[Beowulf] New Spectre attacks - no software mitigation - what impact for HPC?
chris at csamuel.org
Mon Jul 16 18:08:42 PDT 2018
This is a few days old now, but it passed me by until now.
The things that caught my eye were:
> The researchers noted in their paper that currently no effective static
> analysis or compiler instrumentation can even detect or mitigate Spectre
> What the researchers are actually implying is first that software
> mitigations largely depend on app developers to implement them, which means
> that most applications won’t be protected, if history is any guide; second,
> hardware changes will be necessary for true long-term fixes that can stop
> Spectre flaws from appearing.
I will be interesting to see what happens around this one, as they say that if
we don't get hardware fixes we could face decades of different variations on
this as software folks play whack-a-mole.
So the two HPC related issues that come to mind will be:
1) It'll be interesting to see what performance impacts hardware fixes for this
class of attacks will be, and whether we see vendors decide that the only way
to really avoid them is to drop speculative execution. Perhaps if that
penalty is large then would vendors look to have separate processor lines, one
set with speculative execution for performance (but without protection) and
one for security instead?
2) Will people start to look at delaying purchasing decisions until it becomes
clearer how the chip vendors are going to deal with this?
This might be a more pressing concern for the cloud crowd given the higher
immediate exposure, but even in HPC we can't avoid the need to address this in
some way (even if it's just "we did a risk assessment and we judge it to be a
Currently these new vulnerabilities are demonstrated on Intel & ARM, it will
be interesting to see if AMD is also vulnerable (I would guess so).
Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC
More information about the Beowulf