[Bug 1700373] Re: intel-microcode is out of date, version 20170511 fixes errata on 6th and 7th generation platforms

Robie Basak 1700373 at bugs.launchpad.net
Fri Jul 7 14:42:39 UTC 2017 

@Marat

10:58 <rbasak> xnox: thanks, that's very useful to know. What's the the difference between early initramfs and normal runtime from the kernel/hardware perspective? I didn't think there was any distinction? But there has been talk of Trusty not having early initramfs support. I don't follow why that's a thing.
10:59 <xnox> rbasak, early micocode loading means that microcode is appended to the initramfs as an extra cpio archive. The kernel looks at the initramfs, notices there is microcode appended, and then it loads the microcode before executing init of the initramfs.
10:59 <xnox> rbasak, meaning that microcode is loaded "early", before any userspace process is started.
11:00 <xnox> rbasak, this is relevant in the context of e.g. lock ellision where microcode update _removes CPU instructions_
11:00 <rbasak> Ah. That makes sense - thanks!
11:00 <xnox> and e.g. loaded shared libraries already did the checks if they can use something, continue to try to use them, and segfault.

> Does not sound very convincing.

For an SRU, the burden of "convincing" is reversed. Convince us that
this issue *won't* regress users before we recommend an update to them,
not the other way round.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170511 fixes errata on 6th
  and 7th generation platforms

Status in intel-microcode package in Ubuntu:
  Fix Released
Status in intel-microcode source package in Trusty:
  Won't Fix
Status in intel-microcode source package in Xenial:
  Confirmed
Status in intel-microcode source package in Yakkety:
  Confirmed
Status in intel-microcode source package in Zesty:
  Fix Committed
Status in intel-microcode source package in Artful:
  Fix Released

Bug description:
  [Impact]

  * A security fix has been made available as part of intel-microcode
  * It is advisable to apply it
  * Thus an SRU of the latest intel-microcode is desirable for all stable releases

  [Test Case]

  * Upgrade intel-microcode package, if it is already installed / one is
  running on Intel CPUs

  * Reboot and verify no averse results, and/or that microcode for your
  cpu was loaded as expected.

  [Test case reporting]
  * Please paste the output of:

  dpkg-query -W intel-microcode
  grep -E 'model|stepping' /proc/cpuinfo | sort -u
  journalctl -k | grep microcode

  [Regression Potential]
  Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.

  [Other]
  caml discussion describing test case to reproduce the crash.
  https://caml.inria.fr/mantis/view.php?id=7452

  =========================================================================

  [Original bug report]

  NB: I am *not* directly affected by this bug.

  Henrique emailed a warning to Debian devel today [1] on a potentially
  serious issue with (sky|kaby)lake processors. Excerpt:

  "This warning advisory is relevant for users of systems with the Intel
  processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
  7th generation Intel Core processors (desktop, embedded, mobile and
  HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
  well as select Intel Pentium processor models.

  TL;DR: unfixed Skylake and Kaby Lake processors could, in some
  situations, dangerously misbehave when hyper-threading is enabled.
  Disable hyper-threading immediately in BIOS/UEFI to work around the
  problem.  Read this advisory for instructions about an Intel-provided
  fix."

  It is probably a good idea to:
  (1) issue a warning to our users about this;
  (2) update intel-microcode on all our supported releases

  I leave the discussion on whether this can have security implications
  to others.

  [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: intel-microcode 3.20161104.1
  ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
  Uname: Linux 4.10.0-24-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4.1
  Architecture: amd64
  CurrentDesktop: Unity:Unity7
  Date: Sun Jun 25 10:14:19 2017
  InstallationDate: Installed on 2017-05-26 (30 days ago)
  InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
  SourcePackage: intel-microcode
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

More information about the foundations-bugs mailing list