From owner-freebsd-arch@FreeBSD.ORG Mon May 23 01:51:51 2005 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4F7616A41C for ; Mon, 23 May 2005 01:51:51 +0000 (GMT) (envelope-from Anton.Bobrov@Sun.COM) Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C43643D49 for ; Mon, 23 May 2005 01:51:50 +0000 (GMT) (envelope-from Anton.Bobrov@Sun.COM) Received: from phys-gadget-1 ([129.156.85.171]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j4N1pn0T012705 for ; Sun, 22 May 2005 19:51:50 -0600 (MDT) Received: from conversion-daemon.gadget-mail1.uk.sun.com by gadget-mail1.uk.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) id <0IGX005016DW4R@gadget-mail1.uk.sun.com> (original mail from Anton.Bobrov@Sun.COM) for freebsd-arch@freebsd.org; Mon, 23 May 2005 02:51:49 +0100 (BST) Received: from [10.0.1.2] (vpn-129-150-116-35.UK.Sun.COM [129.150.116.35]) by gadget-mail1.uk.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) with ESMTPA id <0IGX002XU6I7HX@gadget-mail1.uk.sun.com>; Mon, 23 May 2005 02:51:49 +0100 (BST) Date: Mon, 23 May 2005 03:54:26 +0200 From: Anton Bobrov In-reply-to: <428FC00B.3080909@freebsd.org> To: Colin Percival Message-id: <429137D2.10801@sun.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en, ru User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 References: <428FC00B.3080909@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: Scheduler fixes for hyperthreading X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 01:51:51 -0000 or perhaps processor sets + processor bindings + tweakable config/api system to allow users to do what they like could address that, no? i know thats alot of work however what you suggest in point 1 + point 2 aint a piece of cake either so as long as somebody goes with the complication maybe its a good idea to make a flexible system that will address other problems and benefits as well? just a thought... Colin Percival wrote: > As you are probably all aware by now, HyperThreading has been > disabled on the stable and security branches due to a problem > with information leakage between threads which are scheduled > simultaneously on the two processor cores. Clearly, some people > (and at least one large company) are unhappy about us having > hyperthreading disbaled, so the security team would like to see > hyperthreading re-enabled by default as soon as we believe that > this can be done safely. > > The following must be done before hyperthreading is re-enabled: > > 1. The scheduler must be taught to not run threads on the same > processor core unless they p_candebug() each other. For reasons > of performance and locking, this is probably best accomplished by > only allowing threads to share a processor core if they belong > to the same process. > 2. When a thread is in the kernel, there must be a mechanism for > it to IPI its siblings and put them to sleep, and then wake them > up later. This would be used any time when a thread in the kernel > is about to handle sensitive data in a non-oblivious manner; IPsec > is a good example of where this would be necessary. > > Does anyone want to step forward to work on this? > > Colin Percival > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"