This is an information for the CPUShare users running CPUShare on top of their Linux systems. If you're a Windows user and you're going to run CPUShare using the CPUShare-LiveCD, this post is not relevant for you. From now on, the posts only relevant for the CPUShare linux users will be part of the "linux" category.

Today the x86-64 TSC disable for seccomp was backed out from the -mm tree, so this means it won't be merged into mainline any time soon.

If you're paranoid about side channels timing attacks and you want maximum security while running the CPUShare sell client on top of the x86-64 architecture (in 64bit mode) you should apply this patch by hand to the kernel before compiling it.

If you're using an x86 architecture you don't need to apply any patch to prevent side channels because the TSC-disable feature is already enabled under seccomp on the x86 architecture (32bit).

Side channel timing attacks are not practical, so it's not possible to quantify the risk of such attacks. Most people agree the risk is not existent in real life but it cannot be demonstrated. So it's up to you to decide if to apply such patch or not if you're running CPUShare on top of a x86-64.

If you want this patch to be included into the linux kernel you should contact Andi Kleen (maintainer of the x86-64 architecture), he claims the risk is null and the patch is not worth it. He may well be right. CPUShare will not attempt to push the TSC-disable patch into the kernel anymore, at least until the CPUShare will take off.