Re: [PATCH 1/4] [x86] Add command line option to enable/disablehyper-threading.

[Linus Torvalds]

On Fri, 1 Dec 2006, Arjan van de Ven wrote:
> 
> I would suggest you drop the patch; openssl has been long fixed, and it
> was only a theoretical attack in the first place...
> I'm not saying the attack isn't something that should be addressed.. but
> it is, and disabling hyperthreading is not the right fix.

I concur. A lot of these "timing attacks" may be slightly easier on HT 
CPU's than other CPU's, but they are still pretty damn theoretical (the 
more recent branch predictor one is even more so, since it apparently 
requires access to the branch predictor state itself, which you need 
CPL0 to get - and once you have CPL0, why the hell bother with the branch 
predictors at all, since you might as well just read the state directly 
from the process..)

People are a hell of a lot better at worrying about unrealistic attacks 
that they don't understand and thus sound scary, than about worrying about 
the simple things ("You mean my password shouldn't be my pets name, taped 
to my monitor? Really? And I wasn't supposed to give it out just because 
that nice man gave me chocolate?")

So I think people have blown those SSL timing attacks _way_ out of 
proportion, just because it sounds technical and cool. 

Besides, most of the time you can disable HT in the BIOS, which is better 
anyway if you don't want it.

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/