[Beowulf] [upgrade strategy] Intel CPU design bug & security flaw - kernel fix imposes performance penalty
remy.dernat at umontpellier.fr
Wed Jan 3 04:56:50 PST 2018
I renamed that thread because IMHO there is a another issue related to that threat.
Should we upgrade our system and lost a significant amount of XFlops... ?
What should be consider : - the risk - your user population (size / type / average "knowledge" of hacking techs...) - the isolation level from the outside (internet)
So here is me question : if this is not confidential, what will you do ?
I would not patch our little local cluster, contrary to all of our other servers.
Indeed, there is another "little" risk. If our strategy is to always upgrade/patch, in this particular case you can loose many users that will complain about perfs...
So another question : what is your global strategy about upgrades on your clusters ? Do you upgrade it as often as you can ? One upgrade every X months (due to the downtime issue) ... ?
-------- Message d'origine --------De : John Hearns via Beowulf <beowulf at beowulf.org> Date : 03/01/2018 09:48 (GMT+01:00) À : Beowulf Mailing List <beowulf at beowulf.org> Objet : Re: [Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty
Thanks Chris. In the past there have been Intel CPU 'bugs' trumpeted, but generally these are fixed with a microcode update. This looks different, as it is a fundamental part of the chips architecture.However the Register article says: "It allows normal user programs – to discern to some extent the layout or contents of protected kernel memory areas"
I guess the phrase "to some extent" is the vital one here. Are there any security exploits which use this information? I guess it is inevitable that one will be engineered now that this is known about. The question I am really asking is should we worry about this for real world systems. And I guess tha answer is that if the kernel developers are worried enough then yes we should be too. Comments please.
On 3 January 2018 at 06:56, Greg Lindahl <lindahl at pbm.com> wrote:
On Wed, Jan 03, 2018 at 02:46:07PM +1100, Christopher Samuel wrote:
> There appears to be no microcode fix possible and the kernel fix will
> incur a significant performance penalty, people are talking about in the
> range of 5%-30% depending on the generation of the CPU. :-(
The performance hit (at least for the current patches) is related to
system calls, which HPC programs using networking gear like OmniPath
or Infiniband don't do much of.
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Beowulf