Speaker
Description
This presentation will describe the growing complexity of mitigations for CPU side-channel vulnerabilities, the challenges they pose to the Linux kernel and what we can do to minimize the performance impact. It will also present the difficulty of maintaining various mitigation options, and the intrusive nature of mitigations that affect the core areas like context switch and kernel entry/exit points. To give an idea on this growing complexity, since 2018 nearly 20 new X86_BUG_* have been added. During the same period x86 bugs.c alone grew from 62 to ~3000 LOC. The presentation will finally explore the challenges of ensuring comprehensive protection while minimizing impact on system performance. Probing the possibility of new modes and trust model that aims to spare the hammer on trusted applications.