Unix/Linux Go Back    


AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

AIX 6.1, POWER5 and Spectre/Meltdown

AIX


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 01-09-2018   -   Original Discussion by the_garbage
the_garbage's Unix or Linux Image
the_garbage the_garbage is offline
Registered User
 
Join Date: Jan 2018
Last Activity: 9 January 2018, 6:58 AM EST
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
AIX 6.1, POWER5 and Spectre/Meltdown

Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.

Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?

Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
Sponsored Links
    #2  
Old Unix and Linux 01-09-2018   -   Original Discussion by the_garbage
agent.kgb's Unix or Linux Image
agent.kgb agent.kgb is offline
Registered User
 
Join Date: Feb 2015
Last Activity: 22 February 2018, 4:27 PM EST
Location: basement, Lubyanka, Moscow
Posts: 342
Thanks: 8
Thanked 98 Times in 87 Posts
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
Sponsored Links
    #3  
Old Unix and Linux 01-10-2018   -   Original Discussion by the_garbage
bakunin's Unix or Linux Image
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 24 February 2018, 9:10 AM EST
Location: In the leftmost byte of /dev/kmem
Posts: 5,702
Thanks: 112
Thanked 1,642 Times in 1,207 Posts
Quote:
Originally Posted by the_garbage View Post
running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.

Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
    #4  
Old Unix and Linux 01-10-2018   -   Original Discussion by the_garbage
MadeInGermany's Unix or Linux Image
MadeInGermany MadeInGermany is offline Forum Staff  
Moderator
 
Join Date: May 2012
Last Activity: 24 February 2018, 7:39 AM EST
Location: Simplicity
Posts: 3,985
Thanks: 342
Thanked 1,338 Times in 1,207 Posts
Non Intel-x86 processors are quite safe.
1. The more reduced the instruction set (RISC) the shorter is the decoding pipeline, and it makes less (or no) sense to prefetch many instructions. That makes attacks much harder if not impossible.
2. An attack will likely aim at x86 CPUs, then comes ARM. And the most feared way is: via a Web browser. You certainly do not run a Web browser on AIX.

No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
Sponsored Links
    #5  
Old Unix and Linux 01-11-2018   -   Original Discussion by the_garbage
richardsantink's Unix or Linux Image
richardsantink richardsantink is offline
Registered User
 
Join Date: Mar 2014
Last Activity: 14 February 2018, 4:02 PM EST
Location: Ottawa, CANADA
Posts: 23
Thanks: 12
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by bakunin View Post

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
Sponsored Links
    #6  
Old Unix and Linux 3 Weeks Ago   -   Original Discussion by the_garbage
agent.kgb's Unix or Linux Image
agent.kgb agent.kgb is offline
Registered User
 
Join Date: Feb 2015
Last Activity: 22 February 2018, 4:27 PM EST
Location: basement, Lubyanka, Moscow
Posts: 342
Thanks: 8
Thanked 98 Times in 87 Posts
AIX patches, also for AIX 6.1 TL9

http://aix.software.ibm.com/aix/efix...n_advisory.asc
Sponsored Links
    #7  
Old Unix and Linux 3 Weeks Ago   -   Original Discussion by the_garbage
MichaelFelt's Unix or Linux Image
MichaelFelt MichaelFelt is offline
Registered User
 
Join Date: Nov 2012
Last Activity: 6 February 2018, 11:36 AM EST
Location: on the road for work; home is private time
Posts: 446
Thanks: 9
Thanked 104 Times in 98 Posts
Quote:
Originally Posted by richardsantink View Post
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.

The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.

Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.

Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Meltdown and Spectre CPU bugs Scrutinizer What is on Your Mind? 6 01-18-2018 03:27 PM
Power5 9111-520 reload of AIX 6.1 - help needed JamesNJ AIX 0 04-25-2016 04:43 PM
Problem with knlist in AIX 5.3 for Power5 processor rajesht AIX 0 04-25-2005 10:12 AM
hard disk meltdown Henrik Filesystems, Disks and Memory 3 11-05-2002 11:41 AM



All times are GMT -4. The time now is 02:14 PM.