Bureaucrats, cc_docs_admin, cc_staff
2,915
edits
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
<translate> | <translate> | ||
<!--T:1--> | <!--T:1--> | ||
Meltdown and Spectre are bugs related to speculative execution in a variety of CPU architectures developed during the past ten to fifteen years and which affect in particular processors from Intel and AMD, including those in use on Compute Canada clusters. A detailed discussion of the two bugs can be found on [https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/ this page]. Compute Canada personnel | Meltdown and Spectre are bugs related to speculative execution in a variety of CPU architectures developed during the past ten to fifteen years and which affect in particular processors from Intel and AMD, including those in use on Compute Canada clusters. A detailed discussion of the two bugs can be found on [https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/ this page]. Compute Canada personnel have patched systems deemed sensitive to these vulnerabilities. | ||
== What are the impacts ? == <!--T:2--> | == What are the impacts ? == <!--T:2--> | ||
=== Availability impacts === | === Availability impacts === | ||
Updates to patch the vulnerabilities | Updates to patch the vulnerabilities required updating the operating system and rebooting the nodes. For compute nodes this was typically done in a rolling fashion, was largely transparent to users, and is now complete. | ||
Updates were applied at [[Graham]] between 2018 January 5 and January 31. Most nodes were updated by January 13. | |||
=== Performance impacts === <!--T:3--> | === Performance impacts === <!--T:3--> | ||
Many groups around the world | Many groups around the world have run benchmarks to evaluate the effects of the operating system patches on performance. Certain figures that have been cited are alarming (up to a 30% or even 50% performance hit), while others are very minimal. | ||
<!--T:4--> | <!--T:4--> | ||
Line 19: | Line 21: | ||
== What is Compute Canada doing about it ? == <!--T:6--> | == What is Compute Canada doing about it ? == <!--T:6--> | ||
All vulnerable equipment operated by Compute Canada has been patched. If and when vendors release new patches, these will also be applied. | |||
== What should I do about it ? == <!--T:7--> | == What should I do about it ? == <!--T:7--> | ||
Line 28: | Line 30: | ||
=== I have a virtual machine running on the Compute Canada Cloud === <!--T:9--> | === I have a virtual machine running on the Compute Canada Cloud === <!--T:9--> | ||
Update your virtual machine's operating system to the latest version frequently | Update your virtual machine's operating system to the latest version frequently to ensure it has the latest security patches to address these bugs. See [[Security_considerations_when_running_a_VM#Updating_your_VM|updating your VM]] for specific instructions on how to update Linux VMs. | ||
== References == <!--T:10--> | == References == <!--T:10--> |