Linux May Gain Protection Against Hyper-Threading Attacks
Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel's Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.
The Oracle developers didn't specify whether or not the recent MDS[*] attacks against Intel's HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.
[...] They're now looking for suggestions on how to improve the feature before they attempt to merge it into an official release of the Linux kernel.
[*] MDS — Microarchitectural Data Sampling. See the explanation by Intel and an in-depth description and analysis at https://mdsattacks.com/.
(Score: 2) by jasassin on Wednesday July 17 2019, @09:03PM
I just read an article about disabling hyperthreading for web servers. It's supposed to be a lot faster. I think it was on a phoronix benchmark article.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A