Cheating Process Scheduler Algorithms

Thomas Ptacek | July 12th, 2007 | Filed Under: New Findings, Uncategorized

Via Slashdot:

You’re a bad guy sharing a Linux server with a bunch of good people. All of you are running processes and those processes share access to the CPU by working in 10-100 millisecond time slices. This is called multitasking.

You don’t want to share because you’re bad. So unlike the good people, your processes:

1. Figure out how long a timeslice is in cycles

2. Sync themselves to the start of a clock tick with a scheduling no-op nanosleep()

3. Execute for fewer instructions than is allocated to a process time slice.

4. Yield back to the scheduler with another nanosleep().

The result, on many OSs, is that the scheduler basically doesn’t “notice” you ran. You get an unfair share of scheduler resources, or even monopolize the CPU.

Yawn.

A question: anyone researching attacks against hypervisor scheduling algorithms? Nobody shares an OS kernel with other people anymore, but in a few years everyone will share iron in side-by-side VMs. I mean, apart from things like Linux KVM virtualization (which is just processes, so is presumably affected somehow).