[Beowulf] New Spectre attacks - no software mitigation - what impact for HPC?

Douglas Eadline deadline at eadline.org
Tue Jul 17 14:33:47 PDT 2018


I saw that as well. I'm always a bit skeptical about
some of these theoretical attacks. IMO there should
be a "degree of difficultly" (of sorts) assigned to
these hardware issues. Then you can decide on a
risk strategy.

Multicore really introduced a lot of issues. For those
that can remember, when a process owned the whole
(single) processor things seemed bit simpler.

In any case, I believe XCD summs up the issue quite nicely

https://xkcd.com/538/

--
Doug


> Hi all,
>
> This is a few days old now, but it passed me by until now.
>
> https://www.tomshardware.com/news/intel-arm-new-spectre-flaws,37436.html
>
> The things that caught my eye were:
>
>> The researchers noted in their paper that currently no effective static
>> analysis or compiler instrumentation can even detect or mitigate Spectre
>> 1.1.
>
> and
>
>> What the researchers are actually implying is first that software
>> mitigations largely depend on app developers to implement them, which
>> means
>> that most applications won’t be protected, if history is any guide;
>> second,
>> hardware changes will be necessary for true long-term fixes that can
>> stop
>> Spectre flaws from appearing.
>
> I will be interesting to see what happens around this one, as they say
> that if
> we don't get hardware fixes we could face decades of different variations
> on
> this as software folks play whack-a-mole.
>
> So the two HPC related issues that come to mind will be:
>
> 1) It'll be interesting to see what performance impacts hardware fixes for
> this
> class of attacks will be, and whether we see vendors decide that the only
> way
> to really avoid them is to drop speculative execution.  Perhaps if that
> penalty is large then would vendors look to have separate processor lines,
> one
> set with speculative execution for performance (but without protection)
> and
> one for security instead?
>
> 2) Will people start to look at delaying purchasing decisions until it
> becomes
> clearer how the chip vendors are going to deal with this?
>
> This might be a more pressing concern for the cloud crowd given the higher
> immediate exposure, but even in HPC we can't avoid the need to address
> this in
> some way (even if it's just "we did a risk assessment and we judge it to
> be a
> low risk").
>
> Currently these new vulnerabilities are demonstrated on Intel & ARM, it
> will
> be interesting to see if AMD is also vulnerable (I would guess so).
>
> cheers!
> Chris
> --
>  Chris Samuel  :  http://www.csamuel.org/  :  Melbourne, VIC
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
> --
> MailScanner: Clean
>
>


-- 
Doug

-- 
MailScanner: Clean



More information about the Beowulf mailing list