Announcement

Collapse
No announcement yet.

PortSmash: A New Side-Channel Vulnerability Affecting SMT/HT Processors (CVE-2018-5407)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PortSmash: A New Side-Channel Vulnerability Affecting SMT/HT Processors (CVE-2018-5407)

    Phoronix: PortSmash: A New Side-Channel Vulnerability Affecting SMT/HT Processors (CVE-2018-5407)

    A new CPU side-channel vulnerability made public today that's unrelated to Spectre and Meltdown speculative execution vulnerabilities is dubbed "PortSmash" but more formerly referred to as CVE-2018-5407...

    http://www.phoronix.com/scan.php?pag...-CVE-2018-5407

  • #2
    The workaround to avoid the side-channel vulnerability is to disable SMT/HT from the BIOS.
    NO, i wont do that

    Comment


    • #3
      Originally posted by davidbepo View Post

      NO, i wont do that
      Why not? 6 cores are dirt cheap these days and as 7nm and 5nm cpus arrive the core count will probably double for the same amount of money... Eventually SMT will be uneeded anyway... Security comes first.

      Comment


      • #4
        Originally posted by TemplarGR View Post

        Why not? 6 cores are dirt cheap these days and as 7nm and 5nm cpus arrive the core count will probably double for the same amount of money... Eventually SMT will be uneeded anyway... Security comes first.
        why not? because i like my performance and disabling SMT is a killer hit to it

        Comment


        • #5
          Originally posted by davidbepo View Post
          NO, i wont do that
          Why not? Doesn't do all that much anyways. The performance impact of spectre/meltdown mitigations is probably larger than the hit for disabling HT. Or you can just upgrade to a modern AMD processor that isn't affected nearly as much by these flaws as intel's products have been.

          Comment


          • #6
            Originally posted by torsionbar28 View Post
            Why not? Doesn't do all that much anyways. The performance impact of spectre/meltdown mitigations is probably larger than the hit for disabling HT. Or you can just upgrade to a modern AMD processor that isn't affected nearly as much by these flaws as intel's products have been.
            almost everything in your comment is WRONG!!

            first SMT is important af for performance disabling and disabling it the most harmful mitigation: https://www.phoronix.com/scan.php?pa...rly-look&num=3

            second i have a 2400G desktop and the authors of the "Vulnerability" say that it probably affects AMD too
            Last edited by davidbepo; 11-02-2018, 04:39 PM. Reason: typo

            Comment


            • #7
              it's believed other CPUs with SMT like IBM POWER and AMD CPUs are also potentially affected
              Till someone will show a proof we can assume that other processors are unaffected.
              Without a proof a words like a 'potentially', 'it's believed' etc are worth nothing - it's just a bad PR. Due to similar bad PR tricks a lot of peoples still wrongly think that eg Ryzen CPUs are affected by meltdown, so please avoid it.

              Comment


              • #8
                Originally posted by michal
                I wonder how long it will take for Intel to release a CPU that is not vulnerable to these kind of attacks.
                The researchers seem to think that SMT itself is the problem here, and that the only way way to make it secure is to get rid of it.
                Originally posted by davidbepo View Post
                why not? because i like my performance and disabling SMT is a killer hit to it
                1. Security
                2. Performance
                Choose one.

                Someone over on HN commented that probably, SMT will have to become opt-in per-process.

                Comment


                • #9
                  Hmm. I had just been thinking of disabling SMT on my PC. Maybe this is the push I needed…

                  Comment


                  • #10
                    All the old-school 2500K guys are probably smiling now

                    People payed so much for SMT in the first place

                    Comment

                    Working...
                    X