AIX 6.1, POWER5 and Spectre/Meltdown


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
AIX 6.1, POWER5 and Spectre/Meltdown

Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.

Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?

Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
# 2  
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
# 3  
Quote:
Originally Posted by the_garbage
running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.

Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
# 4  
Non Intel-x86 processors are quite safe.
1. The more reduced the instruction set (RISC) the shorter is the decoding pipeline, and it makes less (or no) sense to prefetch many instructions. That makes attacks much harder if not impossible.
2. An attack will likely aim at x86 CPUs, then comes ARM. And the most feared way is: via a Web browser. You certainly do not run a Web browser on AIX.

No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
# 5  
Quote:
Originally Posted by bakunin

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
# 7  
Quote:
Originally Posted by richardsantink
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.

The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.

Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.

Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Meltdown and Spectre CPU bugs
Scrutinizer
This seems a bit serious: Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs The Register Vulnerability Note VU#584653 - CPU hardware vulnerable to side-channel attacks Project Zero: Reading privileged memory with a side-channel... What is on Your Mind?
8
What is on Your Mind?
Linus Torvalds reply about Meltdown and Spectre.
wisecracker
Apologies if this is the wrong forum but... ...This is hard hitting stuff. LKML: Linus Torvalds: Re: x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation... War Stories
5
War Stories
Power5 9111-520 reload of AIX 6.1 - help needed
JamesNJ
Hello all, I am hoping someone can point me in the right direction here. We had a machine running AIX 6.1 that someone completely corrupted, so we decided to re-load it from media. I was able to boot into DVD media, select options for complete (destructive) install, AIX standard, etc. The...... AIX
0
AIX
Problem with knlist in AIX 5.3 for Power5 processor
rajesht
Hi all, I have a AIX 5.3 Installation on the Power5 processor. I am using the knlist API for getting the details of the CPU details like user cpu, kernel cpu, idle cpu and wait cpu. My code is working fine on other Installations of AIX like PowerPC_POWER4 but it is giving wrong values on Power5...... AIX
0
AIX
hard disk meltdown
Henrik
I had an issue with a second hard disk in my machine. I have a sparc station running solaris 7. It was working fine but now it wont mount on boot up and when you try to mount it manually it gives an I/O error. I tried a different disk as a control which was fine. What I want to know is if my...... Filesystems, Disks and Memory
3
Filesystems, Disks and Memory