[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: "Jonathan S. Shapiro" <shap@xxxxxxxxxxx>
Date: Wed, 18 May 2005 11:27:00 -0400
Delivery-date: Wed, 18 May 2005 15:26:50 +0000
Importance: Normal
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

> Is it possible that two domain kernels running on the same physical core
but on different ht threads leak information to each other exploiting
this covert/side channels?

It is possible. When exploited, this is a fairly high bandwiidth channel. It is 
possible for the nucleus to prevent this through page coloring. 

All that being said, future processors are moving from HT to multicore. The 
problem then migrates to the L2 cache, where coloring is much less effective. 
It is unlikely that there exists any satisfsactory solution short of flushing 
or disabling the cache, neither of which is pragmatically viable.

Current high assurance requirements don't require that you solve  the channel 
problem. They require that you characterize them and make a reasonable efffort 
to minimize them.

Shap


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] HT Vulnerability CAN-2005-0109
  - From: Mark Williamson

Prev by Date: Re: [Xen-devel] Genapic
Next by Date: Re: [Xen-devel] Re: Genapic
Previous by thread: Re: [Xen-devel] HT Vulnerability CAN-2005-0109
Next by thread: Re: [Xen-devel] HT Vulnerability CAN-2005-0109
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.