[OpenPower-Firmware] security fixes for meltdown/spectre on P8

J Lynn j at jaesharp.com
Fri Mar 2 16:10:05 AEDT 2018 

New threads are effectively free and this issue deserves due
consideration apart from the specific concern this thread is addressing. - J

On 2/3/18 9:43 am, Nathan Whitehorn wrote:
> To hijack the thread slightly, is there an overview somewhere of what
> needs to be done at the OS level to support these fixes? We would
> obviously like to implement the OS-level changes for FreeBSD, but the
> only reference for even what the exposure of P8/9 to Spectre is seems to
> be some moderately cryptic Linux commits.
> -Nathan
> 
> On 03/01/18 13:08, Daniel M Crowell wrote:
>> The P9 and P8 changes are not the same, so do not presume a 1-to-1
>> mapping between them.  The P8 changes are all complete in github as
>> far as I'm aware.  The P9 changes are not 100% complete yet.
>>
>> --
>> Dan Crowell
>> Senior Software Engineer - Power Systems Enablement Firmware
>> IBM Rochester: t/l 553-2987
>> dcrowell at us.ibm.com
>>
>>
>>
>> From:        Sergey Kachkin <s.kachkin at gmail.com>
>> To:        Daniel M Crowell <dcrowell at us.ibm.com>
>> Cc:        obmc at yadro.com, openpower-firmware at lists.ozlabs.org,
>> OpenPower-Firmware
>> <openpower-firmware-bounces+dcrowell=us.ibm.com at lists.ozlabs.org>
>> Date:        03/01/2018 12:46 PM
>> Subject:        Re: [OpenPower-Firmware] security fixes for
>> meltdown/spectre on P8
>> ------------------------------------------------------------------------
>>
>>
>>
>> Hi Daniel, 
>>
>> thanks, so we have at least part of the fix since Dec'17.  Wondering
>> if there a big picture  of all necessary changes somewhere. 
>>
>> I went through release note but noted only some P9 changes, like below: 
>> _https://github.com/open-power/hostboot/commit/fcf7d0e3f5fe_
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_open-2Dpower_hostboot_commit_fcf7d0e3f5fe&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=h4jjGcAslc3J-z5MjikJOIYkUPpTdOd-JJfXBKDKZNU&s=ziXS8G2Pjk7XOQCxtZv51YHxo6FU-psbBlHgsxvSsEE&e=>
>>
>> Not sure if it ever related though. 
>>
>>
>> regards,
>> Sergey 
>>
>> On Thu, Mar 1, 2018 at 8:13 PM, Daniel M Crowell
>> <_dcrowell at us.ibm.com_ <mailto:dcrowell at us.ibm.com>> wrote:
>> The processor inits that are required for these fixes are out in
>> github already.  The changes are part of the hostboot-binaries repo.
>>
>> This commit should have everything -
>> _https://github.com/open-power/hostboot-binaries/commit/fc2f7b939f340ba2e33382f6fcb9f908ad554186_
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_open-2Dpower_hostboot-2Dbinaries_commit_fc2f7b939f340ba2e33382f6fcb9f908ad554186&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=h4jjGcAslc3J-z5MjikJOIYkUPpTdOd-JJfXBKDKZNU&s=8THLplAgkqBa0q9Yt-Z7zXsfRsTfAKNfG-ItYsiDYyk&e=>
>>
>> Note - I'm not commented on any skiboot-level changes that may be
>> needed.  I'm totally out of that conversation.
>>
>> --
>> Dan Crowell
>> Senior Software Engineer - Power Systems Enablement Firmware
>> IBM Rochester: t/l 553-2987_
>> __dcrowell at us.ibm.com_ <mailto:dcrowell at us.ibm.com>
>>
>>
>>
>> From:        Sergey Kachkin <_s.kachkin at gmail.com_
>> <mailto:s.kachkin at gmail.com>>
>> To:        _openpower-firmware at lists.ozlabs.org_
>> <mailto:openpower-firmware at lists.ozlabs.org>
>> Cc:        _obmc at yadro.com_ <mailto:obmc at yadro.com>
>> Date:        03/01/2018 09:46 AM
>> Subject:        Re: [OpenPower-Firmware] security fixes for
>> meltdown/spectre on P8
>> Sent by:        "OpenPower-Firmware"
>> <openpower-firmware-bounces+dcrowell=_us.ibm.com at lists.ozlabs.org_
>> <mailto:us.ibm.com at lists.ozlabs.org>>
>> ------------------------------------------------------------------------
>>
>>
>>
>>
>> Hi Stewart,
>>
>> We are building PNOR for our own P8 system and I'm cc'ing  the
>> BMC-PNOR team.
>> I've read that firmware to mitigate Spectre/Meltdown vulnerabilities
>> have been released on S8*LC systems but situation with OpenPOWER is
>> not clear yet.
>>
>> To be honest I'm not sure what code exactly IBM implemented on their
>> machines but wondering if there any plans to contribute this code to
>> OpenPOWER (if not already done)?
>>
>>
>> thanks,
>>
>> regards,
>> Sergey
>> YADRO
>> Engineer
>>
>> On Wed, Jan 31, 2018 at 4:36 PM, Sergey Kachkin <_s.kachkin at gmail.com_
>> <mailto:s.kachkin at gmail.com>> wrote:
>> Hi Team, 
>>
>> from the published info i realised that both OS and FW patches are
>> needed for CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 issues
>> mitigation. 
>>
>> Are there any plans/timeline for including related fixes into P8 PNOR? 
>>
>> thanks,
>>
>>
>> regards,
>> Sergey 
>> _______________________________________________
>> OpenPower-Firmware mailing list_
>> __OpenPower-Firmware at lists.ozlabs.org_
>> <mailto:OpenPower-Firmware at lists.ozlabs.org>_
>> __https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=X2enJEdH-l8_f_JYvU4H0-QcEVhVzx-E5VA81OM45wk&s=DK8ZNbg9TKKStlMMEnUkC6gr0sv9QE939UeBxBlHf5M&e=_
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> OpenPower-Firmware mailing list
>> OpenPower-Firmware at lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/openpower-firmware
> 
> 
> _______________________________________________
> OpenPower-Firmware mailing list
> OpenPower-Firmware at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/openpower-firmware
>

More information about the OpenPower-Firmware mailing list