run real-time tasks on dedicated real-time CPUs. For this, the real-time code simply needs to be transferred to a DLL which our software then loads into the real-time context of a dedicated CPU. After separating one or more CPUs from Windows via msconfig.exe, all real-time processes run as usual for the user. No adjustments to the source code are necessary if the real-time code previously ran on a single CPU. Utilizing more than one logical CPU also allows for easier allocation of ressources to all individual CPUs. Another advantage of the transition is that the real-time capabilities increase tremendously due to the removal of all negative influences by Windows and external drivers.
We regret that some of our customers will have to adjust their code due to Meltdown and Spectre. Despite the obvious benefits of the dedicated mode, we would have liked to continue supporting shared real-time for a few more years. Intel as well as Microsoft have now forced this decision. In case you are affected and are still using shared real-time, please contact us and we will gladly help you find a solution.