Is AIX/Power safe from Spectre / Meltdown?
Clash Royale CLAN TAG#URR8PPP
up vote
8
down vote
favorite
Since Intel, AMD and ARM is affected by the Spectre and Meltdown cpu kernel memory leak bugs/flaws, could we say that Power architecture is safe from these?
kernel aix cpu powerpc vulnerability
edited Jan 23 at 12:26
Gilles
506k11910021529
asked Jan 5 at 20:46
Hessnov
31314
add a comment |Â
up vote
8
down vote
favorite
Since Intel, AMD and ARM is affected by the Spectre and Meltdown cpu kernel memory leak bugs/flaws, could we say that Power architecture is safe from these?
kernel aix cpu powerpc vulnerability
edited Jan 23 at 12:26
Gilles
506k11910021529
asked Jan 5 at 20:46
Hessnov
31314
add a comment |Â
up vote
8
down vote
favorite
up vote
8
down vote
favorite
Since Intel, AMD and ARM is affected by the Spectre and Meltdown cpu kernel memory leak bugs/flaws, could we say that Power architecture is safe from these?
kernel aix cpu powerpc vulnerability
edited Jan 23 at 12:26
Gilles
506k11910021529
asked Jan 5 at 20:46
Hessnov
31314
Since Intel, AMD and ARM is affected by the Spectre and Meltdown cpu kernel memory leak bugs/flaws, could we say that Power architecture is safe from these?
kernel aix cpu powerpc vulnerability
edited Jan 23 at 12:26
Gilles
506k11910021529
asked Jan 5 at 20:46
Hessnov
31314
edited Jan 23 at 12:26
Gilles
506k11910021529
edited Jan 23 at 12:26
Gilles
506k11910021529
edited Jan 23 at 12:26
Gilles
506k11910021529
506k11910021529
asked Jan 5 at 20:46
Hessnov
31314
asked Jan 5 at 20:46
Hessnov
31314
asked Jan 5 at 20:46
Hessnov
31314
31314
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
10
down vote
accepted
No, you could not say it's safe.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.
[...]
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
[...]
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.
Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
answered Jan 5 at 20:58
steve
12.5k22048
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
add a comment |Â
up vote
3
down vote
Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).
Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.
The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.
Please note that the views expressed in this post are my own, and are not those of any other person or organization.
answered Jan 23 at 8:46
Peter Gathercole
391
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
10
down vote
accepted
No, you could not say it's safe.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.
[...]
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
[...]
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.
Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
answered Jan 5 at 20:58
steve
12.5k22048
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
add a comment |Â
up vote
10
down vote
accepted
No, you could not say it's safe.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.
[...]
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
[...]
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.
Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
answered Jan 5 at 20:58
steve
12.5k22048
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
add a comment |Â
up vote
10
down vote
accepted
up vote
10
down vote
accepted
No, you could not say it's safe.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.
[...]
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
[...]
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.
Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
answered Jan 5 at 20:58
steve
12.5k22048
No, you could not say it's safe.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.
[...]
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
[...]
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.
Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
answered Jan 5 at 20:58
steve
12.5k22048
edited May 20 at 17:27
answered Jan 5 at 20:58
steve
12.5k22048
answered Jan 5 at 20:58
steve
12.5k22048
answered Jan 5 at 20:58
steve
12.5k22048
12.5k22048
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
add a comment |Â
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
wow, everything affected? :D
– Hessnov
Jan 6 at 5:28
2
2
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
Just about every chip with out of order execution is affected.
– WorBlux
Jan 7 at 1:21
add a comment |Â
up vote
3
down vote
Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).
Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.
The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.
Please note that the views expressed in this post are my own, and are not those of any other person or organization.
answered Jan 23 at 8:46
Peter Gathercole
391
add a comment |Â
up vote
3
down vote
Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).
Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.
The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.
Please note that the views expressed in this post are my own, and are not those of any other person or organization.
answered Jan 23 at 8:46
Peter Gathercole
391
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).
Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.
The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.
Please note that the views expressed in this post are my own, and are not those of any other person or organization.
answered Jan 23 at 8:46
Peter Gathercole
391
Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).
Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.
The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.
Please note that the views expressed in this post are my own, and are not those of any other person or organization.
answered Jan 23 at 8:46
Peter Gathercole
391
answered Jan 23 at 8:46
Peter Gathercole
391
answered Jan 23 at 8:46
Peter Gathercole
391
answered Jan 23 at 8:46
Peter Gathercole
391
391
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415078%2fis-aix-power-safe-from-spectre-meltdown%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
