Slash Boxes

SoylentNews is people

posted by martyb on Friday June 05 2020, @08:40AM   Printer-friendly
from the help-less,-please dept.

Linus Torvalds rejects 'beyond stupid' AWS-made Linux patch for Intel CPU Snoop attack

Linux kernel head Linus Torvalds has trashed a patch from Amazon Web Services (AWS) engineers that was aimed at mitigating the Snoop attack on Intel CPUs discovered by an AWS engineer earlier this year. [...] AWS engineer Pawel Wieczorkiewicz discovered a way to leak data from an Intel CPU's memory via its L1D cache, which sits in CPU cores, through 'bus snooping' – the cache updating operation that happens when data is modified in L1D.

In the wake of the disclosure, AWS engineer Balbir Singh proposed a patch for the Linux kernel for applications to be able to opt in to flush the L1D cache when a task is switched out. [...] The feature would allow applications on an opt-in basis to call prctl(2) to flush the L1D cache for a task once it leaves the CPU, assuming the hardware supports it.

But, as spotted by Phoronix, Torvalds believes the patch will allow applications that opt in to the patch to degrade CPU performance for other applications.

"Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say 'slow down anybody else I schedule with too'," wrote Torvalds yesterday. "In other words, from what I can tell, this takes the crazy 'Intel ships buggy CPU's and it causes problems for virtualization' code (which I didn't much care about), and turns it into 'anybody can opt in to this disease, and now it affects even people and CPU's that don't need it and configurations where it's completely pointless'."

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Grishnakh on Friday June 05 2020, @05:12PM (1 child)

    by Grishnakh (2831) on Friday June 05 2020, @05:12PM (#1003839)

    Amazon is a huge company, and this patch isn't some kind of nefarious action. What it does show is myopia: the patch is something that's good for their very limited use-case with cloud servers, but which would be terrible or dangerous in many other scenarios (like desktop, mobile, etc.). Luckily, that's why we have someone like Linus at the helm looking at the big picture before just blindly accepting patches from anyone. Corporate contributors like Amazon aren't thinking "how will my patch for server farms affect embedded systems?", they just see a problem and come up with a fix, and then try to push the fix into the upstream so they don't have to maintain a fork forever.

    For Amazon's particular situation, the patch might make a lot of sense, and be the most straightforward to solution to the problem. But that doesn't mean it makes any sense for other types of systems, and the Linux kernel isn't a highly-specialized OS kernel, it's a general-purpose one so it has to make compromises so that it can work well on all types of systems.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Underrated=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by Bot on Friday June 05 2020, @07:19PM

    by Bot (3902) on Friday June 05 2020, @07:19PM (#1003904) Journal

    -the patch
    -it's myopic
    -and retarded and source of headache for everybody
    -did the same shitty trick work for systemd?
    -uh... I see, I will ship it now
    -fingers crossed
    And they didn't live happily ever after because Torvalds

    Account abandoned.