[OpenPower-Firmware] security fixes for meltdown/spectre on P8

Nathan Whitehorn nwhitehorn at freebsd.org
Fri Mar 2 09:43:47 AEDT 2018


To hijack the thread slightly, is there an overview somewhere of what 
needs to be done at the OS level to support these fixes? We would 
obviously like to implement the OS-level changes for FreeBSD, but the 
only reference for even what the exposure of P8/9 to Spectre is seems to 
be some moderately cryptic Linux commits.
-Nathan

On 03/01/18 13:08, Daniel M Crowell wrote:
> The P9 and P8 changes are not the same, so do not presume a 1-to-1 
> mapping between them.  The P8 changes are all complete in github as 
> far as I'm aware.  The P9 changes are not 100% complete yet.
>
> --
> Dan Crowell
> Senior Software Engineer - Power Systems Enablement Firmware
> IBM Rochester: t/l 553-2987
> dcrowell at us.ibm.com
>
>
>
> From: Sergey Kachkin <s.kachkin at gmail.com>
> To: Daniel M Crowell <dcrowell at us.ibm.com>
> Cc: obmc at yadro.com, openpower-firmware at lists.ozlabs.org, 
> OpenPower-Firmware 
> <openpower-firmware-bounces+dcrowell=us.ibm.com at lists.ozlabs.org>
> Date: 03/01/2018 12:46 PM
> Subject: Re: [OpenPower-Firmware] security fixes for meltdown/spectre 
> on P8
> ------------------------------------------------------------------------
>
>
>
> Hi Daniel,
>
> thanks, so we have at least part of the fix since Dec'17. Wondering if 
> there a big picture  of all necessary changes somewhere.
>
> I went through release note but noted only some P9 changes, like below:
> _https://github.com/open-power/hostboot/commit/fcf7d0e3f5fe_ 
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_open-2Dpower_hostboot_commit_fcf7d0e3f5fe&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=h4jjGcAslc3J-z5MjikJOIYkUPpTdOd-JJfXBKDKZNU&s=ziXS8G2Pjk7XOQCxtZv51YHxo6FU-psbBlHgsxvSsEE&e=>
>
> Not sure if it ever related though.
>
>
> regards,
> Sergey
>
> On Thu, Mar 1, 2018 at 8:13 PM, Daniel M Crowell 
> <_dcrowell at us.ibm.com_ <mailto:dcrowell at us.ibm.com>> wrote:
> The processor inits that are required for these fixes are out in 
> github already.  The changes are part of the hostboot-binaries repo.
>
> This commit should have everything - 
> _https://github.com/open-power/hostboot-binaries/commit/fc2f7b939f340ba2e33382f6fcb9f908ad554186_ 
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_open-2Dpower_hostboot-2Dbinaries_commit_fc2f7b939f340ba2e33382f6fcb9f908ad554186&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=h4jjGcAslc3J-z5MjikJOIYkUPpTdOd-JJfXBKDKZNU&s=8THLplAgkqBa0q9Yt-Z7zXsfRsTfAKNfG-ItYsiDYyk&e=>
>
> Note - I'm not commented on any skiboot-level changes that may be 
> needed. I'm totally out of that conversation.
>
> --
> Dan Crowell
> Senior Software Engineer - Power Systems Enablement Firmware
> IBM Rochester: t/l 553-2987_
> __dcrowell at us.ibm.com_ <mailto:dcrowell at us.ibm.com>
>
>
>
> From: Sergey Kachkin <_s.kachkin at gmail.com_ <mailto:s.kachkin at gmail.com>>
> To: _openpower-firmware at lists.ozlabs.org_ 
> <mailto:openpower-firmware at lists.ozlabs.org>
> Cc: _obmc at yadro.com_ <mailto:obmc at yadro.com>
> Date: 03/01/2018 09:46 AM
> Subject: Re: [OpenPower-Firmware] security fixes for meltdown/spectre 
> on P8
> Sent by: "OpenPower-Firmware" 
> <openpower-firmware-bounces+dcrowell=_us.ibm.com at lists.ozlabs.org_ 
> <mailto:us.ibm.com at lists.ozlabs.org>>
> ------------------------------------------------------------------------
>
>
>
>
> Hi Stewart,
>
> We are building PNOR for our own P8 system and I'm cc'ing  the 
> BMC-PNOR team.
> I've read that firmware to mitigate Spectre/Meltdown vulnerabilities 
> have been released on S8*LC systems but situation with OpenPOWER is 
> not clear yet.
>
> To be honest I'm not sure what code exactly IBM implemented on their 
> machines but wondering if there any plans to contribute this code to 
> OpenPOWER (if not already done)?
>
>
> thanks,
>
> regards,
> Sergey
> YADRO
> Engineer
>
> On Wed, Jan 31, 2018 at 4:36 PM, Sergey Kachkin <_s.kachkin at gmail.com_ 
> <mailto:s.kachkin at gmail.com>> wrote:
> Hi Team,
>
> from the published info i realised that both OS and FW patches are 
> needed for CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 issues 
> mitigation.
>
> Are there any plans/timeline for including related fixes into P8 PNOR?
>
> thanks,
>
>
> regards,
> Sergey
> _______________________________________________
> OpenPower-Firmware mailing list_
> __OpenPower-Firmware at lists.ozlabs.org_ 
> <mailto:OpenPower-Firmware at lists.ozlabs.org>_
> __https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=X2enJEdH-l8_f_JYvU4H0-QcEVhVzx-E5VA81OM45wk&s=DK8ZNbg9TKKStlMMEnUkC6gr0sv9QE939UeBxBlHf5M&e=_
>
>
>
>
>
>
>
>
> _______________________________________________
> OpenPower-Firmware mailing list
> OpenPower-Firmware at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/openpower-firmware

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20180301/aca060b1/attachment-0001.html>


More information about the OpenPower-Firmware mailing list