XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    "CROSSTalk" CPU vulnerabilty (cross-core data leak)

    Scheduled Pinned Locked Moved News
    29 Posts 8 Posters 6.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stormiS Offline
      stormi Vates 🪐 XCP-ng Team
      last edited by stormi

      Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

      I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

      L 1 Reply Last reply Reply Quote 1
      • D Offline
        demanzke
        last edited by

        Thanks @Biggen and @stormi
        I'll try updating then removing the microcode_ctl package tomorrow and share the results.

        1 Reply Last reply Reply Quote 0
        • M Offline
          markxc
          last edited by

          Hi do i need to patch my xenserver using AMD EPYC ? Those patches get offered to my AMD nodes by XO.
          On intel Xeon nodes it makes sense to me ....

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Online
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by

            I would say: always apply patches, but you are free to reboot when you want. Obviously, for you, it won't change anything (no microcode update) but keeping your hosts up to date is a good practice 🙂

            1 Reply Last reply Reply Quote 1
            • L Offline
              lefty @stormi
              last edited by

              @stormi said in "CROSSTalk" CPU vulnerabilty (cross-core data leak):

              Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases

              I'll update the microcode_ctl package. The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS. Or so I had understood, but I can't find evidence about it.

              So should I wait applying these updates? You seem to be unsure of which microcode version to distribute.

              1 Reply Last reply Reply Quote 0
              • stormiS Offline
                stormi Vates 🪐 XCP-ng Team
                last edited by

                I'm unsure for Skylake. Not for other CPUs.

                1 Reply Last reply Reply Quote 0
                • L Offline
                  lefty
                  last edited by

                  Thanks for the clarification. No Skylake present, so I will proceed.

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    demanzke
                    last edited by demanzke

                    Finally got some time to test your suggestions.
                    Removing the microcode_ctl package without dependencies did not help.
                    Here are both initial ramdisks for anyone interested to look at.

                    Reinstalling XCP, then ZFS, then updating all packages worked fine.

                    stormiS 1 Reply Last reply Reply Quote 0
                    • stormiS Offline
                      stormi Vates 🪐 XCP-ng Team @demanzke
                      last edited by

                      @demanzke So this time no boot issue after installing the update?

                      D 1 Reply Last reply Reply Quote 0
                      • D Offline
                        demanzke @stormi
                        last edited by

                        @stormi Exactly. Must've been related to something other than just the latest packages.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post