From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 45085138334 for ; Sat, 13 Jul 2019 21:01:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EB3D6E0884; Sat, 13 Jul 2019 21:01:15 +0000 (UTC) Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 78E6FE0878 for ; Sat, 13 Jul 2019 21:01:15 +0000 (UTC) Received: by mail-pg1-f195.google.com with SMTP id z75so6000021pgz.5 for ; Sat, 13 Jul 2019 14:01:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=oJ1xSHxb+q6XCgWIY+SXogb4B2jfw3uQJhCtELCxkW8=; b=lIndfCFgVOLGHHLUOSyvbcjl1er2lhxQFPZzno5v1GPuJ/XAXuKT8vXkQARAqNOKL9 iBXPo+9qpNmaQ8yAxuX7bYvE3Rkrra23gipvP/pc/EwKZ6Nn+QrHXo6RVn9HMtN9vERi eO7yCQyezAVAqY+gTmltdAgqJas1aum4i7fmGLFD2TB2QdWfyYSsEI2kqzarN+WlZHNv mlCrSuousrvRs8kO7n/OC0CHfUXUoIBX2bce/q1Y3sxzC8T+udooT71uswshWGQ50vbE s2WAqy4fFS+3s3oP/h5bruRHKB8krizS9cgSmS98YmzibhMjoJHCJ+CGpsnDeNLv9T1O UJgg== X-Gm-Message-State: APjAAAUr6lyF9O1vQVStLW7/fsqSLDRNRhOGdwnnpzjvEiRCuBg6UCoE 5st6tdGYHXByVrDSYXLwTKgn5uUIUrzToQo038rkXGTB X-Google-Smtp-Source: APXvYqyYOmbKl2lQ82ETk8HqNFPnT7qexCvtYQJOeAnXeuAIdIFtgGB2RJOkpcrRK77KMJVuvL+y3OZcDz1HQoAsf8g= X-Received: by 2002:a17:90a:d593:: with SMTP id v19mr20172369pju.1.1563051674154; Sat, 13 Jul 2019 14:01:14 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <8454413.yhxcbTWUVq@localhost> <3234975.s2AmX6VSSp@localhost> <5D2A3C2A.2080205@youngman.org.uk> In-Reply-To: <5D2A3C2A.2080205@youngman.org.uk> From: Rich Freeman Date: Sat, 13 Jul 2019 17:01:02 -0400 Message-ID: Subject: Re: [gentoo-user] AMD microcode updates - where are they?! To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: ffb7e4a2-922d-4de1-adf1-5e04311d1ff9 X-Archives-Hash: b02ec0753c09a64c30600c21f16c2806 On Sat, Jul 13, 2019 at 4:16 PM Wols Lists wrote: > > On 13/07/19 20:23, Mick wrote: > > Thanks Corbin, I wonder if despite articles about microcode patch releases to > > deal with spectre and what not, there are just no patches made available for > > my aging AMD CPUs. > > Or Spectre and what not are Intel specific ... > > I know a lot of the reports said many of the exploits don't work on AMD. > It's something to do with the way Intel has implemented speculative > execution, and AMD doesn't use that technique. Some spectre-related vulnerabilities apply to AMD, and some do not. Most of the REALLY bad ones do not, but I believe that some of the AMD ones still require microcode updates to be mitigated in the most efficient way. Take a look in /sys/devices/system/cpu/vulnerabilities on your system for the kernel's assessment of what vulnerabilities apply, and how they are being mitigated. What you want to see is every single one either saying "Not affected" or they start with "Mitigation:" If you see one starting with something like Partial Mitigation or Vulnerable you should Google if there is something you can do to improve this. Note that this assumes you have a current kernel. The kernel can only report the vulnerabilities it knows about, so if you're running some kernel from 9 months ago it won't know about everything. For reference, on my Ryzen 5 1600 I get: for x in * ; do echo -n "$x: " ; cat $x ; done l1tf: Not affected mds: Not affected meltdown: Not affected spec_store_bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp spectre_v1: Mitigation: __user pointer sanitization spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling -- Rich