Hello, I noticed that Dell released BIOS updates for R815 systems to address the Spectre vulnerability (variant #2, CVE-2017-5715) at [1]. The new version is 3.4.0 and the previous latest version is 3.2.2. We have quite a few R815 systems running AMD Opteron processors, mostly Opteron 6378, but some 6200 series too. AMD says it released updates to OEMs going as far back as the first "Bulldozer" Opteron processors released in 2011 [2], so I'd expect this BIOS update to address Spectre for all our R815 systems...
However, when I apply the new BIOS update to one of these R815 systems running Operton 6378 processors and reboot the system, the machine still shows up as being vulnerable [3]. Checking the CPU flags, I don't see any flags that indicate protection against Spectre, like ibpb, ibrs, or spec_ctl [4]. The only new CPU flag that shows up with the BIOS update is the vmmcall flag, which is unrelated to the Spectre vulnerability. The CPU microcode didn't change either from 0x600084f. The machine shows it is running the new BIOS version [5] but it doesn't appear to be doing anything to address Spectre, even though the R815 BIOS firmware page says it does... Here's [6] some more info about the Opteron 6378 processor in one of our R815 systems. They are all running RHEL 7. Are others seeing the same thing? @Dell: Did this BIOS update only address Spectre for certain Opteron processors and not all possible R815 Opteron processors?? If so, could it be indicated on the firmware page what processors it fixes? Can we get updates for Opteron 6378 please? Thank you. [1] http://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverId=PDFYH http://www.dell.com/support/article/us/en/04/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en#bios [2] https://www.amd.com/en/corporate/security-updates [3] [root@host ~]# grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: Load fences */sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Retpoline without IBPB* [4] [root@host ~]# lscpu | grep "Flags" Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc art rep_good nopl nonstop_tsc extd_apicid amd_dcm aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm topoext perfctr_core perfctr_nb cpb hw_pstate retpoline_amd vmmcall bmi1 arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold [5] [root@host~]# dmidecode -t 0 | grep "BIOS Revision" BIOS Revision: 3.4 [6] vendor_id : AuthenticAMD cpu family : 21 model : 2 model name : AMD Opteron(tm) Processor 6378 stepping : 0 microcode : 0x600084f -- Matt Vander Werf HPC System Administrator University of Notre Dame Center for Research Computing - Union Station
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
