Data centre storage performance hurt by Meltdown-Spectre patches

Intel has conceded that some data centre systems could show significantly degraded storage performance once security patches for the Meltdown and Spectre chip flaws are applied.

Tests were conducted by the company on Intel's Skylake two-socket Xeon processor systems, its latest server microarchitecture.

Benchmarks measuring integer and floating point throughput, as well as LINpack runs and STREAM memory performance tests and server-side Java, showed negligible difference between patched and unpatched systems, Intel noted. The difference was between zero and two percent.

The story was different with I/O loads, however.

With the FlexibleIO benchmarks, stressing the CPU fully during writes saw an 18 percent decrease in performance, because there was no headroom for processor utilisation, Intel said.

With low processor stress, there was no performance impact with patched systems, but CPU utilisation increased compared to unpatched servers.

Testing with storage performance development kit (SPDK) tools revealed a 25 percent performance hit when using the internet protocol-based iSCSI benchmark, using a single processor core.

"Generally speaking, the workloads that incorporate a larger number of user/kernel privilege changes and spend a significant amount of time in privileged mode will be more adversely impacted," Intel's data centre group head Navin Shenoy said.

Intel said it is working with customers to address use cases that result in significant performance losses after the Meltdown and Spectre patches are applied.

The company is also looking at incorporating Google's Retpoline (return trampoline) software solution to mitigate the performance impact of the security patches.

Updating processor firmware to address the Meltdown and Spectre vulnerabilities has been problematic for Intel.

Users have found their computers less stable, and in some cases, experienced bricked systems after the patches have been applied.

Shenoy acknowledged the issues: "We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do.

"While the firmware updates are effective at mitigating exposure to the security issues, customers have reported more frequent reboots on firmware-updated systems."