Skip to content

Commit 41c8d7c

Browse files
author
cynthn
committed
hyper-threading
1 parent 6419ecf commit 41c8d7c

File tree

3 files changed

+14
-11
lines changed

3 files changed

+14
-11
lines changed

articles/virtual-machines/linux/mitigate-se.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ms.workload: infrastructure-services
1414
ms.tgt_pltfrm: vm-linux
1515
ms.devlang: na
1616
ms.topic: article
17-
ms.date: 05/14/2019
17+
ms.date: 06/04/2019
1818
ms.author: cynthn
1919

2020
---

articles/virtual-machines/windows/mitigate-se.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ms.workload: infrastructure-services
1414
ms.tgt_pltfrm: vm-windows
1515
ms.devlang: na
1616
ms.topic: article
17-
ms.date: 05/14/2019
17+
ms.date: 06/04/2019
1818
ms.author: cynthn
1919

2020
---

includes/virtual-machines-common-mitigate-se.md

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@
55
author: cynthn
66
ms.service: virtual-machines
77
ms.topic: include
8-
ms.date: 05/22/2019
8+
ms.date: 06/04/2019
99
ms.author: cynthn;kareni
1010
ms.custom: include file
1111
---
1212

1313

14-
**Last document update**: 14 May 2019 10:00 AM PST.
14+
**Last document update**: 4 June 2019 3:00 PM PST.
1515

1616
The disclosure of a [new class of CPU vulnerabilities](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002) known as speculative execution side-channel attacks has resulted in questions from customers seeking more clarity.
1717

@@ -73,15 +73,17 @@ You can enable additional security features inside your VM or Cloud Service if y
7373
Your target operating system must be up-to-date to enable these additional security features. While numerous speculative execution side channel mitigations are enabled by default, the additional features described here must be enabled manually and may cause a performance impact.
7474

7575

76-
**Step 1: Disable hyperthreading on the VM** - Customers running untrusted code on a hyperthreaded VM will need to disable hyperthreading or move to a non-hyperthreaded VM size. To check if your VM has hyperthreading enabled, please refer to the below script using the Windows command line from within the VM.
76+
**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM size. Reference [this doc](https://docs.microsoft.com/azure/virtual-machines/windows/acu) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if your VM has hyper-threading enabled, please refer to the below script using the Windows command line from within the VM.
7777

7878
Type `wmic` to enter the interactive interface. Then type the below to view the amount of physical and logical processors on the VM.
7979

8080
```console
8181
CPU Get NumberOfCores,NumberOfLogicalProcessors /Format:List
8282
```
8383

84-
If the number of logical processors is greater than physical processors (cores), then hyperthreading is enabled. If you are running a hyperthreaded VM, please [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyperthreading disabled. Once hyperthreading is disabled, **support will require a full VM reboot**.
84+
If the number of logical processors is greater than physical processors (cores), then hyper-threading is enabled. If you are running a hyper-threaded VM, please [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled. Once hyper-threading is disabled, **support will require a full VM reboot**.
85+
86+
When a hyper-threaded VM is created, Azure allocates 2 threads per core - these are called vCPUs. When hyper-threading is disabled, Azure removes a thread and surfaces up single threaded cores (physical cores). The ratio of vCPU to CPU is 2:1, so once hyper-threading is disabled, the CPU count in the VM will appear to have decreased by half. For example, a D8_v3 VM is a hyper-threaded VM running on 8 vCPUs (2 threads per core x 4 cores). When hyper-threading is disabled, CPUs will drop to 4 physical cores with 1 thread per core.
8587

8688

8789
**Step 2**: In parallel to Step 1, follow the instructions in [KB4072698](https://support.microsoft.com/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution) to verify protections are enabled using the [SpeculationControl](https://aka.ms/SpeculationControlPS) PowerShell module.
@@ -119,14 +121,14 @@ If the output shows `MDS mitigation is enabled: False`, please [contact Azure Su
119121
<a name="linux"></a>Enabling the set of additional security features inside requires that the target operating system be fully up-to-date. Some mitigations will be enabled by default. The following section describes the features which are off by default and/or reliant on hardware support (microcode). Enabling these features may cause a performance impact. Reference your operating system provider’s documentation for further instructions
120122

121123

122-
**Step 1: Disable hyperthreading on the VM** - Customers running untrusted code on a hyperthreaded VM will need to disable hyperthreading or move to a non-hyperthreaded VM. To check if you are running a hyperthreaded VM, run the `lscpu` command in the Linux VM.
124+
**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM. Reference [this doc](https://docs.microsoft.com/azure/virtual-machines/linux/acu) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if you are running a hyper-threaded VM, run the `lscpu` command in the Linux VM.
123125

124-
If `Thread(s) per core = 2`, then hyperthreading has been enabled.
126+
If `Thread(s) per core = 2`, then hyper-threading has been enabled.
125127

126-
If `Thread(s) per core = 1`, then hyperthreading has been disabled.
128+
If `Thread(s) per core = 1`, then hyper-threading has been disabled.
127129

128130

129-
Sample output for a VM with hyperthreading enabled:
131+
Sample output for a VM with hyper-threading enabled:
130132

131133
```console
132134
CPU Architecture: x86_64
@@ -141,8 +143,9 @@ NUMA node(s): 1
141143

142144
```
143145

144-
If you are running a hyperthreaded VM, please [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyperthreading disabled. Once hyperthreading is disabled, **support will require a full VM reboot**.
146+
If you are running a hyper-threaded VM, please [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled. Once hyper-threading is disabled, **support will require a full VM reboot**.
145147

148+
When a hyper-threaded VM is created, Azure allocates 2 threads per core - these are called vCPUs. When hyper-threading is disabled, Azure removes a thread and surfaces up single threaded cores (physical cores). The ratio of vCPU to CPU is 2:1, so once hyper-threading is disabled, the CPU count in the VM will appear to have decreased by half. For example, a D8_v3 VM is a hyper-threaded VM running on 8 vCPUs (2 threads per core x 4 cores). When hyper-threading is disabled, CPUs will drop to 4 physical cores with 1 thread per core.
146149

147150
**Step 2**: To mitigate against any of the below speculative execution side-channel vulnerabilities, refer to your operating system provider’s documentation:
148151

0 commit comments

Comments
 (0)