Announcement

Collapse
No announcement yet.

DigitalOcean Continues Working On Linux Core Scheduling To Make HT/SMT Safer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DigitalOcean Continues Working On Linux Core Scheduling To Make HT/SMT Safer

    Phoronix: DigitalOcean Continues Working On Linux Core Scheduling To Make HT/SMT Safer

    With Hyper Threading continuing to look increasingly unsafe in data centers / shared computing environments in light of all the speculative execution vulnerabilities exposed thus far particularly with L1TF and MDS having no SMT-secure mitigation, DigitalOcean continues working on their Linux kernel "core scheduling" patches so they can still make use of HT/SMT in a sane and safe manner...

    http://www.phoronix.com/scan.php?pag...ore-Scheduling

  • #2
    Not that I have any problem at all with what DigitalOcean is doing, but shouldn't this be more Intel's responsibility? It's their product that's faulty.

    Comment


    • #3
      There's no need for any of this if the hardware is defective. The hardware should be the only target to fix.

      Comment


      • #4
        Originally posted by schmidtbag View Post
        Not that I have any problem at all with what DigitalOcean is doing, but shouldn't this be more Intel's responsibility? It's their product that's faulty.
        Intel has Solved(tm) the problem already.

        Comment


        • #5
          I turned off HT in my laptop BIOS for about two months recently and didn't really notice a difference in day to day light use. Obviously building the kernel and building Firefox were impacted, each taking about 25% more time if I recall right.

          I think that a smart system that only utilizes HT for tasks for which there would be a noticeable performance improvement would be very useful. This could be helpful for workstations as well as for the data center.

          Comment


          • #6
            Maybe that's why my droplets don't boot anymore. I don't think I'll be getting any support attention on that though.

            Comment


            • #7
              Is there a switch to only use HT for light weight threads of the same process? Anything more is clearly unsafe.

              Comment


              • #8
                Currently the only proper fix for HT leakage is moving to AMD. Wider cores perform better with SMT anyway.

                Comment


                • #9
                  Originally posted by angrypie View Post
                  Currently the only proper fix for HT leakage is moving to AMD.
                  No. The proper fix is moving away from Intel. There are other CPUS that don't have those design flaws too (ARM, POWER, etc.).

                  Comment


                  • #10
                    Originally posted by madscientist159 View Post

                    No. The proper fix is moving away from Intel. There are other CPUS that don't have those design flaws too (ARM, POWER, etc.).
                    Both of those platforms are also affected by Spectre vulnerabilities. There is no quick fix right now because all modern CPUs have used speculative execution. The only difference is they haven't been quite as lazy about their hardware design as Intel, but they aren't invulnerable, nor have they been as heavily targeted by researchers yet. As we've seen historically, just because they haven't had anything publicly disclosed doesn't mean no other security problems exist. The whole shared resource model is to blame for fundamental hardware vulnerabilities, as long as there are shared resources there will be some way to leak data. This was pointed out and repeatedly proven all the way back in the 70s. What's going on now, is that all those warnings are just now coming home to roost with the adversarial virtual machine model of attack.

                    Edit to add: The only reasons these vulnerabilities haven't yet been widely exploited is because the security in the software on top of those CPUs is so poor, there's been no need to use hardware vulnerabilities like Spectre and Rowhammer that are harder to exploit even if they're nearly universally effective.
                    Last edited by stormcrow; 09-13-2019, 04:32 PM.

                    Comment

                    Working...
                    X