Difference between revisions of "Speculative Execution Vulnerabilities of 2018"

From RCS Wiki
Jump to navigation Jump to search
m
m
Line 25: Line 25:
 
=== POWER9 ===
 
=== POWER9 ===
  
Hardware fixes are also in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD1.1 and above <ref name="hostboot-commit-fcf7d0e3">[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for NDD2.2 / CDD2.1]</ref>.  In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.
+
Hardware fixes are also in place for [[POWER9]] Nimbus DD2.2 / Cumulus DD1.1 and above <ref name="hostboot-commit-fcf7d0e3">[https://git.raptorcs.com/git/talos-hostboot/commit/?id=fcf7d0e3f5fe8013b8f88a70a4f69cb5c0efc38b Hostboot commit message listing security changes for NDD2.2 / CDD1.1]</ref>.  In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.
  
 
== CVE-2017-5753 (Spectre variant 1) ==
 
== CVE-2017-5753 (Spectre variant 1) ==

Revision as of 16:08, 30 January 2018

In January of 2018, news of three speculative execution vulnerabilities was made public.

CVE Group
CVE-2017-5715 Spectre
CVE-2017-5753 Spectre
CVE-2017-5754 Meltdown

At this time we know that POWER9, POWER8, POWER8E, POWER7+, POWER6, and certain PowerPC architectures are affected by at least some of these vulnerabilities. [1][2][3][4]

CVE-2017-5754 (Meltdown)

Common Mitigations

POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[5] Firmware updates are also required to enable workarounds at the hardware level.[6] [7].

POWER9

Hardware fixes are also in place for POWER9 Nimbus DD2.2 / Cumulus DD1.1 and above [8]. In conjunction with the above kernel patch, Meltdown is fully mitigated on the production POWER9 devices.

CVE-2017-5753 (Spectre variant 1)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD1.1 and above [8]. With these hardware changes, cross-process attacks via Spectre variant 1 are believed to be fully mitigated on the production POWER9 devices.

CVE-2017-5715 (Spectre variant 2)

POWER9

Hardware fixes are in place for POWER9 Nimbus DD2.2 / Cumulus DD1.1 and above [8]. With these hardware changes, Spectre variant 2 is believed to be mitigated on the production POWER9 devices.

Official statement from Raptor Computing Systems regarding Talos™ II

POWER9 will not ship with vulnerability to Meltdown or any loss in performance compared with the current prototype chips (DD2.1). Further, Spectre is fully mitigated with the exception of the same-process issue that is affecting the entire CPU industry. As far as we are aware there will be no further mitigation from any major CPU vendor now or in the future, as the remaining Spectre issue has been deemed an application level programming issue versus a CPU design issue. Patches for GCC to help fix the affected applications are already rolling out.

External Links

References