[lustre-discuss] Are there any performance hits with the https://access.redhat.com/security/vulnerabilities/speculativeexecution?

Marion Hakanson hakansom at ohsu.edu
Fri Jan 5 14:29:56 PST 2018 

We may not need to apply these mitigations to Lustre servers,
but a lot of Lustre code runs on the client systems.

Let's say you run a multi-user research cluster;  Lab group A says
that their data must not be seen by any user except those in Lab A, so
user, group, and filesystem permissions are set to implement that policy.

Lab groups B and C may not have malicious users, but they do download,
compile, and run programs from collaborators, or from the Internet
at large.  So they may inadvertently install and run some malicious
code on that research cluster, and potentially expose Lab group A's
data even though B and C users wouldn't normally have permissions
to do so.

Do you analyze every bit of code that runs on your research cluster?
We don't have the resources to do so.


A possible related issue:  In addition to the kernel-vs-user address space
changes needed for Meltdown, there are also some code changes needed to
prevent the Spectre type of attacks.  Those changes (function call/return
conventions) need to happen in user-space code, but also in the kernel.
I imagine that Lustre code itself could need these mods too, in order
to be protected from attack code on client systems.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-o
f-Speculative-Execution-Side-Channels.pdf

I didn't find any items matching "meltdown" or "spectre" in the HPDD
Lustre JIRA just now, so perhaps work hasn't started on this yet.

Regards,

Marion



> Date: Fri, 5 Jan 2018 13:31:23 -0500
> From: Mark Hahn <hahn at mcmaster.ca>
> To: Lustre discussion <lustre-discuss at lists.lustre.org>
> Subject: Re: [lustre-discuss] Are there any performance hits with the
> 
> > Also to what extent would a Lustre system that is essentially a filer be at
> > risk? It's not running user code and you're not browsing from it...
> 
> to be vulnerable, attack code must run on the system.
> _______________________________________________
> lustre-discuss mailing list
> lustre-discuss at lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
>

More information about the lustre-discuss mailing list