Announcement

Collapse
No announcement yet.

IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

    Phoronix: IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

    CVE-2020-4788 is now public and it's not good for IBM and their POWER9 processors... This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares...

    IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=IBM-POWER-L1-CVE-2020-4788
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    There it goes... the "we are safer than Intel" argument gets flushed for POWER9.
    • Likes 5

    Comment

    • #3
      That hurts. Flushing L1 is so expensive that everyone hates the Intel version (linked by the article) and now we have a Power version rushed in.
      • Likes 2

      Comment

      • #4
        Power9? More like PowerNein.
        • Likes 7

        Comment

        • #5
          Originally posted by ms178 View Post
          There it goes... the "we are safer than Intel" argument gets flushed for POWER9.
          No, it's not. Did you intentionally forget about dozens of other Intel vulnerabilities?
          • Likes 7

          Comment

          • #6
            I'm glad that this has surfaced now, so that they have time to deal with it on the chip before Power10 comes out next year. I wasn't going to invest in Power9 with Power10 already in the pipeline anyway.
            • Likes 5

            Comment

            • #7
              Correct me if I am wrong, but the L1 boundary issue would only be a problem if you have situations where the L1 would be sharing data with different privileged activities, like in KVM, LPAR's, Containers or other compute partitioning mechanisms. A dedicated POWER9 server running DB2 is not going to see an issue with this defect because it runs at the same priv level all the time.
              • Likes 5

              Comment

              • #8
                Originally posted by ms178 View Post
                There it goes... the "we are safer than Intel" argument gets flushed for POWER9.
                It doesn't have a management engine, so it is still a valid claim. The "comparable performance" part is sadly lost, but it may be back with newer revisions, or maybe IBM will be able to fix it in a more efficient way somehow. Also the fix does not need to be on, if the machine works on totally trusted code that is not downloading anything from the Internet, which is quite true for most POWER clusters in HPC environments.
                • Likes 5

                Comment

                • #9
                  IBM needs to stop manufacturing and/or getting others to manufacture their CPU's.
                  In fact, IBM has made $billions with their RHEL, -ehm, using a free LINUX distro, what more do they need ?
                  Last edited by scjet; 20 November 2020, 11:38 AM.

                  Comment

                  • #10
                    Originally posted by edwaleni View Post
                    Correct me if I am wrong, but the L1 boundary issue would only be a problem if you have situations where the L1 would be sharing data with different privileged activities, like in KVM, LPAR's, Containers or other compute partitioning mechanisms. A dedicated POWER9 server running DB2 is not going to see an issue with this defect because it runs at the same priv level all the time.
                    It's more like adding every user and process into the sudo file (if I understand all the things you can do with stealing kerberos tokens and so forth). Things don't run as root, but they can if they want to (i.e. if someone breaks into your web server).

                    There's also theoretical stuff that Javascript can do, but I imagine that would be explicitly mitigated by the web browser code...
                    Last edited by OneTimeShot; 20 November 2020, 12:04 PM.

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X