As the title suggests, has anyone got any real information on the impact of applying the patches for Meltdown and Spectre?
I've got a client running 10.2B08 on a virtual environment where the host has 2 x Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz processors. They are trying to balance up the performance impact vs the risk of not patching and I'm trying to put together a response for them. Any real world data would be invaluable!
Thanks.
I think it's just too early to tell for most people.
Intel positioned the impact as "workload dependent" and "probably negligible for most users".
I read somewhere yesterday that Google deployed patches on many servers and found the impact to be indeed generally negligible.
I don't have any more specific data.
Due to the nature of the flaw and the changes required, I believe if you have some spare CPU capacity you might not perceive much of a difference. Of course I might be totally wrong :).
The flaws themselves seem to be very hard to exploit so you might be OK postponing the patches for the time being. But it seems to me cybercrimals are never behind in the race so I would definitely plan for patching, and soon.
I haven't seen the results here (the team patched only the OS, not the hardware BIOS yet), so I can't tell anything regarding OE. But Phoronix published[1] a nice post with their tests with several things, including PostgreSQL and Redis, and they were significantly slower. In the PostgreSQL mailing list, there was a post[2] with some tests also.
[2] www.postgresql.org/.../20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de
The coverage I've read so far indicates that impact varies by workload, but databases are sometimes called out in particular as being more impacted, as Felipe notes.
My opinion is that you should patch. You can always buy more hardware. In a virtual environment, if the impact is x% you can add x% more vCPUs fairly easily. I know that isn't a perfect solution; if you have batch reporting clients, if they run on a slower CPU then they won't perform as well as they did before, no matter how many other CPUs you have. Same goes for single-threaded database processes like 4GL servers. If the performance hit is significant, you might need to migrate to a beefier host to completely offset it.
Another way to look at it: if your business grows, you will eventually outgrow the hardware you're on anyway. Applying these patches might just bring that day a bit closer. But not patching means you're rolling the dice.