Hi Nick, I'm actually wondering about exactly the same. Regarding OSDs, I agree, there is no reason to apply the security patch to the machines running the OSDs -if they are properly isolated in your setup-.
But I'm worried about the hypervisors, as I don't know how meltdown or Spectre patches -AFAIK, only Spectre patch needs to be applied to the host hypervisor, Meltdown patch only needs to be applied to guest- will affect librbd performance in the hypervisors. Does anybody have some information about how Meltdown or Spectre affect ceph OSDs and clients? Also, regarding Meltdown patch, seems to be a compilation option, meaning you could build a kernel without it easily. Thanks, Xavier. -----Mensaje original----- De: ceph-users [mailto:ceph-users-boun...@lists.ceph.com] En nombre de Nick Fisk Enviado el: jueves, 4 de enero de 2018 17:30 Para: 'ceph-users' <ceph-users@lists.ceph.com> Asunto: [ceph-users] Linux Meltdown (KPTI) fix and how it affects performance? Hi All, As the KPTI fix largely only affects the performance where there are a large number of syscalls made, which Ceph does a lot of, I was wondering if anybody has had a chance to perform any initial tests. I suspect small write latencies will the worse affected? Although I'm thinking the backend Ceph OSD's shouldn't really be at risk from these vulnerabilities, due to them not being direct user facing and could have this work around disabled? Nick _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
