The Impact of Spectre and Meltdown on IT Operations

Screen Shot 2018-01-19 at 3.03.59 PM


Undoubtedly, the news about the Intel and AMD microprocessor flaws – targeted by exploits known as Meltdown and Spectre – reached your desk over the last few weeks. It is important for these chipmakers to fix the issue, lest those holes provide the means for cybercriminal activity. Unfortunately, some fixes hamper CPU performance, affecting users from the personal to the corporate.

Let’s take a closer look at this important problem that software engineers and their management need to consider. Its impact on the performance of their applications – both deployed and currently in development – is notable.


The CPU Fixes for Meltdown and Spectre

A recent article in TechRepublic analyzed some approaches to fix the CPU architecture flaws used by Meltdown and Spectre. Unfortunately, while offering a measure of protection to computers powered by these Intel and AMD chips, the performance hits are significant. Software patches or not; ultimately, a new chip design is what’s needed for the future.

One patch leverages a technique known as Kernel Page Table Isolation (KPTI). TechRepublic’s James Sanders notes early reports stating a 30 percent performance degradation due to the patch. He feels this number is exaggerated compared to real world usage scenarios.

The KPTI approach essentially separates the chip’s page tables for user-space and kernel-space. Naturally, this comes with a subsequent performance cost. Sanders feels the use of process-context identifiers (PCIDs) helps to mitigate the issue. The problem involves the lack of support for PCIDs in the most recent versions of Linux.

He mentions a few recent benchmarks analyzing server performance on Linux boxes with KPTI enabled. Some of these tests involved running PostgreSQL processes, which should be relevant to many of our readers.


Fixes for Intel Chip Flaws impact PostgreSQL Performance

 Developer, Andres Freund, ran a few Postgres processes on servers using KPTI without PCID enabled. His full set of benchmarks are available here. Notably the results showed a performance hit of anywhere from 7-17 percent to 16-23 percent depending on the workload of the individual process.

Sanders feels changing to a Linux kernel with PCID support helps to mitigate the degradation in performance. Still, this causes extra work for network administrators ultimately due to a mistake in chip architecture from the two leading manufacturers in the industry. This reflects poorly on both companies in a Cloud-based era where so many businesses of all sizes depend on good performance.

Other high throughput databases, like the in-memory NoSQL data store, Redis, display similar performance issues due to the patches for Meltdown and Spectre. They also get a subsequent boost in horsepower by using the Linux kernel with PCIDs enabled.

According to the article, these benchmark results don’t necessarily apply in other computing scenarios. Blender, the 3D graphics tool, and the venerable web server Apache don’t receive a performance boost from PCID. The performance impact of the KPTI patch was also smaller.

Other companies, notably Google, are taking steps to protect CPUs from the Meltdown and Spectre exploits without performance issues. Google’s Reptoline especially shows promise, but requires a full recompilation of the OS and all applications. Ultimately, make sure to research these other options to ensure your servers stay protected while maintaining the highest performance possible.


Stay tuned to the Betica Blog for additional news and insights from the software development world. Thanks for reading!