In an alert sent to partners last week, Red Hat, the leading distributor of open source server and cloud operating systems, warned of performance degradation across its environments resulting from patching the Meltdown and Spectre security vulnerabilities.
Red Hat said its major infrastructure products, including the industry's leading distributions of Linux and OpenStack, as well as the OpenShift container-based Platform-as-a-Service, are all affected by the potential exploits. The Raleigh, N.C.-headquartered open source software company said it has developed security updates across its portfolio to address the vulnerabilities, and is working with partners to help protect customers.
"The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems," said the statement sent to partners last Thursday, which did not name the vulnerabilities.
Red Hat confirmed, "all currently supported versions of Red Hat Enterprise Linux, Red Hat OpenShift, Red Hat Virtualization and Red Hat OpenStack Platform are affected."
The company encouraged customers to apply the updates as soon as they're available.
"We are working tirelessly with our partners to make these updates available, along with the information our customers need to quickly secure their physical systems, virtual images, and container-based deployments," the statement said.
While those fixes are likely to slow systems running them, Red Hat suggested there's potential through further research and development to minimize the degree of degradation.
"We are actively working with our technology partners to reduce or eliminate these performance impacts as quickly as possible," the software developer told its channel partners.
Red Hat's statement noted the performance impact of the patches will depend on the hardware utilized by customers and applications they're running.
Bradley Brodkin, CEO of HighVail Systems, a Toronto-based Red Hat partner, told CRN that it's still too early to predict if the patches will affect bare metal, virtualized or containerized environments differently.
Solution providers are expecting some systems to be degraded by up to 30 percent, Brodkin said, but the dynamics of the software and firmware patches are extremely complicated, and actual benchmarks have yet to be validated.
As technology vendors look to gain a better understanding of the toll from preventing side-channel attacks on microprocessors, partners have work to do, Brodkin said.
"It’s important, now more than ever given these vulnerabilities, for customers to stay current with patching and updates," Brodkin said. "As a partner, we’re on top of it and are working with our clients to assist them in any way we can."
Leading infrastructure and cloud services vendors are currently benchmarking processes to quantify the actual performance degradation customer workloads will suffer from implementing patches.
Partners told CRN that while much remains to be learned on that front, it's clear that processes heavy on system calls directly to the kernel of the operating system are going to take the biggest hits.