> I can' t see how can be more secure to have a root process running only in
> a CPU instead of allow the kernel to run it in the fist idle.
> Could you explian me how could be more secure?
For example if you compute a cryptographic algorithm in the root
process then some information leaks over thread/process boundaries
(e.g. cycle counters, or cache line information etc.) and could be
used to recover the secret key. If Linux wanted B1 level security then
this would have to be addressed.
Search the web for 'side-chanel cryptoanalysis' or 'timing attacks'
for more information about this. e.g. http://www.counterpane.com/side_channel.html
Note that the leaking of the cycle counters on Intel could be easily
fixed: Intel has a flag to only allow reading them in superuser mode -
it would require an addition to prctl() [or trapping the resulting
exception of a user space read, but that is ugly]. This would result
in more reliable cycle counters too, because they could be saved between
threads - currently they're all system global.
> Also how can be it more efficient for multithreading?
At least it is required for lots of hard real time applications.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html