"CROSSTalk" CPU vulnerabilty (cross-core data leak)

stormi

Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

demanzke

Thanks @Biggen and @stormi
I'll try updating then removing the microcode_ctl package tomorrow and share the results.

markxc

Hi do i need to patch my xenserver using AMD EPYC ? Those patches get offered to my AMD nodes by XO.
On intel Xeon nodes it makes sense to me ....

olivierlambert

I would say: always apply patches, but you are free to reboot when you want. Obviously, for you, it won't change anything (no microcode update) but keeping your hosts up to date is a good practice

lefty

@stormi said in "CROSSTalk" CPU vulnerabilty (cross-core data leak):

Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

So should I wait applying these updates? You seem to be unsure of which microcode version to distribute.

stormi

I'm unsure for Skylake. Not for other CPUs.

lefty

Thanks for the clarification. No Skylake present, so I will proceed.

demanzke

Finally got some time to test your suggestions.
Removing the microcode_ctl package without dependencies did not help.
Here are both initial ramdisks for anyone interested to look at.

Reinstalling XCP, then ZFS, then updating all packages worked fine.

stormi

@demanzke So this time no boot issue after installing the update?

demanzke

@stormi Exactly. Must've been related to something other than just the latest packages.