Date: Thu, 08 Nov 2007 13:01:52 -0800 From: Nate Lawson <nate@root.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, Colin Percival <cperciva@FreeBSD.org> Subject: Re: cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c Message-ID: <47337940.6040909@root.org> In-Reply-To: <47337724.9040108@FreeBSD.org> References: <200711081945.lA8JjKcW080540@repoman.freebsd.org> <47337724.9040108@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > Colin Percival wrote: >> cperciva 2007-11-08 19:45:20 UTC >> >> FreeBSD src repository >> >> Modified files: (Branch: RELENG_7) >> sys/amd64/amd64 mp_machdep.c sys/i386/i386 >> mp_machdep.c Log: >> Change the default for hyperthreading (or, generally speaking, cases >> where the L1 cache is shared between CPUs) to disabled for security >> reasons. As in earlier releases, this can be changed by setting >> machdep.hyperthreading_allowed=1 in /boot/loader.conf. >> This is not an MFC -- no seatbelts in CURRENT. >> Approved by: re (kensmith) >> Security: See FreeBSD-SA-05:09.htt for background material. >> Revision Changes Path >> 1.287.2.1 +1 -1 src/sys/amd64/amd64/mp_machdep.c >> 1.281.2.1 +1 -1 src/sys/i386/i386/mp_machdep.c >> >> > > What are you waiting for to happen in HEAD, and what work are you doing > to expedite that? I'm still waiting for what will be done to prevent the attack on uniprocessor or multi-core machines (shared L2). Continuing to focus on hyperthreading is like locking the screen door on your submarine. -- Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47337940.6040909>