AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page
   Networked Database  Computer Support/Help/Discussion...   [250 / 1624] RSS
 From   To   Subject   Date/Time 
Message   Sean Dennis    All   Linux kernel fun   June 2, 2020
 6:08 PM *  

From: https://www.theregister.com/2020/06/02/linus_...

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in
Intel
                               CPU bug mitigation

AWS engineers given a dressing-down after proposing fix for 'paranoid' tasks

   Tue 2 Jun 2020 // 12:19 UTC
   Tim Anderson

   Linus Torvalds has removed a patch in the next release of the Linux kernel
   intended to provide additional opt-in mitigation of attacks against the L1
   data (L1D) CPU cache.

   The patch from AWS engineer Balbir Singh was to provide "an opt-in (prctl
   driven) mechanism to flush the L1D cache on context switch. The goal is to
   allow tasks that are paranoid due to the recent snoop-assisted data
   sampling vulnerabilities, to flush their L1D on being switched out. This
   protects their data from being snooped or leaked via side channels after
   the task has context switched out."

   Snoop-assisted L1 data sampling is one of a family of vulnerabilities in
   Intel microprocessors where malware may be able to infer private and
   sensitive data via inspecting the cache. "Snoop-assisted L1D sampling
   requires the snoop to hit a modified cache line in the exact same single
   core clock cycle window as the faulting/assisting/aborting load," explains
   Chipzilla.

   Clearing the cache whenever the active thread or process switches out
   attempts to mitigate this and other potential threats, but harms
   performance.

   The patch was added to the code for the 5.8 kernel, which will be the next
   release, but removed after review by Torvalds. "It looks to me like this
   basically exports cache flushing instructions to user space, and gives
   processes a way to just say 'slow down anybody else I schedule with too',"
   he said. "In other words, from what I can tell, this takes the crazy
   'Intel ships buggy CPU's and it causes problems for virtualization' code
   (which I didn't much care about), and turns it into 'anybody can opt in to
   this disease, and now it affects even people and CPUs that don't need it
   and configurations where it's completely pointless'.

   "I don't want some application to go 'Oh, I'm _soo_ special and pretty and
   such a delicate flower, that I want to flush the L1D on every task switch,
   regardless of what CPU I am on, and regardless of whether there are errata
   or not' ... I do not want the kernel to do things that seem to be "beyond
   stupid".

   There are plenty of nuances here. One of Torvald's points is that if SMT
   (simultaneous multi-threading or "hyper threading";) is enabled then
   flushing the cache "is crazy, since an attacker would just sit on a
   sibling core and attack the L1 contents *before* the task switch happens,"
   he said. In this scenario, "it's just an incredibly stupid waste of time
   and effort to do that, and I can see some poor hapless ssh developer
   saying 'yes, I should enable this thing because ssh is very special', and
   then ssh just starts wasting time on something that doesn't actually
   help." He added that the code is hard to follow, saying "some of the code
   scares me."

   Another question is whether it makes sense to do this mitigation at a low
   level when it may not matter, because all the processes belong to the same
   user. "Context switch in itself isn't really relevant as a security domain
   transfer, but it *is* relevant in the sense that switching from one user
   to another is a sign of 'uhhuh, now maybe I should be careful when
   returning to user mode'," said Torvalds.

   Singh replied: "I am not so sure. A user can host multiple tasks and if
   one of them was compromised, it would be bad to let it allow the leak to
   happen. For example if the plugin in a browser could leak a security key
   of a secure session, that would be bad."

   The discussion reveals the frustration among the kernel maintainers over
   the difficulty of keeping Linux secure in the face of CPU bugs, and the
   fact that these cache-related attacks have so many variations. Referencing
   a past software fallback for clearing the data buffers to address am MDS
   (Microarchitectural Data Sampling) bug, Torvalds said: "That one turned
   out to be not only incredibly expensive, but it didn't work reliably
   anyway, and was really only written for one microarchitecture."

   Amazon as a public cloud provider is particularly sensitive to these
   data-stealing vulnerabilities because of the implications if one customer
   were able to spy on the data belonging to another, or data on a virtual
   machine host. Another AWS engineer, Benjamin Herrenschmidt, entered the
   discussion to explain: "These patches aren't trying to solve problems
   happening inside of a customer VM running SMT nor are they about
   protecting VMs against other VMs on the same system." AWS has a vast range
   of services all of which need to be secure.

   Torvalds said that he is "more than happy to be educated on why I'm wrong"
   but that "for now I'm unpulling it for lack of data." If AWS can convince
   him of the value of the patch, it may return. (R)

   Biting the hand that feeds IT (c) 1998-2020
 
___ MultiMail/Linux v0.52

--- Maximus/2 3.01
 * Origin: Micronet World HQ - bbs.outpostbbs.net:10123 (618:618/1)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page

VADV-PHP
Execution Time: 0.0231 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
v2.1.241108