AIX

AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

AIX 6.1, POWER5 and Spectre/Meltdown

👤 Login to reply

the_garbage the_garbage is offline
Registered User
 
Join Date: Jan 2018
Last Activity: 9 January 2018, 6:58 AM EST
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
AIX 6.1, POWER5 and Spectre/Meltdown

Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.

Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?

Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
Sponsored Links
agent.kgb agent.kgb is offline
Registered User
 
Join Date: Feb 2015
Last Activity: 9 July 2018, 11:01 AM EDT
Location: basement, Lubyanka, Moscow
Posts: 344
Thanks: 8
Thanked 99 Times in 88 Posts
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
Sponsored Links
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 3 July 2018, 11:43 PM EDT
Location: In the leftmost byte of /dev/kmem
Posts: 5,786
Thanks: 112
Thanked 1,698 Times in 1,248 Posts
Quote:
Originally Posted by the_garbage View Post
running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.

Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
MadeInGermany MadeInGermany is offline Forum Staff  
Moderator
 
Join Date: May 2012
Last Activity: 21 July 2018, 8:10 PM EDT
Location: Simplicity
Posts: 4,156
Thanks: 365
Thanked 1,419 Times in 1,275 Posts
Non Intel-x86 processors are quite safe.
1. The more reduced the instruction set (RISC) the shorter is the decoding pipeline, and it makes less (or no) sense to prefetch many instructions. That makes attacks much harder if not impossible.
2. An attack will likely aim at x86 CPUs, then comes ARM. And the most feared way is: via a Web browser. You certainly do not run a Web browser on AIX.

No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
Sponsored Links
richardsantink richardsantink is offline
Registered User
 
Join Date: Mar 2014
Last Activity: 19 July 2018, 8:07 PM EDT
Location: Ottawa, CANADA
Posts: 26
Thanks: 15
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by bakunin View Post

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
Sponsored Links
agent.kgb agent.kgb is offline
Registered User
 
Join Date: Feb 2015
Last Activity: 9 July 2018, 11:01 AM EDT
Location: basement, Lubyanka, Moscow
Posts: 344
Thanks: 8
Thanked 99 Times in 88 Posts
AIX patches, also for AIX 6.1 TL9

http://aix.software.ibm.com/aix/efix...n_advisory.asc
Sponsored Links
MichaelFelt MichaelFelt is offline
Registered User
 
Join Date: Nov 2012
Last Activity: 1 March 2018, 5:51 PM EST
Location: on the road for work; home is private time
Posts: 447
Thanks: 9
Thanked 105 Times in 99 Posts
Quote:
Originally Posted by richardsantink View Post
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.

The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.

Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.

Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.
Sponsored Links
👤 Login to reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Meltdown and Spectre CPU bugs Scrutinizer What is on Your Mind? 8 05-26-2018 05:26 AM
Power5 9111-520 reload of AIX 6.1 - help needed JamesNJ AIX 0 04-25-2016 03:43 PM
Problem with knlist in AIX 5.3 for Power5 processor rajesht AIX 0 04-25-2005 09:12 AM
hard disk meltdown Henrik Filesystems, Disks and Memory 3 11-05-2002 10:41 AM



All times are GMT -4. The time now is 12:49 AM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?