OpenBSD Will Disable Intel Hyper-Threading To Avoid Spectre-Like Exploits (Updated)

News
By Lucian Armasu
published

Update, 6/21/18, 6:40am PT: 
Intel released a statement to Tom's Hardware about this issue:

"Protecting our customers and their data continues to be a critical priority for us. We are looking into this feedback and thank the community for their ongoing efforts.”

Original, 6/20/18, 9:20am PT: 

OpenBSD, an open source operating system that focuses on security, announced that it will disable Intel’s Hyper-Threading (HT) feature so that attackers can no longer employ Spectre-like cache timing attacks.

Intel Hyper-Threading Vulnerable To Side-Channel Attacks

Simultaneous Multi Threading (SMT) such as Intel’s HT technology typically share translation lookaside buffers (TLBs) and L1 caches between threads, which can make a type of side-channel attack called cache timing attacks much easier.

The OpenBSD team said it suspects that Intel’s HT will make several Spectre-class flaws exploitable. The team added that running multiple security domains on multiple threads of the same core has never been a good idea. However, changing the operating system software to now take this into account will not be a trivial task. Moreover, these days most device makers no longer allow users to disable Intel’s HT in the BIOS, either.

The developers noted that disabling HT on OpenBSD machines doesn’t necessarily mean the performance will suffer, as often HT can slow down certain tasks on devices with more than two cores, at least according to the OpenBSD developers. HT tends to be useful for highly parallel tasks where it can squeeze out all the performance the processor cores can give.

Intel CPU Architecture Change Is Now An Imperative

We haven’t even seen all the Spectre NG flaws be revealed yet, but whole operating systems such as OpenBSD are already making major compromises due to how vulnerable Intel’s CPU architecture seems to be to speculative execution attacks.

Spectre is likely going to end up being an entire class of bugs that will keep on giving operating system developers headaches, as other security researchers and attackers find new ways to exploit Intel’s CPU architecture. That means we won’t see true fixes until Intel eliminates this class of vulnerabilities completely by overhauling its CPU architecture.

This may be at least partially true for chipmakers other than Intel, too, who should also consider doing the same in the next few years. For now, though, Intel seems to be primary target of Spectre attacks, and that likely won’t change anytime soon.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
12 Comments Comment from the forums
  • TCA_ChinChin
    I guess this means that Intel has some serious patching and architecture changes to work on.
    Reply
  • stdragon
    Not to say I told you so... but I TOLD YOU SO! Core is DONE! put a fork in it.

    Maybe they can raise the Itanic (Itanium) again. But my guess is they will put heavy effort into ARM; specifically because there's where all the effort is putting forth these days.
    Reply
  • dextermat
    If you think this is the only flaw and only affect intel, you live on the moon.
    Reply
  • TCA_ChinChin
    21073865 said:
    If you think this is the only flaw and only affect intel, you live on the moon.

    Agreed. AMD will need to patch as well, although I think their architecture is more resilient to these types of exploits.
    Reply
  • koga73
    Threading is a big deal, good luck doing anything where performance matters. I don't buy that multiple cores will pick up the load. Separate applications will often run on separate cores but many applications will be limited to one core and without threads it could kill the performance of the application.
    Reply
  • DerekA_C
    Considering AMD architecture is quite a bit different SMT vs HT they seem the same but are not the same. AMD is ahead of Intel in keeping this under control without performance hits, something Intel cannot manage. Look at Intel scrambling, that 28 core haha, cannot beat a real world 32 core at 4.0ghz on AIR.

    As soon as AMD drops that beautiful 7nm tech they will be ahead of Intel in IPC and probably will be able to match clocks at 5ghz on 4 6 and oh wait 8 core main stream, something Intel has yet to release. Shoot their 6 core still isn't even affordable for the mainstream you know the people who live from paycheck to paycheck, I use to be there.

    I can afford this 8086k and a new z370 or 390 when it drops but why when my 4790k can hit 4.8ghz on a corsair h70 a push pull 120mm fan small radiator I know I can get 5ghz if I went with the h100i because I can get 4.9ghz with a house fan blowing on my case. So, Intel has been able to do this for the last 4 generations but didn't want to, so this new isn't even new still 14nm still based on core and HT why they stole AMD engineers in both cpu and gpu arch design HAHAHAHAHAHA. Sure ddr4 on the new boards and m.2 but I built a Ryzen x370 for half the price I could an Intel with very similar performance. Ryzen 3000 could see a bump in cores and threads or just clocks, they really have options and I knew AMD would be dropping a 32 core on threadripper 2 I am shocked they didn't for ripper 1.
    Reply
  • hotaru251
    yes it will hurt Intel...but in long run they will recover even if they have to re-do the entire framework of how it works.
    Reply
  • jimmysmitty
    21073875 said:
    21073865 said:
    If you think this is the only flaw and only affect intel, you live on the moon.

    Agreed. AMD will need to patch as well, although I think their architecture is more resilient to these types of exploits.

    Resilient but not impervious. ALl it will take is the right person to find the loophole. However right now Intel has the majority of the consumer and business desktop and the vast majority (near 99%) of server CPU sales. Which means the focus is on Intel to find the flaws that work to be able to breech and steal data. If AMD does get a much alrger presence in the server market then we would see more exploits come to light.

    21074067 said:
    Considering AMD architecture is quite a bit different SMT vs HT they seem the same but are not the same. AMD is ahead of Intel in keeping this under control without performance hits, something Intel cannot manage. Look at Intel scrambling, that 28 core haha, cannot beat a real world 32 core at 4.0ghz on AIR.

    As soon as AMD drops that beautiful 7nm tech they will be ahead of Intel in IPC and probably will be able to match clocks at 5ghz on 4 6 and oh wait 8 core main stream, something Intel has yet to release. Shoot their 6 core still isn't even affordable for the mainstream you know the people who live from paycheck to paycheck, I use to be there.

    I can afford this 8086k and a new z370 or 390 when it drops but why when my 4790k can hit 4.8ghz on a corsair h70 a push pull 120mm fan small radiator I know I can get 5ghz if I went with the h100i because I can get 4.9ghz with a house fan blowing on my case. So, Intel has been able to do this for the last 4 generations but didn't want to, so this new isn't even new still 14nm still based on core and HT why they stole AMD engineers in both cpu and gpu arch design HAHAHAHAHAHA. Sure ddr4 on the new boards and m.2 but I built a Ryzen x370 for half the price I could an Intel with very similar performance. Ryzen 3000 could see a bump in cores and threads or just clocks, they really have options and I knew AMD would be dropping a 32 core on threadripper 2 I am shocked they didn't for ripper 1.

    SMT and HT are the same exact thing. The difference is how they implement its design and how they want it to run. For AMD it seems to be load balancing, hence why there are a lot of programs that benefit from turning their SMT off. Its actually more like Intels first version of HT on the Pentium 4 which was better to turn off. Other than that they are exactly the same idea and technology. Bulldozer was different. It used a different variation of SMT.

    Process size may or may not benefit performance. In most cases all it does is lowers power and thermals allowing for higher clock speeds.

    It remains to be seen if that 7nm will do anything that well or not.
    Reply
  • jim.therafirst
    As I understand it, Intel was told of these flaws in early 2017, so why are we still not even hearing about Intel coming out with a new chip design to finally and completely fix this mess? Don't expect them to be ready now, but some kind of hint that they are at least working on it.
    Reply
  • paul horn
    What has AMD done to fix their Processors from attacks?
    Reply