What I understood is, that Linux, Windows and Apple OS's are vulnerable. The leak is in the way memory areas of different tasks are isloated from each other. I doubt that zSystems / zArchitecture are vulnerable to this bug.
Kees. > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of John McKown > Sent: 04 January, 2018 14:08 > To: [email protected] > Subject: Re: Intel Chip flaw > > This is interesting. And I've been following some of the discussion over > on > "Vulture Central", > http://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_ > registers_annotations/ > . But as I understand it, this is a hardware bug on Intel. And there is > no > indication that the IBMZ architecture has a similar bug in it. In > addition, > even if such a exploit exists on the IBMZ, it seems (as I read it) to be > only "active" on z/Linux and would be much more difficult to use on z/OS > or > z/VSE. I am basing this on the fact that most of the z/OS sensitive > information is not kept in "common storage" and simply fetch protected. > At > least in z/OS, the "UNIX kernel" data is kept in the BPXOINIT address > space, which is not "common", and is not mapped into the user's address > space (as the "kernel" data areas are in Linux & Windows). Likewise for > things such as the "master scheduler" (ASID 1) data, ENQ control blocks, > and most other things. z/OS is not a microkernel, but is closer to one > than > is Linux. As least as well as I understand such things. Which ain't > necessarily all that much on a theoretical basis. > > On Thu, Jan 4, 2018 at 4:35 AM, Martin Packer <[email protected]> > wrote: > > > Surely the term "fetch-protected" says it all: In principle you'd > fetch > > protect what you didn't want fetched. :-) Now, I don't know if there > is > > any overhead to fetch protection that might cause you not to fetch > protect > > what should be. > > > > Cheers, Martin > > > > Martin Packer > > > > zChampion, Systems Investigator & Performance Troubleshooter, IBM > > > > +44-7802-245-584 > > > > email: [email protected] > > > > Twitter / Facebook IDs: MartinPacker > > > > Blog: > > https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker > > > > Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/ > or > > > > https://itunes.apple.com/gb/podcast/mainframe-performance- > > topics/id1127943573?mt=2 > > > > > > Youtube channel: > https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA > > > > > > > > From: "Cannaerts, Jan" <[email protected]> > > To: [email protected] > > Date: 04/01/2018 10:11 > > Subject: Re: Intel Chip flaw > > Sent by: IBM Mainframe Discussion List <IBM- > [email protected]> > > > > > > > > This article: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__ > > googleprojectzero.blogspot.be_2018_01_reading-2Dprivileged- > > 2Dmemory-2Dwith-2Dside.html&d=DwIFaQ&c=jf_iaSHvJObTbx- > > siA1ZOg&r=BsPGKdq7-Vl8MW2-WOWZjlZ0NwmcFSpQCLphNznBSDQ&m= > > JgfLm1WtVuc3hfiKug2jNzxJ50Cb-S25nq4BySZ38Fs&s= > > z8S5H15LmNsZT976WrrTR3zjzYH6V6IUtFklSLCiQzE&e= > > > > > > Mentions the following: > > > > > Additional exploits for other architectures are also known to exist. > > These > > > include IBM System Z, POWER8 (Big Endian and Little Endian), and > POWER9 > > > (Little Endian). > > > > The attacks target flaws in the hardware, in this case related to > > speculative > > execution. But the PoCs I'm seeing so far seem to be meant to leak > Linux > > kernel > > memory (leaking passwords/cryptographic keys). The z/Architecture also > > employs speculative execution and branch prediction. > > > > So I'm not sure whether or not there is a working PoC for any Linux > > distribution > > running either Linux native, under z/VM or KVM on System Z, and I > cannot > > find > > anything about a PoC for z/OS either. > > > > If the attack can be used against z/OS, I'd wager it could leak > > fetch-protected > > memory that is addressable by the address space in the first place. > How > > much > > interesting information there is in fetch-protected storage, I do not > > know. > > > > - > > Jan > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > > > > > Unless stated otherwise above: > > IBM United Kingdom Limited - Registered in England and Wales with > number > > 741598. > > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 > 3AU > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > -- > I have a theory that it's impossible to prove anything, but I can't > prove > it. > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ******************************************************** For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 ******************************************************** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
