On Tue, Jun 19, 2018 at 01:29:52PM -0600, Mark Kettenis wrote:
> CVSROOT:      /cvs
> Module name:  src
> Changes by:   kette...@cvs.openbsd.org        2018/06/19 13:29:52
> 
> Modified files:
>       sys/arch/amd64/amd64: cpu.c 
>       sys/arch/amd64/include: cpu.h 
>       sys/kern       : kern_sched.c kern_sysctl.c 
>       sys/sys        : sched.h sysctl.h 
> 
> Log message:
> SMT (Simultanious Multi Threading) implementations typically share
> TLBs and L1 caches between threads.  This can make cache timing
> attacks a lot easier and we strongly suspect that this will make
> several spectre-class bugs exploitable.  Especially on Intel's SMT
> implementation which is better known as Hypter-threading.  We really
> should not run different security domains on different processor
> threads of the same core.  Unfortunately changing our scheduler to
> take this into account is far from trivial.  Since many modern
> machines no longer provide the ability to disable Hyper-threading in
> the BIOS setup, provide a way to disable the use of additional
> processor threads in our scheduler.  And since we suspect there are
> serious risks, we disable them by default.  This can be controlled
> through a new hw.smt sysctl.  For now this only works on Intel CPUs
> when running OpenBSD/amd64.  But we're planning to extend this feature
> to CPUs from other vendors and other hardware architectures.
> 
> Note that SMT doesn't necessarily have a posive effect on performance;
> it highly depends on the workload.  In all likelyhood it will actually
> slow down most workloads if you have a CPU with more than two cores.
> 
> ok deraadt@

Thanks to Ben Gras of VUSec for sharing an early version the research paper
with us. More details will be made public soon as 'tlbleed'.

Cheers,
-- 
jasper

Reply via email to