[Beowulf] New Spectre attacks - no software mitigation - what impact for HPC?

Chris Samuel chris at csamuel.org
Mon Jul 16 18:08:42 PDT 2018

Hi all,

This is a few days old now, but it passed me by until now.


The things that caught my eye were:

> The researchers noted in their paper that currently no effective static
> analysis or compiler instrumentation can even detect or mitigate Spectre
> 1.1.


> What the researchers are actually implying is first that software
> mitigations largely depend on app developers to implement them, which means
> that most applications won’t be protected, if history is any guide; second,
> hardware changes will be necessary for true long-term fixes that can stop
> Spectre flaws from appearing.

I will be interesting to see what happens around this one, as they say that if 
we don't get hardware fixes we could face decades of different variations on 
this as software folks play whack-a-mole.

So the two HPC related issues that come to mind will be:

1) It'll be interesting to see what performance impacts hardware fixes for this 
class of attacks will be, and whether we see vendors decide that the only way 
to really avoid them is to drop speculative execution.  Perhaps if that 
penalty is large then would vendors look to have separate processor lines, one 
set with speculative execution for performance (but without protection) and 
one for security instead?

2) Will people start to look at delaying purchasing decisions until it becomes 
clearer how the chip vendors are going to deal with this?

This might be a more pressing concern for the cloud crowd given the higher 
immediate exposure, but even in HPC we can't avoid the need to address this in 
some way (even if it's just "we did a risk assessment and we judge it to be a 
low risk").

Currently these new vulnerabilities are demonstrated on Intel & ARM, it will 
be interesting to see if AMD is also vulnerable (I would guess so).

 Chris Samuel  :  http://www.csamuel.org/  :  Melbourne, VIC

More information about the Beowulf mailing list