As a MongoDB DBA, what do I need to know about the meltdown/spectre vulnerabilities?

Question

This question's answers are a community effort. Edit existing answers to improve this post. It is not currently accepting new answers or interactions.

If you didn't hear, a set of related vulnerabilities were recently discovered that impact virtually all processors sold over the last decade. You can find more technical detail about the meltdown/spectre vulnerabilities on InfoSec.SE.

As a MongoDB DBA, what do I need to understand about this?

What are the potential performance impacts? What are the proper patching guide lines? What are cloud providers doing in regards to this vulnerability?

Related Questions:

• As a MS SQL DBA, what do I need to know about the meltdown/spectre vulnerabilities?

Answer 1

An official response from Mongo on 1/6/2018 (emphasis mine):

Recently disclosed research regarding security vulnerabilities in almost all modern processors such as Intel and AMD (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) has prompted public and private institutions, including cloud providers, to patch OS and hypervisor infrastructures. These patches disable performance optimizing features of CPUs, and it is expected that, regardless of OS or cloud provider, all workloads will see a performance impact. We are investigating the performance implications of these patches to MongoDB on both OS kernels as well as cloud hypervisors.

Hypervisor Patch Impact

As a result of the patches applied by AWS between January 3rd and January 5th, 2017, we have observed the following:

For high-load benchmarks (e.g. YCSB) we measured a 10-15% impact on throughput with some exceptional cases that are still being studied. We believe these results are consistent with other industry research. We will release additional results (including additional cloud providers) in the coming days.

Kernel Patch Impact

This is the impact that customers can expect to see when they apply the recommended patches to their cloud VMs or on-premises hardware:

At this time we have not seen a substantial signal (either better or worse) on major distributions such as Amazon Linux, Red Hat Enterprise Linux, and Ubuntu. Based on the industry research we expect that there will be some measurable performance impact (although yet to be quantified). We will have additional results made available in the coming days. If you have any questions or concerns, please file a ticket in the Support Portal.

You can read Intel’s white paper to learn more about these vulnerabilities.

---

Related Posts:

• Glenn Berry: Checking your Meltdown and Spectre Mitigation Status in Windows