from the trying-to-tie-up-some-loose-threads dept.
Linux May Gain Protection Against Hyper-Threading Attacks
Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel's Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.
The Oracle developers didn't specify whether or not the recent MDS[*] attacks against Intel's HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.
[...] They're now looking for suggestions on how to improve the feature before they attempt to merge it into an official release of the Linux kernel.
[*] MDS — Microarchitectural Data Sampling. See the explanation by Intel and an in-depth description and analysis at https://mdsattacks.com/.
(Score: 3, Informative) by c0lo on Wednesday July 17 2019, @06:20AM
Far cheaper (than what you'll likely** pay Oracle for it) solution: use AMD CPUes.
** remember ksplice [wikipedia.org]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Wednesday July 17 2019, @06:56AM
Yeah, fuck you oracle and your stolen red hat. Of all linux dists, you stolen red hat. Happy lawyering with IBM. With some luck you two will annihilate each other.
(Score: 1, Touché) by Anonymous Coward on Wednesday July 17 2019, @08:03AM
So, step one, to avoid really stupid security vulns, do not run a Micro$erf operating system.
DONE.
Step two, to avoid not quite so stupid, but still stupid, hardware vulns, do not run Intel silicon.
DONE.
So, now, what were you saying, again? Please wake me up when you have a security issue that applies to non-stupid system operators.
Yours, AMD Linux user.
(Score: 1, Interesting) by Anonymous Coward on Wednesday July 17 2019, @11:35AM (1 child)
Get ready for it, here it comes:
Disable Hyperthreading.
Really, in today's world of multicore processors, where systems of dual processors each with 4 or 8 cores are a common sight, does hyperthreading matter? Hylerthreading, this remnant of a world of single core processors, to give the illusion of multicore by sacrificing a bit of performance and power consumption?
With anything I have worked, I disabled hyperthreading if the system had a total of 4 cores or more. And all worked at least the same performancewise, if not better. The systems I have done this one included database servers, webservers, application servers (java/jboss/wildfly), virtualisation hardware (used with xen, vmware and kvm/proxmox).
Hyperthreading tech belongs in the museum in a world where true multicore systems exist.
(Score: 2) by jasassin on Wednesday July 17 2019, @09:03PM
I just read an article about disabling hyperthreading for web servers. It's supposed to be a lot faster. I think it was on a phoronix benchmark article.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Wednesday July 17 2019, @12:02PM
British name for toilet.