Announcement

Collapse
No announcement yet.

IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

    Phoronix: IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

    CVE-2020-4788 is now public and it's not good for IBM and their POWER9 processors... This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares...

    http://www.phoronix.com/scan.php?pag...-CVE-2020-4788

  • #2
    There it goes... the "we are safer than Intel" argument gets flushed for POWER9.

    Comment


    • #3
      That hurts. Flushing L1 is so expensive that everyone hates the Intel version (linked by the article) and now we have a Power version rushed in.

      Comment


      • #4
        Power9? More like PowerNein.

        Comment


        • #5
          Originally posted by ms178 View Post
          There it goes... the "we are safer than Intel" argument gets flushed for POWER9.
          No, it's not. Did you intentionally forget about dozens of other Intel vulnerabilities?

          Comment


          • #6
            I'm glad that this has surfaced now, so that they have time to deal with it on the chip before Power10 comes out next year. I wasn't going to invest in Power9 with Power10 already in the pipeline anyway.

            Comment


            • #7
              Correct me if I am wrong, but the L1 boundary issue would only be a problem if you have situations where the L1 would be sharing data with different privileged activities, like in KVM, LPAR's, Containers or other compute partitioning mechanisms. A dedicated POWER9 server running DB2 is not going to see an issue with this defect because it runs at the same priv level all the time.

              Comment


              • #8
                Originally posted by ms178 View Post
                There it goes... the "we are safer than Intel" argument gets flushed for POWER9.
                It doesn't have a management engine, so it is still a valid claim. The "comparable performance" part is sadly lost, but it may be back with newer revisions, or maybe IBM will be able to fix it in a more efficient way somehow. Also the fix does not need to be on, if the machine works on totally trusted code that is not downloading anything from the Internet, which is quite true for most POWER clusters in HPC environments.

                Comment


                • #9
                  IBM needs to stop manufacturing and/or getting others to manufacture their CPU's.
                  In fact, IBM has made $billions with their RHEL, -ehm, using a free LINUX distro, what more do they need ?
                  Last edited by scjet; 20 November 2020, 11:38 AM.

                  Comment


                  • #10
                    Originally posted by edwaleni View Post
                    Correct me if I am wrong, but the L1 boundary issue would only be a problem if you have situations where the L1 would be sharing data with different privileged activities, like in KVM, LPAR's, Containers or other compute partitioning mechanisms. A dedicated POWER9 server running DB2 is not going to see an issue with this defect because it runs at the same priv level all the time.
                    It's more like adding every user and process into the sudo file (if I understand all the things you can do with stealing kerberos tokens and so forth). Things don't run as root, but they can if they want to (i.e. if someone breaks into your web server).

                    There's also theoretical stuff that Javascript can do, but I imagine that would be explicitly mitigated by the web browser code...
                    Last edited by OneTimeShot; 20 November 2020, 12:04 PM.

                    Comment

                    Working...
                    X