Re: [gentoo-user] Re: AMD microcode updates - where are they?!

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: AMD microcode updates - where are they?!
Date: Thu, 18 Jul 2019 19:23:06 +0100	[thread overview]
Message-ID: <11416330.qN9LcM7mFG@localhost> (raw)
In-Reply-To: <6827e723-50ee-a7da-49c0-51b622dc48f8@charter.net>

[-- Attachment #1: Type: text/plain, Size: 2246 bytes --]

On Thursday, 18 July 2019 13:33:36 BST Corbin wrote:
> On 7/17/19 3:51 PM, Ian Zimmerman wrote:
> >     pti=0 ibrs=0 ibpb=1 retp=1 -> fix variant #1 #2 if the microcode
> >     update is applied pti=0 ibrs=2 ibpb=1 retp=1 -> fix variant #1 #2 on
> >     older processors that can disable indirect branch prediction without
> >     microcode updates
> >     
> >     Note: A microcode patch provided by the vendor must be applied in
> >     order for the tunables to be visible.> 
> > which of course is self-contradictory, so not a full answer but maybe a
> > clue.

I did read this but wasn't sure what to deduce from it.  I took it to mean 
earlier CPUs won't receive a microcode patch, but will still have spectre 
mitigated, presumably using a different method.  Later CPUs will receive a 
patch.  My AMD APUs are later fam15h models and if the above is to be believed 
they probably ought to have received a patch - but none is observable.  :-/

Then I thought the note in the RHL article may need to be taken literally, to 
mean a microcode patch will just make tunables *visible*, rather than present.

> > Are those settings meant to go on a boot command line?
> 
> As for what Red Hat / Fedora is doing, no idea.
> 
> The parameters I used came from the kernel documentation.
> 
> 
> Corbin

According to kernel-4.19.57 docs at least, all CPU vulnerabilities and spectre 
related mitigations are automatically switched on, without the need to specify 
anything on the kernel line.  In addition, the selection of individual 
spectre_v2 mitigation methods is determined dynamically "... at run time 
according to the CPU, the available microcode, the setting of the 
CONFIG_RETPOLINE configuration option, and the compiler with which the kernel 
was built."

Anyway, selecting 'spectre_v2=on' "... will also enable the mitigation against 
user space to user space task attacks", so this is a useful option to use.

Regarding ibpb not being displayed under my /sys fs the docs say:

Default mitigation:
                    If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl"

Therefore, I am not sure if ibpb is meant to show up unless it has been 
specified on the kernel line as a spectre_v2_user mitigation method.

-- 
Regards,

Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2019-07-18 18:23 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-12 12:18 [gentoo-user] AMD microcode updates - where are they?! Mick
2019-07-12 16:07 ` [gentoo-user] " Ian Zimmerman
2019-07-13  0:56   ` Adam Carter
2019-07-13  1:13     ` Adam Carter
2019-07-13 10:04       ` Mick
2019-07-13 10:01     ` Mick
2019-07-13 16:21 ` [gentoo-user] " Jack
2019-07-13 17:18   ` Mick
2019-07-13 17:23     ` Mick
2019-07-13 17:42     ` Jack
2019-07-13 18:06       ` Mick
2019-07-13 18:16         ` Corbin
2019-07-13 19:23           ` Mick
2019-07-13 20:16             ` Wols Lists
2019-07-13 21:01               ` Rich Freeman
2019-07-13 22:03                 ` Mick
2019-07-14 13:26                   ` Mick
2019-07-15  0:42                     ` Adam Carter
2019-07-17  3:21                     ` Corbin
2019-07-17 10:58                       ` Mick
2019-07-17 12:46                         ` Corbin
2019-07-17 20:51                           ` [gentoo-user] " Ian Zimmerman
2019-07-18 12:33                             ` Corbin
2019-07-18 18:23                               ` Mick [this message]
2019-07-17 23:38                         ` [gentoo-user] " Adam Carter
2019-07-15  4:30         ` [gentoo-user] " Ian Zimmerman
2019-07-15 21:18           ` Ian Zimmerman
2019-07-16  9:47             ` Mick
2019-07-15  5:15         ` [gentoo-user] " Adam Carter
2019-07-16  8:10     ` Neil Bothwick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=11416330.qN9LcM7mFG@localhost \
    --to=michaelkintzios@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox