[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] HT Vulnerability CAN-2005-0109

To: "Nils Toedtmann" <xen-devel@xxxxxxxxxxxxxxxxxx>, "Mark Williamson" <mark.williamson@xxxxxxxxxxxx>
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Thu, 19 May 2005 11:59:37 +0100
Cc: david.hopwood@xxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 19 May 2005 10:59:13 +0000
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: AcVcXpD5lnymn8jrTcuYwlX6UP/DwAAAcoJA
Thread-topic: [Xen-devel] HT Vulnerability CAN-2005-0109

 
> At the moment, they release quick workarounds like hardening 
> crypto libs against timing attacks
> 
>   <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157631>

This is the correct soloution. I was rather shocked to find the crypto
libs weren't already hardened for such attacks. It's not as though this
is anything new, just a higher bandwidth version of something that has
been known about for years.

> or disabling HT

This is not necessary on Xen. Just allocate domains to CPUs such that
you don't put potentially non-cooperative domains on the same core. E.g.
if you're using dom0 just for running the control tool and device
drivers, just give it one hyperthread and don't allow any other domain
to use it. This is a pretty sensible way to use HT with Xen anyhow.

Ian


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- RE: [Xen-devel] HT Vulnerability CAN-2005-0109
  - From: Nils Toedtmann

Prev by Date: Re: [Xen-devel] Xeno-unstable crashing at boot
Next by Date: Re: [Xen-devel] [PATCH] replace tabs with spaces of Python code
Previous by thread: Re: [Xen-devel] HT Vulnerability CAN-2005-0109
Next by thread: RE: [Xen-devel] HT Vulnerability CAN-2005-0109
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.