Is Hyperthreading Safe?¶
Hyperthreading is a technology, that Intel has been using for more than a decade. It allows CPU to concurrently process 2 threads on a single core. This increases its performance by around 5-15%. The increase significantly varies depending on the workload. For example, bus interrupt balancing greatly profits from it. On the other hand, purely computational tasks do not see much improvement. In some cases, application running on a processor without hyperthreading might even be faster that with hyperthreading on.
When the security flaws in Intel architecture first surfaced, there was a lot of speculation about security of hyperthreading. As of now, it is not considered safe and there are several theoretical ways of exploiting it, in which one thread accesses information from a different thread running on the same core. As a result, some operating systems have decided to turn off hyperthreading support or even remove it (most BSD systems, ChromeOS).
Will it be possible to enable hyperthreading it the future?¶
Some of the security flaws cannot be completely mitigated by microcode updates or kernel workarounds. But CPUs based on a new architecture will probably not be affected by them.
Is it really necessary to turn hyperthreading off?¶
Generally, we would recommend it. But there are cases, where it might not be needed. The risk is minimal on servers where it is not possible to run malicious code, such as database servers, search engines, load balancers or web servers serving static content. However, even on these, it is important to run the latest version of kernel and all services. On servers which can be compromised using a flaw in the application (typically those serving content dynamically generated by python, php, perl etc.), we would definitely advise you to turn it off.
What can happen, if i leave hyperthreading on anyway?¶
Any security incident can have much further reaching consequences. Attack on an unpatched CMS can compromise the whole server and all your data.