Spectre+Meltdown

Spectre+Meltdown

[Christian Zigotzky]

[-- Attachment #1: Type: text/plain, Size: 375 bytes --]

Hi All,

Do we have some information regarding Spectre+Meltdown for our users?

It could be that we have some security issues in our PowerPC CPUs.

Links:

https://www.phoronix.com/scan.php?page=news_item&px=Linux-Kernel-Retpoline-Patches

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test

Thanks,
Christian

Sent from my iPhone

[-- Attachment #2: Type: text/html, Size: 1795 bytes --]

Re: Spectre+Meltdown

[Michal Suchánek]

Hello,

On Thu, 4 Jan 2018 16:09:34 +0100
Christian Zigotzky <chzigotzky@xenosoft.de> wrote:

> Hi All,
> 
> Do we have some information regarding Spectre+Meltdown for our users?
> 
> It could be that we have some security issues in our PowerPC CPUs.
> 
> Links:
> 
> https://www.phoronix.com/scan.php?page=news_item&px=Linux-Kernel-Retpoline-Patches
> 
> https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
> 

Since the vulnerability details were disclosed already you should see
patches addressing it in your local kernel git repository. AFAICT some
patches for preventing speculative execution in some random parts of
the kernel as well as adding an extra flush when returning from kernel
to userspace are applicable to powerpc.

I am not familiar with all the details so you are free to investigate
the code for yourself or fish some article from someone who really
knows what the thing is all about and how it affects powerpc in
particular.

Thanks

Michal

Re: Spectre+Meltdown

[Michael Ellerman]

Christian Zigotzky <chzigotzky@xenosoft.de> writes:

> Hi All,
>
> Do we have some information regarding Spectre+Meltdown for our users?
>
> It could be that we have some security issues in our PowerPC CPUs.

There's a statement from IBM here:

  https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/


I think you're mostly using pasemi CPUs right? I don't have any
information on them, and obviously it's going to be hard to find anyone
who might know. You might be best finding a proof of concept somewhere
and actually testing it.

cheers

Spectre+Meltdown

[Christian Zigotzky]

Hello Michael,

Thanks for your reply. We are using P.A. Semi and Freescale CPUs.

@Olof
Do you have some infos for us?

Thanks,
Christian


On 06/01/18 10:34, Michael Ellerman wrote:
> Christian Zigotzky <chzigotzky@xenosoft.de> writes:
>
>> Hi All,
>>
>> Do we have some information regarding Spectre+Meltdown for our users?
>>
>> It could be that we have some security issues in our PowerPC CPUs.
> There's a statement from IBM here:
>
>    https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
>
>
> I think you're mostly using pasemi CPUs right? I don't have any
> information on them, and obviously it's going to be hard to find anyone
> who might know. You might be best finding a proof of concept somewhere
> and actually testing it.
>
> cheers
>

Re: Spectre+Meltdown

[Olof Johansson]

On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky
<chzigotzky@xenosoft.de> wrote:
> Hello Michael,
>
> Thanks for your reply. We are using P.A. Semi and Freescale CPUs.
>
> @Olof
> Do you have some infos for us?

I'm low on spare time to experiment and explore what might be exposed
or not, and I no longer have any proprietary microarchitecture
documentation of the core.

I suggest reaching out to your supplier of the silicon for commercial
support and information, or just going with what I'm sure will be
architecturally generic solutions to the problem when IBM has them
ready.


-Olof

Re: Spectre+Meltdown

[Michal Suchanek]

On 7 January 2018 at 19:54, Olof Johansson <olof@lixom.net> wrote:
> On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky
> <chzigotzky@xenosoft.de> wrote:
>> Hello Michael,
>>
>> Thanks for your reply. We are using P.A. Semi and Freescale CPUs.
>>
>> @Olof
>> Do you have some infos for us?
>
> I'm low on spare time to experiment and explore what might be exposed
> or not, and I no longer have any proprietary microarchitecture
> documentation of the core.
>
> I suggest reaching out to your supplier of the silicon for commercial
> support and information, or just going with what I'm sure will be
> architecturally generic solutions to the problem when IBM has them
> ready.

The solution for IBM POWER involves patching the firmware as well as
Linux. Without knowledge of the architecture specifics it is not
possible to tell if other cores are affected and if the measures
implemented by IBM can be used. In fact they probably rely on
64s-specific instructions and are in part implemented in 64s-specific
assembly files.

So this will not work without support for the specific core either by
the vendor or somebody who has knowledge of the architecture details.

Thanks

Michal

Spectre+Meltdown

[Christian Zigotzky]

Hi All,

Thanks a lot for your replies.

@NXP developers: Could you please tell us some information?

Thanks,
Christian


On 08 January 2018 at 02:14AM, Michal Suchanek wrote:
> On 7 January 2018 at 19:54, Olof Johansson <olof@lixom.net> wrote:
>> On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky
>> <chzigotzky@xenosoft.de> wrote:
>>> Hello Michael,
>>>
>>> Thanks for your reply. We are using P.A. Semi and Freescale CPUs.
>>>
>>> @Olof
>>> Do you have some infos for us?
>> I'm low on spare time to experiment and explore what might be exposed
>> or not, and I no longer have any proprietary microarchitecture
>> documentation of the core.
>>
>> I suggest reaching out to your supplier of the silicon for commercial
>> support and information, or just going with what I'm sure will be
>> architecturally generic solutions to the problem when IBM has them
>> ready.
> The solution for IBM POWER involves patching the firmware as well as
> Linux. Without knowledge of the architecture specifics it is not
> possible to tell if other cores are affected and if the measures
> implemented by IBM can be used. In fact they probably rely on
> 64s-specific instructions and are in part implemented in 64s-specific
> assembly files.
>
> So this will not work without support for the specific core either by
> the vendor or somebody who has knowledge of the architecture details.
>
> Thanks
>
> Michal
>

Re: Spectre+Meltdown

[Li Yang]

On Mon, Jan 8, 2018 at 2:17 AM, Christian Zigotzky
<chzigotzky@xenosoft.de> wrote:
> Hi All,
>
> Thanks a lot for your replies.
>
> @NXP developers: Could you please tell us some information?

We have done some investigation but it is not ready to be published
yet.  You can get more information from your support channel right
now.

>
> Thanks,
> Christian
>
>
>
> On 08 January 2018 at 02:14AM, Michal Suchanek wrote:
>>
>> On 7 January 2018 at 19:54, Olof Johansson <olof@lixom.net> wrote:
>>>
>>> On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky
>>> <chzigotzky@xenosoft.de> wrote:
>>>>
>>>> Hello Michael,
>>>>
>>>> Thanks for your reply. We are using P.A. Semi and Freescale CPUs.
>>>>
>>>> @Olof
>>>> Do you have some infos for us?
>>>
>>> I'm low on spare time to experiment and explore what might be exposed
>>> or not, and I no longer have any proprietary microarchitecture
>>> documentation of the core.
>>>
>>> I suggest reaching out to your supplier of the silicon for commercial
>>> support and information, or just going with what I'm sure will be
>>> architecturally generic solutions to the problem when IBM has them
>>> ready.
>>
>> The solution for IBM POWER involves patching the firmware as well as
>> Linux. Without knowledge of the architecture specifics it is not
>> possible to tell if other cores are affected and if the measures
>> implemented by IBM can be used. In fact they probably rely on
>> 64s-specific instructions and are in part implemented in 64s-specific
>> assembly files.
>>
>> So this will not work without support for the specific core either by
>> the vendor or somebody who has knowledge of the architecture details.
>>
>> Thanks
>>
>> Michal
>>
>

Re: Spectre+Meltdown

[Michal Suchánek]

On Wed, 10 Jan 2018 18:09:45 -0600
Li Yang <leoyang.li@nxp.com> wrote:

Hello,

> On Mon, Jan 8, 2018 at 2:17 AM, Christian Zigotzky
> <chzigotzky@xenosoft.de> wrote:
> > Hi All,
> >
> > Thanks a lot for your replies.
> >
> > @NXP developers: Could you please tell us some information?  
> 
> We have done some investigation but it is not ready to be published
> yet.  You can get more information from your support channel right
> now.

With this summary paper https://arxiv.org/abs/1811.05441 it should be
possible to take the manual for your favourite CPU and see which
exploitable optimizations it does have, and how are these exploits
mitigated.

Thanks

Michal

Re: Spectre+Meltdown

[Christian Zigotzky]

On 23. Nov 2018, at 19:59, Michal Suchánek <msuchanek@suse.de> wrote:

With this summary paper https://arxiv.org/abs/1811.05441 it should be
possible to take the manual for your favourite CPU and see which
exploitable optimizations it does have, and how are these exploits
mitigated.

Thanks

Michal


Hi Michal,

Thanks for the hint. Here is the status of our machines:

FYI:

X1000, CPU: PWRficient PA6T-1682M, kernel 4.20-rc3: grep . /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush

--------

X5000/020, CPU: P5020 (e5500), kernel 4.20-rc3: grep . /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush

The PA6T is still vulnerable.

Cheers,
Christian