[Simh] Fwd: VAX + Spectre

[allison]

On 9/17/19 1:49 PM, Warner Losh via cctalk wrote:
> On Tue, Sep 17, 2019, 6:40 PM Paul Koning via cctalk <cctalk at classiccmp.org>
> wrote:
> 
>> Yes, I understand that a number of ISAs are vulnerable.  The original
>> paper by Kocher clearly mentions both x86 and ARM.
>>
>> The reason I forwwarded the question is that I'm not aware enough of all
>> the VAX variants to answer whether there are any VAXen with speculative
>> execution.  If no, then we're done, the answer is easy.  (That was the case
>> when the question was asked for PDP11s.)  But if yes, then it becomes
>> necessary to read the paper carefully to see if any of the prerequisites
>> are implemented in some VAX, and if yes, what the fix might look like.
>>
> 
> Early Vaxen are immune. Latter day ones require careful analysis since they
> have some out of order things. I'm not expert enough to know for sure,
> though, and the latter day stuff is half remembered from marketing material
> for one of the final generations of Vax big iron before Alpha drove that
> away... But I don't think many of these old beasts are still running even
> if my half remembered stuff is right...
> 
> I'm reasonably comfortable assuming that the somewhat-related "Meltdown"
>> vulnerability doesn't show up in VAX, because that issue requires a
>> designer who'd implement page access checking in a way I would not expect a
>> DEC engineer to do.
> 
> 
> I'm agree.
> 
> Warner
> 
>         paul
>>
>>> On Sep 17, 2019, at 11:42 AM, Clem Cole <clemc at ccc.com> wrote:
>>>
>>> Paul - be careful.  All CPU's post the IBM AGS that used branch
>> prediction are suspect.   Russ Robelen (who was the 360/50 lead, worked on
>> 360/90 and lead AGS) has the speculative executing patent.   I tweaked him
>> when it all came out and said - look at what you did.
>>>
>>> What Russ and team are great ideas and we all have used them since they
>> first published about it.   And the fact is that it took 40 years before
>> someone even proposed that it was an issue and could become security
>> exploit (by some folks in German at a security conference) and it Google 18
>> months to reduce it to practice.
>>> ᐧ
>>>
>>> On Tue, Sep 17, 2019 at 9:55 AM Paul Koning <paulkoning at comcast.net>
>> wrote:
>>> "Spectre" is one of two notorious bugs of modern CPUs involving
>> speculative execution.  I rather doubt that VAX is affected by this but I
>> suspect others here have a lot more knowledge.
>>>
>>>       paul
>>>
>>>> Begin forwarded message:
>>>>
>>>> From: coypu at sdf.org
>>>> Subject: VAX + Spectre
>>>> Date: September 17, 2019 at 5:32:42 AM EDT
>>>> To: port-vax at netbsd.org
>>>>
>>>> So, this is a bug report:
>>>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86811
>>>>
>>>> GCC would like to know if VAX needs Spectre-related work.
>>>> Are any of the VAXes ever made capable of speculative execution? the
>>>> first tech for doing it was in 1967, so not entirely far-fetched.
>>>
>>> _______________________________________________
>>> Simh mailing list
>>> Simh at trailing-edge.com
>>> http://mailman.trailing-edge.com/mailman/listinfo/simh
>>
>>

I see this as a question of the number of angels that can dance on the
point of a pin.   But could GCC compile code that has system access to
do nasties is a more complex question.  Then again how does it get
system prives to start with?

First VAX represents more than a dozen different implementations from
the 780 though the many CMOS versions so what might be an issue for one
is likely not for another.  The other half is the OS in use may be
sufficiently able to keep rogue processes confined. Of course there
are the LAVC and bus connected multi-cpu clustered systems.

In the end its mostly meaningless as the only reliable way to take a VAX
down is trip on the power cord, assuming you can get to it.

Allison