[Beowulf] [upgrade strategy] Intel CPU design bug & security flaw - kernel fix imposes performance penalty

Jörg Saßmannshausen sassy-work at sassy.formativ.net
Sun Jan 7 14:44:33 PST 2018

Dear all,

Chris is right here. It depends on what is running on your HPC cluster. You 
might not see a performance degrade at all, or you might see one of 30% (just 
to stick with that number).
Also, if you got a cluster which is solely used by one research group the 
chances they are hacking each other are slim I would argue. That leave still 
the argument about a compromised user account.
If you are running a large, multi user, multi institutional cluster you might 
want to put security over performance. This might be especially true if you 
are using confidential data like patient data. 
So, you will need to set up your own risk matrix and hope you made the right 
For me: we have decided to upgrade the headnode but for now leave the compute 
nodes untouched. We then can decide at a later state whether or not we want to 
upgrade the compute nodes, maybe after we done some testing of typical 
programs. It is not an ideal scenario but we are living in a real and not 
ideal world I guess.

All the best from London


Am Montag, 8. Januar 2018, 09:24:12 GMT schrieb Christopher Samuel:
> On 08/01/18 09:18, Richard Walsh wrote:
> > Mmm ... maybe I am missing something, but for an HPC cluster-specific
> > solution ... how about skipping the fixes, and simply requiring all
> > compute node jobs to run in exclusive mode and then zero-ing out user
> > memory between jobs ... ??
> If you are running other daemons with important content (say the munge
> service that Slurm uses for authentication) then you risk the user being
> able to steal the secret key from the daemon.
> But it all depends on your risk analysis of course.
> All the best!
> Chris

More information about the Beowulf mailing list