Adjust dangerous-shared-cache-detection logic from "all shared data

caches are dangerous" to "a shared L1 data cache is dangerous".  This
is a compromise between paranoia and performance: Unlike the L1 cache,
nobody has publicly demonstrated a cryptographic side channel which
exploits the L2 cache -- this is harder due to the larger size, lower
bandwidth, and greater associativity -- and prohibiting shared L2
caches turns Intel Core Duo processors into Intel Core Solo processors.

As before, the 'machdep.hyperthreading_allowed' sysctl will allow even
the L1 data cache to be shared.

Discussed with:	jhb, scottl
Security:	See FreeBSD-SA-05:09.htt for background material.
This commit is contained in:
cperciva 2006-04-24 21:17:01 +00:00
parent b583a2a914
commit 900c118819
2 changed files with 4 additions and 4 deletions

View File

@ -385,8 +385,8 @@ cpu_mp_start(void)
* are available, use them.
*/
if (cpu_high >= 4) {
/* Ask the processor about up to 32 caches. */
for (i = 0; i < 32; i++) {
/* Ask the processor about the L1 cache. */
for (i = 0; i < 1; i++) {
cpuid_count(4, i, p);
threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
if (hyperthreading_cpus < threads_per_cache)

View File

@ -434,8 +434,8 @@ cpu_mp_start(void)
* are available, use them.
*/
if (cpu_high >= 4) {
/* Ask the processor about up to 32 caches. */
for (i = 0; i < 32; i++) {
/* Ask the processor about the L1 cache. */
for (i = 0; i < 1; i++) {
cpuid_count(4, i, p);
threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
if (hyperthreading_cpus < threads_per_cache)