HyperThreading begining of the end!

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

As most people know by now Hyperthreading, has a security flaw found by
researchers working with the BSD projects.

http://www.daemonology.net/hyperthreading-considered-harmful/

Another good article can be found here:

http://www.eweek.com/article2/0,1759,1815954,00.asp

After reading the eweek article, it seems that a few people are miffed
at this discovery, one even suggests it might be easier to just take
the machine. Another one suggest that it would best be solved in a
software update, and for now to just turn off HyperThreading.

We know that Intel is moving away from Netburst, and that for the most
part HyperThreading will not be a factor in dual core chips. It only
seems to affect the current lines based on Netburst designs.

I think this will hurry up the demise of HyperThreading, as I really
don't see a big push for software makers like MS to push out an update.
I could see Intel pushing dual core as on option, but wait they have
not released dual core for servers. Since servers will be the most
likely to be affected, I see this as a another AMD win, reason for
switching to dual core AMD chips.

Rthoreau
5 answers Last reply
More about hyperthreading begining
  1. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On 14 May 2005 09:42:42 -0700, "Rthoreau" <rthoreau@iwon.com> wrote:

    >As most people know by now Hyperthreading, has a security flaw found by
    >researchers working with the BSD projects.

    It's not really so much a security flaw in Hyperthreading itself as it
    is a security flaw in the operating systems that can be exploited
    through Hyperthreading. It's also a flaw that should be WELL down the
    list of security concerns for most people, though obviously no
    security concerns can be completely ignored.

    >http://www.daemonology.net/hyperthreading-considered-harmful/
    >
    >Another good article can be found here:
    >
    >http://www.eweek.com/article2/0,1759,1815954,00.asp
    >
    >After reading the eweek article, it seems that a few people are miffed
    >at this discovery, one even suggests it might be easier to just take
    >the machine.

    And he's quite right! Exploiting this issue to gain any meaningful
    information would be excruciatingly difficult. Actually picking up
    the machine and marching out the door with it is probably the easiest
    way to get this info, though it tends to be a bit... um... obvious. A
    much more important concern is for things like buffer overflows and
    more standard methods of gaining increased permissions on a system (as
    is noted in these articles, this is not a remote exploit but one that
    requires a user already have at least limited-permission access to a
    system).

    > Another one suggest that it would best be solved in a
    >software update, and for now to just turn off HyperThreading.

    It can and is being solved with software updates. As a note, it's
    theoretically possible that this sort of exploit could be a factor in
    some other multithreaded architectures, eg. IBM's Power5. It's not
    entirely unlike some other exploits that could theoretically exist for
    more standard multiprocessor setups as well as dual-core chip. The
    only real difference here is that it

    >We know that Intel is moving away from Netburst, and that for the most
    >part HyperThreading will not be a factor in dual core chips. It only
    >seems to affect the current lines based on Netburst designs.
    >
    >I think this will hurry up the demise of HyperThreading, as I really
    >don't see a big push for software makers like MS to push out an update.

    I'd strongly disagree here, this is mostly a non-issue. As mentioned
    above, actually gaining any useful information from this would be MUCH
    more complicated than with any of the multitude of existing security
    flaws, particularly considering it requires that the user already have
    access to the system.

    As for software updates, at least one BSD has already updated their
    code and others will work on it. Since this is such a low-priority
    threat it might take some time for others to release updates, but they
    will happen eventually.

    In any case, the real issue here is more just that this is a new style
    of exploit we don't see much of, that is why it's getting some press.
    There are thousands upon thousands of other known exploits that would
    be much easier for a malicious user to implement. But buffer overflow
    exploits are boring these days, we've all seen too many of them to
    really care much about.

    -------------
    Tony Hill
    hilla <underscore> 20 <at> yahoo <dot> ca
  2. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:

    >I think this will hurry up the demise of HyperThreading,

    What would POSSIBLY lead you to THAT conclusion??

    This apparently only affects multi-user Linux systems.

    Do you REALLY think Intel will STOP using Hyper-Threading because of
    a Linux problem, and a SMALL one at that??


    --

    The truth is out there,

    but it's not interesting enough for most people.
  3. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    On Sat, 14 May 2005 16:34:00 -0400, Tony Hill wrote:

    > On 14 May 2005 09:42:42 -0700, "Rthoreau" <rthoreau@iwon.com> wrote:
    >
    >>As most people know by now Hyperthreading, has a security flaw found by
    >>researchers working with the BSD projects.
    >
    > It's not really so much a security flaw in Hyperthreading itself as it
    > is a security flaw in the operating systems that can be exploited
    > through Hyperthreading. It's also a flaw that should be WELL down the
    > list of security concerns for most people, though obviously no
    > security concerns can be completely ignored.

    "WELL down the list of security concerns for most people" would include
    anyone using _any_ sort of Windows.

    --
    Keith
  4. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Never anonymous Bud wrote:
    > Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:
    >
    >
    >>I think this will hurry up the demise of HyperThreading,
    >
    >
    > What would POSSIBLY lead you to THAT conclusion??
    >
    > This apparently only affects multi-user Linux systems.
    >
    > Do you REALLY think Intel will STOP using Hyper-Threading because of
    > a Linux problem, and a SMALL one at that??

    What lead you to believe this only affects multiuser linux systems? It
    affects any OS that can turn the Hyperthreading on. It was just
    discovered by somebody who was working on a multiuser BSD system.

    Yousuf Khan
  5. Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

    Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:

    >I think this will hurt sales of any Netburst based system,

    Just WHY would a MINOR software problem (easily fixed)
    that exploits Hyper-Threading, have any effect on NetBurst??


    --

    The truth is out there,

    but it's not interesting enough for most people.
Ask a new question

Read More

CPUs Dual Core