When user and kernel mode processes are scheduled to run simultaneously on the same physical processor core via simultaneous multithreading, processor vulnerabilities can result in sensitive data restricted to kernel-mode processes being leaked to user-mode processes. While disabling simultaneous multithreading or use of a scheduler that determines sequence of execution can prevent such leakage, these changes degrade processor performance. This disclosure describes the use of per-CPU counters to track when each physical core of a processor begins and ends the execution of a program thread running in the kernel mode. Upon detection of such a thread, the core is identified as being in an unsafe state and all user-mode tasks are halted using an inter-processor interrupt.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.