In light of the recent disclosure of the “Spectre” and “Meltdown” attacks (also known as CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754), StorPool is performing tests of its product on the patched versions of the Linux kernel, to assess if there is performance degradation related to the fixes, and its magnitude.
A useful paper with full information for the Meltdown attacks can be found here.
Full information for the Spectre attacks you can read here.
Currently there are known ways for the exploits to work from userspace against the kernel, for VMs in Xen to work against the hypervisor, and some ways to use in-kernel functionality (like eBPF) against the kernel itself. KVM virtualization seems to be vulnerable to at least some of the attacks. This may escalate in severity as more resources are thrown in the exploring the problems, and as new discoveries are still coming in.
We don’t know how much KPTI, the mitigation for Meltdown, would affect specific applications and platforms. There is still uncertainty about what effect will mitigations have on KVM performance in all of its aspects. It would be highly dependent on the workload and would hopefully improve as the changes mature.
We have already verified that the StorPool storage system, unchanged, is compatible with the changes in mainline Linux kernel 4.15 and 4.14 and the releases from RedHat and the CentOS project. We can confirm that StorPool seems to work as fast on the KPTI-enabled kernels as it does on the pre-KPTI kernels. It is still early to tell – there are many more combinations to verify, and we hope to have more details soon.