Bug 1753540
| Summary: | [rhel-6.10.z] Update Intel microcode version to microcode-20190918 | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Eugene Syromiatnikov <esyr> | |
| Component: | microcode_ctl | Assignee: | Eugene Syromiatnikov <esyr> | |
| Status: | CLOSED ERRATA | QA Contact: | Jeff Bastian <jbastian> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.10 | CC: | mthacker, skozina, toneata | |
| Target Milestone: | pre-dev-freeze | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | microcode_ctl-1.17-33.16.el6_10 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1755718 1755719 1755720 1760915 (view as bug list) | Environment: | ||
| Last Closed: | 2019-10-16 08:54:15 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1755718, 1755719, 1755720, 1760915 | |||
|
Description
Eugene Syromiatnikov
2019-09-19 09:11:31 UTC
microcode-20190918 release includes the following microcode updates: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New BDW-U/Y E0/F0 6-3d-4/c0 0000002d->0000002e Core Gen5 HSX-EX E0 6-3f-4/80 00000014->00000016 Xeon E7 v3 BDW-H/E3 E0/G0 6-47-1/22 00000020->00000021 Core Gen5 BDX-ML B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx BDX-DE V1 6-56-2/10 0000001a->0000001c Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87 BDX-NS A0 6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53 SKX-SP H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable SKX-D M1 6-55-4/b7 0200005e->00000064 Xeon D-21xx CLX-SP B1 6-55-7/bf 05000021->0500002b Xeon Scalable Gen2 Verified with microcode_ctl-1.17-33.17.el6_10 on three different Intel CPUs, including Broadwell-EP which requires use of a "force" file to override the blacklisting of this particular microcode (due to instability issues). I'm also including test results for the microcode_ctl updates for RHEL 6.4.z, 6.6.z, and 6.7.z here for bug 1755718, bug 1755719, and bug 1755720 respectively. I tested Sandy Bridge-EP on RHEL 6.4.z which is newly blacklisted like Broadwell-EP; see bug 1758382 for more details. ::::::::::::::::::::::::::::::::: :: RHEL-6.10.z on Broadwell-EP :: ::::::::::::::::::::::::::::::::: [root@intel-wildcatpass-02 ~]# rpm -q microcode_ctl microcode_ctl-1.17-33.17.el6_10.x86_64 [root@intel-wildcatpass-02 ~]# ls /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4f-01 /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4f-01 [root@intel-wildcatpass-02 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 79 Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz Stepping: 1 [root@intel-wildcatpass-02 ~]# uname -r 2.6.32-754.24.1.el6.x86_64 [root@intel-wildcatpass-02 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x406f1, pf=0x1, revision=0xb00000e platform microcode: firmware: requesting intel-ucode/06-4f-01 microcode: CPU1 sig=0x406f1, pf=0x1, revision=0xb00000e platform microcode: firmware: requesting intel-ucode/06-4f-01 microcode: CPU2 sig=0x406f1, pf=0x1, revision=0xb00000e platform microcode: firmware: requesting intel-ucode/06-4f-01 ... microcode: CPU87 sig=0x406f1, pf=0x1, revision=0xb00000e platform microcode: firmware: requesting intel-ucode/06-4f-01 microcode: CPU0 updated to revision 0xb000038, date = 2019-06-18 microcode: CPU1 updated to revision 0xb000038, date = 2019-06-18 microcode: CPU2 updated to revision 0xb000038, date = 2019-06-18 ... microcode: CPU87 updated to revision 0xb000038, date = 2019-06-18 [root@intel-wildcatpass-02 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@intel-wildcatpass-02 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT vulnerable meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: Full retpoline, IBPB :::::::::::::::::::::::::::: :: RHEL-6.10.z on Skylake :: :::::::::::::::::::::::::::: [root@dell-pet3420-01 ~]# rpm -q microcode_ctl microcode_ctl-1.17-33.17.el6_10.x86_64 [root@dell-pet3420-01 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 158 Model name: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz Stepping: 9 [root@dell-pet3420-01 ~]# uname -r 2.6.32-754.24.1.el6.x86_64 [root@dell-pet3420-01 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x906e9, pf=0x2, revision=0x3a platform microcode: firmware: requesting intel-ucode/06-9e-09 microcode: CPU1 sig=0x906e9, pf=0x2, revision=0x3a platform microcode: firmware: requesting intel-ucode/06-9e-09 microcode: CPU0 updated to revision 0xb4, date = 2019-04-01 microcode: CPU1 updated to revision 0xb4, date = 2019-04-01 [root@dell-pet3420-01 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@dell-pet3420-01 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT disabled meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: IBRS (kernel), IBPB :::::::::::::::::::::::::::::: :: RHEL-6.10.z on Skylake X :: :::::::::::::::::::::::::::::: [root@dell-per740-03 ~]# rpm -q microcode_ctl microcode_ctl-1.17-33.17.el6_10.x86_64 [root@dell-per740-03 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 85 Model name: Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz Stepping: 4 [root@dell-per740-03 ~]# uname -r 2.6.32-754.24.1.el6.x86_64 [root@dell-per740-03 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x50654, pf=0x80, revision=0x2000043 platform microcode: firmware: requesting intel-ucode/06-55-04 microcode: CPU1 sig=0x50654, pf=0x80, revision=0x2000043 platform microcode: firmware: requesting intel-ucode/06-55-04 microcode: CPU2 sig=0x50654, pf=0x80, revision=0x2000043 platform microcode: firmware: requesting intel-ucode/06-55-04 ... microcode: CPU23 sig=0x50654, pf=0x80, revision=0x2000043 platform microcode: firmware: requesting intel-ucode/06-55-04 microcode: CPU0 updated to revision 0x2000064, date = 2019-07-31 microcode: CPU1 updated to revision 0x2000064, date = 2019-07-31 microcode: CPU2 updated to revision 0x2000064, date = 2019-07-31 ... microcode: CPU23 updated to revision 0x2000064, date = 2019-07-31 [root@dell-per740-03 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@dell-per740-03 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT vulnerable meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: IBRS (kernel), IBPB ::::::::::::::::::::::::::: :: RHEL-6.7.z on Haswell :: ::::::::::::::::::::::::::: [root@dell-pet20-01 ~]# rpm -q microcode_ctl microcode_ctl-1.17-20.22.el6_7.x86_64 [root@dell-pet20-01 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 60 Stepping: 3 [root@dell-pet20-01 ~]# uname -r 2.6.32-573.68.2.el6.x86_64 [root@dell-pet20-01 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x306c3, pf=0x2, revision=0x16 platform microcode: firmware: requesting intel-ucode/06-3c-03 microcode: CPU1 sig=0x306c3, pf=0x2, revision=0x16 platform microcode: firmware: requesting intel-ucode/06-3c-03 microcode: CPU2 sig=0x306c3, pf=0x2, revision=0x16 platform microcode: firmware: requesting intel-ucode/06-3c-03 microcode: CPU3 sig=0x306c3, pf=0x2, revision=0x16 platform microcode: firmware: requesting intel-ucode/06-3c-03 microcode: CPU0 updated to revision 0x27, date = 2019-02-26 microcode: CPU1 updated to revision 0x27, date = 2019-02-26 microcode: CPU2 updated to revision 0x27, date = 2019-02-26 microcode: CPU3 updated to revision 0x27, date = 2019-02-26 [root@dell-pet20-01 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@dell-pet20-01 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT disabled meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: Full retpoline, IBPB :::::::::::::::::::::::::::::: :: RHEL-6.6.z on Ivy Bridge :: :::::::::::::::::::::::::::::: [root@intel-chiefriver-04 ~]# rpm -q microcode_ctl microcode_ctl-1.17-19.22.el6_6.x86_64 [root@intel-chiefriver-04 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 58 Stepping: 9 [root@intel-chiefriver-04 ~]# uname -r 2.6.32-504.81.2.el6.x86_64 [root@intel-chiefriver-04 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU1 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU2 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU3 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU4 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU5 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU6 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU7 sig=0x306a9, pf=0x10, revision=0xc platform microcode: firmware: requesting intel-ucode/06-3a-09 microcode: CPU0 updated to revision 0x21, date = 2019-02-13 microcode: CPU1 updated to revision 0x21, date = 2019-02-13 microcode: CPU2 updated to revision 0x21, date = 2019-02-13 microcode: CPU3 updated to revision 0x21, date = 2019-02-13 microcode: CPU4 updated to revision 0x21, date = 2019-02-13 microcode: CPU5 updated to revision 0x21, date = 2019-02-13 microcode: CPU6 updated to revision 0x21, date = 2019-02-13 microcode: CPU7 updated to revision 0x21, date = 2019-02-13 [root@intel-chiefriver-04 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@intel-chiefriver-04 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT vulnerable meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: Full retpoline, IBPB ::::::::::::::::::::::::::::::::::: :: RHEL-6.4.z on Sandy Bridge-EP :: ::::::::::::::::::::::::::::::::::: [root@dell-prt5600-01 ~]# rpm -q microcode_ctl microcode_ctl-1.17-16.20.el6_4.x86_64 [root@dell-prt5600-01 ~]# ls /etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07 /etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07 [root@dell-prt5600-01 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 45 Stepping: 7 [root@dell-prt5600-01 ~]# uname -r 2.6.32-431.96.2.el6.x86_64 [root@dell-prt5600-01 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x206d7, pf=0x1, revision=0x70d platform microcode: firmware: requesting intel-ucode/06-2d-07 microcode: CPU1 sig=0x206d7, pf=0x1, revision=0x70d platform microcode: firmware: requesting intel-ucode/06-2d-07 microcode: CPU2 sig=0x206d7, pf=0x1, revision=0x70d platform microcode: firmware: requesting intel-ucode/06-2d-07 ... microcode: CPU23 sig=0x206d7, pf=0x1, revision=0x70d platform microcode: firmware: requesting intel-ucode/06-2d-07 microcode: CPU0 updated to revision 0x718, date = 2019-05-21 microcode: CPU1 updated to revision 0x718, date = 2019-05-21 microcode: CPU2 updated to revision 0x718, date = 2019-05-21 ... microcode: CPU23 updated to revision 0x718, date = 2019-05-21 [root@dell-prt5600-01 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@dell-prt5600-01 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT vulnerable meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: Full retpoline, IBPB :::::::::::::::::::::::::::::::: :: RHEL-6.4.z on Sandy Bridge :: :::::::::::::::::::::::::::::::: [root@hpe-z210-02 ~]# rpm -q microcode_ctl microcode_ctl-1.17-16.20.el6_4.x86_64 [root@hpe-z210-02 ~]# lscpu | egrep -i -e family -e model -e stepping CPU family: 6 Model: 42 Stepping: 7 [root@hpe-z210-02 ~]# uname -r 2.6.32-431.96.2.el6.x86_64 [root@hpe-z210-02 ~]# grep microcode /var/log/dmesg MDS: Vulnerable: Clear CPU buffers attempted, no microcode microcode: CPU0 sig=0x206a7, pf=0x2, revision=0x14 platform microcode: firmware: requesting intel-ucode/06-2a-07 microcode: CPU1 sig=0x206a7, pf=0x2, revision=0x14 platform microcode: firmware: requesting intel-ucode/06-2a-07 microcode: CPU2 sig=0x206a7, pf=0x2, revision=0x14 platform microcode: firmware: requesting intel-ucode/06-2a-07 microcode: CPU3 sig=0x206a7, pf=0x2, revision=0x14 platform microcode: firmware: requesting intel-ucode/06-2a-07 microcode: CPU0 updated to revision 0x2f, date = 2019-02-17 microcode: CPU1 updated to revision 0x2f, date = 2019-02-17 microcode: CPU2 updated to revision 0x2f, date = 2019-02-17 microcode: CPU3 updated to revision 0x2f, date = 2019-02-17 [root@hpe-z210-02 ~]# cd /sys/devices/system/cpu/vulnerabilities [root@hpe-z210-02 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^ l1tf Mitigation: PTE Inversion mds Mitigation: Clear CPU buffers; SMT disabled meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl spectre_v1 Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization spectre_v2 Mitigation: Full retpoline, IBPB ::::::::::::: :: rpmdiff :: ::::::::::::: Finally, I did an rpmdiff of the z-streams to verify that the content is essentially the same (except for timestamps and the compiled /sbin/microcode_ctl binary). $ rpmdiff microcode_ctl-1.17-16.20.el6_4.x86_64.rpm \ microcode_ctl-1.17-33.17.el6_10.x86_64.rpm | grep -v -F -e '..........T' -e /sbin/microcode_ctl removed PROVIDES microcode_ctl(x86-64) = 2:1.17-16.20.el6_4 added PROVIDES microcode_ctl(x86-64) = 2:1.17-33.17.el6_10 $ rpmdiff microcode_ctl-1.17-19.22.el6_6.x86_64.rpm \ microcode_ctl-1.17-33.17.el6_10.x86_64.rpm | grep -v -F -e '..........T' -e /sbin/microcode_ctl removed PROVIDES microcode_ctl(x86-64) = 2:1.17-19.22.el6_6 added PROVIDES microcode_ctl(x86-64) = 2:1.17-33.17.el6_10 $ rpmdiff microcode_ctl-1.17-20.22.el6_7.x86_64.rpm \ microcode_ctl-1.17-33.17.el6_10.x86_64.rpm | grep -v -F -e '..........T' -e /sbin/microcode_ctl removed PROVIDES microcode_ctl(x86-64) = 2:1.17-20.22.el6_7 added PROVIDES microcode_ctl(x86-64) = 2:1.17-33.17.el6_10 Requesting rhel-6.5.z clone, since it is still supported[1], as has been noted by Jeff Bastian. [1] https://pp.engineering.redhat.com/pp/product/rhel/release/rhel-6-5/schedule/overview?range[start]=2013-03-20&range[end]=2020-11-30&filters=default,show-maintenance&groupsLabels=shortname&stack=oneLinePhases&showStatus=false&showGAdates=false&releases=rhel-6-5 Requesting rhel-6.6.z too. Both 6.5 and 6.6 both have AMC/AUS support until November 30, 2020. https://pp.engineering.redhat.com/pp/product/rhel/release/rhel-6-6/schedule/overview?range[start]=2013-12-15&range[end]=2020-12-31&filters=default,show-maintenance&groupsLabels=shortname&stack=oneLinePhases&showStatus=false&showGAdates=false&releases=rhel-6-6 (In reply to Jeff Bastian from comment #14) > Requesting rhel-6.6.z too. rhel-6.6 is already here: bug 1755422, erratum https://errata.devel.redhat.com/advisory/46836 (In reply to Eugene Syromiatnikov from comment #15) > (In reply to Jeff Bastian from comment #14) > > Requesting rhel-6.6.z too. > > rhel-6.6 is already here: bug 1755422, erratum > https://errata.devel.redhat.com/advisory/46836 Oops, the correct rhel-6.6 BZ is bug 1755719. Oops! Too many z-streams to keep them all in my head. Thanks Eugene. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:3090 |