Re: [RFC PATCH v3 00/16] Core scheduling v3
From: Tim Chen
Date: Wed Aug 28 2019 - 11:59:24 EST
On 8/27/19 2:50 PM, Peter Zijlstra wrote:
> On Tue, Aug 27, 2019 at 10:14:17PM +0100, Matthew Garrett wrote:
>> Apple have provided a sysctl that allows applications to indicate that
>> specific threads should make use of core isolation while allowing
>> the rest of the system to make use of SMT, and browsers (Safari, Firefox
>> and Chrome, at least) are now making use of this. Trying to do something
>> similar using cgroups seems a bit awkward. Would something like this be
> Sure; like I wrote earlier; I only did the cgroup thing because I was
> lazy and it was the easiest interface to hack on in a hurry.
> The rest of the ABI nonsense can 'trivially' be done later; if when we
> decide to actually do this.
> And given MDS, I'm still not entirely convinced it all makes sense. If
> it were just L1TF, then yes, but now...
For MDS, core-scheduler does prevent thread to thread
attack between user space threads running on sibling CPU threads.
Yes, it doesn't prevent the user to kernel attack from sibling
which will require additional mitigation measure. However, it does
block a major attack vector for MDS if HT is enabled.