Pivotal Knowledge Base

Follow

Meltdown and Spectre Patch Impact on Greenplum and HAWQ Database

Environment

  • Pivotal Greenplum Database (GPDB)
  • HAWQ Database (HDB)

Introduction 

This document explains about Meltdown and Spectre vulnerabilities and performance impact of the patch on Greenplum and HAWQ database.

Description

What is Meltdown & Spectre?

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware issues allow programs to steal data which is currently processed on the computer. While these programs are typically not permitted to read data from the other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

Here is the link to know more about these vulnerabilities. A demo on what the attacks can do can be shown here

For additional context regarding the hardware issues, please read the following links :

              Meltdown                      Spectre
Architecture Intel Intel, AMD, ARM
Entry Must have code execution on the system Must have code execution on the system
Method Intel Privilege Execution + Speculative Execution Branch Prediction + Speculative Execution
Impact Read Kernel Memory from User Space Read contents of memory from other users's running program
Action Kernel Patching Kernel Patching (more nuanced)
Patch Name KPTI aka KAISER LLVM/retpoline
CVE CVE-2017-5754 CVE-2017-5753
    CVE-2017-5715

Impact of kernel patch fixes on Greenplum and Pivotal HDB?

The fixes to Linux kernels are expected to have a performance impact to Greenplum Databases. Testing various data set sizes with the TPC-DS benchmark, we see the following impacts:

1 GB dataset - 4-10% decrease in performance
1 TB dataset - 13-18% decrease in performance

These ranges are partly determined by the use of ORCA vs. Planner (Planner doing better for 1 GB, ORCA better for 1 TB) as well as the kind of workload which systems are subjected to. A customer may see a larger performance impact depending on their workload.

Because the vulnerabilities were announced early, some OS vendors are still working on the mitigation efforts required to address this flaw.

Pivotal continues to investigate the full extent of the impact that the fixes from vendors will have upon Greenplum and will issue further guidance when available.

Aditional Information

Please check the following Pivotal advisory for updates: https://pivotal.io/security/meltdown-and-spectre-attacks

Comments

Powered by Zendesk