Re: [PATCH v8 -tip 13/26] kernel/entry: Add support for core-wide protection of kernel-mode
From: Joel Fernandes
Date: Mon Nov 02 2020 - 19:20:14 EST
On Mon, Oct 19, 2020 at 08:41:04PM -0700, Randy Dunlap wrote:
> On 10/19/20 6:43 PM, Joel Fernandes (Google) wrote:
> >
> > ---
> > .../admin-guide/kernel-parameters.txt | 7 +
> > include/linux/entry-common.h | 2 +-
> > include/linux/sched.h | 12 +
> > kernel/entry/common.c | 25 +-
> > kernel/sched/core.c | 229 ++++++++++++++++++
> > kernel/sched/sched.h | 3 +
> > 6 files changed, 275 insertions(+), 3 deletions(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 3236427e2215..48567110f709 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -4678,6 +4678,13 @@
> > sbni= [NET] Granch SBNI12 leased line adapter
> > + sched_core_protect_kernel=
>
> Needs a list of possible values after '=', along with telling us
> what the default value/setting is.
Ok, I made it the following:
sched_core_protect_kernel=
[SCHED_CORE] Pause SMT siblings of a core running in
user mode, if at least one of the siblings of the core
is running in kernel mode. This is to guarantee that
kernel data is not leaked to tasks which are not trusted
by the kernel. A value of 0 disables protection, 1
enables protection. The default is 1.
thanks,
- Joel
> > + [SCHED_CORE] Pause SMT siblings of a core running in
> > + user mode, if at least one of the siblings of the core
> > + is running in kernel mode. This is to guarantee that
> > + kernel data is not leaked to tasks which are not trusted
> > + by the kernel.
> > +
>
>
> thanks.