Spectre vulnerability also present on s390x CPUs (according to "lscpu" output)?
Hi all, the output of lscpu shows: [...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...] is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.) Apart from that, I'm curious about the CPU flags. Again, output of lscpu: Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie (While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?) TIA for any clarifications & kind regards, Holger
Hi Holger, Thank you for this report! But I expect, that nobody on our list can answer this question. Can you send the same email to security@suse.com with myself on CC, please? Thank you! Best regards, Sarah
Gesendet: Sonntag, 25. Juni 2023 um 11:42 Uhr Von: "Holger Rauch" <holger.rauch@posteo.de> An: zsystems@lists.opensuse.org Betreff: Spectre vulnerability also present on s390x CPUs (according to "lscpu" output)?
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Holger
Hi Sarah, first of all, thanks for your quick reply. Yes, I certainly can notify security@suse.de about this (and also will follow your advice), I'm also curious as to whether you know some IBM employee by chance that could provide some insight into this (because it is s390x CPU-specific)? Main reason I'm phrasing my question like this: - Spectre has been (mostly) an Intel (x86-64 specific) issue, at least to my knowledge - on the other hand, I'm not really sure whether the SUSE security team has got s390x on its radar (because the s390x architecture is not as widely used as x86-64) Nevertheless, as I sais, I'll follow your advice and notify/ask security@suse.de (with the full lscpu output included). Kind regards, Holger On So, 25 Jun 2023, Sarah Julia Kriesch wrote:
Hi Holger,
Thank you for this report! But I expect, that nobody on our list can answer this question. Can you send the same email to security@suse.com with myself on CC, please?
Thank you! Best regards, Sarah
Gesendet: Sonntag, 25. Juni 2023 um 11:42 Uhr Von: "Holger Rauch" <holger.rauch@posteo.de> An: zsystems@lists.opensuse.org Betreff: Spectre vulnerability also present on s390x CPUs (according to "lscpu" output)?
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Holger
Hi Holger, On Sun, Jun 25, 2023 at 09:42:47AM +0000, Holger Rauch wrote:
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
sie - Start interpretation execution (start a virtuel machine)
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Can you please outline on which hardware and software this has happened? Ihno "Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
Gesendet: Montag, 26. Juni 2023 um 10:09 Uhr Von: "Ihno Krumreich" <ihno@suse.com> An: "Holger Rauch" <holger.rauch@posteo.de> Cc: zsystems@lists.opensuse.org Betreff: Re: Spectre vulnerability also present on s390x CPUs (according to "lscpu" output)?
Hi Holger,
On Sun, Jun 25, 2023 at 09:42:47AM +0000, Holger Rauch wrote:
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
sie - Start interpretation execution (start a virtuel machine)
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Can you please outline on which hardware and software this has happened?
We are using the latest zSystems (in our case LinuxONE) hardware in the LinuxONE OSS Community Cloud. lscpu is saying this z/VM version: z/VM 7.2.0 We are using openSUSE Tumbleweed as an operating system and I trust Holger, that he has got the latest version with updates. I can give you also access to the LinuxONE OSS Community Cloud, if you want to forward me (private) your SSH key. Best regards, Sarah
Ihno
"Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
Hi Ihno, thanks for getting back to me. Is there some (IBM) documentation regarding the flags. (You mentioned the meaning of "sie" below, but I'm also curious about the rest. For x86-64, there's an interesting post on unix.stackexchange.com: https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpu... (But for s390x, this seems to be very hard to find). For the sake of completeness - and in addition to Sarah's answer - I post the full output of "lscpu" here: Architecture: s390x CPU op-mode(s): 32-bit, 64-bit Byte Order: Big Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: IBM/S390 Model name: - Machine type: 8561 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s) per book: 1 Book(s) per drawer: 1 Drawer(s): 4 CPU dynamic MHz: 5200 CPU static MHz: 5200 BogoMIPS: 3241,00 Dispatching mode: horizontal Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie Virtualization features: Hypervisor: z/VM 7.2.0 Hypervisor vendor: IBM Virtualization type: full Caches (sum of all): L1d: 512 KiB (4 instances) L1i: 512 KiB (4 instances) L2d: 4 MiB (1 instance) L2i: 4 MiB (1 instance) L3: 256 MiB L4: 960 MiB NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Not affected Retbleed: Not affected Spec store bypass: Not affected Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens Srbds: Not affected Tsx async abort: Not affected Kind regards, Holger On Mo, 26 Jun 2023, Ihno Krumreich wrote:
Hi Holger,
On Sun, Jun 25, 2023 at 09:42:47AM +0000, Holger Rauch wrote:
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
sie - Start interpretation execution (start a virtuel machine)
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Can you please outline on which hardware and software this has happened?
Ihno
"Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
Hi Holger, not the full list, but... dflt - Hardware-accelerated compression dfp - Decimal-Floating-Point Instructions, chapter 20, Principles of Operations edat - Enhanced Dynamic Address Translation-2 (edat as a feature indicates 1 MB huge-page support). msa - message-security assist (Support for signature and Data-Encryption-Algorithm) Shows that CPACF is installed. sie - Start Interpretive Execution (the Linux instance can be a hypervisor). stfle - A list of bits providing information about facilities is stored beginning at the doubleword specified by the second operand address. vx - vx indicates that the Vector Extension Facility is available vxd - Vector-Decimal Facility vxe - Vector-Enhancement Facility 1 vxe2 vxp I assume vxe2 an vxp are also Vector related. Regards Ihno On Mon, Jun 26, 2023 at 10:40:31AM +0000, Holger Rauch wrote:
Hi Ihno,
thanks for getting back to me. Is there some (IBM) documentation regarding the flags. (You mentioned the meaning of "sie" below, but I'm also curious about the rest. For x86-64, there's an interesting post on unix.stackexchange.com:
https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpu...
(But for s390x, this seems to be very hard to find).
For the sake of completeness - and in addition to Sarah's answer - I post the full output of "lscpu" here:
Architecture: s390x CPU op-mode(s): 32-bit, 64-bit Byte Order: Big Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: IBM/S390 Model name: - Machine type: 8561 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s) per book: 1 Book(s) per drawer: 1 Drawer(s): 4 CPU dynamic MHz: 5200 CPU static MHz: 5200 BogoMIPS: 3241,00 Dispatching mode: horizontal Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie Virtualization features: Hypervisor: z/VM 7.2.0 Hypervisor vendor: IBM Virtualization type: full Caches (sum of all): L1d: 512 KiB (4 instances) L1i: 512 KiB (4 instances) L2d: 4 MiB (1 instance) L2i: 4 MiB (1 instance) L3: 256 MiB L4: 960 MiB NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Not affected Retbleed: Not affected Spec store bypass: Not affected Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens Srbds: Not affected Tsx async abort: Not affected
Kind regards,
Holger
On Mo, 26 Jun 2023, Ihno Krumreich wrote:
Hi Holger,
On Sun, Jun 25, 2023 at 09:42:47AM +0000, Holger Rauch wrote:
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
sie - Start interpretation execution (start a virtuel machine)
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Can you please outline on which hardware and software this has happened?
Ihno
"Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
-- Best regards/Mit freundlichen Gruessen Ihno Krumreich "Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
Hi Ihno, thanks a lot for providing that additional info. Much appreciated :-) Concerning the explanation given for "dfp": What particular documentation does "chapter 20, Principles of Operations" refer to? TIA & kind regards, Holger On Mo, 26 Jun 2023, Ihno Krumreich wrote:
Hi Holger,
not the full list, but...
dflt - Hardware-accelerated compression dfp - Decimal-Floating-Point Instructions, chapter 20, Principles of Operations edat - Enhanced Dynamic Address Translation-2 (edat as a feature indicates 1 MB huge-page support). msa - message-security assist (Support for signature and Data-Encryption-Algorithm) Shows that CPACF is installed. sie - Start Interpretive Execution (the Linux instance can be a hypervisor). stfle - A list of bits providing information about facilities is stored beginning at the doubleword specified by the second operand address. vx - vx indicates that the Vector Extension Facility is available vxd - Vector-Decimal Facility vxe - Vector-Enhancement Facility 1 vxe2 vxp
I assume vxe2 an vxp are also Vector related.
Regards
Ihno
On Mon, Jun 26, 2023 at 10:40:31AM +0000, Holger Rauch wrote:
Hi Ihno,
thanks for getting back to me. Is there some (IBM) documentation regarding the flags. (You mentioned the meaning of "sie" below, but I'm also curious about the rest. For x86-64, there's an interesting post on unix.stackexchange.com:
https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpu...
(But for s390x, this seems to be very hard to find).
For the sake of completeness - and in addition to Sarah's answer - I post the full output of "lscpu" here:
Architecture: s390x CPU op-mode(s): 32-bit, 64-bit Byte Order: Big Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: IBM/S390 Model name: - Machine type: 8561 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s) per book: 1 Book(s) per drawer: 1 Drawer(s): 4 CPU dynamic MHz: 5200 CPU static MHz: 5200 BogoMIPS: 3241,00 Dispatching mode: horizontal Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie Virtualization features: Hypervisor: z/VM 7.2.0 Hypervisor vendor: IBM Virtualization type: full Caches (sum of all): L1d: 512 KiB (4 instances) L1i: 512 KiB (4 instances) L2d: 4 MiB (1 instance) L2i: 4 MiB (1 instance) L3: 256 MiB L4: 960 MiB NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Not affected Retbleed: Not affected Spec store bypass: Not affected Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens Srbds: Not affected Tsx async abort: Not affected
Kind regards,
Holger
On Mo, 26 Jun 2023, Ihno Krumreich wrote:
Hi Holger,
On Sun, Jun 25, 2023 at 09:42:47AM +0000, Holger Rauch wrote:
Hi all,
the output of lscpu shows:
[...] Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Mitigation; etokens [...]
is the (virtual) CPU really affected by Spectre or is it just some false alarm? (I'm aware that even if it were affected, the vulns are mitigated, but it still strikes me somewhat strange, to be honest.)
Apart from that, I'm curious about the CPU flags. Again, output of lscpu:
Flags: esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
sie - Start interpretation execution (start a virtuel machine)
(While "zarch" is probably self-explanatory, the remaining flags are not. Is there a list on the MEANING - not just the non-abbreviated full terms - of these flags?)
TIA for any clarifications & kind regards,
Can you please outline on which hardware and software this has happened?
Ihno
"Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
-- Best regards/Mit freundlichen Gruessen
Ihno Krumreich
"Never trust a computer you can lift!" -- Ihno Krumreich Ihno@suse.de Projectmanager S/390 & zSeries http://www.suse.de +49-911-74053-439 SUSE Software Solutions Germany GmbH Frankenstraße 146, 90461 Nürnberg Geschaeftsfuehrer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman HRB 36809 (AG Nuernberg)
participants (3)
-
Holger Rauch
-
Ihno Krumreich
-
Sarah Julia Kriesch