erek
[H]F Junkie
- Joined
- Dec 19, 2005
- Messages
- 10,906
Trashed. Respectable insight from Linus
"The discussion reveals the frustration among the kernel maintainers over the difficulty of keeping Linux secure in the face of CPU bugs, and the fact that these cache-related attacks have so many variations. Referencing a past software fallback for clearing the data buffers to address am MDS (Microarchitectural Data Sampling) bug, Torvalds said: "That one turned out to be not only incredibly expensive, but it didn't work reliably anyway, and was really only written for one microarchitecture."
Amazon as a public cloud provider is particularly sensitive to these data-stealing vulnerabilities because of the implications if one customer were able to spy on the data belonging to another, or data on a virtual machine host. Another AWS engineer, Benjamin Herrenschmidt, entered the discussion to explain: "These patches aren't trying to solve problems happening inside of a customer VM running SMT nor are they about protecting VMs against other VMs on the same system." AWS has a vast range of services all of which need to be secure.
Torvalds said that he is "more than happy to be educated on why I'm wrong" but that "for now I'm unpulling it for lack of data." If AWS can convince him of the value of the patch, it may return. ®"
https://www.theregister.com/2020/06/02/linus_torvalds_kernel_intel_patch/
"The discussion reveals the frustration among the kernel maintainers over the difficulty of keeping Linux secure in the face of CPU bugs, and the fact that these cache-related attacks have so many variations. Referencing a past software fallback for clearing the data buffers to address am MDS (Microarchitectural Data Sampling) bug, Torvalds said: "That one turned out to be not only incredibly expensive, but it didn't work reliably anyway, and was really only written for one microarchitecture."
Amazon as a public cloud provider is particularly sensitive to these data-stealing vulnerabilities because of the implications if one customer were able to spy on the data belonging to another, or data on a virtual machine host. Another AWS engineer, Benjamin Herrenschmidt, entered the discussion to explain: "These patches aren't trying to solve problems happening inside of a customer VM running SMT nor are they about protecting VMs against other VMs on the same system." AWS has a vast range of services all of which need to be secure.
Torvalds said that he is "more than happy to be educated on why I'm wrong" but that "for now I'm unpulling it for lack of data." If AWS can convince him of the value of the patch, it may return. ®"
https://www.theregister.com/2020/06/02/linus_torvalds_kernel_intel_patch/