Specter NG Gaps – OpenBSD Hyper-Threading Off

After clear criticism of Intel’s information policy on the Specter Next Generation vulnerabilities, the developers of the open-source operating system OpenBSD decided to take a radical step: in the future, they will switch off the multi-threading function Hyper-Threading for Intel processors. If you still want to use it under OpenBSD, you can turn it on with the new sysctl called hw.smt. OpenBSD developer Mark Kettenis explains in a log entry to the source code that Intel’s Hyper-Threading as a typical implementation of Simultaneous Multi-Threading (SMT) shares multiple threads with specific hardware resources. This is especially true of the L1 cache and the translation lookaside buffer (TLB).

This shared access of multiple threads to the same hardware resources makes page channel attacks much easier with cache timing. OpenBSD developers have a “strong suspicion” that it will exploit some of the Specter-type vulnerabilities. Kettenis leaves open which concrete security gaps among those already published or pending are based on this assumption.

The performance impact of avoiding hyperthreading depends on the type of processor as well as the running software. For example, Hyperthreading is not enabled on the desktop versions of Core i5 and Celeron anyway. With the HPC benchmark linpack, which uses all the computing units as well as possible with highly optimized AVX code, hyper-threading can actually slow things down a bit. In the Cinebench R15 rendering benchmark, hyper-threading can add up to about 30 percent more performance.