> We really should not run different security domains on different processor threads of the same core. Unfortunately changing our scheduler to take this into account is far from trivial.<p>This suggests a long-term compromise solution where threads within a process can use hyperthreading to share a core, but threads in different processes can't. Given that hyperthreads share L1 cache, this might also be better for performance.
So... they "strongly suspect" (but don't know and haven't shown) there may be a Spectre-class bug enabled by current HT implementations and improving their scheduler is hard, so they'll pre-emptively disable HT outright on Intel CPUs now and others in the near future?<p>I'm not an OpenBSD user (and glad for it, if this is anything to go by), but I'm curious - is this really how they operate, or does this decision stand out?
I've never trusted hyperthreading for workloads I haven't tested. Sometimes it's faster, often it's slower. Beyond that, I've been suspicious of its security implications from day one. My first trip through the BIOS on a personal machine always includes turning it off.
There are some Linux HT benchmarks here: <a href="https://www.phoronix.com/scan.php?page=article&item=intel-ht-2018&num=1" rel="nofollow">https://www.phoronix.com/scan.php?page=article&item=intel-ht...</a>
Do you get the exact same performance characteristics by ignoring the extra virtual cores as you would have gotten if you could actually disable hyperthreading in the CPU via the firmware setup? Or does it result in some CPU resources becoming unusable that would otherwise be usable if HT were truly disabled?
Ouch. I will say though, Hyper-Threading is a lot less valuable these days than it was when it was first introduced (except for the few dual core CPUs still available).<p>When you have four-six-eight or more cores, there's less value in doubling that number. The gain is lower.
I was going to submit this news from the source I learned it from, which has the novel peculiarity of coming from a site that's name is similar to this one: <a href="https://thehackernews.com/thn/2018/06/openbsd-hyper-threading.html" rel="nofollow">https://thehackernews.com/thn/2018/06/openbsd-hyper-threadin...</a>
What scares me is that they do OS wide change based of wording "This can make", "And since we suspect" and "In all likelyhood" instead of doing actual tests. I know that open systems doesn't have required workforce, but doing changes based on subjective reasoning is slippery slope.
FFS: so far I've seen shit loads of "oooo - stuff <wave hands>" here from people who are clearly not experts or even understand the issues properly in this. Neither am I.<p>OP (and environs) has names on it that I have seen before and respect as knowing what the hell they are on about.