(3.9.1 - latest) Speculative Return Stack Overflow (SRSO) mitigations introducing potential performance impact on some AMD processors

[hanwen-pcluste]

Issue description

AWS ParallelCluster 3.9.1 and newer (except on CentOS 7) include Linux kernel versions which contain mitigations for CVE-2023-20569. The Speculative Return Stack Overflow (SRSO) mitigations are enabled by default but may have a performance impact for very specific workloads on machines with impacted AMD processors. It is possible to disable these security mitigations to avoid a possible performance impact, however users should carefully consider the security implications. To disable specify spec_rstack_overflow=off as a kernel boot parameter. For further details see https://docs.kernel.org/admin-guide/hw-vuln/srso.html

Affected versions (OSes, schedulers)

All ParallelCluster versions on affected AMD instances where the Linux kernel is v6.1.82+, v5.15.152+ or v5.10.213+ are affected.
So, all the ParallelCluster official AMIs (except for CentOS 7) starting from v3.9.1 suffer of potential performance impact on AMD instances. Moreover, any custom AMIs with Linux kernels with the security mitigations mentioned above are affected.

Mitigation

You can find a detailed explanation and the mitigation of the problem (3.9.1 ‐ latest) Speculative Return Stack Overflow (SRSO) mitigations introducing potential performance impact on some AMD processors.

For further details see https://docs.kernel.org/admin-guide/hw-vuln/srso.html.