Linux Security News Archives
New Spectre Variants Discovered By Exploiting Micro-op Caches

University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches.

1 May 2021 - Micro-Op Cache Exploits - 40 Comments
Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret

In development for more than one year has been the ability to create secret memory areas on Linux that would be visible only to the owning process and is not mapped for other processes or the kernel page tables. That "memfd_secret" system call has finally materialized in Linux-Next and looking like it could be ready for mainline.

13 April 2021 - memfd_secret - 15 Comments
Linux Core Scheduling Nears The Finish Line To Avoid Flipping Off HT

Besides Linux kernel developers still working to optimize code due to Retpolines overhead three years after Spectre rocked the ecosystem, another area kernel developers have still been actively working on is core scheduling for controlling the behavior of what software can share CPU resources or run on the sibling thread of a CPU core. That core scheduling work is finally closer to the mainline Linux kernel.

25 March 2021 - Core Scheduling - 23 Comments
L1d Cache Flushing On Context Switch Trying Again But More Conservative In 2021

Coming out in early 2020 were patches by an Amazon engineer to implement flushing the L1 data cache on context switching in the name of security given the various data sampling vulnerabilities. That work so far has been rejected from the mainline kernel but today was updated and makes it harder to enable and thus moving forward could stand chances to finally see the opt-in functionality merged to mainline.

8 January 2021 - But Harder To Enable - 4 Comments
A Look At The Big Impact To AES-XTS Encryption Performance From Spectre Retpolines

With it recently being noticed that the Linux AES-NI XTS performance regressed big time from the return trampolines "Retpolines" enacted nearly three years ago as a defense against Spectre, here are some benchmarks looking at the performance cost involved to this day using Retpolines and the impact on the XTS encryption/decryption performance measured by cryptsetup that is used for setting up encrypted disks under Linux.

30 December 2020 - Default vs. mitigations=off - 5 Comments
Oracle Proposing Change To Linux's KPTI Meltdown Mitigation

A proposal and set of patches have been sent out around the Linux kernel's Page Table Isolation (PTI/KPTI) implementation to defer switching from the user page-table to kernel page-table until later in the kernel entry sequence. There are possible performance benefits and code improvements that would stem from this change.

10 November 2020 - Kernel Page Table Isolation - 9 Comments
Trenchboot Secure Launch Support For Linux Sees New Patches

For a while now Oracle engineers and others have been working on Trenchboot as a means of secure launch/boot support when paired with the likes of Intel TXT and AMD SKINIT for trusted execution and configuring each piece of the software boot chain for trusted/secure handling. The latest kernel patches have been sent out for review for secure launching of the kernel.

25 September 2020 - Trenchboot - 6 Comments
Google Engineer Calls For Greater Collaboration On Speculative Execution Mitigations

When it comes to kernel address space isolation (ASI) and other yet-to-be-merged security features around fending off speculative execution attacks, there are multiple concurrent efforts by many of the public cloud providers and other hyperscalers. A Google engineer at this week's Linux Plumbers Conference has called for more collaboration in this area to ideally provide a unified solution.

28 August 2020 - Address Space Isolation, Etc - 6 Comments
Kernel ASI Still Being Worked On For Protecting Against Hyper Threading Data Leaks

At this week's Linux Plumbers Conference there were DigitalOcean engineers providing an update on their CoreScheduling work in the era of vulnerabilities affecting Hyper Threading. Oracle meanwhile presented today at LPC2020 on their Kernel Address Space Isolation (ASI) functionality for dealing with Hyper Threading data leakage in a different manner, but the performance costs are still being evaluated.

26 August 2020 - Address Space Isolation - Add A Comment
Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

6 August 2020 - Reviving Foreshadow - 42 Comments

183 Linux Security news articles published on Phoronix.