Eric Biggers, one of the developers of the Adiantum cipher and maintainer of the fscrypt Linux kernel subsystem, proposed a set of patches to block security problems arising from the peculiarity of Intel processors that does not guarantee constant execution times for instructions for different processed data. In Intel processors, the problem manifests itself starting with the Ice Lake family. A similar problem is observed in ARM processors.
Dependence of the execution time of instructions on the data processed in these instructions is regarded by the author of the patches as a vulnerability in processors, since such behavior cannot guarantee the security of cryptographic operations performed in the system. Many implementations of cryptographic algorithms rely on the fact that data does not affect the execution time of instructions, and violation of this behavior can lead to the creation of side-channel attacks that recover data based on analysis of the processing time.
Potentially, runtime dependence on data can also be used to organize attacks to determine kernel data from user space. According to Eric Biggers, even for instructions that perform addition and XOR operations, as well as for specialized AES-NI instructions, a constant execution time is not provided by default (the information is not confirmed by tests, according to other data, there is a delay of one cycle when multiplying vectors and counting bits ).
To disable this behavior, Intel and ARM have proposed new flags: the DIT (Data Independent Timing) PSTATE bit for ARM CPUs and the DOITM (Data Operand Independent Timing Mode) MSR bit for Intel CPUs, returning the old behavior with constant execution time. Intel and ARM recommend turning on protection as needed for critical code, but in reality, important calculations can occur in any part of the kernel and user space, so the possibility of permanently enabling DOITM and DIT modes for the entire kernel is being considered.
For ARM processors, the Linux 6.2 kernel branch has already received patches that change the behavior for the kernel, but these patches are considered insufficient, since they only cover the kernel code and do not change the behavior for the user space. For Intel processors, the inclusion of protection is still at the stage of review. The impact of the patch on performance has not yet been measured, but according to Intel documentation, enabling DOITM mode reduces performance (for example, due to disabling some optimizations, such as data-specific preloading), and in future processor models, performance degradation may increase.
Source: opennet.ru