Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Linus Torvalds Rejects "Beyond Stupid" Intel Security Patch From Amazon Web Services

Accepted submission by takyon at 2020-06-04 22:04:57
Security

Linus Torvalds rejects 'beyond stupid' AWS-made Linux patch for Intel CPU Snoop attack [zdnet.com]

Linux kernel head Linus Torvalds has trashed a patch from Amazon Web Services (AWS) engineers that was aimed at mitigating the Snoop attack on Intel CPUs discovered by an AWS engineer earlier this year. [...] AWS engineer Pawel Wieczorkiewicz discovered a way [zdnet.com] to leak data from an Intel CPU's memory via its L1D cache, which sits in CPU cores, through 'bus snooping' – the cache updating operation that happens when data is modified in L1D.

In the wake of the disclosure, AWS engineer Balbir Singh proposed a patch for the Linux kernel for applications to be able to opt in to flush the L1D cache when a task is switched out. [...] The feature would allow applications on an opt-in basis to call prctl(2) to flush the L1D cache for a task once it leaves the CPU, assuming the hardware supports it.

But, as spotted by Phoronix [phoronix.com], Torvalds believes the patch will allow applications that opt in to the patch to degrade CPU performance for other applications.

"Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say 'slow down anybody else I schedule with too'," wrote Torvalds yesterday. "In other words, from what I can tell, this takes the crazy 'Intel ships buggy CPU's and it causes problems for virtualization' code (which I didn't much care about), and turns it into 'anybody can opt in to this disease, and now it affects even people and CPU's that don't need it and configurations where it's completely pointless'."


Original Submission