> Date: Wed, 20 Jun 2018 13:05:05 +0100 > From: Stuart Henderson <s...@spacehopper.org> > > ----- Forwarded message from Mark Kettenis <kette...@openbsd.org> ----- > > From: Mark Kettenis <kette...@openbsd.org> > Date: Tue, 19 Jun 2018 13:29:52 -0600 (MDT) > To: source-chan...@openbsd.org > Subject: CVS: cvs.openbsd.org: src > > CVSROOT: /cvs > Module name: src > Changes by: kette...@cvs.openbsd.org 2018/06/19 13:29:52 > > Modified files: > sys/arch/amd64/amd64: cpu.c > sys/arch/amd64/include: cpu.h > sys/kern : kern_sched.c kern_sysctl.c > sys/sys : sched.h sysctl.h > > Log message: > SMT (Simultanious Multi Threading) implementations typically share > TLBs and L1 caches between threads. This can make cache timing > attacks a lot easier and we strongly suspect that this will make > several spectre-class bugs exploitable. Especially on Intel's SMT > implementation which is better known as Hypter-threading. We really > should not run different security domains on different processor > threads of the same core. Unfortunately changing our scheduler to > take this into account is far from trivial. Since many modern > machines no longer provide the ability to disable Hyper-threading in > the BIOS setup, provide a way to disable the use of additional > processor threads in our scheduler. And since we suspect there are > serious risks, we disable them by default. This can be controlled > through a new hw.smt sysctl. For now this only works on Intel CPUs > when running OpenBSD/amd64. But we're planning to extend this feature > to CPUs from other vendors and other hardware architectures. > > Note that SMT doesn't necessarily have a posive effect on performance; > it highly depends on the workload. In all likelyhood it will actually > slow down most workloads if you have a CPU with more than two cores. > > ok deraadt@ > > > ----- End forwarded message ----- > > Some programs use hw.ncpu / sysconf(_SC_NPROCESSORS_ONLN) to determine > how many threads/processes to run. (To pick an example from OpenBSD > itself, dpb uses hw.ncpu), should we be adjusting that somehow?
sysconf(_SC_NPROCESSORS_ONLN) should probably exclude the offlined HT threads. But changing hw.ncpu is difficult as we have code that uses that to enumerate the CPUs. And on some machines cpu0 and cpu1 are the threads of core 0 and cpu2 and cpu3 are the threads on core 1. So if hw.ncpu was set to 2, top(1) for example would only show CPU0 and CPU1 with CPU1 being 100% idle.
