From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A4556138239 for ; Wed, 17 Jul 2019 10:59:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 50501E0828; Wed, 17 Jul 2019 10:59:01 +0000 (UTC) Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A5913E077C for ; Wed, 17 Jul 2019 10:59:00 +0000 (UTC) Received: by mail-wm1-x343.google.com with SMTP id g67so17566839wme.1 for ; Wed, 17 Jul 2019 03:59:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version; bh=0wX+2Gos0QhoHqA/m56YW9WmbJDHplYKM/Z4B8Iw/40=; b=o3r3MbVClIZanTaPoL4aPQ2ZDLH0b9BwRU07tOmCOxg7u4XJ+QCGyUa/LeBWCB+IWK 8UdGKl0YZxl4J6lvnhf8tquM4IgYmWndWZJGcR6CWLv1ITWgz5s5l7o2nne/AezFFYiq TNOMg3gbkiAYLQVpxyNE68vY8KwB+jC/UOBEKSq5eCgw24GGQANK9XqA+JFAv1fhprV7 vxTE/QcGgHlwO80B6IfENRzdUxeQDVw14iIG18hfuOvQnh7cdCVMyCaXlnEjrl+hiONC zCw3R/YCXsOJm0B0SOYQS3kLWLJ3SWn6HRmGJTNt8JAMKI0zNE1EpYbBBiNRpenC/0dl qr+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version; bh=0wX+2Gos0QhoHqA/m56YW9WmbJDHplYKM/Z4B8Iw/40=; b=MhhTQ8ndhBWZicvuU5R7Upd0SOBT7n5yA9H5gYantRUsIU4oAaTE7heBxwVs/A3Gkw 4OjHRWakAfB3fPJ/3TBxM/3rOLbDej0bKgMDuWPU78mgkk9kIj3zdf//1DLolOvwv3Xf /5bNC+agvoqXQV+j4OnpA7CQz+Kf8BereiF5Qw9EMvCFFoSmVJvQJwbWSjooz5el/59x ReeWzLWQeklChfoJ2UafjFtyR1LyBHOL9HuZ6aHedhOqn1k7QGpE76Q4VF1J92C5J6Rl Dl37ZuUuMtFi+QSk+02m2SqC6EOKCJpVNteWiyMBKq6XtrC7ke9Q/HOn+gdMMVyo1T/g j42Q== X-Gm-Message-State: APjAAAUWBxaqEa1JmKCIrVZ6dmol4lXs/hkw/q0B6oIFNNbuSFUbWT2C DqlDd4BL05Q0l+tOK4Oep0iHrX5m X-Google-Smtp-Source: APXvYqxfyPJylaOOCus7ay6+t/huq62UfGSJHkUd/4AnmjA6WABxAcNhI1HXjPsTaaiH5GD/TzeQ9Q== X-Received: by 2002:a1c:c542:: with SMTP id v63mr35088991wmf.97.1563361139018; Wed, 17 Jul 2019 03:58:59 -0700 (PDT) Received: from localhost.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id x16sm18212976wmj.4.2019.07.17.03.58.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jul 2019 03:58:57 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] AMD microcode updates - where are they?! Date: Wed, 17 Jul 2019 11:58:56 +0100 Message-ID: <2145688.70jHgKrVLc@localhost> In-Reply-To: References: <21714265.1ZXtKVbesA@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3344613.RAsGAaXgmi"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: 4d694875-813a-42e5-875c-e5925d06673b X-Archives-Hash: e15ac84092d60e6557265116a24517c7 --nextPart3344613.RAsGAaXgmi Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" On Wednesday, 17 July 2019 04:21:07 BST Corbin wrote: > On 7/14/19 8:26 AM, Mick wrote: > > Then I came across this old message regarding Piledriver CPUs: > > https://lists.debian.org/debian-security/2016/03/msg00084.html The > > post refers to model 2 of cpu family 21. Not all models in the same > > family, only model 2. So I am thinking although patch files are named > > per CPU family, whether they are applicable and applied as an update > > to the CPU is probably determined by the particular CPU *model*. > > Logically, errata in previous CPU revisions may have been fixed in > > later models of the same family and therefore such microcode updates > > would not be needed. When offered by the OS the CPU won't select to > > have them applied. This explains why my AMD models, which are later > > revisions of the same 15h family do not apply any microcode updates - > > they don't need them. Please share if you know differently and thank > > you all for your responses. > > Remember a while back when I mentioned that "lwp" had disappeared from > my /proc/cpuinfo? > > They restored "lwp" with this commit : > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.gi > > t/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609 > So it stands to reason that the microcode only applies specific patches > to specific problems per CPU. > > Reference : > > Darkstar ~ # cat /proc/cpuinfo > > processor : 0 > > vendor_id : AuthenticAMD > > cpu family : 21 > > model : 2 > > model name : AMD FX(tm)-9590 Eight-Core Processor > > stepping : 0 > > microcode : 0x6000852 > > cpu MHz : 4685.390 > > cache size : 2048 KB > > Output of /sys/devices/system/cpu/vulnerabilities : > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf > > Not affected > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds > > Not affected > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Not affected > > Darkstar ~ # cat > > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass > > Mitigation: Speculative Store Bypass disabled > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 > > Mitigation: __user pointer sanitization > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB > > filling > > Corbin Hmm ... My last line looks the same like Rich's, but different to yours: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling I don't have IBPB mentioned in there at all. I'm on gentoo-sources-4.19.57. Are you running a later kernel? According to this article a microcode update seems to be necessary, but I'm not sure if this statement only applies to Intel CPUs: https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 -- Regards, Mick --nextPart3344613.RAsGAaXgmi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEt7MNaGaS6HvTUrEz6WnU8jC95dcFAl0u/3AACgkQ6WnU8jC9 5ddyXxAAsfpiKGJ6c+NJtKajmLU1v+xL1v4mYJSnbJuxK8KeKXTvHQ07SWPcusRa 5yEBLAcaw98YipZJ8IuJiR/SFWKyINnzrow9Y5aOjG41Rknl8cKyaJceHqXim8pd 34EEdEYo/n+XnhrqDi1sMKOxmcvzdwP4qHadUmM1n5Gdw4AXIqu41pm8X/I0IMmu VxuFu137RBPPGlOggeIddRPL0MWY4/4lGwmLqO2+UI1JFC1fkhearqk0ups5yz0Q V3fVVYbSk/A5yFcBtDcYiT6OKhj9R83pX9ODb0rKgwIaWaJPlcGkd/rI5hyCorkc u/a07xUWbrIZK6M+Tb/84wyUiwj/xqgxbS3X/66kWkj2d1MuLfXgxyez0SptK/Kv pJkskfO+63P4hQV4Jt3xeY6ugyE0j4zMTJ6bnRPfF8Ynfjph+vObpqomo+NBhE+C zAMQts0+0/n8+5hvOFI/5toTQ3iwdWpXVO5AFywxy8LH7SB6oyfmHKLb/3uuiweV py98Uory00FGyPINJREyXXsIsq2mt+YPcC5r0qGmxFDdRfS6b43orC0nOvMeqIYl uIa56L+NXowEcFyr89Z5xZduM+A0MTX+32REcDUmoxWVpo1FDVGRpNgHifYeHrEV 17IW584D+HGxExEJvzIHvLFRhiIKfavV24C5YFqA4g0XXrf5PC8= =XMl8 -----END PGP SIGNATURE----- --nextPart3344613.RAsGAaXgmi--