[Beowulf] New Spectre attacks - no software mitigation - what impact for HPC?

Tue Jul 17 11:42:58 PDT 2018

Docker claims to have patches which have no degradation in performance:
https://success.docker.com/article/how-does-spectre-meltdown-affect-my-docker-installs
Here is an interesting video about making a simple container and what that
container might do:
https://m.youtube.com/watch?v=Utf-A4rODH8&t=900s
I am not saying this solves any issue. It is only a current software
direction. It could be significant because there is a low level exchange of
information to these vulnerabilities, in the video (she does not use docker
by the way) she basically tells her OS to lie about the contents of her
directory.
It is a direction of interesting development. You could for example isolate
a job within a container which carries all sorts of fakery.
Jonathan

On Mon, Jul 16, 2018, 6:09 PM Chris Samuel <chris at csamuel.org> wrote:

> Hi all,
>
> This is a few days old now, but it passed me by until now.
>
> https://www.tomshardware.com/news/intel-arm-new-spectre-flaws,37436.html
>
> The things that caught my eye were:
>
> > The researchers noted in their paper that currently no effective static
> > analysis or compiler instrumentation can even detect or mitigate Spectre
> > 1.1.
>
> and
>
> > What the researchers are actually implying is first that software
> > mitigations largely depend on app developers to implement them, which
> means
> > that most applications won’t be protected, if history is any guide;
> second,
> > hardware changes will be necessary for true long-term fixes that can stop
> > Spectre flaws from appearing.
>
> I will be interesting to see what happens around this one, as they say
> that if
> we don't get hardware fixes we could face decades of different variations
> on
> this as software folks play whack-a-mole.
>
> So the two HPC related issues that come to mind will be:
>
> 1) It'll be interesting to see what performance impacts hardware fixes for
> this
> class of attacks will be, and whether we see vendors decide that the only
> way
> to really avoid them is to drop speculative execution.  Perhaps if that
> penalty is large then would vendors look to have separate processor lines,
> one
> set with speculative execution for performance (but without protection)
> and
> one for security instead?
>
> 2) Will people start to look at delaying purchasing decisions until it
> becomes
> clearer how the chip vendors are going to deal with this?
>
> This might be a more pressing concern for the cloud crowd given the higher
> immediate exposure, but even in HPC we can't avoid the need to address
> this in
> some way (even if it's just "we did a risk assessment and we judge it to
> be a
> low risk").
>
> Currently these new vulnerabilities are demonstrated on Intel & ARM, it
> will
> be interesting to see if AMD is also vulnerable (I would guess so).
>
> cheers!
> Chris
> --
>  Chris Samuel  :  http://www.csamuel.org/  :  Melbourne, VIC
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20180717/c956d175/attachment.html>