On Tue, Jun 19, 2018 at 01:29:52PM -0600, Mark Kettenis wrote: > CVSROOT: /cvs > Module name: src > Changes by: kette...@cvs.openbsd.org 2018/06/19 13:29:52 > > Modified files: > sys/arch/amd64/amd64: cpu.c > sys/arch/amd64/include: cpu.h > sys/kern : kern_sched.c kern_sysctl.c > sys/sys : sched.h sysctl.h > > Log message: > SMT (Simultanious Multi Threading) implementations typically share > TLBs and L1 caches between threads. This can make cache timing > attacks a lot easier and we strongly suspect that this will make > several spectre-class bugs exploitable. Especially on Intel's SMT > implementation which is better known as Hypter-threading. We really > should not run different security domains on different processor > threads of the same core. Unfortunately changing our scheduler to > take this into account is far from trivial. Since many modern > machines no longer provide the ability to disable Hyper-threading in > the BIOS setup, provide a way to disable the use of additional > processor threads in our scheduler. And since we suspect there are > serious risks, we disable them by default. This can be controlled > through a new hw.smt sysctl. For now this only works on Intel CPUs > when running OpenBSD/amd64. But we're planning to extend this feature > to CPUs from other vendors and other hardware architectures. > > Note that SMT doesn't necessarily have a posive effect on performance; > it highly depends on the workload. In all likelyhood it will actually > slow down most workloads if you have a CPU with more than two cores. > > ok deraadt@
Thanks to Ben Gras of VUSec for sharing an early version the research paper with us. More details will be made public soon as 'tlbleed'. Cheers, -- jasper