Linux 6.12-rc5 Disabling Intel's Linear Address Masking "LAM" Due To Security Concerns

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67063

    Linux 6.12-rc5 Disabling Intel's Linear Address Masking "LAM" Due To Security Concerns

    Phoronix: Linux 6.12-rc5 Disabling Intel's Linear Address Masking "LAM" Due To Security Concerns

    Intel merged Linear Address Masking into the Linux kernel last year as a means of allowing user-space to store metadata within some bits of pointers without masking it out before use. LAM can be useful for virtual machines, sanitizers / profiling / memory tagging, and other uses. While the brand new Intel Arrow Lake and Lunar Lake CPUs support LAM, the Linux kernel is now disabling LAM out of security concerns...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • hf_139
    Senior Member
    • May 2023
    • 316

    #2
    My next CPU will be a Chinese RISC-V.
    And if it takes five to ten years till they get ready, i will wait.

    Comment

    • hamishmb
      Senior Member
      • Feb 2022
      • 253

      #3
      It is disappointing how many CPU vulnerabilities there seem to be, and that's not even counting the ones we don't know about yet.

      Comment

      • loganj
        Senior Member
        • Nov 2017
        • 604

        #4
        so intel put the cart before the horse?

        Comment

        • pWe00Iri3e7Z9lHOX2Qx
          Senior Member
          • Jul 2020
          • 1470

          #5
          I get that these features are more important on Xeons so things will probably be fine on Sierra Forest with LASS. But this is still quite embarrassing for Intel.

          Comment

          • skeevy420
            Senior Member
            • May 2017
            • 8516

            #6
            So a system can be exploited by a transient on the LAM? Y'all need social engineering training. Homeless criminals shouldn't have access to your systems that easily.

            It's funny how once there's a LASS involved we don't have to worry about all of this. Goes to show that it really is the good woman behind the man that really matters.

            Comment

            • intelfx
              Senior Member
              • Jun 2018
              • 1083

              #7
              Originally posted by skeevy420 View Post
              So a system can be exploited by a transient on the LAM? Y'all need social engineering training. Homeless criminals shouldn't have access to your systems that easily.

              It's funny how once there's a LASS involved we don't have to worry about all of this. Goes to show that it really is the good woman behind the man that really matters.
              You certainly tried hard, here's your award: 🤡🤡🤡

              Comment

              • npwx
                Senior Member
                • Mar 2022
                • 131

                #8
                Once again, good job Intel, I wonder what they are doing professionally. At least the feature is DoA and doesn't cost you 50% performance six months down the road.

                Comment

                • ikoz
                  Junior Member
                  • Oct 2024
                  • 8

                  #9
                  Originally posted by hf_139 View Post
                  My next CPU will be a Chinese RISC-V.
                  And if it takes five to ten years till they get ready, i will wait.
                  Remember the [GhostWrite](https://ghostwriteattack.com/) attack for RISC-V CPUs?

                  CPU vulnerabilities will exist as long as companies do 'smart tricks' to increase performance and rush to release them to catch up with rivals, without adequate testing.
                  Surely most are theoretical and there is only a PoC, but that doesn't stop them from being applicable.

                  Comment

                  • JEBjames
                    Senior Member
                    • Jan 2018
                    • 367

                    #10
                    @Michael

                    Typo

                    "But besides Linus Torvalds not liking Intel's "LAN" name" should be "LAM"

                    Comment

                    Working...
                    X