Hello,

Recently I noticed that in the early versions, the kernel scheduler suffers from such an attack,
http://static.usenix.org/event/sec07/tech/full_papers/tsafrir/tsafrir_html/
and it has already been fixed by introducing CFS and nanosecond granularity accounting.

However, as to the statistics exported from kernel to /proc/stat, it seems that the data is updated upon every tick by update_process_times, and the granularity is jiffies.

In my view, for applications which utilize such statistics in userspace, they would still suffer from a time accounting attack, for it is possible for a process to run between two ticks to evade from being accounted (please correct me if I'm wrong). Is there any special reason that /proc/stat only achieves a granularity of jiffies? Is it possible to update the statistics every time the CPU switches to another process instead of upon every tick, and to read TSC for a more accurate time value?

Also, I noticed that the acct_rss_mem1/acct_vm_mem1 area in task_struct is updated upon every tick, and a malicious process is able to occupy a large amount of memory between two ticks. Is it possible to update accumulate memory every time the memory size is modified (for example, insert_page) by adding previous memory times time interval? I'd like to know if it can help to avoid time accounting attack and achieve more accurate statistics.

I'd be appreciate if you can answer my questions. Thanks a lot.

Best Regards,

Wenqiu


Reply via email to