AIX 6.1, POWER5 and Spectre/Meltdown


 
Thread Tools Search this Thread
Operating Systems AIX AIX 6.1, POWER5 and Spectre/Meltdown
# 1  
Old 01-09-2018
AIX 6.1, POWER5 and Spectre/Meltdown

Apologies for this newbie question. We have inherited an IBM p5 520 (9111-520) running AIX 6.1.0.0 which seems to be the base install and no further patches installed.

Is this vulnerable to the Spectre/Meltdown threat?
Are patches available?

Looks like AIX 6.1.0.0 went 'end of support' in April last year so are there even patches available for this new threat and can I get them for free or does the system need subscribing to IBM at a cost?
# 2  
Old 01-09-2018
All IBM POWER CPUs, except POWER6, are out-of-order execution CPUs and afaiu may be vulnerable to the attacks. IBM speaks only about patches for POWER7+, POWER8 and POWER9, which should be available today. Patches for AIX 7.1/7.2 will be available in February (if you don't work for DoD).
# 3  
Old 01-10-2018
Quote:
Originally Posted by the_garbage
running AIX 6.1.0.0 which seems to be the base install and no further patches installed.
With a version that old you perhaps have bigger security issues than Spectre/Meltdown attacks. 6.1 went out of support, as you stated, last April, but what went out of support were already patched with several TLs (technical levels) and SPs (service packs). Your system is about 6-7 years old, software-wise. AIX software doesn't have the turnover rate of Linux, were yesterdays patches are considered outdated by noon today, but even for AIX this is very very old.

Regarding the licensing and entitlement for updates: usually you buy a system with a support contract. The support contract entitles you to the free download of AIX versions/fixes/patches as they come out.You need to have a look about which licenses were bought for the system.

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
# 4  
Old 01-10-2018
Non Intel-x86 processors are quite safe.
1. The more reduced the instruction set (RISC) the shorter is the decoding pipeline, and it makes less (or no) sense to prefetch many instructions. That makes attacks much harder if not impossible.
2. An attack will likely aim at x86 CPUs, then comes ARM. And the most feared way is: via a Web browser. You certainly do not run a Web browser on AIX.

No panic.
"old = unsafe" is a myth of the computer industry (guess why).
While "cheap and old = unsafe" is sometimes true (Linux, Windows).
I would not even upgrade AIX, just install the latest patches for the current AIX.
# 5  
Old 01-11-2018
Quote:
Originally Posted by bakunin

I am not sure if AIX 7.2 (which is the latest) will even run on a P5 but AIX 7.1 should work.

I hope this helps.

bakunin
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
# 6  
Old 01-27-2018
AIX patches, also for AIX 6.1 TL9

http://aix.software.ibm.com/aix/efix...n_advisory.asc
# 7  
Old 01-27-2018
Quote:
Originally Posted by richardsantink
AIX 7.2 will only install on Power7 and newer.

Meltdown and Spectre affect all Power systems:
IBM Systems Magazine - Security Vulnerability Impacts POWER Processors
While I am not an expert in this area - I do recall POWER6 does not do branch prediction. It is blazes ahead - and if the instruction path is wrong - then the pre-fetch is just thrown away.

The idea was that the tremendous jump in clock-speed was enough that the 'occasional' missed prediction was worth it. In other words - processor heat was from raw speed, rather than from parallel calculations computing branch prediction.

Again, not an expert - whether these vulnerabilities stem from any pre-fetch, or only from "predicted branch pre-fetch" - I don't know.

Yes, it's out there - and I am actually a bit more curious to hear about the 'monitors' or signature-scanners that get built to spot anything attempting to exploit it.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. What is on Your Mind?

Meltdown and Spectre CPU bugs

This seems a bit serious: Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs • The Register Vulnerability Note VU#584653 - CPU hardware vulnerable to side-channel attacks Project Zero: Reading privileged memory with a side-channel (8 Replies)
Discussion started by: Scrutinizer
8 Replies

2. War Stories

Linus Torvalds reply about Meltdown and Spectre.

Apologies if this is the wrong forum but... ...This is hard hitting stuff. LKML: Linus Torvalds: Re: x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation (5 Replies)
Discussion started by: wisecracker
5 Replies

3. AIX

Power5 9111-520 reload of AIX 6.1 - help needed

Hello all, I am hoping someone can point me in the right direction here. We had a machine running AIX 6.1 that someone completely corrupted, so we decided to re-load it from media. I was able to boot into DVD media, select options for complete (destructive) install, AIX standard, etc. The... (0 Replies)
Discussion started by: JamesNJ
0 Replies

4. AIX

POWER5+ 2.1Gz cpu wattage ?

Hello, What is wattage of POWER5+ 2.1Gz CPU ? It's dual-core 90nm chip. At least approximately ? thanks, Vilius (1 Reply)
Discussion started by: vilius
1 Replies

5. AIX

Upgrading Power5 from 5.3 to...

I have a power5 that I would like to update and bring everything forward. I am wondering about trouble-free upgrades. Is it better to go 5.3 -> 7 or 5.3 ->6 ->7? The power5 box is behind and hopefully can learn from experiences here. Thanks. (6 Replies)
Discussion started by: redi
6 Replies

6. AIX

Problem with knlist in AIX 5.3 for Power5 processor

Hi all, I have a AIX 5.3 Installation on the Power5 processor. I am using the knlist API for getting the details of the CPU details like user cpu, kernel cpu, idle cpu and wait cpu. My code is working fine on other Installations of AIX like PowerPC_POWER4 but it is giving wrong values on Power5... (0 Replies)
Discussion started by: rajesht
0 Replies

7. Filesystems, Disks and Memory

hard disk meltdown

I had an issue with a second hard disk in my machine. I have a sparc station running solaris 7. It was working fine but now it wont mount on boot up and when you try to mount it manually it gives an I/O error. I tried a different disk as a control which was fine. What I want to know is if my... (3 Replies)
Discussion started by: Henrik
3 Replies
Login or Register to Ask a Question