Do you disable hyperthreading? (poll)

[Aquinus]

The whole point of this thing is that it does not need root, to get root.



Sort of, actually. Javascript sandboxing. We've depended on it for a bit now.



Disabling HT doesn't completely stop the vulnerability mind. But it does make it basically impractical to use.

I challenge you to actually exploit spectre v1 or mds to do something productive if you're really that sure of yourself with that comment. I'll wait.

 

[er557]

"Hello, I am BF:V or any other large open world multiplayer game."

Or any other modern game that is properly multi core aware, especially dx12 and dxr effects.

 

[Regeneration]

I challenge you to actually exploit spectre v1 or mds to do something productive if you're really that sure of yourself with that comment. I'll wait.

Hackers can rent access to shared servers (VPS) for cheap and "own" other customers, their websites, users, and possibly visitors with JS.

 

[Aquinus]

Hackers can rent access to shared servers (VPS) for cheap and "own" other customers, their websites, users, and possibly visitors.

Still waiting for a real use of this vulnerability beyond a PoC that merely shows that it's possible. Show me some software that active does this with spectre v1 or mds and I'll believe you. The reality is that there is no coordinated way to get what you want, it merely exposes what's in the buffers (for mds). Hell, even with intimate knowledge, the buffer data is likely useless you can determine what the program counter was at the time, but you don't have access to that register or the stack. So unless you know the state of the application and the code being run for it, you're likely not going to be able to make any use of mds. Spectre v1 has the same problem except that the rate that data is leaked is so slow, the data you're looking for can't possibly change memory locations or be changing in any way for it to be exploitable.

So once again, I challenge you to write an application that actually takes advantage of these vulnerabilities beyond a PoC. I bet you can't.

Edit: I will concede that what you're describing is the real fear, but I still think it's unrealistic.

 

[Regeneration]

Still waiting for a real use of this vulnerability beyond a PoC that merely shows that it's possible. Show me some software that active does this with spectre v1 or mds and I'll believe you. The reality is that there is no coordinated way to get what you want, it merely exposes what's in the buffers (for mds). Hell, even with intimate knowledge, the buffer data is likely useless you can determine what the program counter was at the time, but you don't have access to that register or the stack. So unless you know the state of the application and the code being run for it, you're likely not going to be able to make any use of mds. Spectre v1 has the same problem except that the rate that data is leaked is so slow, the data you're looking for can't possibly change memory locations or be changing in any way for it to be exploitable.

So once again, I challenge you to write an application that actually takes advantage of these vulnerabilities beyond a PoC. I bet you can't.

You write a code that logs ALL DATA to a file and then you create filters to search and find any 'useful data' from all the junk.

I wouldn't mind showing you, but I don't want the FBI (and IRS) knock on my the door at the middle of the night.

It is a serious problem for hosting companies. Most of the affordable services run on outdated Intel hardware.

 

[Ruru]

Nope. I don't pay for a feature to be disabled.

I'm kicking with Ryzen but I do have SMT on and will be always having it.

 

[Aquinus]

You write a code that logs ALL DATA to a file and then you create filters to search and find any 'useful data'.

I wouldn't mind showing you, but I don't want the FBI (and IRS) knock on my the door at the middle of the night.

It is a serious problem for server hosting companies. Most of the affordable services run on outdated Intel hardware.

That's a joke. You can log all of the data you want, but mashing the output of potentially leaked buffers won't do you any good because you won't know if it's valid leaked data or not, which is the other problem. The mds PoC proves it by saturating the buffers full of a known value and those known values don't always get leaked.

Also, the FBI doesn't really care because mitigations are already in place. The IRS certainly doesn't care because it's not their job.

Once again, prove it instead of making excuses for why you can't.

Edit: Also, if the FBI cared, the PoC wouldn't be open source on GitHub for all to see.

 

[cucker tarlson]

counting 2015 onward,there's more games that do require HT on a 4 core than not.EVEN at 60hz.
if I'm to be completely honest,if a game requires HT to drive a high refresh display,more often than not it's gonna need HT for 60hz too.The cpu usage is gonna be causing problems with stutter even if the framerate is gonna hit the 60 target.

 

[R-T-B]

I challenge you to actually exploit spectre v1 or mds to do something productive if you're really that sure of yourself with that comment. I'll wait.

Watch the youtubes they provide. Read the whitepapers. The burden of proof here is on you to contradict them, not vice versa. These are well studied, peer reviewed security papers making these claims. You with all due respect, are a dude on the internet.

I could probably leverage my limited coding skills to do what you ask, but, I really don't need to especially given regenerations valid concerns above about not exactly wanting to author malware.

 

[Aquinus]

Watch the youtubes they provide. Read the whitepapers. The burden of proof here is on you to contradict them, not vice versa. These are well studied, peer reviewed security papers making these claims. You with all due respect, are a dude on the internet.

I could probably leverage my limited coding skills to do what you ask, but, I really don't need to especially given regenerations valid concerns above about not exactly wanting to author malware.

I'm not saying it's not a problem. I'm saying its usefulness makes it more like errata than being a vector for an attack because of how near impossible it is to use it for anything worth while.

 

[Regeneration]

That's a joke. You can log all of the data you want, but mashing the output of potentially leaked buffers won't do you any good because you won't know if it's valid leaked data or not, which is the other problem. The mds PoC proves it by saturating the buffers full of a known value and those known values don't always get leaked.

Also, the FBI doesn't really care because mitigations are already in place. The IRS certainly doesn't care because it's not their job.

Once again, prove it instead of making excuses for why you can't.

Edit: Also, if the FBI cared, the PoC wouldn't be open source on GitHub for all to see.

You output ALL data to files and then target keywords. For example, credit card numbers have unique prefixes that can be searched and filtered.

 

[Aquinus]

You output ALL data to files and then target keywords. For example, credit card numbers have unique prefixes that can be searched and filtered.

You see, I've already said that this is an issue in multi-tenant environments, although probably a little more hyped up than it really should be. It also runs on the assumption that the data is all valid that you're pulling back, unique code or not. You also need a little more than just a credit card number to effectively use it. I'm sure that all of this will be presented to you on a silver platter and that there will be a miraculous context switch at just the right time for you to capture this information, assuming it's all up for you to grab at the same time. If other aspects of the card aren't literally next up in memory, it might not even be in the buffer for you to use, forget the timing of the event. You're also talking about huge amounts of data if you're going to be constantly waiting and checking to see if the information you want is there. How often are you doing this in order to capture a context switch at just the right moment where the credit card information was being used? That's potentially a massive amount of data you need to store.

tl;dr: I think you're oversimplifying the problem. I wouldn't assume that the stars are going to align and that it's going to hand you want you want on a silver platter. That's a lot of wishful thinking. It's even more outlandish to think it matters for the typical consumer.

 

[R-T-B]

I'm not saying it's not a problem. I'm saying its usefulness makes it more like errata than being a vector for an attack because of how near impossible it is to use it for anything worth while.

The whitepapers kind of suggest far higher bandwidth than past exploits, but I'll fully admit I do not know what qualifies as "useful" here. That I will concede.

 

[lexluthermiester]

It may stop it but if you got older intel's like mine you are crippling performance of a cpu that is already starting to struggle in some games now if anything else is even using a tiny bit of cpu.

Both of my main systems have Xeon 1366 CPU's. They are only showing there age with CPU intensive programs like AV rendering, for example, XMediaRecode and Corel Video Studio. Those are the only two that are held back. Everything else runs fine. With turning off HT, there has been an impact on the aforementioned programs, but nothing that is going to be terribly inconvenient.

"Hello, I am BF:V or any other large open world multiplayer game."

Sorry, but you're wrong. Most(if not all) of those kinds of games are much more GPU dependent. Disabling HT on a Quad core or better is going to have little impact on game performance.

I disabled HT on my gaming rigs. It appears my favorite games run better without HT.

This seems to be the consensus.

You can also gain higher OC at the same voltage without HT.

This has always been true.

 

[er557]

all of that may be true for the short distance, or in few places like higher boost to some cores(more power envelope to work with), higher OC @same voltage. But in the broad view, with HT you get DOUBLE your cores with almost FREE performance gain and more horse power to work with. This includes multitasking, media encoding, virtualization, workstation environment. Certainly games dont run WORSE with HT on.
So it depends on one's needs and work environment.

 

[lexluthermiester]

But in the broad view, with HT you get DOUBLE your cores

No, you get double the threads.

with almost FREE performance gain and more horse power to work with.

It's not free, HT uses more electric power and the performance gains vary by program and optimization levels.

This includes multitasking, media encoding, virtualization, workstation environment.

True

Certainly games dont run WORSE with HT on.

Not true. There are some games that run worse with HT on. Granted, we're talking about very few titles and 2 or 3 %, but still, it does happen.

 

[advanced3]

I dare you try to play any BF 64 person multiplayer game and say that.

 

[lexluthermiester]

I dare you try to play any BF 64 person multiplayer game and say that.

Who are you talking too? TPU's reply functionality is very handy. Learn how to use it..

This should be of interest;

How Screwed is Intel without Hyper-Threading?

Today we're exploring the impact disabling Hyper-Threading has on Intel processors. We've done this in the past and it's an interesting test, however there are new incentives...

www.techspot.com

The gaming benchmarks for BFV are especially interesting, as are the FarCry results showing that increase with HT disabled. Very interesting indeed..

What that article shows is that HT Enabled VS Disabled seems to depend on the platform being tested. My older gen Xeons, for example, don't seem to be held back as much by HT being disabled.

You still knew it was directed at you.

No I didn't. You didn't quote me, nor state my name. Learn how to use the reply system.

 

[Regeneration]

Don't know how a discussion about HT ended up in a flame war, but whatever.

I tested HT on a hexacore CPU with the following games: CS:GO, PUBG, Hitman, Metro Last Redux and Final Fantasy XV Benchmark.

FPS was higher with HT off by 1-5 percent. On CPU benchmarks, serious performance drops, but hardly noticeable in real-world use. Encoding and compression takes ages with or without HT.

If you're a pro gamer, or spend most of the time gaming... turn HT off and push the clock by 100-200 MHz.

P.S.
I'm curious about Battlefield V, but EA shoved 30GB update on me.

 

[EarthDog]

Considering most games dont really use more than 4-6 threads, disabling HT couldnt hurt. But disable it on a quad with a game that works threads the fps will be lower.

 

[Regeneration]

Considering most games dont really use more than 4-6 threads, disabling HT couldnt hurt. But disable it on a quad with a game that works threads the fps will be lower.

i7-5820K (6c/12t) and now after 30 minutes of DOWNLOADING, and another 30 minutes of FINALIZING.

Battlefield V without HT and extra 200 MHz (stable at the same vcore).
Avg: 61.067 - Min: 23 - Max: 113

Battlefield V with HT
Avg: 58.317 - Min: 41 - Max: 105

I'm running it again to ensure its not a mistake.

 

[EarthDog]

Look a those minimums... ht on makes a difference there for sure.

It's also bf v which is tough to repeatably benchmark.

As weve seen in other testing like this most games dont benefit from more than 6 threads. This test would be interesting with a quad core with ht enabled/disabled.

What res are you running this at?

 

[mcraygsx]

I am more then happy with my 7700K setup for my gaming Machine.

Turning HT off really affects the few games I do play. With HT turned off frame time (ms) on RainbowSix Siege, WOT, FR5 and Elite Dangerous really takes a hit. Frame time is very important for me in ranked R6 then anything else. I left it on because otherwise my CPU usage is almost always at 100% while gaming and it defeats the purpose of 7700K all together.

There is not much I can do except keep the system updated and perhaps think about overclocking this processor to 5.1Ghz (I have excellent CHIP) running on passive Noctua NH-D14 no fans. BTW I do have 1800X/Crosshair VI which was purchased as a collectors item when it was first release.

 

[Regeneration]

Look a those minimums... ht on makes a difference there for sure.

It's also bf v which is tough to repeatably benchmark.

As weve seen in other testing like this most games dont benefit from more than 6 threads. This test would be interesting with a quad core with ht enabled/disabled.

What res are you running this at?

2K, ultra settings. 2nd runs for BF V:

Frames: 3528 - Time: 60000ms - Avg: 58.800 - Min: 41 - Max: 109
Frames: 3724 - Time: 60000ms - Avg: 62.067 - Min: 44 - Max: 114

Guess the min fps drop before occurred due to HDD trashing.

Conclusion: For gaming PCs, it is better to turn off HT and allocate the unused "juice" for higher clock @ same voltage. Of course, you'll need a CPU that supports overclocking.

 

[EarthDog]

Ahh, makes sense since you are benching at a GPU bound resolution. That said, I wouldnt make such a broad sweeping conclusion.

As I've been saying, most games dont utilize (not use) more than 4 threads. So it makes sense we can see improvements in some titles.

In the end, a more accurate conclusion would be for a hex core and the games you tested at a higher res benefit in some cases.

It would be more interesting to see this done with a quad where modern titles can use more than 4 threads. I assure you the result would be different.