| 1 |
On Wednesday, 17 July 2019 04:21:07 BST Corbin wrote: |
| 2 |
> On 7/14/19 8:26 AM, Mick wrote: |
| 3 |
> > Then I came across this old message regarding Piledriver CPUs: |
| 4 |
> > https://lists.debian.org/debian-security/2016/03/msg00084.html The |
| 5 |
> > post refers to model 2 of cpu family 21. Not all models in the same |
| 6 |
> > family, only model 2. So I am thinking although patch files are named |
| 7 |
> > per CPU family, whether they are applicable and applied as an update |
| 8 |
> > to the CPU is probably determined by the particular CPU *model*. |
| 9 |
> > Logically, errata in previous CPU revisions may have been fixed in |
| 10 |
> > later models of the same family and therefore such microcode updates |
| 11 |
> > would not be needed. When offered by the OS the CPU won't select to |
| 12 |
> > have them applied. This explains why my AMD models, which are later |
| 13 |
> > revisions of the same 15h family do not apply any microcode updates - |
| 14 |
> > they don't need them. Please share if you know differently and thank |
| 15 |
> > you all for your responses. |
| 16 |
> |
| 17 |
> Remember a while back when I mentioned that "lwp" had disappeared from |
| 18 |
> my /proc/cpuinfo? |
| 19 |
> |
| 20 |
> They restored "lwp" with this commit : |
| 21 |
> > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.gi |
| 22 |
> > t/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609 |
| 23 |
> So it stands to reason that the microcode only applies specific patches |
| 24 |
> to specific problems per CPU. |
| 25 |
> |
| 26 |
> Reference : |
| 27 |
> > Darkstar ~ # cat /proc/cpuinfo |
| 28 |
> > processor : 0 |
| 29 |
> > vendor_id : AuthenticAMD |
| 30 |
> > cpu family : 21 |
| 31 |
> > model : 2 |
| 32 |
> > model name : AMD FX(tm)-9590 Eight-Core Processor |
| 33 |
> > stepping : 0 |
| 34 |
> > microcode : 0x6000852 |
| 35 |
> > cpu MHz : 4685.390 |
| 36 |
> > cache size : 2048 KB |
| 37 |
> |
| 38 |
> Output of /sys/devices/system/cpu/vulnerabilities : |
| 39 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf |
| 40 |
> > Not affected |
| 41 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds |
| 42 |
> > Not affected |
| 43 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown |
| 44 |
> > Not affected |
| 45 |
> > Darkstar ~ # cat |
| 46 |
> > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass |
| 47 |
> > Mitigation: Speculative Store Bypass disabled |
| 48 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
| 49 |
> > Mitigation: __user pointer sanitization |
| 50 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
| 51 |
> > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB |
| 52 |
> > filling |
| 53 |
> |
| 54 |
> Corbin |
| 55 |
|
| 56 |
Hmm ... My last line looks the same like Rich's, but different to yours: |
| 57 |
|
| 58 |
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
| 59 |
Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
| 60 |
|
| 61 |
I don't have IBPB mentioned in there at all. I'm on gentoo-sources-4.19.57. |
| 62 |
Are you running a later kernel? |
| 63 |
|
| 64 |
According to this article a microcode update seems to be necessary, but I'm |
| 65 |
not sure if this statement only applies to Intel CPUs: |
| 66 |
|
| 67 |
https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 |
| 68 |
|
| 69 |
-- |
| 70 |
Regards, |
| 71 |
|
| 72 |
Mick |
Archives