From owner-freebsd-arch@FreeBSD.ORG Sat May 21 23:30:34 2005 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 957A716A471 for ; Sat, 21 May 2005 23:30:34 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0FA443D88 for ; Sat, 21 May 2005 23:11:15 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mr2so.prod.shaw.ca (pd4mr2so-qfe3.prod.shaw.ca [10.0.141.213]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGV0055J4ERGP30@l-daemon> for freebsd-arch@freebsd.org; Sat, 21 May 2005 17:11:15 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd4mr2so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGV003604EROJ90@pd4mr2so.prod.shaw.ca> for freebsd-arch@freebsd.org; Sat, 21 May 2005 17:11:15 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IGV0079S4EQ01@l-daemon> for freebsd-arch@freebsd.org; Sat, 21 May 2005 17:11:15 -0600 (MDT) Date: Sat, 21 May 2005 16:11:07 -0700 From: Colin Percival To: freebsd-arch@freebsd.org Message-id: <428FC00B.3080909@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) Subject: Scheduler fixes for hyperthreading X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 May 2005 23:30:35 -0000 As you are probably all aware by now, HyperThreading has been disabled on the stable and security branches due to a problem with information leakage between threads which are scheduled simultaneously on the two processor cores. Clearly, some people (and at least one large company) are unhappy about us having hyperthreading disbaled, so the security team would like to see hyperthreading re-enabled by default as soon as we believe that this can be done safely. The following must be done before hyperthreading is re-enabled: 1. The scheduler must be taught to not run threads on the same processor core unless they p_candebug() each other. For reasons of performance and locking, this is probably best accomplished by only allowing threads to share a processor core if they belong to the same process. 2. When a thread is in the kernel, there must be a mechanism for it to IPI its siblings and put them to sleep, and then wake them up later. This would be used any time when a thread in the kernel is about to handle sensitive data in a non-oblivious manner; IPsec is a good example of where this would be necessary. Does anyone want to step forward to work on this? Colin Percival