AIX 6.1, POWER5 and Spectre/Meltdown

Tags
aix

 
Thread Tools Search this Thread
# 1  
Old 01-09-2018
AIX 6.1, POWER5 and Spectre/Meltdown

Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.

Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?

Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
# 2  
Old 01-09-2018
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
# 3  
Old 01-10-2018
Quote:
Originally Posted by the_garbage
running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.

Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
# 4  
Old 01-10-2018
Non Intel-x86 processors are quite safe.
1. The more reduced the instruction set (RISC) the shorter is the decoding pipeline, and it makes less (or no) sense to prefetch many instructions. That makes attacks much harder if not impossible.
2. An attack will likely aim at x86 CPUs, then comes ARM. And the most feared way is: via a Web browser. You certainly do not run a Web browser on AIX.

No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
# 5  
Old 01-11-2018
Quote:
Originally Posted by bakunin

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
# 6  
Old 01-27-2018
AIX patches, also for AIX 6.1 TL9

http://aix.software.ibm.com/aix/efix...n_advisory.asc
# 7  
Old 01-27-2018
Quote:
Originally Posted by richardsantink
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.

The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.

Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.

Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Meltdown and Spectre CPU bugs Scrutinizer What is on Your Mind? 8 05-26-2018 06:26 AM
Linus Torvalds reply about Meltdown and Spectre. wisecracker War Stories 5 02-01-2018 05:07 PM
Power5 9111-520 reload of AIX 6.1 - help needed JamesNJ AIX 0 04-25-2016 04:43 PM
Power5 9133-55A Serial Console connection issue Devyn AIX 6 02-14-2016 01:21 PM
POWER5+ 2.1Gz cpu wattage ? vilius AIX 1 05-13-2012 06:30 PM
running LPAR on power5 p520 hardware ppchu99 AIX 7 03-11-2012 01:54 PM
Upgrading Power5 from 5.3 to... redi AIX 6 01-21-2012 06:55 AM
IBM pSeries Power5 9111-285 1,9 GHz phobus AIX 4 03-30-2010 11:07 AM
Turn off System attention light on POWER5 model p5 55A ? vilius AIX 2 12-10-2008 07:03 AM
Problem with knlist in AIX 5.3 for Power5 processor rajesht AIX 0 04-25-2005 10:12 AM
hard disk meltdown Henrik Filesystems, Disks and Memory 3 11-05-2002 11:41 AM