Re: [PATCH] Sample fix for hyperthread exploit

From: Arjan van de Ven
Date: Wed Jun 01 2005 - 14:36:30 EST


On Wed, 2005-06-01 at 10:25 -0700, Chris Wright wrote:
> * Con Kolivas (kernel@xxxxxxxxxxx) wrote:
> > On Wed, 1 Jun 2005 22:06, Arjan van de Ven wrote:
> > > > Comments?
> > >
> > > I don't think it's really worth it, but if you go this way I'd rather do
> > > this via a prctl() so that apps can tell the kernel "I'd like to run
> > > exclusive on a core". That'd be much better than blindly isolating all
> > > applications.
> >
> > I agree, and this is where we (could) implement the core isolation. I'm still
> > under the impression (as you appear to be) that this theoretical exploit is
> > not worth trying to work around.
>
> Also, uid is not sufficient. Something more comprehensive (like ability
> to ptrace) would be appropriate.

I would go a lot simpler. App says "I want exclusivity" via pctl and
NOTHING runs on the other half. Well maybe with exceptions of processes
that share the mm with the exclusive one (in practice "threads") since
those could just read the memory anyway.

ptrace-ability goes wonky the moment the "secret bearing" thread revokes
something that would make ptrace be denied consequently ... means we'd
have to find all those cases and make all of them bump the other app of
the cpu. smells too complex to me for such a rare event -> hard to get
fail proof.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/