tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: AES leaks, cgd ciphers, and vector units in the kernel



On Wed, Jun 17, 2020 at 11:36:11PM +0000, Taylor R Campbell wrote:
> Thoughts?  Comments?  Objections?  Musical numbers by Groucho Marx on
> the nature of consensus?

I like all of it, especially the fpu kernel thread part you did leave
out for now, which I wanted since we started thinking about in-kernel
audio mixing ;-}

One minor nit: with the performance impact that high, and there being
setups where runtime side channel attacks are totally not an issue,
maybe we should leave the old code in place for now, #ifdef'd as
default-off options to provide time for a full reconstruction (or untill
the machine gets update to "the last decade" cpu)?

I have a setup like that, but in my case throughput is not local cpu
bound at all, so not a big deal for me - but I guess others could be
affected (here it is: trusted admin-only server w/o any side channel attack
surfaces, backup via rsync to CGD over ISCSI over VPN to off site device,
slow VPN being the limiting factor - and don't ask, parts of that construction
were not negotiable, like the final target device and the types of connections
it offers).

Martin


Home | Main Index | Thread Index | Old Index