Announcement

Collapse
No announcement yet.

Google Engineers Argue For Linux "ASI" To Better Deal With Speculative Execution Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Engineers Argue For Linux "ASI" To Better Deal With Speculative Execution Attacks

    Phoronix: Google Engineers Argue For Linux "ASI" To Better Deal With Speculative Execution Attacks

    Proposed a few years ago was Kernel Address Space Isolation (KASI / ASI) for limiting data leaks with the growing number of speculative execution attacks on CPUs. Several organizations have been involved with Address Space Isolation efforts for the Linux kernel including IBM, Oracle, and Google with various approaches. Google engineers earlier this year posted a newer iteration of ASI focused on KVM use for the cloud / VMs. ASI still hasn't made it to the mainline kernel but Google engineers this week at LPC argued that it should be be the path forward for mainline in better dealing with these CPU security vulnerabilities...

    https://www.phoronix.com/news/Google-LPC-ASI-2022

  • #2
    Michael

    Typo/Grammar

    "it should be be the path" should be "it should be the path"

    "both of Google, used Linux Plumbers Conference" should probably be "both of Google, used the Linux Plumbers Conference"

    Comment


    • #3
      Does ASI require disabling hyperthreading to be efficient?

      Comment


      • #4
        Originally posted by gosh000 View Post
        Does ASI require disabling hyperthreading to be efficient?
        This is unclear. But at the very least, it is a better fix that we have currently.

        Most people actually have no need of mitigation at all. We use Linux, not some garbageware by Microshaft. We get our software mostly from trustworthy sources, unlike anything Windows.

        If you do need mitigation, this could be a great advantage over what we currently have.

        Comment


        • #5
          Originally posted by OmniNegro View Post
          Most people actually have no need of mitigation at all. We use Linux, not some garbageware by Microshaft. We get our software mostly from trustworthy sources, unlike anything Windows.
          Hu? So how are you browsing the web then?

          Comment


          • #6
            Originally posted by OmniNegro View Post
            trustworthy sources
            You could not make more bold statement lol. Unless you have CPU, firmware, OS and all the software reviewed by your bare eyes.

            Comment


            • #7
              Michael You posted twice the same thing for the "From Google's take on ASI earlier this year with their KVM-tailored "RFC" patches:" block.

              Comment


              • #8
                Originally posted by geearf View Post
                Michael You posted twice the same thing for the "From Google's take on ASI earlier this year with their KVM-tailored "RFC" patches:" block.
                Copy fail, should be fixed now, thanks.
                Michael Larabel
                https://www.michaellarabel.com/

                Comment


                • #9
                  Originally posted by Anux View Post
                  Hu? So how are you browsing the web then?
                  Firefox. I consider Mozilla a trustworthy source. I am unaware of anything they released that turned out to be infected or to otherwise need mitigations.

                  Comment


                  • #10
                    Originally posted by OmniNegro View Post

                    Firefox. I consider Mozilla a trustworthy source. I am unaware of anything they released that turned out to be infected or to otherwise need mitigations.
                    But there's still Javascript and Wasm that could run on your web browser.

                    Comment

                    Working...
                    X