Linus Torvalds, the head of the Linux kernel project, recently rejected a patch submitted by AWS engineers to mitigate the risk of data breaches from a new type of snooping attack on Intel CPUs. This new type of attack is called the “Sniffing Auxiliary L1 Data Sampling Attack”, or Snoop (CVE-2020-0550).
In March, Pawel Wieczorkiewicz, a software engineer from AWS, pioneered the vulnerability of Intel processors that could leak data from CPU internal memory or caches, including Intel’s popular Xeon and Core family processors. Pawel quickly reported the issue to Intel, which was then positioned by Intel as a medium-severity vulnerability.
The new Snoop attack leverages features such as Intel CPU multi-level caching, cache consistency, and bus listening to leak data from the CPU through the First Level Data Cache (L1D) in the CPU kernel, through the “bus snooping” feature, a cache update that occurs when the data is modified in L1D.
From the perspective of modern CPUs, computers typically use a three-level cache design to improve cpu efficiency. The three-level cache includes the L1 level 1 cache, the L2 level two cache, and the L3 level three-level cache, all integrated within the CPU, and they act as a high-speed data buffer between the CPU and the main memory. L1 is closest to the CPU core; L2 is next; L3 is again. Operating speed: L1 fastest, L2 fastest, L3 slowest; In performing a task, the CPU looks for the data it needs in the fastest L1, can’t find the next fastest L2, and can’t find the L3 again, and L3 doesn’t go to memory.
The first-level cache is actually divided into a first-level data cache (Data Cache, D-Cache, L1D) and a level 1 instruction cache (Instruction Cache, I-Cache, L1I), respectively, for storing data and executing the instruction decoding of data, both of which can be accessed by the CPU at the same time, reducing the CPU multi-core, multi-threaded cache conflict, improve the performance of the processor. The L1I and L1D of the average CPU have the same capacity, for example, the L1 of the I7-8700K is 32KB plus 32KB. The Snoop attack is an attack to steal data from the L1D cache.
However, Intel users do not have to panic, according to Intel officialexplanation, this new attack is “difficult to implement” and does not leak large amounts of data, after all, the L1D cache of data is very limited, and only in the task when the call data is short-lived. “We don’t think snoop attacks are a useful method of attack in a trusted operating system environment, because taking advantage of this vulnerability requires a number of harsh conditions, such as the timing of the attack that coincides with the time the user opens the program, and the data the program invokes is exactly the data that the attacker wants to steal.” “
Following the vulnerability disclosure, another software engineer from AWS, Balbir Singh, submitted a patch for the Linux kernel that enabled Linux applications to choose to automatically refresh l1D caches when a task switch to reduce the risk of a Snoop attack on the Linux system.
“This patch prevents their data from being monitored or leaked via a bypass after the mission is over,” Singh explained in April. “He had intended that the patch would be released with version 5.8 of the Linux kernel. “If supported by hardware, this feature will allow the l1D cache that remains in the CPU after the task is closed based on optional lygout applications calling the prctl() feature.” “
However, Phoronix, a well-known technical test site, points out that refreshing the L1D cache at the end of a task can result in a decrease in CPU performance. Linus Torvalds, the Linux kernel project leader, believes that this will result in a decrease in CPU performance for all Linux users using the patch, whether or not intel lying, and that the patch is strictly rejected, while still making a fuss.
“Because in my opinion, this is basically exporting cache refresh instructions to the user space and providing a way for the process to slow down others who have nothing to do with this,” Torvalds wrote in the mailing list that responded to the submission. “
“In other words, as far as I know, this is the crazy Intel release of a defective CPU that causes problems with virtualization code (which I don’t care about), but it makes no sense to have problems affecting Linux users who don’t have these problems.” “
(Linus’s original text in the mailing list)
“I don’t want an app to run up like, ‘Oh, I’m a special, pretty, so delicate flower, I want to refresh every task cache on l1D, no matter what CPU I’m on, no matter if it’s vulnerable’.” Because this application not only slows down itself, but also slows down other applications. “
In a very Linus-style response, Linus’ reference to virtualization is actually for AWS, which, like other cloud service providers, typically sells virtual cpus with multithreaded (multithreading, SMT) enabled. Linus went on to point out that “task scheduling is distributed with SMT enabled, so it would be foolish to refresh the L1D cache between the end of the task and the start of a new task.” “
It’s worth noting that Indo Molnar, AWS’s chief engineer, also added some context to the patch’s debate in a discussion with Ingo Molnar, a Red Hat Linux kernel contributor. Herrenschmidt acknowledges that the patch doesn’t make sense to SMT, but urges Linux kernel developers not to “throw babies away with bath water” and refutes the notion that AWS wants to sell hyperthreads as virtual cpus. “These patches are not intended to address problems within the customer VMs running SMT, or to protect VMs from other VMs on the same system,” says Herrenschmidt. “
In fact, it’s not the first time Linus has vehemently rejected a patch related to the Intel CPU. In early 2018, intel engineers provided a patch for the indirect branch limit speculation (indirect branch ingspeculative, IBRS) functionality in order to patch the Spectre vulnerability. Linus publicly stated on the mailing list that IBRS would cause a significant reduction in system performance, saying the patch was “a complete garbage”, “Is Intel really going to do this X-like thing?” A mouthful of spit.
Just last month, Linus upgraded his personal computer and unveiled his latest main machine configuration, replacing his CPU with AMD Ryzen Threadripper and giving up an Intel processor for 15 years.