Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation

Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data (L1D) CPU cache.


The patch from AWS engineer Balbir Singh was to provide "an opt-in (prctl driven) mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."


Snoop-assisted L1 data sampling is one of a family of vulnerabilities in Intel microprocessors where malware may be able to infer private and sensitive data via inspecting the cache. "Snoop-assisted L1D sampling requires the snoop to hit a modified cache line in the exact same single core clock cycle window as the faulting/assisting/aborting load," explains Chipzilla.


Clearing the cache whenever the active thread or process switches out attempts to mitigate this and other potential threats, but harms performance.


The patch was added to the code for the 5.8 kernel, which will be the next release, but removed after review by Torvalds. "It looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say 'slow ..

Support the originator by clicking the read the rest link below.