Announcement

Collapse
No announcement yet.

Linux Kernel Prepping To Make Use Of Intel's New SERIALIZE Instruction

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Kernel Prepping To Make Use Of Intel's New SERIALIZE Instruction

    Phoronix: Linux Kernel Prepping To Make Use Of Intel's New SERIALIZE Instruction

    As outlined a few months ago, Intel's future Sapphire Rapids and Alder Lake processors are set to add a SERIALIZE instruction. That SERIALIZE instruction ensures all flags/register/memory modifications are complete as well as draining all buffered writes to memory before the next instruction is executed. Linux is moving forward with preparing to make use of this new CPU instruction in its function for stopping speculative execution and prefetching of modified code...

    http://www.phoronix.com/scan.php?pag...LIZE-Sync-Core

  • #2
    So basically all a bad actor has to do is wait to see if SERIALIZE has been ran to know to get a snapshot of the memory before the data they're after gets cleared?

    Comment


    • #3
      I guess this will be used in context switching to prevent the reading of other processes data... wonder if AMD and ARM will do something similar... or if it will be as effective as simply using many non speculative cores.

      Comment


      • #4
        So Intel still hasn't been banned from the entire Linux ecosystem? LOL, Linus loves his money, doesn't he?

        Comment


        • #5
          This is quite a big hammer: according to the description, new (following after serialize) isns aren't even fetched from memory before all other outstanding modifications have retired. I'm looking forward to benchmarks.

          Comment


          • #6
            Originally posted by skeevy420 View Post
            So basically all a bad actor has to do is wait to see if SERIALIZE has been ran to know to get a snapshot of the memory before the data they're after gets cleared?
            NO??? this is basically taking one of the heaviest variations of the mitigations and putting it in hardware (its not a real fix performance wise).

            Comment


            • #7
              Originally posted by elatllat View Post
              I guess this will be used in context switching to prevent the reading of other processes data... wonder if AMD and ARM will do something similar... or if it will be as effective as simply using many non speculative cores.
              AMD will probably implement it as a NOP.... since they have alternative faster methods of dealing with this and are not even vulnerable to most of the things Intel is. ARM isn't much worse off than AMD but I think they were vulnerable to a few more attacks.

              Comment


              • #8
                Originally posted by eydee View Post
                So Intel still hasn't been banned from the entire Linux ecosystem? LOL, Linus loves his money, doesn't he?
                half a million here and half a million there, after a while it adds up a bit ;-) https://projects.propublica.org/nonp...9305852/IRS990

                Comment


                • #9
                  Originally posted by mlau View Post
                  This is quite a big hammer ....
                  There have been other serializing instructions on many different architectures/processors since forever, some of them light hammers, and some of them more like sledgehammers. This one appears sufficient for a number of use cases where one needs more than the tack hammer, and one does not want to pull out the sledge.

                  Comment


                  • #10
                    Instead of fix the issue there are new workarounds?

                    Comment

                    Working...
                    X