Return to

The POWER and PowerPC General Discussion / News Thread



I’m really starting to like the idea of a Linux PS3. Might have to invest.

Imagine using that as a work machine in an office. co-workers would be so confused.


Most of your services would need to be external though, so keep that in mind. Theres no sound chip or controllers for much aside from bluetooth. Its all inegrated into the CELL chip itself. Theres only 1 core for real processing, 2 for games specifically, controller shit, then one layover core that mostly handles the background system updates. Its hard to unlock the whole chip so often its just the first 3 or 4 cores that can be made available. You’ve heard of the PS3 cluster right? Theres a reason they did a cluster of PS3’s and not a CELL/XELL server straight up. Less cores, but you cluster them together, get that sound core processing C only, get about 400 of them, and you’re still about 8000 USD under what a CELL/XELL server was priced at at the time and you have the firepower of almost 2 of those things.


That’s freaking awesome. Not sure I could do that from a cost perspective, but still.


Someone on here has one running almost all cores. Ask them about it. Might have been mentioned in this thread?


You rang!?

By default, you are running 6 SPEs max if you are using OFW 3.15 or lower. If you are Running CFW 3.55 or newer, you can unlock the 7th SPE by running with GameOS privileges . the PPC CPU is a single core dual thread 64bit unit.

If you were lucky to get a PHAT PS3 that did not have a defective 8th SPE, then you can turn that on by changing some hex lines in the boot up firmware. Some of the SKinnies had the 8th SPE lasered off. The Slims should have the 8th SPE turned off by software.

I have a PS3 Running Debian Wheezy because the ABI break in Linux Kernel 3.16 will not work with the PS3 Hypervisor. I have GameOS rights, all 8 SPEs active, and a GPU partially working with nouveau running OtherOS++. Unfortunately my BDRom died.

I mostly run it in CLI mode though because there is not enough RAM on the damn thing to do more than light graphical utilities. Adding and SSD to the system does not make a difference either because the SATA bus is shared with the BDRom and some other devices on the system. The HV throttles the speed so can’t use that as fast swap.

Unless you are a PPC fan, it is not worth your time trying to turn it into a daily. I use it to do video encoding mostly and cross compile stuff for my HP Touchpad. Trying to get a modern Linux on that thing.


Two things on the Speculative Execution front

  1. There is a new IBM firmware bulletin about Power and Speculative Execution
  2. My saga of pestering Raptor Engineering for details on GNU Social continues

The IBM bulletin makes it pretty clear that POWER7+ and POWER8 are vulnerable to Meltdown. Now I’m curious how AMD dodged this bullet when ARM, Intel, and IBM did not. According to Raptor Engineering, POWER9 on Talos will not need KPTI. Does this just mean that DD2.2 silicon is not vulnerable to Meltdown, or does Meltdown mitigation on Power not require KPTI in general?

Vulnerability cheatsheet

CVE Group GPZ number GPZ naming
CVE-2017-5715 Spectre variant 2 branch target injection
CVE-2017-5753 Spectre variant 1 bounds check bypass
CVE-2017-5754 Meltdown variant 3 rogue data cache load

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

Someone noticed that the Power ISA, as well as some other documents, mention an “ultravisor” mode in addition to the hypervisor.

The version 3.0B ISA document mentions it only as a possible type of privileged instruction in the appendix when it gives you a list of all the defined instructions. There are three of these lists (sorted by version, sorted by opcode, and sorted by mnemonic), so 3.0B mentions it once at the end of each list.

I also have a PDF of version 3.0, but —weird— it only mentions ultravisor in one of the lists, even though the only difference between these lists should be in how they are sorted!

I went and made a table on the RCS Wiki comparing the Machine State Register bits defined by different versions of the Power ISA. One of those reserved bits is probably the Ultravisor state.

Hypervisor state was introduced in POWER4 (see 4:11 in the video below) although it was not mentioned in documentation except as a reserved bit. I guess that we will find that one of the reserved bits turns out to indicate the Ultravisor state.


Meltdown fix for Power

PowerPC Memory Protection Keys In For Linux 4.16, Power Has Meltdown Mitigation In 4.15 (Phoronix)

powerpc/64s: Add support for RFI flush of L1-D cache (git commit)

According to the git commit, this fixes Meltdown on POWER7, POWER8 and POWER9. He explicitly states they don’t know if the 970 (Apple G5), pasemi CPUs (AmigaOne X1000) or Freescale CPUs are vulnerable.

According to the commit, Meltdown on the affected chips only works on the L1 cache, so the fix purges L1 when switching to a less privileged state (kernel to userspace).

In order for [the vulnerability] to happen, the first load must hit in the L1, because before the load is sent to the L2 the permission check is performed. Therefore if no kernel addresses hit in the L1 the vulnerability can not occur. We can ensure that is the case by flushing the L1 whenever we return to userspace. Similarly for hypervisor vs guest.

Also it sounds like these patches should help even without a firmware fix:

Newer firmwares are able to advertise to us that there is a special nop instruction that flushes the L1-D. If we do not see that advertised, we fall back to doing a displacement flush in software.

Edit: looks like @catsay beat me to it:


I think what we’ll see soon is the culling of a lot of old tech like this and small AI systems for CPU’s start to pop up and be shipped. So instead of something like Meltdown or Spectre happening and no one knows, theres an actual logic engine built in that says “Wait the fuck is this no”


I don’t know how you’d do that since you would be watching for programs where the speculated code is loading out of bounds (which I imagine even good programs do).

Is it possible/feasible for a programmer to be aware of what the CPU might speculate with every branch, to avoid accidentally tripping the Spectre detection?


Possible? Yes. Feasible? No. Thats why the AI makes way more sense. The advantage on powerpc is that the L1 is more designed as a pipeline so it always has datachanges, rather where on intel chips I’ve watched in the past use it more as storage. And by that I mean, something needs this, it goes in L1, used instantly, now its gone. I am skeptical that this whole ordeal really means anything in the firste place, I think theres a coverup going on and someone made this shit up (Y2K for example), and if we all used more modern processors in the first place that weren’t designed to work with VAX in their origin (if we used ARM or POWER for example) this wouldn’t be that big of a deal even if it WAS problematic. I honestly am annoyed that I have to use X86 every day because of its poor design and its numerous flaws, but this is a flaw that someone pulled out of their ass.

For the future? Either EVERYONE needs to never use L1 for anything, Speculative Exec needs to be turned off, or we need a mini AI in our chips that learns this shit like in the ryzen chips. Or we stop using shitty processors. Thats the only way forward I see that is successful. But, no one cares enough, so in 4 months I’ll still have my shitty xeon and I’ll be looking at a shitty dual xeon or Ryzen 2 setup.


So on Power you only get one load per memory address after a store? Pseudo-code:

store r1 into 0x01003603  ← caches at L1
load 0x01003603 into r4   ← uses L1
load 0x01003603 into r2   ← uses L2?

On Power, fixing CVE-2017-5754 (Meltdown) doesn’t sound that bad, just flushing the L1 cache when switching states. I haven’t seen anything clear about how they fix the other two (maybe retpoline patches work fine here). Whatever the fix is, adding an AI that gets annoyed about code that should only execute in a parallel universe sounds like way more trouble than its worth.


By the way, I saw a listing for an S822LC server on that mentions being “service locked”; something anyone buying on ebay might want to watch out for in case their seller doesn’t say so.

Server is “service locked” and requires an IBM service contract, or access to a service vendor that would have a contract, to clear and reset access password(s).

Items NOT Included:

Original Software, Manuals, HDDs, HDD Caddies, ASMI password/service password.


I just know thats what my PPC macs do. Thats why they were so powerful back in the day, or at least one of the reasons. No idea about CELL/XELL or POWER in total tbh.


Seems like you’d be able to zap that out.


Is there a name for that? I am looking around, but I am not seeing what you describe. Any idea where to look for more info about this?

According to this PowerPC L1 is “pseudo-LRU” and the L2 is “Two-way set associative”, but neither of these sound like the pipeline you describe.


I don’t really know a name for it. Its just behaviour I have observed in memory readers.


If you will put up with my obsession some more, there is a photo of the production Talos II mainboard on the company wiki now:


Its the only board like it for sale. If I could get that and toss a 1080ti on it and make it run linux and wine I’ll be happy lol.


Is running wine on an emulator possible like that? They had QEMU tests on the S822LC system they were experimenting with for Talos I, but I think those were Linux programs.