Meltdown and Spectre bugs: Difference between revisions

Jump to navigation Jump to search
no edit summary
No edit summary
No edit summary
Line 3: Line 3:
<translate>
<translate>
<!--T:1-->
<!--T:1-->
Meltdown and Spectre are bugs related to speculative execution in a variety of CPU architectures developed during the past ten to fifteen years and which affect in particular processors from Intel and AMD, including those in use on Compute Canada clusters. A detailed discussion of the two bugs can be found on [https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/ this page]. Compute Canada personnel are currently patching systems deemed sensitive to these vulnerabilities.  
Meltdown and Spectre are bugs related to speculative execution in a variety of CPU architectures developed during the past ten to fifteen years and which affect in particular processors from Intel and AMD, including those in use on Compute Canada clusters. A detailed discussion of the two bugs can be found on [https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/ this page]. Compute Canada personnel have patched systems deemed sensitive to these vulnerabilities.  


== What are the impacts ? == <!--T:2-->
== What are the impacts ? == <!--T:2-->
=== Availability impacts ===
=== Availability impacts ===
Updates to patch the vulnerabilities require updating the operating system and rebooting the nodes. For compute nodes, this is typically done in a rolling fashion, resulting in nodes being unavailable for a short period of time. This may impair the scheduling of large jobs, but typically goes unnoticed by users. Some nodes, such as login nodes and cloud hosts, will however see a short interruption of service.
Updates to patch the vulnerabilities required updating the operating system and rebooting the nodes. For compute nodes this was typically done in a rolling fashion, was largely transparent to users, and is now complete.
 
Updates were applied at [[Graham]] between 2018 January 5 and January 31. Most nodes were updated by January 13.


=== Performance impacts === <!--T:3-->
=== Performance impacts === <!--T:3-->
Many groups around the world, including within Compute Canada, are running benchmarks to evaluate the effects of the operating system patches on performance. Certain figures that have been cited are alarming (up to a 30% or even 50% performance hit), while others are very minimal.
Many groups around the world have run benchmarks to evaluate the effects of the operating system patches on performance. Certain figures that have been cited are alarming (up to a 30% or even 50% performance hit), while others are very minimal.


<!--T:4-->
<!--T:4-->
Line 19: Line 21:


== What is Compute Canada doing about it ? == <!--T:6-->
== What is Compute Canada doing about it ? == <!--T:6-->
Teams managing the Compute Canada clusters are acting diligently to update their servers as needed and as patches are released by various vendors. Many servers have already been patched, but some may require more updates as vendors release new patches.
All vulnerable equipment operated by Compute Canada has been patched. If and when vendors release new patches, these will also be applied.


== What should I do about it ? == <!--T:7-->
== What should I do about it ? == <!--T:7-->
Line 28: Line 30:


=== I have a virtual machine running on the Compute Canada Cloud === <!--T:9-->
=== I have a virtual machine running on the Compute Canada Cloud === <!--T:9-->
Update your virtual machine's operating system to the latest version frequently over the coming days to ensure it has the latest security patches to address these bugs. See [[Security_considerations_when_running_a_VM#Updating_your_VM|updating your VM]] for specific instructions on how to update Linux VMs.
Update your virtual machine's operating system to the latest version frequently to ensure it has the latest security patches to address these bugs. See [[Security_considerations_when_running_a_VM#Updating_your_VM|updating your VM]] for specific instructions on how to update Linux VMs.


== References == <!--T:10-->
== References == <!--T:10-->
Bureaucrats, cc_docs_admin, cc_staff
2,915

edits

Navigation menu