XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    "CROSSTalk" CPU vulnerabilty (cross-core data leak)

    News
    8
    29
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Biggen
      last edited by

      When this Crosstalk microcode update hit last week there was an issue with certain Intel CPUs where we coudn't boot after the patch was applied. I run Linux Mint on my laptop and I couldn't boot it after taking the microcode update. I had to boot into recovery and then apt remove intel-microcode to get it back to a working state. Later that day, Ubuntu (or whoever) released a new intel-microcode update that corrected the problem.

      Not sure if this is even remotely close to the same issue but wanted to put this out there.

      1 Reply Last reply Reply Quote 1
      • DanpD
        Danp Top contributor πŸ’ͺ
        last edited by

        Has anyone else encountered this issue? Wondering if these patches should be pulled until this gets resolved.

        1 Reply Last reply Reply Quote 0
        • stormiS
          stormi Vates πŸͺ XCP-ng Team πŸš€
          last edited by stormi

          As far as I know, those patches work well on Citrix' test hosts. They also work well on our hosts at Vates. The microcodes underwent Intel's QA so I don't expect them to break on the vast majority of hardware, though there are reports of issues with some specific models. In @demanzke's case, reverting to the previous microcode did not fix the issue so at first it doesn't look like it's related to the microcode.

          1 Reply Last reply Reply Quote 0
          • stormiS
            stormi Vates πŸͺ XCP-ng Team πŸš€
            last edited by stormi

            Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

            I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

            L 1 Reply Last reply Reply Quote 1
            • D
              demanzke
              last edited by

              Thanks @Biggen and @stormi
              I'll try updating then removing the microcode_ctl package tomorrow and share the results.

              1 Reply Last reply Reply Quote 0
              • M
                markxc
                last edited by

                Hi do i need to patch my xenserver using AMD EPYC ? Those patches get offered to my AMD nodes by XO.
                On intel Xeon nodes it makes sense to me ....

                1 Reply Last reply Reply Quote 0
                • olivierlambertO
                  olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
                  last edited by

                  I would say: always apply patches, but you are free to reboot when you want. Obviously, for you, it won't change anything (no microcode update) but keeping your hosts up to date is a good practice πŸ™‚

                  1 Reply Last reply Reply Quote 1
                  • L
                    lefty @stormi
                    last edited by

                    @stormi said in "CROSSTalk" CPU vulnerabilty (cross-core data leak):

                    Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

                    I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

                    So should I wait applying these updates? You seem to be unsure of which microcode version to distribute.

                    1 Reply Last reply Reply Quote 0
                    • stormiS
                      stormi Vates πŸͺ XCP-ng Team πŸš€
                      last edited by

                      I'm unsure for Skylake. Not for other CPUs.

                      1 Reply Last reply Reply Quote 0
                      • L
                        lefty
                        last edited by

                        Thanks for the clarification. No Skylake present, so I will proceed.

                        1 Reply Last reply Reply Quote 0
                        • D
                          demanzke
                          last edited by demanzke

                          Finally got some time to test your suggestions.
                          Removing the microcode_ctl package without dependencies did not help.
                          Here are both initial ramdisks for anyone interested to look at.

                          Reinstalling XCP, then ZFS, then updating all packages worked fine.

                          stormiS 1 Reply Last reply Reply Quote 0
                          • stormiS
                            stormi Vates πŸͺ XCP-ng Team πŸš€ @demanzke
                            last edited by

                            @demanzke So this time no boot issue after installing the update?

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              demanzke @stormi
                              last edited by

                              @stormi Exactly. Must've been related to something other than just the latest packages.

                              1 Reply Last reply Reply Quote 1
                              • First post
                                Last post