If you didn't hear, a set of related vulnerabilities were recently discovered that impact virtually all processors sold over the last decade. You can find more technical detail about the meltdown/spectre vulnerabilities on InfoSec.SE.
As a MongoDB DBA, what do I need to understand about this?
What are the potential performance impacts? What are the proper patching guide lines? What are cloud providers doing in regards to this vulnerability?
Related Questions:
An official response from Mongo on 1/6/2018 (emphasis mine):
Recently disclosed research regarding security vulnerabilities in almost all modern processors such as Intel and AMD (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) has prompted public and private institutions, including cloud providers, to patch OS and hypervisor infrastructures. These patches disable performance optimizing features of CPUs, and it is expected that, regardless of OS or cloud provider, all workloads will see a performance impact. We are investigating the performance implications of these patches to MongoDB on both OS kernels as well as cloud hypervisors.
Hypervisor Patch Impact
As a result of the patches applied by AWS between January 3rd and January 5th, 2017, we have observed the following:
For high-load benchmarks (e.g. YCSB) we measured a 10-15% impact on throughput with some exceptional cases that are still being studied. We believe these results are consistent with other industry research. We will release additional results (including additional cloud providers) in the coming days.
Kernel Patch Impact
This is the impact that customers can expect to see when they apply the recommended patches to their cloud VMs or on-premises hardware:
At this time we have not seen a substantial signal (either better or worse) on major distributions such as Amazon Linux, Red Hat Enterprise Linux, and Ubuntu. Based on the industry research we expect that there will be some measurable performance impact (although yet to be quantified). We will have additional results made available in the coming days. If you have any questions or concerns, please file a ticket in the Support Portal.
You can read Intel’s white paper to learn more about these vulnerabilities.
Related Posts: