Project

General

Profile

Actions
Copy link

Bug #12945

open

SMT exclusion should be by pid rather than zoneid

Added by Patrick Mooney almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

One part of #11048 was an API to restrict workloads from running on SMT pairs when vulnerable (or potentially aggressive) workloads were running on the sibling. This was primarily to mitigate HVM guests from using micro-architectural side channel attacks against the host or other guests. Originally this exclusion was implemented using zoneid as the identifier to distinguish security boundaries. It would be valuable to change this to pid. Doing so would better protect other host software running in a zone with an HVM instance, or when multiple HVM instances are running together in a (potentially global) zone.

Related issues

Related to illumos gate - Bug #12923: SMT exclusion should not balk at GZClosedPatrick Mooney

Actions
Related to illumos gate - Bug #11048: need a way to disable SMTClosedJerry Jelinek2019-05-17

Actions
Actions
Copy link
 #1

Updated by Patrick Mooney almost 3 years ago

  • Related to Bug #12923: SMT exclusion should not balk at GZ added
Actions
Copy link
 #2

Updated by Patrick Mooney almost 3 years ago

  • Related to Bug #11048: need a way to disable SMT added
Actions
Copy link

Also available in: Atom PDF