Security News > 2020 > June > 'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache.
The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Snoop-assisted L1 data sampling is one of a family of vulnerabilities in Intel microprocessors where malware may be able to infer private and sensitive data via inspecting the cache.
"Context switch in itself isn't really relevant as a security domain transfer, but it *is* relevant in the sense that switching from one user to another is a sign of 'uhhuh, now maybe I should be careful when returning to user mode'," said Torvalds.
The discussion reveals the frustration among the kernel maintainers over the difficulty of keeping Linux secure in the face of CPU bugs, and the fact that these cache-related attacks have so many variations.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/06/02/linus_torvalds_unpulls_kernel_58/
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)