Language Selection

English French German Italian Portuguese Spanish

Linux: Detainting the Kernel, x86, and LF's Open Networking Foundation

Filed under
Linux
  • diff -u: Detainting the Kernel

    Sometimes someone submits a patch without offering a clear explanation of why the patch would be useful, and when questioned by the developers, the person offers vague or hypothetical explanations. Something like that happened recently when Matthew Garrett submitted a patch to disable a running kernel's ability to detect whether it was running entirely open-source code.

    Specifically, he wanted to be able to load unsigned modules at runtime, without the kernel detecting the situation and "tainting" itself. Tainting the kernel doesn't affect its behavior in any significant way, but it is extremely useful to the kernel developers, who typically will refuse to chase bug reports on any kernel that uses closed-source software. Without a fully open-source kernel, there's no way to know that a given bug is inside the open or closed portion of the kernel. For this reason, anyone submitting bug reports to the kernel developers always should make sure to reproduce the bug on an untainted kernel.

  • Intel & AMD IOMMU Improvements Slated For Linux 4.16

    With the in-development Linux 4.16 kernel there are improvements to note for both AMD and Intel users.

  • The Complete Schedule for Open Networking Summit North America Is Now Live

        

    In addition, hear from industry visionaries in keynote sessions; attend LF Networking, Acumos Project, and Open Networking Foundation Developer Forums; and sign up for technical training on ONAP & OPNFV.

More in Tux Machines

Security: Japan's Top Cybersecurity Official, SuperCooKey, Information Breach on HealthCare.gov

  • Security News This Week: Japan's Top Cybersecurity Official Has Never Used a Computer
  • SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

    TLS 1.3 has a heavily touted feature called 0-RTT that has been paraded by CloudFlare as a huge speed benefit to users because it allows sessions to be resumed quickly from previous visits. This immediately raised an eyebrow for me because this means that full negotiation is not taking place.

    After more research, I’ve discovered that 0-RTT does skip renegotiation steps that involve generating new keys.

    This means that every time 0-RTT is used, the server knows that you’ve been to the site before, and it knows all associated IPs and sign-in credentials attached to that particular key.

  • Information Breach on HealthCare.gov

    In October 2018, a breach occurred within the Marketplace system used by agents and brokers. This breach allowed inappropriate access to the personal information of approximately 75,000 people who are listed on Marketplace applications.

today's howtos

Android Leftovers

The Spectre/Meltdown Performance Impact On Linux 4.20, Decimating Benchmarks With New STIBP Overhead

As outlined yesterday, significant slowdowns with the Linux 4.20 kernel turned out to be due to the addition of the kernel-side bits for STIBP (Single Thread Indirect Branch Predictors) for cross-HyperThread Spectre Variant Two mitigation. This has incurred significant performance penalties with the STIBP support in its current state with Linux 4.20 Git and is enabled by default at least for Intel systems with up-to-date microcode. Here are some follow-up benchmarks looking at the performance hit with the Linux 4.20 development kernel as well as the overall Spectre and Meltdown mitigation impact on this latest version of the Linux kernel. Some users have said AMD also needs STIBP, but at least with Linux 4.20 Git and the AMD systems I have tested with their up-to-date BIOS/microcode, that hasn't appeared to be the case. Most of the AMD STIBP references date back to January when Spectre/Meltdown first came to light. We'll see in the week ahead if there is any comment from AMD but at this time seems to be affecting up-to-date Intel systems with the Linux 4.20 kernel. Read more