Checking AIX Spectre / Meltdown Settings
nagger 100000MRSJ Visits (4157)
To get protection from the Spectre / Meltdown security issues you need a few items in place:
1) A systems firmware level that supports the protection
2) The system firmware protection is actually switched on
3) An AIX level that supports the protection
4) New AIX command details to check: lparstat -x
For full information see Tech
$ lparstat -x LPAR Speculative Execution Mode: 2 $
What does the 2 mean?
Answer: Read the TechNote to find out! This covers the three modes with a full explanation and a link to the IBM web pages covering Spectre / Meltdown.
For POWER9 based Server the link is:
Hint: for full protection use mode 2
My Personal Best Practice recommendation:
Run ALL possible servers in Mode 2 to avoid unexpectedly lowering the security of your virtual machine (LPAR) - when you use Live Partition Migration (LPM).
You would not want to be accidentally run your production services without full protection and this is 100 times more important in a Cloud environment.
What is the effect of switching on the fixes on Performance?
I covered this in during a session for the Power Virtual User Group session called the POWER9 Performance Review session 79. You can find that here
I hope this helps you to compute safely.
Cheers Nigel @mr_nmon Griffiths