Hi Bernd and Christian,
I agree with Christian here regarding the fact that PTI does not need to be enabled on typical servers, where normal users are not allowed to run applications (at least until someone discovers a ssh security problem ;-) ).
Does anyone have numbers? With or without rdma and infiniband usage?
I don't have numbers, but unfortunately the "bad news" is that RDMA userspace applications also use syscalls to access "/dev/infiniband", so this will also impact e.g. MPI applications on the compute nodes. However, the good news is that this does not apply to the beegfs-client accessing the InfiniBand (or other network) interface, as this happens inside the kernel without syscalls. But like you already noticed, accessing the beegfs-client (or any other file system) with a stat() operation for "du" or similar is of course a syscall that will now has significantly more overhead.
I would also like to hear more details or examples with numbers,
if someone happens to have them. On the other hand, like already
said, it doesn't seem like there is much of a choice on the
compute node side, unfortunately.
Best regards
Sven
both bugs would allow local users to access memory which they are not allowed to access. But as it good practice, users should not be able to log in to the meta and storage servers, because they could slow down the performance of the whole file system, by running jobs on these servers. So personally I would not install the patches on the storage servers, if one could assure that no one could access these servers.You are right, but all future kernels will contain these patches. The one for the page table isolation can be disabled with the "nopti" or "pti=off" kernel parameter (the other with "nospec" for SLES kernels). We should know if this is needed. Bernd
|
|||||||||||||||
|
Guido
--
You received this message because you are subscribed to the Google Groups "beegfs-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fhgfs-user+unsubscribe@googlegroups.com.
Dr. Nathan Crawford nathan....@uci.edu Modeling Facility Director Department of Chemistry 1102 Natural Sciences II Office: 2101 Natural Sciences II University of California, Irvine Phone: 949-824-4508 Irvine, CA 92697-2025, USA