SCIENTIFIC-LINUX-USERS Archives

January 2018

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Important: microcode_ctl
From:
Stephan Wiesand <[log in to unmask]>
Reply To:
Stephan Wiesand <[log in to unmask]>
Date:
Wed, 17 Jan 2018 20:46:21 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (83 lines) 
> On 17.Jan 2018, at 19:38, Steve Gaarder <[log in to unmask]> wrote:
> 
> Can someone shed some more light on the stability issues that this update addresses?

Well, these are the days of fear, uncertainty and doubt...

We have applied these updates to a substantial number of systems. A single one of those, and a fairly exotic one (SL6, 2 x Xeon E5-2643 v4, 768 GB RAM) would spontaneously reboot whenever microcode_ctl uploaded the new microcode. No way to miss it - the system would never ever actually com up. We fixed this by applying a "BIOS" update provided by the hardware vendor, coming with apparently the same microcode version, and that system has been stable since, just like all the others. 

But meanwhile the hardware vendor's download site also points to this: https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

Alas, no real information there either... some sites have some issues with "higher reboots". Oh well...

>  Is there a way to tell if a machine is having these problems? I had just updated my servers and would rather not have to do it again so soon.

My 2c-worth-no-warranty advice would be: If you don't have apparent issues after those updates, don't worry/bother.

But chances are we'll all roll out more of those intrusive updates in the coming weeks/months.

Hope this helps "someone" with "something"...

	Stephan

> 
> thanks,
> 
> Steve Gaarder
> System Administrator, Dept of Mathematics
> Cornell University, Ithaca, NY, USA
> [log in to unmask]
> 
> On Wed, 17 Jan 2018, Pat Riehecky wrote:
> 
>> Synopsis:          Important: microcode_ctl security update
>> Advisory ID:       SLSA-2018:0093-1
>> Issue Date:        2018-01-16
>> CVE Numbers:       CVE-2017-5715
>> --
>> 
>> This update supersedes the previous microcode update provided with the
>> CVE-2017-5715 (Spectre) CPU branch injection vulnerability mitigation.
>> Further testing has uncovered problems with the microcode provided along
>> with the Spectre mitigation that could lead to system instabilities.
>> 
>> As a result, this microcode update reverts to the last known good
>> microcode version dated before 03 January 2018.
>> 
>> You should contact your hardware provider for the latest microcode updates.
>> 
>> IMPORTANT: If you are using Intel Skylake-, Broadwell-, and Haswell-based
>> platforms, obtain and install updated microcode from your hardware
>> vendor immediately. The "Spectre" mitigation requires both an updated
>> kernel and updated microcode from your hardware vendor.
>> --
>> 
>> SL6
>>  x86_64
>>    microcode_ctl-1.17-25.4.el6_9.x86_64.rpm
>>    microcode_ctl-debuginfo-1.17-25.4.el6_9.x86_64.rpm
>>    microcode_ctl-1.17-20.2.el6_7.x86_64.rpm
>>    microcode_ctl-debuginfo-1.17-20.2.el6_7.x86_64.rpm
>>    microcode_ctl-1.17-19.2.el6_6.x86_64.rpm
>>    microcode_ctl-debuginfo-1.17-19.2.el6_6.x86_64.rpm
>>  i386
>>    microcode_ctl-1.17-25.4.el6_9.i686.rpm
>>    microcode_ctl-debuginfo-1.17-25.4.el6_9.i686.rpm
>> SL7
>>  x86_64
>>    microcode_ctl-2.1-22.5.el7_4.x86_64.rpm
>>    microcode_ctl-debuginfo-2.1-22.5.el7_4.x86_64.rpm
>>    microcode_ctl-2.1-16.5.el7_3.x86_64.rpm
>>    microcode_ctl-debuginfo-2.1-16.5.el7_3.x86_64.rpm
>>    microcode_ctl-2.1-12.el7_2.3.x86_64.rpm
>>    microcode_ctl-debuginfo-2.1-12.el7_2.3.x86_64.rpm
>> 
>> - Scientific Linux Development Team
>> 

-- 
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany

ATOM RSS1 RSS2