Linux May Gain Protection Against Hyper-Threading Attacks
Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel's Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.
The Oracle developers didn't specify whether or not the recent MDS[*] attacks against Intel's HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.
[...] They're now looking for suggestions on how to improve the feature before they attempt to merge it into an official release of the Linux kernel.
[*] MDS — Microarchitectural Data Sampling. See the explanation by Intel and an in-depth description and analysis at https://mdsattacks.com/.
(Score: 1, Interesting) by Anonymous Coward on Wednesday July 17 2019, @11:35AM (1 child)
Get ready for it, here it comes:
Disable Hyperthreading.
Really, in today's world of multicore processors, where systems of dual processors each with 4 or 8 cores are a common sight, does hyperthreading matter? Hylerthreading, this remnant of a world of single core processors, to give the illusion of multicore by sacrificing a bit of performance and power consumption?
With anything I have worked, I disabled hyperthreading if the system had a total of 4 cores or more. And all worked at least the same performancewise, if not better. The systems I have done this one included database servers, webservers, application servers (java/jboss/wildfly), virtualisation hardware (used with xen, vmware and kvm/proxmox).
Hyperthreading tech belongs in the museum in a world where true multicore systems exist.
(Score: 2) by jasassin on Wednesday July 17 2019, @09:03PM
I just read an article about disabling hyperthreading for web servers. It's supposed to be a lot faster. I think it was on a phoronix benchmark article.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A