Project

General

Profile

Bug #12945

SMT exclusion should be by pid rather than zoneid

Added by Patrick Mooney about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

One part of #11048 was an API to restrict workloads from running on SMT pairs when vulnerable (or potentially aggressive) workloads were running on the sibling. This was primarily to mitigate HVM guests from using micro-architectural side channel attacks against the host or other guests. Originally this exclusion was implemented using zoneid as the identifier to distinguish security boundaries. It would be valuable to change this to pid. Doing so would better protect other host software running in a zone with an HVM instance, or when multiple HVM instances are running together in a (potentially global) zone.


Related issues

Related to illumos gate - Bug #12923: SMT exclusion should not balk at GZClosed

Actions
Related to illumos gate - Bug #11048: need a way to disable SMTClosed2019-05-17

Actions

History

#1

Updated by Patrick Mooney about 1 month ago

  • Related to Bug #12923: SMT exclusion should not balk at GZ added
#2

Updated by Patrick Mooney about 1 month ago

  • Related to Bug #11048: need a way to disable SMT added

Also available in: Atom PDF