On 3rd January, Google Project Zero Team disclosed about the two hardware vulnerabilities: Meltdown and Spectre. Whereas Meltdown is specific to Intel processors, Spectre affects almost all modern processors.
As soon as they were disclosed, all of the cloud providers started working on patching the hypervisors with the fix. In this post, we will talk about how AWS handled the same.
AWS Instances are broadly classified into two categories: PVM and HVM. While HVM hypervisors were patched online without affecting any of the running instances, AWS notified the customers to reboot their PVM instances before 6th January.
We noticed increased CPU utilisation for almost all of our instance groups significantly.
{1} By 4th January, AWS patched the hypervisor with Kernel Page Table Isolation (KPTI) which caused > 100% increase in the CPU utilisation. Some of the cassandra consultant and managed hosting companies have noticed the same. Performance impact of KPTI mitigation depends purely on the system calls made by the application. So, the performance impact may vary accordingly.
{2} On 12th January, AWS rolled out something which reduced the performance impact back to the pre-meltdown patch level. Although, AWS hasn’t disclosed anything about the same yet.
We noticed something similar in RDS instance too.
AWS patch protects from any instance-to-instance concerns (one instance can read the memory of another) and instance-to-hypervisor concerns (instance can read hypervisor memory). AWS still recommend all customers to upgrade their instance kernel to mitigate any process-to-process concerns.
Top comments (0)