The Meltdown Prevention Program helps IT organizations restore both security and performance.
For IT organizations evaluating the impact of Meltdown patches and the benefit of kernel bypass technology, the Solarflare Meltdown Prevention Program is designed to make the evaluation simple and cost effective. Through the Meltdown Prevention Program, Solarflare is providing free XtremeScale 8522 NICs for evaluation, free ScaleOut Onload software for evaluation and free patch test support. IT organizations can then purchase XtremeScale 8522 NICs with ScaleOut Onload for only $199.
To get free evaluation products or test support, or if you have questions about Meltdown solutions, contact [email protected].
Problem #1: Server Processors are Vulnerable to Meltdown Attacks
When executing user-space applications, Linux keeps its entire kernel memory mapped in page tables protected from access. The advantage is that when the application makes a system call into the kernel or an interrupt is received, kernel page tables are always present, so most context switching-related overhead such as TLB flush, and page-table swapping can be avoided. Recently it was found that both contents of memory mappings and kernel memory could be leaked with Intel x86 and Arm CPUs under a Meltdown attack. A major hit on server security.
Problem #2: Linux Patches for Meltdown Impact Performance
Kernel page-table isolation is a Linux kernel feature that mitigates the Meltdown security vulnerability by isolating user space and kernel space memory. However, it was reported by The Register the hit on performance ranged from 5% to 30% depending on the workload.
The Solution: Solarflare XtremeScale NICs + Onload Kernel Bypass Software
Solarflare Onload and ScaleOut kernel bypass software together with Solarflare XtremeScale adapters reduces kernel calls. Testing showed the impact of a patch deployed with Onload kernel bypass was less than 2%. IT pros can now deploy Meltdown patches and restore both the security and performance for their servers.