
Potential Impact of Spectre on Processors in the Power family - newman314
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
======
chmaynard
Does anyone know if the IBM AS/400 architecture is affected?

Edit: I'm referring to the System/38 architecture that used capability-based
addressing.

~~~
skissane
The AS/400 nowadays is called "IBM i". The note says IBM i is affected: "AIX
and i operating system patches will start to become available February 12".

Since the mid-1990s it has run on POWER so if POWER is affected it obviously
would be too.

~~~
dfox
Another question is whether it is actually exploitable from OS/i userspace.

~~~
skissane
Well, if you consider PASE lets you run AIX binaries, if it is exploitable on
AIX the same exploit would probably work on IBM i. (PASE only supports a
subset of AIX system calls though.)

Also, if it is exploitable from Java, nowadays the IBM i JVM is J9, almost the
same as AIX. (This used to be different – the "Classic JVM" was integrated
into the TIMI infrastructure, so quite different from JVMs on other
platforms.)

~~~
carey
I'm more interested in the non-PASE (more accurately, non-Teraspace)
situation. The single level store maps _every_ program into the same address
space. Will POWER speculatively access another user's data before it discovers
that the pointer is invalid or the array index is out of range?

~~~
justincormack
Yes, it is an interesting case, I hope we get more detail than this paper
soon.

------
pokoleo
> If this vulnerability poses a risk to your environment, the first line of
> defense is the firewalls and security tools that most organizations already
> have in place.

How would firewalls mitigate these attacks?

~~~
InclinedPlane
The only way to exploit these vulnerabilities is to run code on target
machines. If that's not possible then the vulnerability is irrelevant. Using
firewalls to keep attackers away from your vulnerable machines is a viable
strategy in this case.

~~~
ams6110
Conventional thinking is that if a malicious user can run code on your system,
you've lost. In that sense, this is just another local exploit, of which there
are many.

~~~
InclinedPlane
This includes fully sandboxed code, however, which is an important
distinction. The fact that a driveby javascript exploit could potentially
result in leaking every important secret from your system (logins, encryption
keys, what-have-you) is why people are taking this so seriously.

~~~
petecox
Algorithmically is it possible to pass only 'safe' interpreted code to the
CPU? The majority of Javacript engines (Chakra, V8, Spidemonkey and
JavasciptCore) are under a security-auditable FOSS license. Browsers claiming
Spectre/Meltdown immunity would be in the next release notes, surely.

I'm not discounting that CPUs should operate correctly into the future but the
current sandboxes would seem to rely on whims of a CPU's microcode. And the
question for browser makers is whether to trust them.

~~~
gruez
>Algorithmically is it possible to pass only 'safe' interpreted code to the
CPU?

in other words, the halting problem?

~~~
amock
It's not the halting problem because you can have false positives. If the code
can't be proven safe it is rejected.

------
filereaper
No word about mainframes yet. Are s390 and s390x still in-order? Given their
high clock speeds I'd hazard they don't do much speculation.

------
chx
That must be only Spectre, where did you read Meltdown...? This title is
wildly inaccurate!

~~~
KerrickStaley
+1. Meltdown and Spectre are distinct vulnerabilities, and Meltdown only
affects Intel processors as far as we know.

~~~
Fnoord
> and Meltdown only affects Intel processors as far as we know.

I made a post stating the same, but this is not true [1]:

ARM has reported that the majority of their processors are not vulnerable, and
published a list of the specific processors that are affected. However, the
ARM Cortex-A75 core is affected directly by the Meltdown vulnerability, and
cores Cortex-A15, Cortex-A57, and Cortex-A72 are affected by variations of the
Meltdown vulnerability. This contradicts some early statements made about the
Meltdown vulnerability as being Intel only.

A large portion of the current mid-range Android handsets use the Cortex-A53
or Cortex-A55 in an octa-core arrangement and are not affected by either the
Meltdown or Specter vulnerability as they don't do out-of-order execution.
This includes devices with the Qualcomm Snapdragon 630, Snapdragon 626,
Snapdragon 625, and all Snapdragon 4xx processors based on A53 or A55 cores.

[1]
[https://en.wikipedia.org/wiki/Meltdown_(security_vulnerabili...](https://en.wikipedia.org/wiki/Meltdown_\(security_vulnerability\))
(contains further references)

