Torvalds trashes a Linux 5.8 patch proposal: “Go beyond stupidity”

0
16


Linus Torvalds has trashed a patch proposal for the Linux 5.8 kernel calling her, in fact, a fool. The purpose of the patch was to provide further mitigation to attacks against the L1 (L1D) data cache. The L1D cache was first introduced in the x86 architecture in 1993 and is meant for data. The so-called Snoop-assisted L1 data sampling these are known vulnerabilities in Intel processors and very complex malware can be able to read sensitive information from the cache.

The engineer patch AWS Balbir Singh was to provide an opt-in (prctl driven) mechanism for clearing the L1D cache when a context-switch occurs. Suppose one process stores information on one physical core and a second process saves other data on another physical core. If a cybercriminal manages to interact with the core of the CPU can intercept the operation of snoop which occurs between the physical cores causing an error known as “TSX Asynchronous Abort“. Due to this error, some operations that have not yet been completed read cached information and transfer it to dependent processes. In this way the data is easily accessible by anyone.

Linux 5.8 and the patch of discord

linus torvalds kernel linux 5.8 tux

Balbir Singh’s idea to solve the problem was to empty the L1D cache at each context-switch. The cache clearing operation is also known as cache flushing. The switching of context or context switch, on the other hand, consists in changing the process currently running on one of the CPUs with relative saving of the status of the core activities (Program Counter, content of registers, etc.). This allows multiple processes to share a CPU, and is therefore useful both in systems with a single processor, because it allows you to run multiple programs simultaneously, and in the context of parallel calculation, because it ensures better load balancing.

Torvalds, however, believes that this operation is too expensive and would lead to a huge drop in performance. It would slow down all processes dependent on the compromised one, as well as the process that runs on the other logical core. To be further clear: clearing the cache every time the active process shuts down actually mitigates this and other potential threats, but hurts performance enormously. The code would be weighed down and the operation would be very expensive and almost impractical.

See also

linux kernel live patching