OpenBSD Disabling SMT / Hyper Threading Due To Security Concerns

Written by Michael Larabel in Linux Security on 19 June 2018 at 05:41 PM EDT. 35 Comments
LINUX SECURITY
Security oriented BSD operating system OpenBSD is making the move to disable Hyper Threading (HT) on Intel CPUs and more broadly moving to disable SMT (Simultaneous Multi Threading) on other CPUs too.

Disabling of Intel HT and to follow with disabling SMT for other architectures is being done in the name of security. "SMT (Simultanious Multi Threading) implementations typically share TLBs and L1 caches between threads. This can make cache timing attacks a lot easier and we strongly suspect that this will make several spectre-class bugs exploitable. Especially on Intel's SMT implementation which is better known as Hypter-threading. We really should not run different security domains on different processor threads of the same core."

OpenBSD could improve their kernel's scheduler to workaround this, but given that is a large feat, at least for now they have decided to disable Hyper Threading by default.

Those wishing to toggle the OpenBSD SMT support can use the new hw.smt sysctl setting on OpenBSD/AMD64 and is being extended to cover CPUs from other vendors and architectures.

This may have a large impact on multi-threaded workloads, but OpenBSD developers are trying to play this down by saying, "Note that SMT doesn't necessarily have a positive effect on performance; it highly depends on the workload. In all likelyhood it will actually slow down most workloads if you have a CPU with more than two cores."

The change was merged today ahead of the eventual OpenBSD 6.4 release.
35 Comments
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Ubuntu 24.04 Beta Now Available For Testing
Proposed "LibGodot" Lets You Embed Godot Game Engine Into Other Apps