GMP computer system upgrades

Torbjörn Granlund tg at
Wed Feb 14 20:59:03 UTC 2018

I've upgraded Xen and the Gentoo base OS ("Dom0") of the Xen machines,
as well as all Gentoo and Debian guest systems.  In some cases, this
should protect the systemes against the recent major security flaws
(Spectres and Meltdown).

Where available, I've flashed BIOS too, which in some cases should
change branch prediction behaviour (to handle Spectre).

The colo system (servus/martin which one reaches first at login to shell
or gshell) is not yet upgraded as it is really complex to do that
remotely.  In addition to the other security flaws, it also has active
buggy Intel ME firmware for Intel's hidden-computer-in-the-CPU.

I haven't ran any timing tests after the upgrades (but timing tests are
these days run automatically and appended to the tuneup result files).
It is possible that these fixes cause significant GMP slowdown.  We need
to tune our files for bug fixed systems, so we need to adapt our tables
as per any new measurements.

The colo system runs a minimal set of guests now and will continue to do
so until I've patched the system to the latest level.

Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list