1 |
On Wednesday, 17 July 2019 04:21:07 BST Corbin wrote: |
2 |
> On 7/14/19 8:26 AM, Mick wrote: |
3 |
> > Then I came across this old message regarding Piledriver CPUs: |
4 |
> > https://lists.debian.org/debian-security/2016/03/msg00084.html The |
5 |
> > post refers to model 2 of cpu family 21. Not all models in the same |
6 |
> > family, only model 2. So I am thinking although patch files are named |
7 |
> > per CPU family, whether they are applicable and applied as an update |
8 |
> > to the CPU is probably determined by the particular CPU *model*. |
9 |
> > Logically, errata in previous CPU revisions may have been fixed in |
10 |
> > later models of the same family and therefore such microcode updates |
11 |
> > would not be needed. When offered by the OS the CPU won't select to |
12 |
> > have them applied. This explains why my AMD models, which are later |
13 |
> > revisions of the same 15h family do not apply any microcode updates - |
14 |
> > they don't need them. Please share if you know differently and thank |
15 |
> > you all for your responses. |
16 |
> |
17 |
> Remember a while back when I mentioned that "lwp" had disappeared from |
18 |
> my /proc/cpuinfo? |
19 |
> |
20 |
> They restored "lwp" with this commit : |
21 |
> > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.gi |
22 |
> > t/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609 |
23 |
> So it stands to reason that the microcode only applies specific patches |
24 |
> to specific problems per CPU. |
25 |
> |
26 |
> Reference : |
27 |
> > Darkstar ~ # cat /proc/cpuinfo |
28 |
> > processor : 0 |
29 |
> > vendor_id : AuthenticAMD |
30 |
> > cpu family : 21 |
31 |
> > model : 2 |
32 |
> > model name : AMD FX(tm)-9590 Eight-Core Processor |
33 |
> > stepping : 0 |
34 |
> > microcode : 0x6000852 |
35 |
> > cpu MHz : 4685.390 |
36 |
> > cache size : 2048 KB |
37 |
> |
38 |
> Output of /sys/devices/system/cpu/vulnerabilities : |
39 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf |
40 |
> > Not affected |
41 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds |
42 |
> > Not affected |
43 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown |
44 |
> > Not affected |
45 |
> > Darkstar ~ # cat |
46 |
> > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass |
47 |
> > Mitigation: Speculative Store Bypass disabled |
48 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
49 |
> > Mitigation: __user pointer sanitization |
50 |
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
51 |
> > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB |
52 |
> > filling |
53 |
> |
54 |
> Corbin |
55 |
|
56 |
Hmm ... My last line looks the same like Rich's, but different to yours: |
57 |
|
58 |
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
59 |
Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
60 |
|
61 |
I don't have IBPB mentioned in there at all. I'm on gentoo-sources-4.19.57. |
62 |
Are you running a later kernel? |
63 |
|
64 |
According to this article a microcode update seems to be necessary, but I'm |
65 |
not sure if this statement only applies to Intel CPUs: |
66 |
|
67 |
https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 |
68 |
|
69 |
-- |
70 |
Regards, |
71 |
|
72 |
Mick |