Comment # 4 on bug 1227900 from Nikolay Borisov
(In reply to Fabian Vogt from comment #3)
> (In reply to Nikolay Borisov from comment #2)
> > The timing of those printk's can't be trusted. The early microcode patcher
> > is being run right after the kernel has been loaded from 
> > 
> > > x86_64_start_kernel -> load_ucode_bsp
> > 
> > While the mitigation related code gets executed from :
> > 
> > > arch_cpu_finalize_init -> cpu_select_mitigations -> ssb_select_mitigation
> > 
> > And the default (if seccomp is not compiled) is to use the prctl bypass. So
> > the only worrying thing here would be the ibpb-related warn about using
> > microcode that fixes the rstack vulnerability.  
> > 
> > 
> > According to the AMD security bulletin
> > https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
> > 
> > 
> > the require microcode for AMD MILAN (which this Epyc seems to be is): 
> > 
> > Milan B0 – 0x0A001079
> > Milan B1 – 0x0A0011CF or 0x0A0011D1
> 
> Which is installed:
> > CPU0: patch_level=0x0a0011d1

Indeed, I guess it's possible that the document is wrong, is there a newer
firmware that could be installed?


You are receiving this mail because: