Chrome OS 74 will disable Hyper-Threading by default

[poochyena]

Chrome will soon disable hyper-threading due to vulnerabilities on intel chips.

https://sites.google.com/a/chromium.org/dev/chromium-os/mds-on-chromeos

Quote

To protect users, Chrome OS 74 disables Hyper-Threading by default. For the majority of our users, whose workflows are primarily interactive, this mitigates the security risk of MDS without a noticeable loss of responsiveness. Chrome OS 75 will contain additional mitigations.

 

Users concerned about the performance loss, such as those running CPU intensive workloads, may enable Hyper-Threading on a per machine basis. The setting is located at chrome://flags#scheduler-configuration. The "performance" setting chooses the configuration that enables Hyper-Threading. The "conservative" setting chooses the configuration that disables Hyper-Threading.

 

 

[DrMacintosh]

Its not like Chrome OS has any applications that could put those threads to use.....

[Billy Pilgrim]

Ignoring Hyperthreading and other vulnerabilities like this is extremely stupid for Intel to do. In the short term, they won't have to update their roadmap and architecture plan, but when people loose performance because of safety measures it seems that they have stopped caring. I don't even think Intel has announced a hardware fix for specter or meltdown.

 

It's like they want people to start buying AMD CPUs.

[poochyena]

8 minutes ago, DrMacintosh said:

Its not like Chrome OS has any applications that could put those threads to use.....

I could definitely see a dual core cpu losing some speed going from 4 to 2 threads. It could possibly struggle some during 1080p 60fps video playback. Not sure, i'd be curious to see before and after tests.

[DrMacintosh]

Just now, poochyena said:

It could possibly struggle some during 1080p 60fps video playback. Not sure, i'd be curious to see before and after tests.

I doubt that. 1080p 60fps playback is not that demanding. However it would be better if YouTube did not use a codec that has no dedicated hardware decoders. 

 

Would save battery life on every platform by not having to brute force decode the video. 

[Zodiark1593]

2 minutes ago, DrMacintosh said:

I doubt that. 1080p 60fps playback is not that demanding. However it would be better if YouTube did not use a codec that has no dedicated hardware decoders. 

 

Would save battery life on every platform by not having to brute force decode the video. 

VP9 is a bit more frugal on bandwidth for same or better quality than h.264. Smartphones adopted VP9 hardware decode early on, but PCs lagged behind for awhile. Pretty sure VP9 decode didn't become a thing until at least Nvidia's Maxwell. Meaning anything older (laptops in particular) is SoL for hardware decode.

[The Benjamins]

so They really mean Hyper-Threading not SMT, best stick to AMD to get SMT.

[Guest]

38 minutes ago, DrMacintosh said:

Its not like Chrome OS has any applications that could put those threads to use.....

Most people run Chrome OS on ARM anyway? 

[brwainer]

15 minutes ago, The Benjamins said:

so They really mean Hyper-Threading not SMT, best stick to AMD to get SMT.

Hyperthreading and SMT are the same thing at the OS level. I don't think any AMD chromebooks exist, but if they did I'm sure the Chrome changes would affect those as well. Some (but not all) of the hyperthreading vulnerabilities have also affected SMT, so AMD has not been completely immune. Also many security researchers believe any type of multi threading (two or more threads sharing a compute element) is less secure by its nature, and it will be impossible to remove all vulnerabilities.

[The Benjamins]

2 minutes ago, brwainer said:

Hyperthreading and SMT are the same thing at the OS level. I don't think any AMD chromebooks exist, but if they did I'm sure the Chrome changes would affect those as well. Some (but not all) of the hyperthreading vulnerabilities have also affected SMT, so AMD has not been completely immune. Also many security researchers believe any type of multi threading (two or more threads sharing a compute element) is less secure by its nature, and it will be impossible to remove all vulnerabilities.

Google only mentions Intel and uses Intels trademarked Hyper-Threading name spelled and capitalized per Intel's requirements. so unless they are misusing Intel's trademark this is for Intel Hyper-Threading only.

 

Quote

Chrome OS devices with affected Intel CPUs, supported as of May 14th, 2019, are as follows:

 

[brwainer]

3 minutes ago, The Benjamins said:

Google only mentions Intel and uses Intels trademarked Hyper-Threading name spelled and capitalized per Intel's requirements. so unless they are misusing Intel's trademark this is for Intel Hyper-Threading only.

 

 

I stand by what I said:

10 minutes ago, brwainer said:

I don't think any AMD chromebooks exist, but if they did I'm sure the Chrome changes would affect those as well.

Turns out there is exactly one AMD powered chromebook, available in two colors, and it is dual core, dual threaded. Therefore it stands to reason that Google used the Hyper-Threading term and only mentioned Intel CPUs because there are no systems with AMD CPUs that are affected. I am sure that if yhere were Chromebooks that had SMT, they would apply this change to those as well.

[Misanthrope]

SMT still good? Though not even sure there's Chrome OS AMD devices.

[brwainer]

38 minutes ago, Misanthrope said:

SMT still good? Though not even sure there's Chrome OS AMD devices.

The comments directly before yours were on this exact topic....

there is exactly one model of devices running Chrome OS with an AMD CPU, and it doesn't have SMT. Therefore, we cannot make any conclusions on whether Google considers SMT safe or not.

1 hour ago, brwainer said:

Some (but not all) of the hyperthreading vulnerabilities have also affected SMT, so AMD has not been completely immune. Also many security researchers believe any type of multi threading (two or more threads sharing a compute element) is less secure by its nature, and it will be impossible to remove all vulnerabilities.

 

[xAcid9]

*laughs in CMT*

 

oh wait.. i don't have one. 

[Ashley MLP Fangirl]

2 hours ago, DrMacintosh said:

Its not like Chrome OS has any applications that could put those threads to use.....

Yes it does. Chrome. Seriously. I own a chrome book and max it out all the time. Nevermind running Android games. 

[williamcll]

*Laughs in SMT*

[kladzen]

3 hours ago, Misanthrope said:

SMT still good? Though not even sure there's Chrome OS AMD devices.

likey also affected... SMT is the same just AMD term

[LAwLz]

4 hours ago, Billy Pilgrim said:

Ignoring Hyperthreading and other vulnerabilities like this is extremely stupid for Intel to do. In the short term, they won't have to update their roadmap and architecture plan, but when people loose performance because of safety measures it seems that they have stopped caring. I don't even think Intel has announced a hardware fix for specter or meltdown.

 

It's like they want people to start buying AMD CPUs.

Intel has already fixed the issue in hardware in newer generations of CPUs.

 

Also, we are not sure if this affects AMD or not yet. Google only mentions Intel in this because there are no devices running ChromeOS which also has an SMT enabled AMD processor.

 

 

Before AMD fanboys start praising AMD and shitting on Intel I would recommend we actually wait for confirmation whether or not AMD is affected. Most of the security research is done on Intel processors because they have the majority market share. With things like Spectre we first saw Intel being mentioned, but then after more research AMD went out with statements saying they were affected too.

[Sauron]

4 hours ago, brwainer said:

Hyperthreading and SMT are the same thing at the OS level.

That's irrelevant, MDS is a hardware vulnerability.

4 hours ago, brwainer said:

Some (but not all) of the hyperthreading vulnerabilities have also affected SMT, so AMD has not been completely immune. Also many security researchers believe any type of multi threading (two or more threads sharing a compute element) is less secure by its nature, and it will be impossible to remove all vulnerabilities.

That doesn't mean one of the two can't be more secure than the other for an end user running ChromeOS.

 

Also Google specifically mentions Intel and HyperThreading by name:

Quote

With Hyper-Threading disabled, Intel CPUs may experience reduced performance, which varies depending on the workload. But, with Hyper-Threading enabled, users could execute code, such as by visiting a website or running an Android app, that exploits MDS to read sensitive memory contents.

Maybe SMT will be next but as of right now I think it's safe to say AMD chips aren't affected by this change - as in, if you install ChromeOS on a Zen pc you won't have SMT disabled by default. Regardless it hardly matters considering you can re-enable HT if you want to.

[Trixanity]

AMD only recently announced chips for Chromebooks and those are Excavator derivatives meaning no SMT. So it makes sense that only Intel is included in this statement. That doesn't mean the exploits mentioned (do we actually know which specifically?) don't affect AMD chips but we don't know that yet and it's not applicable anyway. I mean I guess you could try install ChromeOS on a Zen-based machine but why would you do that in the first place?

[GoldenLag]

6 hours ago, Billy Pilgrim said:

I don't even think Intel has announced a hardware fix for specter or meltdown.

for those who havent payed attention. i believe they announced hardware fixes. 

 

6 hours ago, Billy Pilgrim said:

Ignoring Hyperthreading and other vulnerabilities like this is extremely stupid for Intel to do.

are they doing anything stupid? what am i missing here?

[GoldenLag]

1 hour ago, kladzen said:

likey also affected... SMT is the same just AMD term

its not identical hardwarewise. while to us consumers and the OS its identical, it does not have the exact same voulnurbillities. 

[Trixanity]

16 minutes ago, GoldenLag said:

for those who havent payed attention. i believe they announced hardware fixes. 

 

are they doing anything stupid? what am i missing here?

[GoldenLag]

1 minute ago, Trixanity said:

Spectre and Meltdown on Intel
AnandTech			SKX-R 3175X	CFL-R	Cascade Lake	Whiskey Lake	Amber Lake
Spectre	Variant 1	Bounds Check Bypass	OS/VMM	OS/VMM	OS/VMM	OS/VMM	OS/VMM
Spectre	Variant 2	Branch Target Injection	Firmware + OS	Firmware + OS	Hardware + OS	Firmware + OS	Firmware + OS
Meltdown	Variant 3	Rogue Data Cache Load	Firmware	Hardware	Hardware	Hardware	Firmware
Meltdown	Variant 3a	Rogue System Register Read	Firmware	Firmware	Firmware	Firmware	Firmware
	Variant 4	Speculative Store Bypass	Firmware + OS	Firmware + OS	Firmware + OS	Firmware + OS	Firmware + OS
	Variant 5	L1 Terminal Fault	Firmware	Hardware	Hardware	Hardware	Firmware

didnt they announche incomming hardware fixes for most of them?

 

not sure if they would come with coffelake-re-refresh

[Trixanity]

5 minutes ago, GoldenLag said:

didnt they announche incomming hardware fixes for most of them?

 

not sure if they would come with coffelake-re-refresh

Fixed the table because apparently you can't paste Anandtech tables anymore without them looking like shit and it sucks to do these things on a phone.

 

Anyway, with that rant over, I believe there should be more fixes coming with the Ice Lake generation of chips but I honestly can't remember any actual information on that. So take it with a grain of salt or look it up on your own