The engineer patch AWS Balbir Singh was to provide an opt-in (prctl driven) mechanism for clearing the L1D cache when a context-switch occurs. Suppose one process stores information on one physical core and a second process saves other data on another physical core. If a cybercriminal manages to interact with the core of the CPU can intercept the operation of snoop which occurs between the physical cores causing an error known as “TSX Asynchronous Abort“. Due to this error, some operations that have not yet been completed read cached information and transfer it to dependent processes. In this way the data is easily accessible by anyone.
Linux 5.8 and the patch of discord
Balbir Singh’s idea to solve the problem was to empty the L1D cache at each context-switch. The cache clearing operation is also known as cache flushing. The switching of context or context switch, on the other hand, consists in changing the process currently running on one of the CPUs with relative saving of the status of the core activities (Program Counter, content of registers, etc.). This allows multiple processes to share a CPU, and is therefore useful both in systems with a single processor, because it allows you to run multiple programs simultaneously, and in the context of parallel calculation, because it ensures better load balancing.
Torvalds, however, believes that this operation is too expensive and would lead to a huge drop in performance. It would slow down all processes dependent on the compromised one, as well as the process that runs on the other logical core. To be further clear: clearing the cache every time the active process shuts down actually mitigates this and other potential threats, but hurts performance enormously. The code would be weighed down and the operation would be very expensive and almost impractical.
I do not want the kernel to do things that seem to be “beyond stupid”.
these are the words of Linus Torvalds, father of Linux, which do not require translation. Also, if SMT (simultaneous multi-threading or “hyper-threading”) is enabled, clear the cache “it’s insane, since an attacker would complete the attack well before the context switch“.
Follow us on our Telegram channel, on the our Facebook page come on Google News. In the field below it is possible to comment and create food for discussion regarding the topics dealt with on the blog.