Gå til innhold

Slå av HyperThreading

int20h

Av int20h
i Diskuter dataartikler (Tek.no)

Anbefalte innlegg

  • 7 måneder senere...

Videoannonse

Videoannonse
Annonse
snorreh

snorreh

Skrevet
Skrevet (endret)

Man har nå oppdaget at HyperThreading representerer en sikkerhetsrisiko på flerbruker-systemer så det anbefales derfor at man slår det av inntil problemet blir løst:

 

Hyper-Threading Considered Harmful

Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.

 

I presented details of how to exploit this security flaw at BSDCan 2005 in Ottawa on May 13th, 2005. For those who were unable to attend my talk, I have written a 12-page paper, Cache Missing for Fun and Profit, discussing this flaw and related problems, both realized and theoretical.

Mer om dette her:

http://www.infoworld.com/article/05/05/13/...elexpose_1.html

Processors use cache memory to store frequently accessed data close to the CPU (central processing unit), where it can be quickly accessed for improved performance. On Intel's Pentium 4 and Xeon processors, both of which feature hyperthreading, the cache is divided into portions known as Level 1, Level 2 or Level 3.

 

A single-threaded processor usually clears the processor's L1 cache of all operating instructions in a process before it moves onto the next process. But a certain amount of instructions from one process remain in the cache of a hyperthreading processor while the next process is running, allowing one process to learn the partial contents of the other process, he said.

 

Therefore, a malicious user could eventually learn the security key of a system by waiting for that key to execute and then using the other thread to obtain portions of the key, Percival said. With enough repetition, most of the bits of the key can be learned, and the complete key determined through a probability analysis, he said. This type of exploit is known as a timing attack.

[...]

Howard High, an Intel spokesman, said the company had been informed of the problem prior to the publication of the paper and it is working with software vendors such as Microsoft Corp. and Red Hat Inc. to fix the issues.

Endret av snorreh
Lenke til kommentar
  • 6 måneder senere...
snorreh

snorreh

Skrevet
Skrevet (endret)

Nå anbefaler også ledende programvareutviklere at man slår av HyperThreading for best mulig ytelse:

 

Hyperthreading hurts server performance, say developers

With both SQL Server and Citrix Terminal Server installations, HT-enabled motherboards show markedly degraded performance under heavy load. Disabling HT restores expected levels, according to reports from within the IT industry.

 

"Our customers were complaining about much worse performance than expected when running Citrix Terminal Server and our software on the same machine," said Peter Ibbotson, technical director of UK accounting software company Lakeview Computers.

 

"We've had fun and games in the past when we've enabled hyperthreading for testing and we'd seen that motherboards had started to arrive with it enabled. When we disabled hyperthreading, performance went back to normal," Ibbotson added.

[...]

Slava Ocks, a developer working on SQL Server 2005 within Microsoft, reported similar problems in a blog posting earlier this month.

 

"Our customers observed very interesting behaviour on high-end HT-enabled hardware. They noticed that in some cases when high load is applied SQL Server CPU usage increases significantly but SQL Server performance degrades," wrote Ocks.

 

Ocks then detailed testing which showed this behaviour where a system thread — in this case one cleaning out blocks of disk cache memory — is running at the same time as worker threads. "With Intel HT technology, logical processors share L1 & L2 caches. As you would guess [this] behaviour can potentially trash L1 & L2 caches," he said.

 

The on-chip cache exists to speed operation by keeping copies of recently accessed data where it can be accessed without recourse to main system memory — which is much slower by comparison. Where multiple threads access different parts of memory but are simultaneously processed by the chip's Hyperthreading Technology, the shared cache cannot keep up with their alternate demands and performance falls dramatically, according to analysis by Ocks and Ibbotson.

 

"It's ironic," said Ibbotson. "Intel had sold hyperthreading as something that gave performance gains to heavily threaded software. SQL Server is very thread-intensive, but it suffers. In fact, I've never seen performance improvement on server software with hyperthreading enabled. We recommend customers disable it when running Citrix and our software on the same server"

Endret av snorreh
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...