The maintainer of open source Unix-like operating system, OpenBSD, has announced that it will disable hyperthreading on Intel CPUs because of security concerns. It claims that simultaneous multithreading creates a potential new attack vector for Spectre-like exploits, and plans to expand its disabling of multithreading technologies to other chip manufacturers in the near future.
The problems presented by exploits like the original Spectre, its variants, and follow-up bug discoveries are worrisome. They allow for data theft at a level close to the hardware itself, which is why it will take a full hardware refresh to fully expunge them from consumer systems. While patches and firmware upgrades can mitigate them, new exploits built around similar attack vectors are appearing all of the time and the actions of the OpenBSD maintainer suggests that new Spectre-like flaws may be set for reveal in the near future.
“SMT (simultaneous multithreading) implementations typically share TLBs and L1 caches between threads,” reads the post by OpenBSD maintainer Mark Kettenis. “This can make cache timing attacks a lot easier and we strongly suspect that this will make several Spectre-class bugs exploitable.”
With that in mind, OpenBSD’s latest version disables hyperthreading on compatible Intel CPUs. That’s just the start though, as OpenBSD will also disable multithreading capabilities on CPUs from other manufacturers in the near future.
What’s most interesting about this announcement though, is that it hints at the possibility of new, Spectre-linked bugs. As The Register points out, Kettenis doesn’t give much validation for why this drastic step has been taken, but another post on Seclists discussing it suggests we may learn more on June 27. While there has been some suggestion that the performance impact from disabling hyperthreading shouldn’t be dramatic, if a problem with such technologies is extended to other hardware manufacturers and other operating systems, it could be much more impactful. Intel and AMD have recently entered what some are calling a new core war, where top-tier CPUs are touted for their ever-growing numbers of cores, and with multithreading, much larger thread counts too.
If multithreading was to become a technology that was problematic for security with existing hardware, that could dampen the marketing efforts of both companies considerably. Perhaps AMD even more so, as its Ryzen CPUs are built upon the foundation of strong multithreaded performance thanks to higher core and thread counts than their Intel counterparts.
