[Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty

Lux, Jim (337K) james.p.lux at jpl.nasa.gov
Wed Jan 3 09:47:42 PST 2018

I should think that in a "dedicated cluster" application, these sorts of security problems are less of an issue - whether a process can figure out what memory space other processes are in is more of an issue for machines "open to the world with heterogeneous applications" (i.e. 99.9% of the machines out there).
The scenario from the article:
"Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data."

I'll bet there's not a whole lot of HPC code written in Javascript running in a browser..
(not that someone hasn't done it, as a stunt..  Is there a MPI library binding for Javascript?)

And, if you're running HPC "in the cloud" on VMs, this is an issue. 

I suppose the down side is that if they do kernel mods to fix this for the 99.9%, it adversely affects the performance for the 0.1% (that is, us).

Jim Lux
(818)354-2075 (office)
(818)395-2714 (cell)

-----Original Message-----
From: Beowulf [mailto:beowulf-bounces at beowulf.org] On Behalf Of Christopher Samuel
Sent: Tuesday, January 02, 2018 7:46 PM
To: beowulf at beowulf.org
Subject: [Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty

Hi all,

Just a quick break from my holiday in Philadelphia (swapped forecast 40C on Saturday in Melbourne for -10C forecast here) to let folks know about what looks like a longstanding Intel CPU design flaw that has security implications.

There appears to be no microcode fix possible and the kernel fix will incur a significant performance penalty, people are talking about in the range of 5%-30% depending on the generation of the CPU. :-(


There's a post on the PostgreSQL site that measures the impact, El Reg summarises the impact as:


Best case: 17% slowdown
Worst case: 23%

Here's the post about the measured impact:


This is going to be interesting I think...

All the best,
  Chris Samuel  :  http://www.csamuel.org/  :  Melbourne, VIC _______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

More information about the Beowulf mailing list