From: Con Kolivas <kernel@kolivas.org>
To: linux kernel mailing list <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@elte.hu>
Cc: ck list <ck@vds.kolivas.org>
Subject: [PATCH] Sample fix for hyperthread exploit
Date: Wed, 1 Jun 2005 21:58:39 +1000 [thread overview]
Message-ID: <200506012158.39805.kernel@kolivas.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 889 bytes --]
With respect to the recently publicised theoretical exploit for tasks running
on hyperthread siblings, we already have in our hyperthreading code the
ability to suspend running of tasks on siblings based on their behaviour. We
could extend that if so desired as a plug for this theoretical exploit. We
could suspend tasks that run on siblings based on their uid to prevent
another user from being able to instrument cache misses from another user's
task. Attached is a sample patch to do just that. It is my understanding that
this exploit is not deemed significant risk anyway, and the attached solution
would cost us in throughput if multiple users' tasks are running
concurrently, but would still be better than disabling hyperthreading. This
patch is more for discussion than inclusion, and is otherwise untested.
Comments?
Signed-off-by: Con Kolivas <kernel@kolivas.org>
[-- Attachment #2: dependent_sleep_on_uid.diff --]
[-- Type: text/x-diff, Size: 1012 bytes --]
Index: linux-2.6.12-rc5-uiddep/kernel/sched.c
===================================================================
--- linux-2.6.12-rc5-uiddep.orig/kernel/sched.c 2005-05-29 19:54:30.000000000 +1000
+++ linux-2.6.12-rc5-uiddep/kernel/sched.c 2005-06-01 21:46:54.000000000 +1000
@@ -2530,6 +2530,21 @@ static inline int dependent_sleeper(int
task_t *smt_curr = smt_rq->curr;
/*
+ * Don't let tasks from different users run on siblings that
+ * share caches to avoid the security risk of cache misses.
+ * If an equal priority task is already running let that one
+ * continue, otherwise let only the better priority task run.
+ */
+ if (p->uid != smt_curr->uid && p->mm && smt_curr->mm) {
+ if (smt_curr->prio <= p->prio) {
+ ret = 1;
+ continue;
+ }
+ resched_task(smt_curr);
+ continue;
+ }
+
+ /*
* If a user task with lower static priority than the
* running task on the SMT sibling is trying to schedule,
* delay it till there is proportionately less timeslice
next reply other threads:[~2005-06-01 11:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-01 11:58 Con Kolivas [this message]
2005-06-01 12:06 ` [PATCH] Sample fix for hyperthread exploit Arjan van de Ven
2005-06-01 12:13 ` Con Kolivas
2005-06-01 17:25 ` Chris Wright
2005-06-01 19:29 ` Arjan van de Ven
2005-06-02 2:49 ` Ingo Molnar
2005-06-02 2:57 ` Con Kolivas
2005-06-02 6:28 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200506012158.39805.kernel@kolivas.org \
--to=kernel@kolivas.org \
--cc=ck@vds.kolivas.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox