Adjust dangerous-shared-cache-detection logic from "all shared data
caches are dangerous" to "a shared L1 data cache is dangerous". This is a compromise between paranoia and performance: Unlike the L1 cache, nobody has publicly demonstrated a cryptographic side channel which exploits the L2 cache -- this is harder due to the larger size, lower bandwidth, and greater associativity -- and prohibiting shared L2 caches turns Intel Core Duo processors into Intel Core Solo processors. As before, the 'machdep.hyperthreading_allowed' sysctl will allow even the L1 data cache to be shared. Discussed with: jhb, scottl Security: See FreeBSD-SA-05:09.htt for background material.
This commit is contained in:
parent
b583a2a914
commit
900c118819
@ -385,8 +385,8 @@ cpu_mp_start(void)
|
||||
* are available, use them.
|
||||
*/
|
||||
if (cpu_high >= 4) {
|
||||
/* Ask the processor about up to 32 caches. */
|
||||
for (i = 0; i < 32; i++) {
|
||||
/* Ask the processor about the L1 cache. */
|
||||
for (i = 0; i < 1; i++) {
|
||||
cpuid_count(4, i, p);
|
||||
threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
|
||||
if (hyperthreading_cpus < threads_per_cache)
|
||||
|
@ -434,8 +434,8 @@ cpu_mp_start(void)
|
||||
* are available, use them.
|
||||
*/
|
||||
if (cpu_high >= 4) {
|
||||
/* Ask the processor about up to 32 caches. */
|
||||
for (i = 0; i < 32; i++) {
|
||||
/* Ask the processor about the L1 cache. */
|
||||
for (i = 0; i < 1; i++) {
|
||||
cpuid_count(4, i, p);
|
||||
threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
|
||||
if (hyperthreading_cpus < threads_per_cache)
|
||||
|
Loading…
x
Reference in New Issue
Block a user