Meltdown and Spectre - a Wake-up call for HPC
Do you want High Performance, or maximum security? Make your mind up, because you can't have both!
It is a simple fact of engineering design, that there is a trade-off between performance and dependability. To get better than standard performance, we need to sacrifice security features that would otherwise get in the way. For example, if we turned on SELinux and disk encryption on an HPC system, it would no longer be High Performance because of the overheads. Remember, High Performance Computing is a relative term, e.g. relative to the norm which could arguably be regarded as enterprise servers, or desktops/laptops.
Speculative execution appears to be one of those shortcuts to get more performance, but potentially at the expense of security. The OS kernel patches required to mitigate against the Meltdown and Spectre vulnerabilities will force a lot more traffic through the kernel, introducing overheads that will probably (?) impact performance for many applications. So, just because a general-purpose processor is capable of doing many different things, does not mean that we should expect them to be all things at the same time.
While the CPU vendors should have a responsibility for warning users of the trade-offs, and maybe this is where they have been incidentally negligent, we who design and build systems cannot absolve ourselves from the responsibility of making sure we understand what we create.
It is time for a pause, to take in the lesson here and make some tough decisions about where we want performance vs where we need security, and those who are developing HPC-as-a-cloud service will need to look closely at how they will present their "High Performance" offerings on shared platforms.