Software developers put security in front of performance and disable Hyper-Threading (SMT) technology.
Just as Intel has cautiously disclosed a series of security vulnerabilities in its millions of processors, Google has turned off hyper-threading in Chrome OS to fully protect users.
At the same time, Apple, Microsoft, IBM's Red Hat, QubesOS and Xen have advised customers that similar steps should be taken.
This series of vulnerabilities is called Microarchitecture Data Sampling (MDS), here is Intel's official announcement (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233 .html), as well as a list of necessary microcode updates and affected products for dealing with data breach vulnerabilities. Installing these fixes and disabling Intel's Hyper-Threading feature is a sure way to block the vulnerability, but performance may suffer.
Hyper-Threading is Synchronous Multi-Threading (SMT) implemented by Intel to split a physical processor core into two virtual cores (called hardware threads). It should improve performance because it allows two software threads to run simultaneously through each physical core and share the available resources on the silicon as needed. This means that one physical core can handle two threads in the same application or in two separate applications simultaneously, increasing throughput. Some workloads benefit from this, and some workloads are hindered or ineffective. The actual situation may vary from person to person.
However, one problem it does poses this risk: side channel monitoring techniques such as MDS can disrupt hardware thread isolation and access sensitive data that should not be visible. In other words, one thread may peep into the memory access of another thread sharing the same physical CPU core and possibly obtain passwords, keys, and other secret information.
In fact, the chip vulnerability disclosed today involves a series of design mistakes: malware or malicious users on high-risk systems can exploit the ZombieLoad (CVE-2018-12130) space, possibly stealing browser history, website content, user keys , passwords, and system-level secret information (such as disk encryption keys from other parts of the memory). We learned that it can compromise CPU protection rings and process boundaries for cloud and local virtual machines as well as trusted execution environments. The proof of concept vulnerability code (https://github.com/IAIK/ZombieLoad) can be used for your own trial.
There are also RIDL and Fallout (CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091) that can be used to steal confidential information from memory.
Dealing with these security oversights in Intel chips will require the installation of microcode updates and the use of these updated operating system and hypervisor patches, so consult the operating system developer (and consult the system manufacturer if needed), ask No new software, install as soon as possible. These fixes can cause performance degradation depending on the type of program you are running.
You can choose to turn off hyperthreading to completely eliminate the threat, but you may need to test the application you are using when you turn it on and off, depending on whether it is worthwhile to reduce performance.
Google said that due to security concerns, it disabled Hyper-Threading by default in Chrome OS 74, and specifically pointed out that Chrome OS 75 would add additional countermeasures.
Google's staff said in the vulnerability notification: "Determining to disable or enable hyperthreading is actually a trade-off between security and performance. In the case of hyperthreading disabled, Intel CPUs may experience performance degradation depending on the workload. But with hyperthreading enabled, users can execute code that drills MDS to read sensitive memory content, such as just visiting a website or running an Android application. ”
Here (https://support.google.com/faqs/answer/9330250), Google details how to handle errors completely from client applications to cloud services.
For example, last year the OpenBSD community disabled hyperthreading in OpenBSD 6.4 and came to this conclusion. Against Intel processor vulnerabilities (TLBleed and L1TF), which have shown that hyperthreading is a risk, OpenBSD leader Theo de Raadt claims that hyperthreading is basically broken because it shares resources between two CPU instances without guaranteeing security. isolation.
At the time he said on the mailing list: "Disable hyperthreading on all of your Intel systems in the BIOS. ”
Apple warned in the announcement: "Comprehensive response to the need to use the Terminal application to enable additional CPU instructions and disable hyper-threading. This feature is available for the latest security updates for macOS Mojave, High Sierra, and Sierra, which can reduce performance by up to 40% and has the greatest impact on highly multi-threaded, intensive computing tasks. ”
For Apple users who use older Macs, it's a pity that Intel has not yet provided microcode fixes for Mac models in 2010 or earlier.
Microsoft did not take a firm stance in its MDS Threat Guide, but specifically pointed out: "In order to be fully protected, customers may also need to disable Hyper-Threading. & rdquo; This Windows giant has released operating system updates, plus the necessary microcode updates to address Intel's design vulnerabilities, please see the link above.
Red Hat has a link in the announcement to disable hyperthreading, but does not give advice like this. Its Hyper-Threading (SMT) security page specifically states: "Recently discovered a number of microprocessor vulnerabilities. Some issues require SMT to be disabled in order to deal with this issue more comprehensively. ”
This corporate Linux reseller is here (https://access.redhat.com/solutions/rhel-smt) and here (https://www.redhat.com/en/blog/understanding-mds-vulnerability-what- It-why-it-works-and-how-mitigate-it?sc_cid=701f2000000tyBjAAI) has more technical explanations explaining the causes and effects. Other Linux distributions should also roll out their own fixes. For example, this is a fix for Ubuntu and Debian: https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities and https:/ /security-tracker.debian.org/tracker/DSA-4444-1.
“If you use a container-optimized operating system (COS) as the guest operating system and you run untrusted multi-tenant workloads in the virtual machine, Google Cloud only recommends disabling hyper-threading for Compute Engine users. ” Google gave similar advice to people running untrusted code on multi-tenant services in Kubernetes Engine.
The hypervisor developed by Xen is used by AWS and other cloud providers, and it publishes an announcement (https://xenbits.xen.org/xsa/advisory-297.html) detailing the risks of hyperthreading. At the same time, the technology is refused by default, because the damage caused by this is too great. The above links are accompanied by countermeasures and fixes.
Its announcement states: "Only disable Hyper-Threading (if available in the BIOS and active) and patch Xen to completely prevent data from leaking out of Xen or other guest operating systems. ”
The Qubes that rely on Xen for virtualization are much the same.
Intel feels that its technology is very good, so that industry partners come to decide whether to disable Hyper-Threading.
A company spokesperson told IT outside the media in the email The Register: “Intel does not recommend disabling hyperthreading. ”
“ Disabling SMT/HT alone will not protect MDS. This may affect the performance or resource utilization of the workload. The impact depends on the specific workload. It is important to understand this. ”
& ldquo; After the system is updated, in some cases, additional measures may need to be considered. Our software partners provide guidance to help customers make the right choices for systems and workloads that are critical to their needs. ”
Intel CPU is riddled with holes: there are new security holes PortSmash
Intel throws away "X86 and von · Neumann architecture" to build a billion-billion data stream engine
Intel CPU explosion hole: a key to the data kingdom
Intel CPU fundamental security risk: Hyper-Threading
Disaster in the IT industry: All operating system kernels can be hijacked or crashed! The programmer misread the Intel documentation
Intel CPU exposed 8 big BUG .... This time more dangerous...
Intel CPU exposure BUG: Forcing a redesign of Linux and Windows