Turn off HT / SMT threading
Posted: 21 May 2019, 06:32
I wanted to be able to use a cheatcode with Porteus to be able to turn off HT/SMT hyperthreading in light of the recent MDS Intel cpu issues.
Thing is, the old "noht" cheatcode only works up to about kernel 2.6 or so. Most of us are well beyond that where that doesn't work.
The best I could research to come up with a quick Porteus solution (or other system that allows for easy cheatcode use) is to determine if you are running hyperthreading in the first place, and then disabling the virtual cpu's. Here's how:
Look for any *duplicate* core id's in
If you see duplicate core id's, then one of them is physical and one is virtual indicating hyperthreading. (Ie, two cpu's with each of them having an id of zero, two more with id's sharing 1 etc)
If you boot into the system, and see this in cpuinfo, you can force the system to just use *physical* cpu's with the maxcpus=X cheatcode with a reboot. Handy for walking up to machines and using with Porteus if HT enabling is a concern for you.
Ie, if I had a dual-core system, that shows up having 4 cores id's, (0 and 0, 1 and 1), I'd use the cheatcode
Obviously this will depend on what you find in the cpuinfo file. Don't forget the "s" at the end of maxcpu.
Note that I am NOT a security expert, but this seemed to be the quickest method I could research for getting it done with a simple cheatcode. It is also an interesting way to see if hyperthreading is actually helping or possibly hurting your setup, even if the security aspects aren't the major priority. Run htop, top, or some other util to witness the fun.
Details about this are all over, but I found it interesting that Google Chromebooks have it turned off by default at this point, along with OpenBSD since 6.4 I believe.
Thing is, the old "noht" cheatcode only works up to about kernel 2.6 or so. Most of us are well beyond that where that doesn't work.
The best I could research to come up with a quick Porteus solution (or other system that allows for easy cheatcode use) is to determine if you are running hyperthreading in the first place, and then disabling the virtual cpu's. Here's how:
Look for any *duplicate* core id's in
Code: Select all
cat /proc/cpuinfo
If you boot into the system, and see this in cpuinfo, you can force the system to just use *physical* cpu's with the maxcpus=X cheatcode with a reboot. Handy for walking up to machines and using with Porteus if HT enabling is a concern for you.
Ie, if I had a dual-core system, that shows up having 4 cores id's, (0 and 0, 1 and 1), I'd use the cheatcode
Code: Select all
maxcpus=2
Note that I am NOT a security expert, but this seemed to be the quickest method I could research for getting it done with a simple cheatcode. It is also an interesting way to see if hyperthreading is actually helping or possibly hurting your setup, even if the security aspects aren't the major priority. Run htop, top, or some other util to witness the fun.
Details about this are all over, but I found it interesting that Google Chromebooks have it turned off by default at this point, along with OpenBSD since 6.4 I believe.