Is hyperthreading dangerous? [LWN.net]

Is hyperthreading dangerous?

Posted May 19, 2005 12:56 UTC (Thu) by ballombe (subscriber, #9523)
Parent article: Is hyperthreading dangerous?

Interestingly, when the mergemem pacth (http://mergemem.ist.org/) was proposed in 1998, it was accompanied by a note stating a similar security concern. (Hostile programs could generate pages and see whether memory usage go up or not, and deduce they were merged).

Avoidance of data-dependent memory access patterns is already in use in smartcard devices (it is much easier to exploit once you have stolen the smartcard, though).

(Log in to post comments)

mergemem and timing vulnerabilities

Posted May 29, 2005 11:15 UTC (Sun) by anton (guest, #25547) [Link]

If one could only check whether full pages are merged, that would be
pretty hard to exploit (one would have to guess all of the page
correctly, i.e., usually the complete key or password).

Another potential attack path was using a timing attack based on how
long the merge attempt takes, or how much of the merge-attempted pages
is in the cache afterwards. That would bring the granularity down to
a word or a cache line, which makes guessing much more practical.

IMO, even that attack path could be blocked relatively easily (e.g.,
allow only merging corresponding pages from processes that run the
same binary, and were not tainted with ptrace or somesuch).

My impression was that too much emphasis was given to the
vulnerabilities in the mergemem announcements, and that may be one
reason why there was not much interest in it.