Security News > 2020 > June > 'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache.
The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Snoop-assisted L1 data sampling is one of a family of vulnerabilities in Intel microprocessors where malware may be able to infer private and sensitive data via inspecting the cache.
"Context switch in itself isn't really relevant as a security domain transfer, but it *is* relevant in the sense that switching from one user to another is a sign of 'uhhuh, now maybe I should be careful when returning to user mode'," said Torvalds.
The discussion reveals the frustration among the kernel maintainers over the difficulty of keeping Linux secure in the face of CPU bugs, and the fact that these cache-related attacks have so many variations.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/06/02/linus_torvalds_unpulls_kernel_58/
Related news
- CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw (source)
- New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (source)
- Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast (source)
- Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs (source)