 | | | hyperthreading-considered-harmful bugzilla id? | hyperthreading-considered-harmful bugzilla id? 2005-05-17 - By Stephen Gardner
Back
On Tue, 17 May 2005, Christopher McCrory wrote:
> Hello...
>
> Is there a hyperthreading-considered-harmful
> http://www.daemonology.net/hyperthreading-considered-harmful/
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109 RedHat
> bugzilla entry?
>
> I'm guessing it is still private. yes? no? maybe?
Christopher,
Judging by the comments on the linux-kernel mailing list many seem to
feel that the solution should (indeed needs to) reside at the application
layer. Apps should take care to evaluate the CPU capabilities and if
needed take precautions with how they handle caching and threading. In
particular avoiding using certain processor instructions in certain ways
can fix the problem.
With the likelihood of exploits marginal at best if you are really
concern then disabling HT in the BIOS, booting with a non-SMP kernel or
setting the maxcpus=n option (n should equal the number of physical CPUs
in the machine, this isn't always a workable solution) are the best
options to make the machine "safe". I think we'll see a selection of
patches for apps / libraries / functions considered to be most at risk of
exploit (as is the case with the Bugzilla ID Tom posted). It seems
unlikely they'll be a "one size fits all" top-level patch for this.
Someone like Arjan van de Ven or Dave Jones may add a comment as they have
significantly more knowledge in the field. You can read the linux-kernel
discussion at
http://marc.theaimsgroup.com/?t=111596371300004&r=1&w=2
Regards,
Stephen
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|