Announcement

Collapse
No announcement yet.

S390 Architecture Gets Spectre Mitigation With "Expoline" & Other Patches

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • S390 Architecture Gets Spectre Mitigation With "Expoline" & Other Patches

    Phoronix: S390 Architecture Gets Spectre Mitigation With "Expoline" & Other Patches

    Even IBM System/390 "Linux on z" systems are prone to the Spectre security vulnerability. But with Linux 4.16, s390 is getting its initial Spectre Variant One and Two mitigation...

    http://www.phoronix.com/scan.php?pag...ine-Linux-4.16

  • #2
    Typo?

    Originally posted by phoronix View Post
    so it's not "return tramplines" (Retpolines)

    Comment


    • #3
      I wonder if ZOS itself will need recompiled

      Comment


      • #4
        Originally posted by FireBurn View Post
        I wonder if ZOS itself will need recompiled
        Originally posted by Phoronix
        The s390 code also has an array_index_mask_nospec function for defending against Spectre Variant One. There are also patches for new PPA-12/PPA-13 instructions to run the kernel and/or user-space with reduced branch prediction.
        Yes. Just like with other operating systems, both the kernel and userspace need to be recompiled to protect them. Any binary not recompiled remains vulnerable.

        Comment


        • #5
          Originally posted by linuxgeex View Post



          Yes. Just like with other operating systems, both the kernel and userspace need to be recompiled to protect them. Any binary not recompiled remains vulnerable.
          I'm not sure if regular mainframe programs can use multiple cores or not, if they can't it might not be possible to exploit in native ZOS

          Comment


          • #6
            Originally posted by FireBurn View Post

            I'm not sure if regular mainframe programs can use multiple cores or not, if they can't it might not be possible to exploit in native ZOS
            I'm not too why you believe this needs multiple cores to be exploited. Speculation happens within a single core, not across multiple cores. The major vulnerabilities are caused by user space and kernel space running on the same core and speculation side effects resulting in kernel data being exposed to userspace on the same core, but this can also cause access control violations between userspace processes running on the same core, which is the reason why userspace processes need to be patched. It's not about multiple cores. It's about multiple processes on the same core. However if what you mean is that mainframes tend to bind applications to specific cores and not share those cores among other processes, then yeah that would be an effective mitigation for those applications... but not for the OS or other apps.

            Comment

            Working...
            X