Meltdown and Spectre Vulnerabilities

dleinich
Crownpeak Employee
Crownpeak Employee
0 0 148

A new class of vulnerabilities have been found and disclosed which are commonly referred to as Meltdown and Spectre. These vulnerabilities affect most computer processors available today and allow malicious software to potentially access data it should not be allowed to access. Operating system vendors are starting to roll out (kernel) patches to address these vulnerabilities. These patches affect the performance of the processors and thus also the performance of software running on them. FirstSpirit may also be affected by these patches and we want to give you an overview of what is already known in this post.

It is generally not possible to predict the exact effect of the mentioned (kernel) patches as it depends on too many factors. For example the kind of processors / CPUs you are using, the operating system you are running and how the patch was done exactly for this operating system, whether or not you are operating a virtualized environment, the project specific details of your FirstSpirit environment and more. The following hints may help addressing problems if they arise in your specific setup and we will try updating this post as we learn more. It is also possible that you will not run into any problems with the (kernel) patches at all.

FirstSpirit StartUp

The performance impact of the (kernel) patches may result in longer startup times when starting the FirstSpirit server. In some cases starting the server takes long enough to run into a timeout so that it is not possible to start FirstSpirit successfully. If this is the case you can increase the timeout defined in the fs-wrapper.conf, giving the FirstSpirit server more time to start and thus avoid the problem. The parameter to tweak is wrapper.startup.timeout and you can learn more about it in the Documentation for Administrators.

FirstSpirit Operations

The Meltdown and Spectre patches may also affect the performance of a running FirstSpirit server but we do not know to what extend yet. Again, the factors mentioned above play an important role in the impact of the patch and we are currently investigating different scenarios. We will update this post as soon as we learn more.

If you experience any problems after a (kernel) patch, please let us know in the comments below or by raising a ticket with the Technical Support team. Sharing your experience will help other customers and may allow us to enhance FirstSpirit in general. If we identify optimizations to the software we try implementing and delivering them even if the vulnerabilities discovered are not directly related to FirstSpirit.

Feel free to contact our Technical Support team with any questions you have in this matter and we will help you to the best of our knowledge.