"On x86-64, there are two CPU settings which control the kernel’s ability to access memory." There are a couple more than two, even in 2021. Memory Protection Keys come to mind, as do the NPT/EPT tables when…
Here's an implementation that one of the OpenStreetmap applications uses: https://josm.openstreetmap.de/browser/josm/trunk/src/org/ope... It used to use a linear list of points, but it was VERY slow to draw, so I hacked…
The AVX disable is only when you use "gather_data_sampling=force". The default is to leave AVX alone and proclaim the system to be vulnerable. From https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... : >…
Uh... Did I miss the patches that add a pre-zeroed page pool to Linux? Wouldn't be the first time I missed something like that getting added, but 6.3-rc5 definitely zeroes _some_ pages at allocation time, and I don't…
There honestly isn't that much "tech" to speak of here. We were literally talking about "immutable" mappings last week in Linux land: https://lore.kernel.org/all/b4f0dca5-1d15-67f7-4600-9a0a91e9... That said, this would…
There's at least one extremely well documented example of a killer whale that played extensively with boats: https://en.wikipedia.org/wiki/Luna_(orca) Granted, this was a lonely little fellow. But, he knew perfectly…
They actually leave lots of evidence. A transient eating a seal is messy business and there are lots of seal bits and chunks left over. Eva Saulitis describes the aftermath in several cases in her book…
From: https://arstechnica.com/gadgets/2020/10/in-a-first-researche... "In a statement, Intel officials wrote: ... we do not rely on obfuscation of information behind red unlock as a security measure." (BTW, I work on…
Actually, its primary design goal is to make address sanitizers faster. Right now, all the code that touches a sanitizer-tagged address must be recompiled to understand how to place and remove the tag. These…
By an "AMD push" do you mean Intel should post a superior implementation a year before AMD does? ;) https://lore.kernel.org/lkml/20210205151631.43511-1-kirill.s... BTW, MPX was clearly not the right thing. Nobody really…
It's not just drivers. It's really about ensuring that the folks that maintain the kernel have a way to test the code they maintain. The reasons that we (the kernel maintainers) have for this requirement are varied.…
Yes, it's been a pretty close relationship for a long, long time. What does Intel get out of this? I'm really hoping that Intel gets help improving the kernel from a talented bunch of kernel developers who have…
I hope so too! But, I was trying to think of if I've ever seen the Linutronix folks working on the Intel graphics code. I don't think I have: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... For very…
I personally have a tendency to match the speed of the cars around me. IMNHO, most cars speed through school zones. I use cruise control as a tool to prevent me from accidentally matching the speed of the cars around me…
> Where does Tesla provide a list of such limitations for it's customers, One specific place is first sentence of the FSD Beta welcome email: "Full Self-Driving is in limited early access Beta and must be used with…
I sure hope it stays around in servers for a long time. Some of us at Intel are actively working on expanding the existing kernel support: https://lore.kernel.org/lkml/cover.1638381245.git.reinette.c... Intel's…
The Y's overall visibility is objectively better than my old sedan. It's also really hard to have that really aerodynamic shape and good rear visibility. The Y's visibility reminds me of a Prius in a lot of ways. I've…
They turned my radar off when I got the FSD beta. It's hard to tell what is from losing radar versus getting FSD itself, but I think I liked the radar better. It seemed to perform better and have less phantom braking.
The rear visibility felt weird when I test drove it for sure, coming from a normal sedan. But, over a year in to ownership, it never feels tiny when driving it. All the cameras and sensors make it a MILLION times better…
> "the meltdown patch in the kernel thats disabled by default" I'm not sure to what you are referring to here. I was one of the people who worked on the Linux PTI implementation that mitigated Meltdown. My memory is not…
While there are ways to disable mitigation against many of the side-channel issues, this is not one of them. I believe this one is mitigated by the "sbb;and" sequence here:…
While I'm sure there are folks that would appreciate the mitigation provided by that package, I'm not sure it provides any mitigation to this _specific_ exploit. The in-kernel Spectre-v1 mitigations, like:…
> - To what extend is this fixed by the mitigations which the kernel provides [0] for the Intel bugs? What do I have to add to my kernel command line? The key part of this post is "In my lab, on a vulnerable Fedora"…
> Physical addresses are just your RAM bytes numbered 1 through whatever. Not really. There are lots of holes in the physical address map. Look at /proc/iomem. Look at all of the gunk in there at addresses lower than…
Yes, this is probably it. More specifically, any 128MB areas in the physical address space that do not have "System RAM" will not get a memoryN directory. You can view all the "System RAM" areas in /proc/iomem (if root,…
"On x86-64, there are two CPU settings which control the kernel’s ability to access memory." There are a couple more than two, even in 2021. Memory Protection Keys come to mind, as do the NPT/EPT tables when…
Here's an implementation that one of the OpenStreetmap applications uses: https://josm.openstreetmap.de/browser/josm/trunk/src/org/ope... It used to use a linear list of points, but it was VERY slow to draw, so I hacked…
The AVX disable is only when you use "gather_data_sampling=force". The default is to leave AVX alone and proclaim the system to be vulnerable. From https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... : >…
Uh... Did I miss the patches that add a pre-zeroed page pool to Linux? Wouldn't be the first time I missed something like that getting added, but 6.3-rc5 definitely zeroes _some_ pages at allocation time, and I don't…
There honestly isn't that much "tech" to speak of here. We were literally talking about "immutable" mappings last week in Linux land: https://lore.kernel.org/all/b4f0dca5-1d15-67f7-4600-9a0a91e9... That said, this would…
There's at least one extremely well documented example of a killer whale that played extensively with boats: https://en.wikipedia.org/wiki/Luna_(orca) Granted, this was a lonely little fellow. But, he knew perfectly…
They actually leave lots of evidence. A transient eating a seal is messy business and there are lots of seal bits and chunks left over. Eva Saulitis describes the aftermath in several cases in her book…
From: https://arstechnica.com/gadgets/2020/10/in-a-first-researche... "In a statement, Intel officials wrote: ... we do not rely on obfuscation of information behind red unlock as a security measure." (BTW, I work on…
Actually, its primary design goal is to make address sanitizers faster. Right now, all the code that touches a sanitizer-tagged address must be recompiled to understand how to place and remove the tag. These…
By an "AMD push" do you mean Intel should post a superior implementation a year before AMD does? ;) https://lore.kernel.org/lkml/20210205151631.43511-1-kirill.s... BTW, MPX was clearly not the right thing. Nobody really…
It's not just drivers. It's really about ensuring that the folks that maintain the kernel have a way to test the code they maintain. The reasons that we (the kernel maintainers) have for this requirement are varied.…
Yes, it's been a pretty close relationship for a long, long time. What does Intel get out of this? I'm really hoping that Intel gets help improving the kernel from a talented bunch of kernel developers who have…
I hope so too! But, I was trying to think of if I've ever seen the Linutronix folks working on the Intel graphics code. I don't think I have: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... For very…
I personally have a tendency to match the speed of the cars around me. IMNHO, most cars speed through school zones. I use cruise control as a tool to prevent me from accidentally matching the speed of the cars around me…
> Where does Tesla provide a list of such limitations for it's customers, One specific place is first sentence of the FSD Beta welcome email: "Full Self-Driving is in limited early access Beta and must be used with…
I sure hope it stays around in servers for a long time. Some of us at Intel are actively working on expanding the existing kernel support: https://lore.kernel.org/lkml/cover.1638381245.git.reinette.c... Intel's…
The Y's overall visibility is objectively better than my old sedan. It's also really hard to have that really aerodynamic shape and good rear visibility. The Y's visibility reminds me of a Prius in a lot of ways. I've…
They turned my radar off when I got the FSD beta. It's hard to tell what is from losing radar versus getting FSD itself, but I think I liked the radar better. It seemed to perform better and have less phantom braking.
The rear visibility felt weird when I test drove it for sure, coming from a normal sedan. But, over a year in to ownership, it never feels tiny when driving it. All the cameras and sensors make it a MILLION times better…
> "the meltdown patch in the kernel thats disabled by default" I'm not sure to what you are referring to here. I was one of the people who worked on the Linux PTI implementation that mitigated Meltdown. My memory is not…
While there are ways to disable mitigation against many of the side-channel issues, this is not one of them. I believe this one is mitigated by the "sbb;and" sequence here:…
While I'm sure there are folks that would appreciate the mitigation provided by that package, I'm not sure it provides any mitigation to this _specific_ exploit. The in-kernel Spectre-v1 mitigations, like:…
> - To what extend is this fixed by the mitigations which the kernel provides [0] for the Intel bugs? What do I have to add to my kernel command line? The key part of this post is "In my lab, on a vulnerable Fedora"…
> Physical addresses are just your RAM bytes numbered 1 through whatever. Not really. There are lots of holes in the physical address map. Look at /proc/iomem. Look at all of the gunk in there at addresses lower than…
Yes, this is probably it. More specifically, any 128MB areas in the physical address space that do not have "System RAM" will not get a memoryN directory. You can view all the "System RAM" areas in /proc/iomem (if root,…