Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-22 Thread Corbin Bird 
On 05/22/2018 03:41 AM, Adam Carter wrote:
> On Tue, May 22, 2018 at 2:47 PM, taii...@gmx.com
>  > wrote:
>
> The fam15h microcode update adds IBPB
>
>   * Indirect Branch Prediction Barrier (IBPB)
>     * PRED_CMD MSR is available:  YES
>     * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
>
>
> My fam15 with kernel 4.16.10 and linux-firmware-20180518 confirms IBPB
> has been added;
>
> $ grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
> AMD retpoline, IBPB
>
> FWIW i saw a bunch of spectre fixes in 4.16.9
> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9
.
I cat'd /proc/cpuinfo before and after the firmware upgrade.

The new smaller Fam15h firmware adds "ibpb" and removes "lwp".

Couldn't / Didn't really find a definition of WHAT the 'lwp'
instruction(s) does.

Is 'lwp' used for anything?

Corbin

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-22 Thread Adam Carter 
On Tue, May 22, 2018 at 2:47 PM, taii...@gmx.com  wrote:

> The fam15h microcode update adds IBPB
>
>   * Indirect Branch Prediction Barrier (IBPB)
> * PRED_CMD MSR is available:  YES
> * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
>

My fam15 with kernel 4.16.10 and linux-firmware-20180518 confirms IBPB has
been added;

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline, IBPB

FWIW i saw a bunch of spectre fixes in 4.16.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-21 Thread taii...@gmx.com 
The fam15h microcode update adds IBPB

  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES
    * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)

The question is what about the other stuff? IRBS, STIBP? This is very
confusing due to zero documentation...Why don't they have those in this
update?


0xDF372A17.asc
Description: application/pgp-keys

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-21 Thread Rich Freeman 
On Mon, May 21, 2018 at 8:02 AM Corbin Bird  wrote:

> I noticed something odd about the microcode however ...
> > amd-ucode/microcode_amd_fam15h.bin7876 -> 5356 bytes
> .
> The size dropped by 2Kb?
> So is the "fix" actually disabling fixes for other problems?
> .

As far as I can tell there is no evidence that the new microcode fixes
anything, or that the old microcode it replaces fixes anything.  At least
the size is objectively measurable.  :)

Presumably the newer microcode is better in some way, or at least somebody
thought it is, possibly based on some knowledge of what it does.

-- 
Rich

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-21 Thread Corbin Bird 
On 05/20/2018 06:46 PM, Adam Carter wrote:
> How often does the linux-firmware package update? On a schedule or as
>
> needed?
>
>
> There's a version bump request bug in for these and new AMDGPU
> firmware. Hopefully it will get processed quickly.
>
> https://bugs.gentoo.org/656136
.
Thank You, for the info.

I noticed something odd about the microcode however ...
> amd-ucode/microcode_amd_fam15h.bin    7876 -> 5356 bytes
.
The size dropped by 2Kb?
So is the "fix" actually disabling fixes for other problems?
.
Reference Link :
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=77101513943ef198e2050667c87abf19e6cbb1d8
.
Corbin

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Adam Carter 
How often does the linux-firmware package update? On a schedule or as

> needed?
>

There's a version bump request bug in for these and new AMDGPU firmware.
Hopefully it will get processed quickly.

https://bugs.gentoo.org/656136

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Rich Freeman 
On Sun, May 20, 2018 at 12:16 PM Volker Armin Hemmann <
volkerar...@googlemail.com> wrote:

> oh come on. Spectre on AMD isn't even much of a problem. Why the panic?


What do release notes have to do with Spectre, and how is wanting them a
"panic?"

-- 
Rich

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Volker Armin Hemmann 
oh come on. Spectre on AMD isn't even much of a problem. Why the panic?

Also... be prepared for a lot of trouble with intel cpu's soon...

2018-05-20 15:07 GMT+02:00 Rich Freeman :

> On Sun, May 20, 2018 at 4:59 AM Adam Carter  wrote:
>
> >> As far as I can tell there is no official AMD microcode update page, or
> any
> >> kind of official release notes.  I'm not sure where linux-firmware
> actually
> >> gets the microcode files from (I'm sure they wouldn't load if they
> weren't
> >> genuine though).  I can find no documentation as to what any of these
> >> updates actually do.
>
>
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/
> linux-firmware.git/commit/?id=77101513943ef198e2050667c87abf19e6cbb1d8
>
> > Bulldozer and Zen updates!
>
> Nice to see, but again there is no indication of what these microcode
> updates actually do.  Presumably they have something to do with Spectre,
> but there is no way to confirm that as far as I can tell.
>
> I get that not everything is open-source.  At the very least they could
> have some release notes.  Even NVidia has those...
>
> --
> Rich
>
>

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Rich Freeman 
On Sun, May 20, 2018 at 4:59 AM Adam Carter  wrote:

>> As far as I can tell there is no official AMD microcode update page, or
any
>> kind of official release notes.  I'm not sure where linux-firmware
actually
>> gets the microcode files from (I'm sure they wouldn't load if they
weren't
>> genuine though).  I can find no documentation as to what any of these
>> updates actually do.


https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=77101513943ef198e2050667c87abf19e6cbb1d8

> Bulldozer and Zen updates!

Nice to see, but again there is no indication of what these microcode
updates actually do.  Presumably they have something to do with Spectre,
but there is no way to confirm that as far as I can tell.

I get that not everything is open-source.  At the very least they could
have some release notes.  Even NVidia has those...

-- 
Rich

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Corbin Bird 
On 05/20/2018 03:59 AM, Adam Carter wrote:
>
>
> This has indeed been pretty frustrating.
>
> As far as I can tell there is no official AMD microcode update
> page, or any
> kind of official release notes.  I'm not sure where linux-firmware
> actually
> gets the microcode files from (I'm sure they wouldn't load if they
> weren't
> genuine though).  I can find no documentation as to what any of these
> updates actually do.
>
> It sounds like AMD intends for the microcode updates to be
> distributed via
> firmware updates, in which case the fixes would be done before
> boot.  That
> is a good thing of course, but they should still release the microcode
> files themselves, and also have release notes for something like this.
>
>
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=77101513943ef198e2050667c87abf19e6cbb1d8
>
>
> Bulldozer and Zen updates!

Thanks for the info.

How often does the linux-firmware package update? On a schedule or as
needed?

Corbin

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-20 Thread Adam Carter 
>
>
> This has indeed been pretty frustrating.
>
> As far as I can tell there is no official AMD microcode update page, or any
> kind of official release notes.  I'm not sure where linux-firmware actually
> gets the microcode files from (I'm sure they wouldn't load if they weren't
> genuine though).  I can find no documentation as to what any of these
> updates actually do.
>
> It sounds like AMD intends for the microcode updates to be distributed via
> firmware updates, in which case the fixes would be done before boot.  That
> is a good thing of course, but they should still release the microcode
> files themselves, and also have release notes for something like this.
>

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=77101513943ef198e2050667c87abf19e6cbb1d8

Bulldozer and Zen updates!

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-12 Thread Rich Freeman 
On Sat, May 12, 2018 at 8:52 PM Corbin Bird  wrote:

> If the MB makers aren't updating their UEFI builds for CURRENT products,
> how do we get hold of them?


This has indeed been pretty frustrating.

As far as I can tell there is no official AMD microcode update page, or any
kind of official release notes.  I'm not sure where linux-firmware actually
gets the microcode files from (I'm sure they wouldn't load if they weren't
genuine though).  I can find no documentation as to what any of these
updates actually do.

It sounds like AMD intends for the microcode updates to be distributed via
firmware updates, in which case the fixes would be done before boot.  That
is a good thing of course, but they should still release the microcode
files themselves, and also have release notes for something like this.

-- 
Rich

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-12 Thread Corbin Bird 
On 05/12/2018 07:21 PM, Adam Carter wrote:

> Gentoo does have the newer microcode blobs stashed on a server (
>
> somewhere ).
>
> That does pull in the blobs for :
>
> Fam10h ( microcode_amd.bin )
>
> Fam15h ( microcode_amd_fam15h.bin )
>
> Fam16h ( microcode_amd_fam16h.bin )
>
> Fam17h ( microcode_amd_fam17h.bin )
>
>
> These files haven't changed since at least late January, so no Spectre
> fixes yet.
>
.
This is odd.
And Microsoft is distributing the newest blobs through 'Windows Update'
for Windows 10 ( Microcode Loader )?
.
If the MB makers aren't updating their UEFI builds for CURRENT products,
how do we get hold of them?
.
Corbin

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-12 Thread Dale 
Corbin Bird wrote:
> On 05/12/2018 03:20 PM, taii...@gmx.com wrote:
>> ^title
>> AMD has released them for all of the recent CPU's and I simply must have
>> them.
>>
>> It seems the last update to amd-ucode on linux-firmware was in 2016,
>> does anyone know whom I would contact about this who has the juice to do
>> it? I need fam15h.
>>
>> AMD is being annoying and not releasing them to the plebians only OEM
>> partners - I assume perhaps to encourage people to buy new hardware as
>> most OEM's won't release BIOS updates for older boards.
>>
>> Thanks.
> .
>
> Emerge this package : "sys-kernel/linux-firmware"
>
> You can find the blobs in : /lib/firmware/amd-ucode/
>
> If you already have "sys-kernel/linux-firmware" emerged and the blobs
> aren't showing, un-merge it, and the re-emerge it.
>
> .
>
> Gentoo does have the newer microcode blobs stashed on a server (
> somewhere ).
>
> That does pull in the blobs for :
>
> Fam10h ( microcode_amd.bin )
>
> Fam15h ( microcode_amd_fam15h.bin )
>
> Fam16h ( microcode_amd_fam16h.bin )
>
> Fam17h ( microcode_amd_fam17h.bin )
>
> .
>
> If you have an AMDGPU and use the "amdgpu" driver, firmware will be here
> : /lib/firmware/amdgpu
>
> .
>
> Corbin
>

If it helps the OP, I haven't done anything special, just regular
updates and I have this here:


root@fireball / # ls -al /lib/firmware/amd-ucode/microcode_amd*
-rw-r--r-- 1 root root 12684 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd.bin
-rw-r--r-- 1 root root   490 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd.bin.asc
-rw-r--r-- 1 root root  7876 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd_fam15h.bin
-rw-r--r-- 1 root root   473 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd_fam15h.bin.asc
-rw-r--r-- 1 root root  3510 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd_fam16h.bin
-rw-r--r-- 1 root root   473 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd_fam16h.bin.asc
-rw-r--r-- 1 root root  3252 Jan  7 18:19
/lib/firmware/amd-ucode/microcode_amd_fam17h.bin
root@fireball / # equery list -p linux-firmware
 * Searching for linux-firmware ...
[IP-] [  ] sys-kernel/linux-firmware-20180103-r1:0
[-P-] [ ~] sys-kernel/linux-firmware-20180213:0
[-P-] [ ~] sys-kernel/linux-firmware-20180314:0
[-P-] [ ~] sys-kernel/linux-firmware-20180412:0
[-P-] [ ~] sys-kernel/linux-firmware-20180416:0
[-P-] [ -] sys-kernel/linux-firmware-:0
root@fireball / # genlop -t linux-firmware
 * sys-kernel/linux-firmware

<<<  SNIP old stuff  >>>

 Thu Dec  7 02:00:18 2017 >>> sys-kernel/linux-firmware-20170314
   merge time: 2 minutes and 51 seconds.

 Sun Jan  7 18:21:19 2018 >>> sys-kernel/linux-firmware-20180103-r1
   merge time: 33 minutes and 21 seconds.

root@fireball / #



It seems based on the time stamp and genlop, it was installed back in
January.  I update at least once a week, twice on occasion if I know
there is a big update for say KDE or something. 

Hope that helps.  Gives something for the OP to compare to if nothing
else.  ;-)

Dale

:-)  :-) 

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-12 Thread Adam Carter 
Gentoo does have the newer microcode blobs stashed on a server (

> somewhere ).
>
> That does pull in the blobs for :
>
> Fam10h ( microcode_amd.bin )
>
> Fam15h ( microcode_amd_fam15h.bin )
>
> Fam16h ( microcode_amd_fam16h.bin )
>
> Fam17h ( microcode_amd_fam17h.bin )


These files haven't changed since at least late January, so no Spectre
fixes yet.

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

2018-05-12 Thread Corbin Bird 
On 05/12/2018 03:20 PM, taii...@gmx.com wrote:
> ^title
> AMD has released them for all of the recent CPU's and I simply must have
> them.
>
> It seems the last update to amd-ucode on linux-firmware was in 2016,
> does anyone know whom I would contact about this who has the juice to do
> it? I need fam15h.
>
> AMD is being annoying and not releasing them to the plebians only OEM
> partners - I assume perhaps to encourage people to buy new hardware as
> most OEM's won't release BIOS updates for older boards.
>
> Thanks.
.

Emerge this package : "sys-kernel/linux-firmware"

You can find the blobs in : /lib/firmware/amd-ucode/

If you already have "sys-kernel/linux-firmware" emerged and the blobs
aren't showing, un-merge it, and the re-emerge it.

.

Gentoo does have the newer microcode blobs stashed on a server (
somewhere ).

That does pull in the blobs for :

Fam10h ( microcode_amd.bin )

Fam15h ( microcode_amd_fam15h.bin )

Fam16h ( microcode_amd_fam16h.bin )

Fam17h ( microcode_amd_fam17h.bin )

.

If you have an AMDGPU and use the "amdgpu" driver, firmware will be here
: /lib/firmware/amdgpu

.

Corbin