Page 1 of 1

Spectre and Meltdown

Posted: Thu Jan 11, 2018 11:52 am
by astouffer
For curiosity's sake I just ran the Spectre and Meltdown test script on my 8203-E4A box and here are the results:

Re: Spectre and Meltdown

Posted: Thu Jan 11, 2018 12:05 pm
by robespierre
I'm not intimately familiar with that tool, but from the messages it appears to be simply scanning for known mitigations and not an actual Proof of Concept attack.

Re: Spectre and Meltdown

Posted: Thu Jan 11, 2018 10:17 pm
by vishnu
From what I understand (admittedly not much), to use spectre you've got to have local access, and to use meltdown, you can do it over a network if you can figure out a way to crack into a box to install the malware. As of two days ago google says they haven't seen anyone attacking anywhere using either. So for the moment I'm not going to worry about it. I am thinking seriously about changing my home LAN's firewall from Intel/Linux to Sparc/Solaris tho... :shock:

Re: Spectre and Meltdown

Posted: Fri Jan 12, 2018 3:42 am
by Shiunbird
I'll try on my 9111-285 once I'm back to Europe.

@vishnu: My firewall currently is Dodoid's box. =p I'm not sure whether the Odroid box is affected though. The problem with non-x86 things is the super high energy consumption. Hardware I have laying around, but my power bill is already too high as it is.

My whole setup draws 135W (2 x86 systems, 8 hard drives, a switch, a modem, 2 ARM boxes). If I would go non-x86 (use my POWER5 as a server, for example), I'd go to 500W+. The POWER5 eats 35W on standby!

If you are aware of low power, non-x86, relatively modern stuff, I'd love to hear about.

Re: Spectre and Meltdown

Posted: Fri Jan 12, 2018 8:53 am
by johnnym
Shiunbird wrote:My whole setup draws 135W (2 x86 systems, 8 hard drives, a switch, a modem, 2 ARM boxes). If I would go non-x86 (use my POWER5 as a server, for example), I'd go to 500W+. The POWER5 eats 35W on standby!

If you are aware of low power, non-x86, relatively modern stuff, I'd love to hear about.


Maybe a little off-topic, so I answered in a new thread...

Re: Spectre and Meltdown

Posted: Fri Jan 12, 2018 9:08 pm
by ClassicHasClass
The POWER6 is not vulnerable to Meltdown.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Re: Spectre and Meltdown

Posted: Sat Jan 13, 2018 1:08 am
by uunix
ClassicHasClass wrote:The POWER6 is not vulnerable to Meltdown.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Hurrah for my POWER5 then.

Re: Spectre and Meltdown

Posted: Sat Jan 13, 2018 3:38 am
by johnnym
uunix wrote:
ClassicHasClass wrote:The POWER6 is not vulnerable to Meltdown.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Hurrah for my POWER5 then.

Not necessarily: POWER4 (and then most likely also PowerPC 970 and derivatives) and POWER5 make use of out-of-order and speculative execution, whereas POWER6 uses in-order execution.

Re: Spectre and Meltdown

Posted: Sat Jan 13, 2018 5:36 am
by uunix
johnnym wrote:
uunix wrote:
ClassicHasClass wrote:The POWER6 is not vulnerable to Meltdown.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Hurrah for my POWER5 then.

Not necessarily: POWER4 (and then most likely also PowerPC 970 and derivatives) and POWER5 make use of out-of-order and speculative execution, whereas POWER6 uses in-order execution.

Ahh maaaaaan! :x

Re: Spectre and Meltdown

Posted: Sat Jan 13, 2018 9:57 am
by astouffer
Someone was telling me even the later SPARC cpus and even some Alphas did speculative execution. Itanium might be safe :lol:

Re: Spectre and Meltdown

Posted: Sat Jan 13, 2018 9:07 pm
by ClassicHasClass
johnnym wrote:
uunix wrote:
ClassicHasClass wrote:The POWER6 is not vulnerable to Meltdown.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Hurrah for my POWER5 then.

Not necessarily: POWER4 (and then most likely also PowerPC 970 and derivatives) and POWER5 make use of out-of-order and speculative execution, whereas POWER6 uses in-order execution.


Yes. The 970 is definitely vulnerable, so the POWER4 is also almost certainly vulnerable, and if the POWER6 is, then I would be surprised if the POWER5 weren't. Even though the POWER6 is in-order, it still speculates; out-of-order execution only has to do with how instructions are issued.