In the last couple of weeks the whole IT was shocked getting news about security issues based on basic CPU architecture design covering “all” processor vendors… Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) vulnerabilities affected XEONs, AMD, POWER and ARM chips, but also SPARC uses similar features like all others. Spectre and Meltdown are different variants of the same fundamental underlying vulnerability, if exploited, allow attackers to get access to data previously considered completely protected. That affects chips manufactured in the last 20 years. Speculative execution to predict the future and out of order execution were implemented by Sun on their SPARC T3 chips (eg.: T3-1; GA November 2010, LOD September 2012).
Solaris never had kernel pages mapped in user context on SPARC. That’s the reason why I do not think Meltdown affects SPARC at all. Also Oracle mentioned “Oracle believes that Oracle Solaris versions running on SPARCv9 hardware are not impacted by the Meltdown”. But it could happen on Solaris x86 as far as I understood.
Well, starting with T3 (S3 core) Oracle introduced speculative and out-of-order execution in the S3 pipeline. Prediction algorithms and deepness of the prediction buffers differs not only between vendors but across CPU generations. So it might be tricky but still possible to attack SPARC systems. Right now there is no public known attack for Solaris SPARC. Oracle says “Oracle believes that certain versions of Oracle Solaris on SPARCv9 are affected by the Spectre vulnerabilities.”
There are no public patches from Oracle at the moment to fix that issue, but an own MOS document for SPARC:
Oracle Support Document 2349278.1 (Oracle Solaris on SPARC and Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754)) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=2349278.1
All other Oracle products could be found at:
Oracle Support Document 2347948.1 (Addendum to the January 2018 CPU Advisory for Spectre and Meltdown) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1
Let’s see what will happen in the next days… stay tuned….
After a default Linux (in my case Oracle Linux 7.4) installation you won’t see anything after grub finished with “start /HOST/console”
Had the fun today to upgrade a bunch of solaris clusters…. this time I wrote a docu 🙂
There were a lot of rumors about Solaris and SPARC because Oracle fired around 1.500 HW developers some months ago. Around Oracle Open World were some product announcements and more information about Solaris. A brand-new SPARC chip came out and Oracle promised once again to invest into Solaris and give a Solaris 11 support at least until 2034.
They also mentioned the next Solaris 11.next release will come in fall 2017. So it will take some time to get 11.4 but hopefully with the backport of Solaris 12 beta features since they canceled 12 in favor of 11.next.
Oracle SPARC M8 Processor
The new SPARC CPU has 32 cores again but at 5 GHz based on a new 20nm core design with “Software in Silicon v2”. We have now four execution pipelines, they doubled the size of L1 cache and increased the performance of the DAX engines (1.8 vs. 2.2 GHz). M8 comes with 180 GB/s memory bandwidth measured, and a raw memory links performance of 374 GB/s per processor. (BTW; did you know that the latest Xeon 8180M launched at Q3’17 only provides 119 GB/s). We got Oracle number acceleration units and SHA-3 was added to the other 15 cyphers and hashes we had in M7 cryptography co-processors.
Compared to M7 that is a 1.5x better single-thread performance with 21% higher frequency and on the memory site 16% higher bandwidth but with still 6% lower memory latency. That’s a very nice and easy improvement for your Solaris installations. And do not forget, just migrate your LDOM live to the new M8 server and enjoy the faster environment…
SPARC M8 processors running Oracle Solaris 11.3 ran 2.9 times faster executing AES-CFB 256-bit key encryption (in cache) than the Intel Xeon Processor Platinum 8168 (with AES-NI) running Oracle Linux 7.3.
SPARC M8 processors running Oracle Solaris 11.3 ran 6.4 times faster executing AES-CFB 256-bit key encryption (in cache) than the Intel Xeon Processor E5-2699 v4 (with AES-NI) running Oracle Linux 7.2
Oracle Fujitsu SPARC XII
Also Fujitsu announced a new Sparc64 processor called SPARC XII which can be bought as OEM from Oracle. A 12 core CPU @ 4,25 GHz in systems with 1 to 32 sockets and up to 32 TB memory.
Oracle X7 Server
With the latest x86 generation you will also get Support and the RTU for Solaris-x86. Oracle X7 Server comes with 1 up to 8 Sockets with 192 cores and 6 TB memory.
Overall great news for your Solaris investments and big datacenter irons 🙂