[Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty
Lux, Jim (337K)
james.p.lux at jpl.nasa.gov
Wed Jan 3 09:47:42 PST 2018
I should think that in a "dedicated cluster" application, these sorts of security problems are less of an issue - whether a process can figure out what memory space other processes are in is more of an issue for machines "open to the world with heterogeneous applications" (i.e. 99.9% of the machines out there).
The scenario from the article:
"Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data."
I'll bet there's not a whole lot of HPC code written in Javascript running in a browser..
(not that someone hasn't done it, as a stunt.. Is there a MPI library binding for Javascript?)
And, if you're running HPC "in the cloud" on VMs, this is an issue.
I suppose the down side is that if they do kernel mods to fix this for the 99.9%, it adversely affects the performance for the 0.1% (that is, us).
Jim Lux
(818)354-2075 (office)
(818)395-2714 (cell)
-----Original Message-----
From: Beowulf [mailto:beowulf-bounces at beowulf.org] On Behalf Of Christopher Samuel
Sent: Tuesday, January 02, 2018 7:46 PM
To: beowulf at beowulf.org
Subject: [Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty
Hi all,
Just a quick break from my holiday in Philadelphia (swapped forecast 40C on Saturday in Melbourne for -10C forecast here) to let folks know about what looks like a longstanding Intel CPU design flaw that has security implications.
There appears to be no microcode fix possible and the kernel fix will incur a significant performance penalty, people are talking about in the range of 5%-30% depending on the generation of the CPU. :-(
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
There's a post on the PostgreSQL site that measures the impact, El Reg summarises the impact as:
https://twitter.com/TheRegister/status/948342806367518720?ref_src=twsrc%5Etfw
Best case: 17% slowdown
Worst case: 23%
Here's the post about the measured impact:
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de
This is going to be interesting I think...
All the best,
Chris
--
Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC _______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf
mailing list