Update to upstream 2.1-19. 20180807

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-eb34880f6f

This update has been submitted for testing by aarapov.

4 years ago
User Icon hreindl commented & provided feedback 4 years ago
karma

works for me - fixes CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'

User Icon ibims commented & provided feedback 4 years ago
karma

works

User Icon marionette commented & provided feedback 4 years ago
karma

works

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'

STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'

STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

This update has been pushed to testing.

4 years ago

This update has been submitted for batched by bodhi.

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago
User Icon yannick commented & provided feedback 4 years ago
karma

Hi, The upgrade does not work here. I suspect a bug somewhere...

$ sudo dnf list installed | grep microcode microcode_ctl.x86_64 2:2.1-26.fc28 @updates-testing $ dmesg | grep microcode [ 0.520184] microcode: sig=0x306c3, pf=0x2, revision=0x24 [ 0.520453] microcode: Microcode Update Driver: v2.2. $ lscpu | grep Intel Identifiant constructeur : GenuineIntel Nom de modèle : Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz

According to upstream documentation here: https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File == 20180807 Release == ../.. ---- updated platforms ------------------------------------ ../.. HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3

It should be "revision=0x25" but it is "24".

The checker script found here : https://github.com/speed47/spectre-meltdown-checker reports: Spectre and Meltdown mitigation detection tool v0.39+ ../.. * CPU microcode is the latest known available version: NO (you have version 0x24 and latest known version is 0x25) ../.. CVE-2018-3640 [rogue system register read] aka 'Variant 3a' * CPU microcode mitigates the vulnerability: NO

STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4' * Mitigated according to the /sys interface: NO (Vulnerable) * Kernel supports speculation store bypass: YES (found in /proc/self/status)

STATUS: VULNERABLE (Your CPU doesn't support SSBD)

IMHO the new microcode is not applied by the kernel for some reason.

@yannick

first just because it donÄt update YOUR CPU does NOT justify negative karma leading hold back the update for all the ton of othermachines wehre it does

second: you pretty sure missed "dracut -f" because after the Haswell TSX updates microcode needs to be loaded realy and so included in the initrd - so either "dracut -f" or wait for the next kernel update generating a new initrd anyways

User Icon yannick commented & provided feedback 4 years ago
karma

ty @hreindl, $ sudo dracut -f fixed the issue. Why is this command not part of the install process of microcode_ctl?

because it's not much fun overwrite the last recent known working initrd with arbitary updates

lsinitrd shows you what is all in there and you have for every installed kernel a own initrd, if something is borked there and you update the kernel without reboot and the kernel don't work your last recent entry is also dead

the whole idea of having more than one kernel is to ensure a working way back at boot in case of troubles and when every random package which is contaiend in the initrd re-creates it you will lose that capability, so just wait for the next kernel which is anyways away only a feew days on fedora or RTFM

[root@rh:~]$ uname -a Linux rh.thelounge.net 4.17.14-202.fc28.x86_64 #1 SMP Wed Aug 15 12:29:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

however, just because something does not have any positive impact for you don't justify negative karma and holding back the update for everryone else by disable autopush as long you can't point out a regression

User Icon rathann commented & provided feedback 4 years ago
karma

WFM:

$ dmesg |grep microcode
[    0.000000] microcode: microcode updated early to revision 0x24, date = 2018-04-02
[    0.605804] microcode: sig=0x40651, pf=0x40, revision=0x24
[    0.605896] microcode: Microcode Update Driver: v2.2.
$ cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass 
Mitigation: Speculative Store Bypass disabled via prctl and seccomp

Please login to add feedback.

Metadata
Type
enhancement
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago

Automated Test Results

Test Cases

0 0 Test Case microcode update