[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Adrien Beau]

@Uqbar The microcode update is fine and exactly as expected. 2018-01-08
is the release date of the microcode *bundle*, which contains 20
microcodes updated at various times around late November, mid-December
2017.

In the case of his 0x406e3 CPU, the microcode is from 2017-11-16, which
is exactly what appears in the log.

And in case you are wondering why there was almost two months between
the microcode creation and its release: because it takes time to
properly test such low-level changes, and it takes time to create new
microcodes for all CPUs.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Uqbar]

@Marat I suspect your microcode is not as new as it seems: 2017-11-16 < 
2018-01-08.
But I could be easily wrong.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Marat Khalili]

Today my manually installed 3.20151106.1+lp1700373b2 auto-updated to
3.20180108.0~ubuntu14.04.2 from repository, system booted successfully:

$ dmesg | grep microcode
[0.00] microcode: CPU0 microcode updated early to revision 0xc2, date = 
2017-11-16
[0.110006] microcode: CPU1 microcode updated early to revision 0xc2, date = 
2017-11-16
[1.915519] microcode: CPU0 sig=0x406e3, pf=0x80, revision=0xc2
[1.915537] microcode: CPU1 sig=0x406e3, pf=0x80, revision=0xc2
[1.915557] microcode: CPU2 sig=0x406e3, pf=0x80, revision=0xc2
[1.915576] microcode: CPU3 sig=0x406e3, pf=0x80, revision=0xc2
[1.915702] microcode: Microcode Update Driver: v2.01 
, Peter Oruba

I presume it contains fixes for both Ocaml crash and recent security
problems. Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Launchpad Bug Tracker]

This bug was fixed in the package intel-microcode -
3.20180108.0~ubuntu14.04.2

---
intel-microcode (3.20180108.0~ubuntu14.04.2) trusty-security; urgency=medium

  * Sync package to xenial's latest update
  * New upstream microcode datafile 20180108
+ New Microcodes:
  sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
  sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
  sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
  sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Updated Microcodes:
  sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
  sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
  sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
  sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
  sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
  sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
  sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
  sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
  sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
  sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x23c, size 27648
  sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
  sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x711, size 22528
  sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
  sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
  sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
  sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
   * source: remove unneeded intel-ucode/ directory
   * source: remove superseded upstream data file: 20170707

 -- Marc Deslauriers   Tue, 09 Jan 2018
13:28:52 -0500

** Changed in: intel-microcode (Ubuntu Trusty)
   Status: Won't Fix => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

Regression report in bug 1713532. Please could someone familiar with
these microcode updates take a look?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Launchpad Bug Tracker]

This bug was fixed in the package intel-microcode -
3.20170707.1~ubuntu17.04.0

---
intel-microcode (3.20170707.1~ubuntu17.04.0) zesty; urgency=medium

  * Sync of new upstream microcode release to address Kaby Lake
Hyper Threading bug.  This is a sync of the dat files from artful
version 3.20170707.1 (LP: #1700373)
  * New upstream microcode datafile 20170707
+ New Microcodes:
  sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x222, size 25600
  sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
  sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
  sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
  SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
  Lake and Skylake processors: Skylake D0/R0 were fixed since the
  previous upstream release (20170511).  This new release adds the
  fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
  (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
  * source: remove superseded upstream data file: 20170511
This brings dat files in sync with those shipped in Arful.
  * Updated Intel changelog and releasenote to reflect dat file sync.

 -- Dave Chiluk   Wed, 12 Jul 2017 21:26:17 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Launchpad Bug Tracker]

This bug was fixed in the package intel-microcode -
3.20170707.1~ubuntu16.04.0

---
intel-microcode (3.20170707.1~ubuntu16.04.0) xenial; urgency=medium

  * Sync of new upstream microcode release to address Skylake, Kaby Lake
Hyper Threading bug.  This is a sync of the dat files from artful
version 3.20170707.1 (LP: #1700373)
  * New upstream microcode datafile 20170707
+ New Microcodes:
  sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x222, size 25600
  sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
  sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
  sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
  SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
  Lake and Skylake processors: Skylake D0/R0 were fixed since the
  previous upstream release (20170511).  This new release adds the
  fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
  (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
  * source: removed superseded upstream dat files: 20101123, 20151106
This brings dat files in sync with those shipped in Arful.
  * Updated Intel changelog to reflect dat file sync.

 -- Dave Chiluk   Wed, 12 Jul 2017 21:46:36 -0500

** Changed in: intel-microcode (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

** Changed in: intel-microcode (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Simon Déziel]

On recent machine (88 cores + HT) running Xenial:

$ dpkg-query -W intel-microcode
intel-microcode 3.20170707.1~ubuntu16.04.0

$ grep -E 'model|stepping' /proc/cpuinfo | sort -u
model   : 79
model name  : Intel(R) Xeon(R) CPU E5-4669 v4 @ 2.20GHz
stepping: 1

$ journalctl -k | grep microcode
Aug 11 09:39:18 node14.mgmt.hre.local kernel: microcode: CPU0 sig=0x406f1, 
pf=0x20, revision=0xb1e
...
Aug 11 09:39:18 node14.mgmt.hre.local kernel: microcode: CPU175 sig=0x406f1, 
pf=0x20, revision=0xb1e
Aug 11 09:39:18 node14.mgmt.hre.local kernel: microcode: Microcode Update 
Driver: v2.01 , Peter Oruba


It's probably not that relevant but I also couldn't find any regression
on a very old Core 2 Duo (no new microcode) running Xenial:

$ dpkg-query -W intel-microcode
intel-microcode 3.20170707.1~ubuntu16.04.0

$ grep -E 'model|stepping' /proc/cpuinfo | sort -u
model   : 23
model name  : Intel(R) Xeon(R) CPU   E3110  @ 3.00GHz
stepping: 6

$ journalctl -k | grep microcode
Aug 17 14:29:28 xeon kernel: microcode: CPU0 microcode updated early to 
revision 0x60f, date = 2010-09-29
Aug 17 14:29:28 xeon kernel: microcode: CPU1 microcode updated early to 
revision 0x60f, date = 2010-09-29
Aug 17 14:29:28 xeon kernel: microcode: CPU0 sig=0x10676, pf=0x1, revision=0x60f
Aug 17 14:29:28 xeon kernel: microcode: CPU1 sig=0x10676, pf=0x1, revision=0x60f
Aug 17 14:29:28 xeon kernel: microcode: Microcode Update Driver: v2.01 
, Peter Oruba

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Simon Déziel]

Worked fine for me with Xenial on a laptop:

$ dpkg-query -W intel-microcode
intel-microcode 3.20170707.1~ubuntu16.04.0

$ grep -E 'model|stepping' /proc/cpuinfo | sort -u
model   : 142
model name  : Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
stepping: 9

$ journalctl -k | grep microcode
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU0 microcode updated early to 
revision 0x62, date = 2017-04-27
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU1 microcode updated early to 
revision 0x62, date = 2017-04-27
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU0 sig=0x806e9, pf=0x80, 
revision=0x62
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU1 sig=0x806e9, pf=0x80, 
revision=0x62
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU2 sig=0x806e9, pf=0x80, 
revision=0x62
Aug 17 14:17:26 simon-laptop kernel: microcode: CPU3 sig=0x806e9, pf=0x80, 
revision=0x62
Aug 17 14:17:26 simon-laptop kernel: microcode: Microcode Update Driver: v2.01 
, Peter Oruba

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

> Just add the "dis_ucode_ldr" parameter to the kernel command line.

That's hardly a "just". Remember that Ubuntu is for everyone, not just
people who know how to tweak their bootloaders, or even understand how
to get to the grub boot menu. It's unreasonable for all Ubuntu desktop
users everywhere to have to jump through these hoops. Let's try and
avoid it happening.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Henrique de Moraes Holschuh]

Actually, it is not hard to bypass a boot-killer microcode update issue.
Just add the "dis_ucode_ldr" parameter to the kernel command line.

To make it trivial, add that to a "safe mode" grub menu entry...

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

> So I don’t see the high caution is justified compared to any other
package.

Because: a) Unlike regular software updates, testing on one CPU
model/stepping doesn't test on any other CPU model/stepping; and b) if
the updates does regress, unlike most other updates this may render
systems unbootable, meaning that fixing any regression isn't as simple
as just releasing another update.

Thanks for the testing so far everyone. Here's mine on Xenial:

robie@mal:~$ dpkg-query -W intel-microcode
intel-microcode 3.20170707.1~ubuntu16.04.0
robie@mal:~$ grep -E 'model|stepping' /proc/cpuinfo | sort -u
model   : 94
model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping: 3
robie@mal:~$ journalctl -k | grep microcode
Aug 03 13:35:16 mal kernel: microcode: CPU0 microcode updated early to revision 
0xba, date = 2017-04-09
Aug 03 13:35:16 mal kernel: microcode: CPU1 microcode updated early to revision 
0xba, date = 2017-04-09
Aug 03 13:35:16 mal kernel: microcode: CPU2 microcode updated early to revision 
0xba, date = 2017-04-09
Aug 03 13:35:16 mal kernel: microcode: CPU3 microcode updated early to revision 
0xba, date = 2017-04-09
Aug 03 13:35:16 mal kernel: microcode: CPU0 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU1 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU2 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU3 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU4 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU5 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU6 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: CPU7 sig=0x506e3, pf=0x2, revision=0xba
Aug 03 13:35:16 mal kernel: microcode: Microcode Update Driver: v2.01 
, Peter Oruba
robie@mal:~$ dpkg-query -W intel-microcode
intel-microcode 3.20170707.1~ubuntu16.04.0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

I just verified skylake + 20170707 on zesty.  I did not rerun the
testcase, but I did do boot testing.

Marking verification-done.

** Tags removed: verification-needed verification-needed-zesty
** Tags added: verification-done verification-done-zesty

** Changed in: intel-microcode (Ubuntu Yakkety)
 Assignee: Dave Chiluk (chiluk) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

I have now killed my 4-simultaneous compilation loop tests after 20
hours.  With the previous microcode, 2 of 3 loop threads died with a
segfault within 1 hour, so I consider this fixed.

@Others, Has anyone tested this with skylake/kabylake on zesty?  
I have installed and boot tested using Ivy-bridge on zesty, but I'd feel 
slightly better if someone could test Sky/Kaby on zesty explicitly.  Bonus 
points if you recreate the crash scenario, and verify resolution.

I don't think we need any more positive tests on X, please only report
errors or failures going forward for X.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

Marking xenial-verification-done

I was able to reproduce the compilation crash as described on the ocaml
bug in about 30 minutes on my Skylake machine.  After upgrading
firmware, I have been running for simultanous compilations loops for the
last 2 hours with no crash.  I will let them continue to run although I
don't expect to see any issues.

 
Download report.tar.gz from https://caml.inria.fr/mantis/view.php?id=7452 and 
place in your schroot scratch directory.
$ mk-sbuild artful --arch=amd64
$ schroot -c artful -u root
// Artful was chosen as it contains the required versions of Ocaml for the 
reproducer.
$ apt install ocaml opam ocaml-findlib m4
$ opam init
$ opam install extprot
$ eval `opam config env`
$ while ocamlfind opt -c -g -bin-annot -ccopt -g -ccopt -O2 -ccopt -Wextra 
-ccopt '-Wstrict-overflow=5' -thread -w +a-4-40..42-44-45-48-58 -w -27-32 
-package extprot test.ml -o test.cmx; do echo "ok"; done


// forgive the test-case for incorrect ocaml-isms, but as I've never
developed using it...


** Description changed:

  [Impact]
  
  * A security fix has been made available as part of intel-microcode
  * It is advisable to apply it
  * Thus an SRU of the latest intel-microcode is desirable for all stable 
releases
  
  [Test Case]
  
  * Upgrade intel-microcode package, if it is already installed / one is
  running on Intel CPUs
  
  * Reboot and verify no averse results, and/or that microcode for your
  cpu was loaded as expected.
+ 
+ * Ocaml crash reproducer
+ 
+ Download report.tar.gz from https://caml.inria.fr/mantis/view.php?id=7452 and 
place in your schroot scratch directory.
+ $ mk-sbuild artful --arch=amd64
+ $ schroot -c artful -u root
+ // Artful was chosen as it contains the required versions of Ocaml for the 
reproducer.
+ $ apt install ocaml opam ocaml-findlib m4
+ $ opam init
+ $ opam install extprot
+ $ eval `opam config env`
+ $ while ocamlfind opt -c -g -bin-annot -ccopt -g -ccopt -O2 -ccopt -Wextra 
-ccopt '-Wstrict-overflow=5' -thread -w +a-4-40..42-44-45-48-58 -w -27-32 
-package extprot test.ml -o test.cmx; do echo "ok"; done
  
  [Test case reporting]
  * Please paste the output of:
  
  dpkg-query -W intel-microcode
  grep -E 'model|stepping' /proc/cpuinfo | sort -u
  journalctl -k | grep microcode
  
  [Regression Potential]
  Microcode are proprietary blobs, and can cause any number of new errors and 
regressions. Microcode bugs have been reported before, therefore longer than 
usual phasing and monitoring of intel-microcode bugs should be done with extra 
care.
  
  Additional notes from ~racb, wearing an ~ubuntu-sru hat:
  
  SRU verification needs to take care to consider CPUs actually tested. We
  should have a representative sample of CPUs tested in SRU verification
  reports before considering release to the updates pockets.
  
  Given the potential severity of regressions, we should keep this in the
  proposed pockets for longer than the usual minimum ageing period. Let's
  have users opt-in to this update first, and only recommend it once we
  confidence that a reasonable number (and representative CPU sample) of
  opted-in users have not hit any problems.
  
  Testers: please mark verification-done-* only after you consider that
  the above additional requirements have been met.
  
  [Other]
  caml discussion describing test case to reproduce the crash.
  https://caml.inria.fr/mantis/view.php?id=7452
  
  * I did not backport the full debian/changelog, as some of the changes
  were ommitted for SRU purposes, and I don't like the idea of modifying
  the changelog of others.
  
  * I did not backport this below change but I feel as though the SRU team 
should evaluate including it.  I left it out due to the change as little as 
possible guidance from the SRU team.  Additionally we have already been 
shipping the microcode version that included this change for a long time. More 
information here
  
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030=en-fr
  
  '''
  # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
  #
  # When Intel released a fix for Intel SA-00030, they issued a MCU that
  # bumps the minimum acceptable version of the Intel TXT ACMs in the
  # TPM persistent storage.  This permanently blacklists the vulnerable
  # ACMs *even on older microcode* in order to make it somewhat harder
  # to work around the security fix through a BIOS downgrade attack.
  #
  # It is possible that such a microcode update, when peformed by the
  # operating system, could sucessfully trigger the TPM persistent
  # storage update Intel intended to happen during firmware boot: we
  # simply don't know enough to rule it out.  Should that happen, Intel
  # TXT will be permanently disabled.  This could easily interact very
  # badly with the firmware, rendering the system unbootable.  If *that*
  # happens, it would likely require either a TPM module replacement
  # (rendering sealed data useless) or a direct flash of a new BIOS with
  

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[asgard2]

@Robie Basak

I updated the intel-microcode package ("3.20170707.1~ubuntu16.04.0") from 
proposed.
This version is running fine so far on the "Intel(R) Core(TM) i5-6200U CPU @ 
2.30GHz"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[C de-Avillez]

running on 17.04; no issues loading the new package:

[2.985314] microcode: sig=0x306c3, pf=0x10, revision=0x22
[3.013156] microcode: Microcode Update Driver: v2.2.

# on return from suspend:

[336419.388901] microcode: sig=0x306c3, pf=0x10, revision=0x12
[336419.389861] microcode: updated to revision 0x22, date = 2017-01-27

CPU data:

vendor_id   : GenuineIntel
cpu family  : 6
model   : 60
model name  : Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
stepping: 3
microcode   : 0x22
cpu MHz : 1783.447
cache size  : 6144 KB
physical id : 0
siblings: 8
core id : 1
cpu cores   : 4

I am not affected by this issue, as I stated when I opened the bug;
nevertheless, I can show that the new package did not regress my system.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Arik]

Tested on my system:

Linux sxps 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017
x86_64 x86_64 x86_64 GNU/Linux

Distributor ID: Ubuntu
Description:Ubuntu 16.04.2 LTS
Release:16.04
Codename:   xenial

CPU:

Vendor ID: GenuineIntel
CPU family:6
Model: 78
Model name:Intel(R) Core(TM) i7-6560U CPU @ 2.20GHz
Stepping:  3


Before: (I disabled HT in the BIOS)

Jul 17 22:49:44 sxps kernel: [1.220419] microcode: CPU0 sig=0x406e3, 
pf=0x40, revision=0x9e
Jul 17 22:49:44 sxps kernel: [1.220460] microcode: CPU1 sig=0x406e3, 
pf=0x40, revision=0x9e
Jul 17 22:49:44 sxps kernel: [1.220521] microcode: Microcode Update Driver: 
v2.01 , Peter Oruba

After (currently running):

[1.236290] microcode: CPU0 sig=0x406e3, pf=0x40, revision=0xba
[1.236294] microcode: CPU1 sig=0x406e3, pf=0x40, revision=0xba
[1.236327] microcode: CPU2 sig=0x406e3, pf=0x40, revision=0xba
[1.236351] microcode: CPU3 sig=0x406e3, pf=0x40, revision=0xba
[1.236432] microcode: Microcode Update Driver: v2.01 
, Peter Oruba

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Paul Menzel]

> The minimum aging period is indeed 7 days, but I did say that I think
this particular update needs wider testing and aging due to the expected
severity of any regressions.

Debian distributed the update already if I am not mistaken. I haven’t
heard of any regression. Also I don’t recall anything in the past where
updated microcode updates cost regressions. So I don’t see the high
caution is justified compared to any other package.

Anyway, for what it’s worth, I tested this on a TUXEDO Book BU1406 with
Ubuntu 17.04.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

I have been running this on my kabylake laptop and skylake desktop under
X for quite some time now, and haven't hit any issues that I can
attribute to the microcode.  I attempted to follow the reproducer here
https://caml.inria.fr/mantis/view.php?id=7452 , but some of the versions
of packages required for that reproducer are too old in the X archive,
and I don't want to cruft up my machine.  I plan on building a chroot to
test that reproducer, but I haven't gotten around to it.

@rbasak, I agree with your assessment to let this soak in -proposed for
an extended amount of time in the hopes of getting additional testing.

** Bug watch added: caml.inria.fr/mantis/ #7452
   http://caml.inria.fr/mantis/view.php?id=7452

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

@asgard2

Have you been able to test the proposed update please?

The minimum aging period is indeed 7 days, but I did say that I think
this particular update needs wider testing and aging due to the expected
severity of any regressions.

Thank you to Adrien for taking the time to test this update.

54 people have marked themselves as being affected by this issue, and
over 30 people seem to care enough about this issue to subscribe
personally to the bug. So come on, get testing please.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dimitri John Ledkov]

It was committed 3 days ago (the latest upload) and it is usually held
in proposed for at least 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[asgard2]

when can we expect the xenial release, could not take long since the
status committed ?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Adrien Beau]

Another test, this time on a NUC with a Pentium N3700 Braswell CPU under
Xenial.

$ uname -a
Linux 4.10.0-28-generic #32~16.04.2-Ubuntu SMP Thu Jul 20 10:19:48 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

$ cat /proc/cpuinfo
(...)vendor_id   : GenuineIntel
cpu family  : 6
model   : 76
model name  : Intel(R) Pentium(R) CPU  N3700  @ 1.60GHz
stepping: 3
microcode   : 0x363
(...)

Before installing the intel-microcode package I had:

kernel: microcode: sig=0x406c3, pf=0x1, revision=0x363
kernel: microcode: Microcode Update Driver: v2.2.

After installing the 3.20151106.1 package, nothing changed.
After installing the 3.20170707.1~ubuntu16.04.0 package, nothing changed.

This is as expected, since this CPU is not affected by the problem, and
(as far as I know) has no recent microcode update.

The new package (and the update from the old to the new) works fine on
this machine.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

> @rbasak, The reason for the omission of "skylake" from the changelog
entry for zesty is because zesty already had 3.20170511.1~ubuntu17.04.0
in -updates which contained the fixes for the majority of Skylake
processors, but not Kaby Lake.

Ah. That makes sense. Sorry!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Adrien Beau]

Here is a successful test of a Core i5-6600 Skylake CPU under Xenial.

$ uname -a
Linux 4.10.0-28-generic #32~16.04.2-Ubuntu SMP Thu Jul 20 10:19:48 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

$ cat /proc/cpuinfo
(...)
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
stepping: 3
microcode   : 0xa6
(...)

Before installing the intel-microcode package I had:

kernel: microcode: sig=0x506e3, pf=0x2, revision=0xa6
kernel: microcode: Microcode Update Driver: v2.2.

After installing the 3.20151106.1 package version:

kernel: microcode: sig=0x506e3, pf=0x2, revision=0xa6
kernel: microcode: Microcode Update Driver: v2.2.

(No surprise, since the microcode release was older than the CPU.)

After installing the 3.20170707.1~ubuntu16.04.0 package version:

kernel: microcode: microcode updated early to revision 0xba, date = 2017-04-09
kernel: microcode: sig=0x506e3, pf=0x2, revision=0xba
kernel: microcode: Microcode Update Driver: v2.2.

So, the update worked fine, and the machine booted and seems to run
fine. :)

I'll pay attention in the next few days if the machine exhibits any
weird behavior. It is extremely stable, so any new problem should stick
out clearly.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

@rbasak, The reason for the omission of "skylake" from the changelog
entry for zesty is because zesty already had 3.20170511.1~ubuntu17.04.0
in -updates which contained the fixes for the majority of Skylake
processors, but not Kaby Lake.  So for zesty this release only fixes
kaby lake processors, and maybe a few high end skylake-x processors.
Since Xenial did not have that intermediate microcode version, this is
the first revision of the package that resolves the issue for both
skylake and kabylake processors.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

Additional SRU verification notes (also in bug description):

SRU verification needs to take care to consider CPUs actually tested. We
should have a representative sample of CPUs tested in SRU verification
reports before considering release to the updates pockets.

Given the potential severity of regressions, we should keep this in the
proposed pockets for longer than the usual minimum ageing period. Let's
have users opt-in to this update first, and only recommend it once we
confidence that a reasonable number (and representative CPU sample) of
opted-in users have not hit any problems.

Testers: please mark verification-done-* only after you consider that
the above additional requirements have been met.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

I've reviewed Dave's updated upload. They look good - thanks!

One note: I think due to an omission debian/changelog for Zesty doesn't
mention that it fixes Skylake, whereas the Xenial debian/changelog does
state this. The binary blobs shipped between the two are identical, so
presumably the changelog descriptions should be identical. I don't think
this is important enough to require a further iteration.

** Description changed:

  [Impact]
  
  * A security fix has been made available as part of intel-microcode
  * It is advisable to apply it
  * Thus an SRU of the latest intel-microcode is desirable for all stable 
releases
  
  [Test Case]
  
  * Upgrade intel-microcode package, if it is already installed / one is
  running on Intel CPUs
  
  * Reboot and verify no averse results, and/or that microcode for your
  cpu was loaded as expected.
  
  [Test case reporting]
  * Please paste the output of:
  
  dpkg-query -W intel-microcode
  grep -E 'model|stepping' /proc/cpuinfo | sort -u
  journalctl -k | grep microcode
  
  [Regression Potential]
  Microcode are proprietary blobs, and can cause any number of new errors and 
regressions. Microcode bugs have been reported before, therefore longer than 
usual phasing and monitoring of intel-microcode bugs should be done with extra 
care.
+ 
+ Additional notes from ~racb, wearing an ~ubuntu-sru hat:
+ 
+ SRU verification needs to take care to consider CPUs actually tested. We
+ should have a representative sample of CPUs tested in SRU verification
+ reports before considering release to the updates pockets.
+ 
+ Given the potential severity of regressions, we should keep this in the
+ proposed pockets for longer than the usual minimum ageing period. Let's
+ have users opt-in to this update first, and only recommend it once we
+ confidence that a reasonable number (and representative CPU sample) of
+ opted-in users have not hit any problems.
+ 
+ Testers: please mark verification-done-* only after you consider that
+ the above additional requirements have been met.
  
  [Other]
  caml discussion describing test case to reproduce the crash.
  https://caml.inria.fr/mantis/view.php?id=7452
  
  * I did not backport the full debian/changelog, as some of the changes
  were ommitted for SRU purposes, and I don't like the idea of modifying
  the changelog of others.
  
  * I did not backport this below change but I feel as though the SRU team 
should evaluate including it.  I left it out due to the change as little as 
possible guidance from the SRU team.  Additionally we have already been 
shipping the microcode version that included this change for a long time. More 
information here
  
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030=en-fr
  
  '''
  # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
  #
  # When Intel released a fix for Intel SA-00030, they issued a MCU that
  # bumps the minimum acceptable version of the Intel TXT ACMs in the
  # TPM persistent storage.  This permanently blacklists the vulnerable
  # ACMs *even on older microcode* in order to make it somewhat harder
  # to work around the security fix through a BIOS downgrade attack.
  #
  # It is possible that such a microcode update, when peformed by the
  # operating system, could sucessfully trigger the TPM persistent
  # storage update Intel intended to happen during firmware boot: we
  # simply don't know enough to rule it out.  Should that happen, Intel
  # TXT will be permanently disabled.  This could easily interact very
  # badly with the firmware, rendering the system unbootable.  If *that*
  # happens, it would likely require either a TPM module replacement
  # (rendering sealed data useless) or a direct flash of a new BIOS with
  # updated ACMs, to repair.
  #
  # Blacklist updates for signature 0x206c2 as a safety net.
  IUC_EXCLUDE += -s !0x206c2
  '''
  
  * I versioned the packages 3.20170511.1~ubuntu as I feel this
  more appropriately reflects the contents of each package rather than
  simply incrementing the ubuntu version number.
  
  =
  
  [Original bug report]
  
  NB: I am *not* directly affected by this bug.
  
  Henrique emailed a warning to Debian devel today [1] on a potentially
  serious issue with (sky|kaby)lake processors. Excerpt:
  
  "This warning advisory is relevant for users of systems with the Intel
  processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
  7th generation Intel Core processors (desktop, embedded, mobile and
  HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
  well as select Intel Pentium processor models.
  
  TL;DR: unfixed Skylake and Kaby Lake processors could, in some
  situations, dangerously misbehave when hyper-threading is enabled.
  Disable hyper-threading immediately in BIOS/UEFI to work around the
  problem.  Read this advisory for instructions about an Intel-provided
  fix."
  
  It 

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

Yakkety is EOL now.

** Changed in: intel-microcode (Ubuntu Yakkety)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

Hi Dave,

Thank you for going through this. I think it's OK if you want to keep
the set of dat files available in sync with the set available in the
development release. But then the changelog entry should make this
clear.

I expected the changelog entry to match the diff that I was reviewing.
When users view the entry, they would then expect the entry to match
what they are about to receive (be it source or binaries).

For backports it's often easier to base the changelog on one from the
version that's being backported and add one further entry explaining the
backport. In this case my previous paragraph would still be accurate:
the user would see all the changes landing in the stable release, and
reviewers would also see a diff that corresponded to them.

However we have agreed that this update will be a cherry-pick, not a
backport, so this wouldn't apply anyway.

> ...I thought about not including the debian changelog entry in the x
upload, but I like to error on the side of more information, and this
vv part of the changelog entry matches identically to zesty and
artful.

I agree with the sentiment. More information is fine. However inaccurate
or misleading information is not. So by all means use the information in
the changelog entry from Artful as a starting point, but you do need to
remove or correct parts that no longer apply.

Given that we aren't backporting the packaging from Artful, I don't
think it makes sense to include lines like "source: remove unneeded
intel-ucode/ directory". As far as I can find, this isn't happening at
all to users, neither in Xenial nor Zesty, and isn't represented in the
diff. I can't find this directory in any sources anywhere (just looking
at Ubuntu).

> If you deem it crucially important...

It's hardly crucially important, but I do think it's reasonable to
expect that the changelog is accurate against what is actually going on,
I think it's reasonable for users to expect this too, and I believe it's
the SRU team's job to maintain this standard.

Please correct as follows (or discuss further if you want to do
something else):

1) Remove the comment about removing intel-ucode/, as I can't see that
in the diff anywhere.

2) Fix or replace "remove superseded upstream data file" so what
whatever you do say matches against what I see in each proposed diff
(you can say something different for Xenial and Zesty if needed of
course). If you're removing dats I think we do need to mention it.
Saying something like "source: remove firmware dat files as needed to
bring the shipped set in sync with those shipped in Artful" would be
fine.

3) In general, make sure that the changelogs accurately describe the
diffs that I will review.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dave Chiluk]

The changelog entry is there to match the artful changelog entry *(it
applies completely correctly for zesty).

As for the dat files. I guess my changelog entry would have been more
explicit had I said sync instead of backport.

" * Backport of new upstream microcode release to address Hyper Threading
bug.  This is mostly a sync of the dat files from debian version
3.20170707.1 (LP: #1700373) "

It should be noted that these dat files are never exposed via the bin
package to the user.


As for the rest of the changelog entry, I thought about not including the 
debian changelog entry in the x upload, but I like to error on the side of more 
information, and this vv part of the changelog entry matches identically to 
zesty and artful.
"  * New upstream microcode datafile 20170707
+ New Microcodes:
  sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x222, size 25600
  sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
  sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
  sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
  SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
  Lake and Skylake processors: Skylake D0/R0 were fixed since the
  previous upstream release (20170511).  This new release adds the
  fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
  (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
  * source: remove unneeded intel-ucode/ directory
  * source: remove superseded upstream data file: 20170511
"

If you deem it crucially important, we could change that last line to
" * source: synced data files with debian version 20170707.1
"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Robie Basak]

15:38  chiluk: around? Reviewing intel-microcode.

15:39  In principle the change seems OK, but I'm confused by
things mismatching the descriptions in debian/changelog

15:39  "source: remove unneeded intel-ucode/ directory" -
removed from where? I don't see this in the current packages for Xenial
nor in Zesty.

15:40  "source: remove superseded upstream data file: 20170511"
- this is not true for Xenial. You remove other files instead.

15:41  Though if we're removing superseded files, why do some
remain? Are we following a pattern of leaving old files there, or
removing old files? I'm not sure I follow why your proposed SRUs appear
to do both. Is there some nuance I'm missing?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Dmitrii Shcherbakov]

Tested on 17.04 with a 4.13-rc1 kernel + a pinned microcode package from
artful:

➜  linux git:(5771a8c08880) ✗ apt policy intel-microcode
intel-microcode:
  Installed: 3.20170707.1
  Candidate: 3.20170707.1
  Version table:
 *** 3.20170707.1 500
500 http://ru.archive.ubuntu.com/ubuntu artful/restricted amd64 Packages
100 /var/lib/dpkg/status
 3.20170511.1~ubuntu17.04.0 990
990 http://archive.ubuntu.com/ubuntu zesty-updates/restricted amd64 
Packages
 3.20161104.1 990
990 http://archive.ubuntu.com/ubuntu zesty/restricted amd64 Packages

➜  ~ uname -r
4.13.0-rc1

➜  ~ lscpu 
Architecture:  x86_64
CPU op-mode(s):32-bit, 64-bit
Byte Order:Little Endian
CPU(s):4
On-line CPU(s) list:   0-3
Thread(s) per core:1
Core(s) per socket:4
Socket(s): 1
NUMA node(s):  1
Vendor ID: GenuineIntel
CPU family:6
Model: 158
Model name:Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Stepping:  9
CPU MHz:   2800.000
CPU max MHz:   3800,
CPU min MHz:   800,
BogoMIPS:  5616.00
Virtualization:VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache:  256K
L3 cache:  6144K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx 
pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl 
xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 
monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 
x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 
3dnowprefetch cpuid_fault epb intel_pt tpr_shadow vnmi flexpriority ept vpid 
fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap 
clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp 
hwp_notify hwp_act_window hwp_epp


➜  ~ dmesg | grep microcode
[0.00] microcode: microcode updated early to revision 0x5e, date = 
2017-04-06
[2.621961] microcode: sig=0x906e9, pf=0x20, revision=0x5e
[2.622083] microcode: Microcode Update Driver: v2.2.


My system definitely does not have 0x5e by default, the previous microcode 
version was 0x48:

[2.561730] microcode: sig=0x906e9, pf=0x20, revision=0x48
[2.561811] microcode: Microcode Update Driver: v2.2.


The microcode update also resulted in absence of a 'Firmware Bug' message due 
to TSC_DEADLINE APIC mode usage:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd9240a18edfbfa72e957fc2ba831cf1f13ea073

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/apic/apic.c?id=c6e9f42bbeecbc10cd4fbcca474b5859aba1de67#n386


Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms

[Marat Khalili]

Well, I tried intel-microcode_3.20151106.1+lp1700373b2_amd64.deb on
Trusty with 4.4 and it worked. Of course, in someone's case it may start
a thermonuclear war, so use this information with care.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700373

Title:
  intel-microcode is out of date, version 20170707 fixes errata on 6th
  and 7th generation platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs