Is AIX/Power safe from Spectre / Meltdown?

No, you could not say it's safe.

https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.

[...]

Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.

[...]

AIX patches will be available beginning January 26 and will continue to be rolled out through February 12.

Update : patches available, http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc


Because of the specific nature of Meltdown, Power is not affected by the demonstration code, but it may be possible to write something that has a similar effect. But, because of the way that AIX on Power organizes it's memory map, only one page (IIRC, it's a while since I last looked) of the kernel (page 0, the one containing the interrupt vectors) is mapped into a user process. This prevents branch predictor cache loads from accessing kernel data structures, which is the particular attack documented for Meltdown (in other words, AIX on Power should be almost completely immune, by design, to Meltdown).

Linux on Power does (or at least until the updates) do the mapping of kernel memory into a protected region of user process address spaces, so a Meltdown type attack is theoretically possible, but AFAICT it has not been demonstrated. I do not know about IBM i.

The techniques described for Spectre remain less clear. IBM has only made the most broad statements publicly, which look like an effort to say something rather than nothing IMHO, but it is possible that all OSs running on Power may be affected by attacks related to the type documented. But, again, AFAICT, there is no demonstration code for Spectre on Power yet. But this may be a result of not enough Power systems being available to the researchers, and may change as time passes.

Please note that the views expressed in this post are my own, and are not those of any other person or organization.