[Beowulf] New Spectre attacks - no software mitigation - what impact for HPC?
deadline at eadline.org
Tue Jul 17 14:33:47 PDT 2018
I saw that as well. I'm always a bit skeptical about
some of these theoretical attacks. IMO there should
be a "degree of difficultly" (of sorts) assigned to
these hardware issues. Then you can decide on a
Multicore really introduced a lot of issues. For those
that can remember, when a process owned the whole
(single) processor things seemed bit simpler.
In any case, I believe XCD summs up the issue quite nicely
> Hi all,
> This is a few days old now, but it passed me by until now.
> The things that caught my eye were:
>> The researchers noted in their paper that currently no effective static
>> analysis or compiler instrumentation can even detect or mitigate Spectre
>> What the researchers are actually implying is first that software
>> mitigations largely depend on app developers to implement them, which
>> that most applications wonât be protected, if history is any guide;
>> hardware changes will be necessary for true long-term fixes that can
>> Spectre flaws from appearing.
> I will be interesting to see what happens around this one, as they say
> that if
> we don't get hardware fixes we could face decades of different variations
> this as software folks play whack-a-mole.
> So the two HPC related issues that come to mind will be:
> 1) It'll be interesting to see what performance impacts hardware fixes for
> class of attacks will be, and whether we see vendors decide that the only
> to really avoid them is to drop speculative execution. Perhaps if that
> penalty is large then would vendors look to have separate processor lines,
> set with speculative execution for performance (but without protection)
> one for security instead?
> 2) Will people start to look at delaying purchasing decisions until it
> clearer how the chip vendors are going to deal with this?
> This might be a more pressing concern for the cloud crowd given the higher
> immediate exposure, but even in HPC we can't avoid the need to address
> this in
> some way (even if it's just "we did a risk assessment and we judge it to
> be a
> low risk").
> Currently these new vulnerabilities are demonstrated on Intel & ARM, it
> be interesting to see if AMD is also vulnerable (I would guess so).
> Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> MailScanner: Clean
More information about the Beowulf