Spectre - SPARC Solaris: The Safe Choice
Abstract:
As the industry continues to struggle with Meltdown, a second vulnerability family appeared referred to as Spectre. As of this article publication, there are 4 variants of Spectre, the latter two variants referred to as Spectre-NG. All SPARC systems are safe, if the most recent systems are on the most current firmware & OS releases. As of this publishing, the latest application/OS & firmware patches fixes the first two. The later 2 does not affect SPARC, as the rest of the Intel and other CPU communities are struggling with their cloud and local server infrastructures.
|
[Spectre logo, courtesy solaris.wtf] |
Spectre
Spectre v1
Upgrade firefox to 57.0.4 or greater for protection (i.e. bundled in recent Solaris 11.3 updates.
Unpatched super-scalar CPU's (i.e. SPARC T4, T5, M6, M7, S7, M8, M10, M12) could
possibly be exploited by CVE-2017-5753.
Spectre v2
A quick summary on
Stack Exchange on how Spectre works:
the attacker tricks the speculative execution to predictively execute
instructions erroneously. In a nutshell, the predictor is coerced to
predict a specific branch result (if -> true), that results in asking
for an out-of-bound memory access that the victim process would not
normally have requested, resulting in incorrect speculative execution.
Then by the side-channel, retrieves the value of this memory. In this
way, memory belonging to the victim process is leaked to the malicious
process.
Unpatched super-scalar CPU's (i.e. SPARC T4, T5, M6, M7, S7, M8, M10, M12)
may be exploited by CVE-2017-5715.
Spectre v3a
All 64 bit SPARC is immune to
CVE-2018-3640 .
Spectre v4
All 64 bit SPARC is immune to
CVE-2018-3639 .
|
[SPARC Logo, courtesy SPARC International] |
SPARC
Modern 64 bit SPARC variants come in 2 classes: Scalar and Super-Scalar
|
[Sun Microsystems Logo, courtesy Sun Microsystems] |
Sun UltraSPARC
Older Sun UltraSPARC 64 bit Servers do not have the CPU feature which could possibly be exploited and were not vulnerable... they did not issue speculative instructions. Oracle had purchased Sun, so their support channel can provide a definitive explanation. Performance was mostly driven on these servers leveraging SMP chassis, Multi-Core sockets, and large memory footprints.
|
[Oracle Logo, courtesy Oracle Corporation] |
Oracle SPARC
Newer Oracle SPARC Solaris servers are possibly vulnerable, if you are running a modern CPU which initiates speculative instructions (i.e.
T4 or newer) while older 64 bit CPU's are not vulnerable. It has been reported on
Solaris WTF that "Spectre (CVE-2017-5753 and CVE-2017-5715)" has been fixed in firmware (i.e. T4: 8.9.10 or greater; T5, M5, M6: 9.6.22a or greater; M7, S7, M8: 9.8.5c or greater.)
The short story, a firmware patch for CPU's newer than T4 are required and the impact is very minor in performance, according to the previous blog. Stock Firefox as shipped with Solaris 10 is vulnerable to Spectre v1, Solaris 11 fixed Firefox vulnerability early 2018, so users should migrate to Solaris 11.
|
[Fujitsu Logo, courtesy Fujitsu corporation] |
Fujitsu SPARC
Sun and Oracle are not the only 2 vendors, who have produced 64 bit SPARC platforms. Newer Fujitsu SPARC Servers are also super-scalar, possibly vulnerable to Spectre v2 (CVE-2017-5753), and have been been fixed in firmware (i.e. M10: XCP2351; M12: XCP3051.)
Conclusions:
If you are using an older Sun UltraSPARC server, you are OK. If you are running a newer Oracle SPARC (i.e. T4 or newer) server, you should update Firefox on Solaris 10 or get on the latest Solaris 11 release to be protected from Spectre v1. For the same class of hardware, apply firmware patches available today to protect from Spectre v2. SPARC is immune to Spectre v3 & v4. Get with your Oracle support for the first 2 variants (doc id 2349278.1) and second 2 variants.
A primary source on SPARC immunity to Spectre 3a and Spectre 4
ReplyDeletehttps://blogs.oracle.com/oraclesecurity/updates-about-the-spectre-series-of-processor-vulnerabilities-and-cve-2018-3693