Announcement

Collapse
No announcement yet.

L1d Flushing Patches Revived After It Was Rejected From Linux 5.8 As "Beyond Stupid"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • L1d Flushing Patches Revived After It Was Rejected From Linux 5.8 As "Beyond Stupid"

    Phoronix: L1d Flushing Patches Revived After It Was Rejected From Linux 5.8 As "Beyond Stupid"

    Worked out in recent months by an Amazon engineer was optional L1 data cache flushing on context switches to allow for greater computer security in an era of data sampling vulnerabilities and other data leakage issues via side channels. It was sent in for Linux 5.8 but Linus Torvalds characterized it as "beyond stupid" and not being convinced by it. Well, now it's been revised but isn't yet clear if it will appease Torvalds for mainline inclusion...

    http://www.phoronix.com/scan.php?pag...ushing-Revived

  • #2
    Still beyond stupid. Useless and meaningless for individual computers. Should be opt-in not opt-out.

    It should not be enabled by default and I cannot let any application to do this opt-in decission without my consent. That's why this prototype is still opt-out not opt-in.
    Last edited by SkyWarrior; 07-29-2020, 07:00 AM.

    Comment


    • #3
      If you've reached a level where this is important you should just buy multiple computers to separate your workloads. Probably in different datacenter.

      Having said that, there could be a use for particular processes to be fenced off like this. If you don't have an HSM/TPM maybe you could occasionally do private key operations in this mode. It's kind of a waste of resources for a warm-and-fuzzy that could be obtained in better ways.

      Comment


      • #4
        Exactly. This mitigation should be a part of the server installer or amazon aws cloud launcher option where user can select if this option is absolutely required for their rocket science instance on the cloud or server.

        Comment


        • #5
          It would be useful to the user to know if the patches against each vulnerability affect also those CPUs which are secure from the same vulnerabilities so to hurt their performance uselessly.

          Comment


          • #6
            I loved the image of the article :-)

            Comment


            • #7
              Originally posted by Azrael5 View Post
              It would be useful to the user to know if the patches against each vulnerability affect also those CPUs which are secure from the same vulnerabilities so to hurt their performance uselessly.
              Users? They should be the last ones worrying about this kind of technicality. Developers, kernel distributors, and server admins (in respective order of preference) should be worrying about this.
              https://www.kernel.org/doc/html/late...ted-processors

              Comment


              • #8
                Seems they just keep going at it till they wear Linus down.
                No wonder he loses it from time to time and call them what they are.

                Comment


                • #9
                  Originally posted by SkyWarrior View Post
                  Still beyond stupid. Useless and meaningless for individual computers. Should be opt-in not opt-out.
                  WTF. This is by default and I have to opt-out ?
                  This is indeed beyond stupid!

                  Comment


                  • #10
                    Well, quite a few phoronix users seem to be "beyond stupid", as the article clearly states in the second paragraph: "The overall concept of this new L1d flushing work remains the same is [sic] that it's entirely opt-in". Yet, someone was stupid enough to demand that this feature should be opt-in, not opt-out, and 6 people were stupid enough to like that comment.

                    Comment

                    Working...
                    X