Impact on performance when disabling HT for security reasons

[trents]

In response to the question of how much performance is impacted by disabling HT on Intel CPUs in the wake of recent vulnerability revelations:

https://www.techspot.com/article/1850-how-screwed-is-intel-no-hyper-threading/


Summary is disabling HT generally results in a huge performance loss in most productivity apps and in some games but not so much in other games. Here are the concluding remarks from the article:

"For those using older hardware and not running any mission critical tasks, until attacks based on these exploits are clearly defined, perhaps the best performance option will be not to update. This is not our official recommendation but color commentary on what could be an alternative route once the corresponding updates are released.

This article made for an interesting study of where Hyper-Threading makes the biggest difference and while this shows a worst case scenario where SMT has to be thrown completely out of the picture, we've seen some moves in that direction. Google turned off Hyper-Threading in Chrome OS, the OpenBSD community recommends the same, while Apple has patched systems with partial mitigations and disclosed that full mitigation requires disabling Hyper-Threading. Other vendors like Microsoft have not taken a definitive stance yet."

 

[pgdeaner]

Here is some good information on the threats. There is a lot of misinformation out there.

https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html

https://arstechnica.com/gadgets/201...leaks-data-from-intel-chips-internal-buffers/

https://www.scmagazine.com/home/sec...bieload-side-channel-processor-vulnerability/

 

[EarthDog]

I really wouldn't bother disabling HT, really. For home users, there really isn't as much risk/vulnerabilities as there is for Data Centers and those using virtualization as far as I can tell.

 

[petteyg359]

I really wouldn't bother disabling HT, really. For home users, there really isn't as much risk/vulnerabilities as there is for Data Centers and those using virtualization as far as I can tell.

This. All these security flaws are about a malicious process being able to access memory it shouldn't. Home users need not give a damn. If you have good anti-malware practices, this is effectively no different than any other exploit.

Commercial hosts who have multiple customers' applications running on the same hardware in e.g. Docker or something and can't whitelist every single program those users run are the only ones who need to care.

Still, given that Intel has obviously been taking too many shortcuts for too long, I'll likely be avoiding their CPUs in builds for some years, whether or not the flaws actually affect my usage.

 

[Janus67]

I really wouldn't bother disabling HT, really. For home users, there really isn't as much risk/vulnerabilities as there is for Data Centers and those using virtualization as far as I can tell.

Exactly, we had to disable on our hosts and the performance different is very significant. But at home I wouldn't bother.

 

[pgdeaner]

Intel introduced predictive in the 90's I think, and HT in 2002? I think they have been remiss in looking at the security aspects of their designs but at least they are serious about finding them. $100,000 for finding a serious bug is not a bad deal for a researcher. Hopefully in the next generation they will address some of this.

From a data center perspective, Amazon and Azure are not impacted due to architecture. For those running data centers the experts have reccomended isolating untrusted apps from trusted apps and only disabling hyper threading in enviroments where that is not possible.

As in all things, a good security program prevents a lot of these issues from being significant for an organization.