IRC Logs for #crux Thursday, 2019-05-16

*** tilman_ has joined #crux00:06
*** SiFuh has quit IRC00:20
*** slek has quit IRC01:35
*** _________mavric6 has quit IRC02:34
*** _________mavric6 has joined #crux02:35
*** frinnst has joined #crux03:50
*** frinnst has quit IRC03:50
*** frinnst has joined #crux03:50
*** SiFuh has joined #crux04:04
*** pedja has quit IRC05:12
*** SovietPony has quit IRC05:17
*** SovietPony has joined #crux05:21
*** guido_rokepo has joined #crux07:35
*** frinnst has quit IRC09:54
*** frinnst has joined #crux09:54
*** frinnst has quit IRC09:54
*** frinnst has joined #crux09:54
*** frinnst has quit IRC09:59
*** frinnst has joined #crux09:59
*** frinnst has quit IRC09:59
*** frinnst has joined #crux09:59
*** plow has joined #crux10:12
*** pez has joined #crux10:57
*** TimB_ has joined #crux10:59
*** slek has joined #crux11:34
*** ryuo has joined #crux12:00
*** xor29ah has quit IRC12:32
*** xor29ah has joined #crux12:32
*** stenur has joined #crux12:42
*** stenur has quit IRC12:53
*** stenur has joined #crux12:53
*** obarun has quit IRC13:04
stenurDoes anyone use CONFIG_EXTRA_FIRMWARE with CPU microcode successfully?13:25
ryuoafaik microcode has to be loaded via initrd13:26
stenurI know Documentation/x86/microcode.txt (iirc) says ..13:26
stenurryuo: s..t! never done an initrd yet.13:27
ryuowell, that's just how the major distros do it.13:27
ryuoif the driver for it is integrated, there may be other options.13:28
stenurWhat do you mean, "the driver for it"?13:28
ryuomodule?13:28
ryuothere's a specific one that's just for loading microcode.13:28
stenurI do not use modules, big ball, with several firmware integrated.13:28
ryuowell, still, the kernel is modular even if you don't use kernel modules.13:29
stenurOnly r8822be is a module, from staging and i just cannot make it become compiled in.13:29
stenurI mean, i have MICROCODE and MICROCODE_INTEL, and MICROCODE_OLD_INTERFACE13:30
stenurTerrible. My nice 10 MB kernel that boots to prompt in two seconds.13:31
stenurryuo: "other options"?13:31
ryuostenur: i'm not an expert on kernel things, but firmware is distinct from microcode. even so, other things may exist i know nothing of.13:32
ryuoseems the microcode is part of the firmware directory though.13:33
ryuoit's just normally placed in early initrd13:33
ryuostenur: ok, it might work... still, there's cases where the microcodes aren't applied even if present.13:35
ryuonamely if the microcode isn't newer than the existing one.13:36
ryuoissue you might have is getting the microcode name right. it's very system specific.13:36
stenuri used uicode_tool to extract the firmware for my one, it is 06-8e-0a13:37
stenurthat subentry has a timestamp from yesterday in the GenuineIntel.bin13:37
ryuoso it should be in your firmware directory as13:37
ryuointel-ucode/06-8e-0a13:37
stenuryep. how it is.13:37
ryuoso what's the issue?13:38
ryuoit doesn't apply?13:38
stenurMDS says "no microcode"13:38
ryuoMDS?13:38
ryuothe dmesg report?13:38
stenurthat new CPU vulnerability13:38
ryuofor now i'd ignore what that has to say.13:38
ryuoyou need to check what dmesg reports, and /proc/cpuinfo to see if the microcode is being applied13:39
ryuoit has an entry for the current microcode revision.13:39
ryuoif it's not the same as your microcode that you loaded13:39
ryuothen it obviously didn't take effect.13:39
stenurdmesg says: "MDS: Vulnerable: Clear CPU buffers attempted, no microcode" plus "..13:40
ryuowould you ignore the vulnerability for a moment? you can return to it later.13:41
stenurwait.13:41
ryuoyou should have entries in dmesg like this:13:41
ryuomicrocode: ....13:41
stenuriucode_tool -S says "iucode_tool: system has processor(s) with signature 0x000806ea"13:41
ryuo[    1.160206] microcode: CPU0: patch_level=0x0600611a13:41
ryuo[    1.160215] microcode: CPU1: patch_level=0x0600611a13:42
ryuo[    1.160219] microcode: CPU2: patch_level=0x0600611a13:42
ryuo[    1.160228] microcode: CPU3: patch_level=0x0600611a13:42
ryuo[    1.160277] microcode: Microcode Update Driver: v2.2.13:42
ryuowell, it's possible you loaded the wrong microcode.13:42
ryuoi was assuming you hadn't.13:42
stenurbut "iucode_tool -l -s 0x000806ea -t r -Kx GenuineIntel.bin"13:42
stenurcreates a file "06-8e-0a"!!13:43
stenurdmesg further says "microcode: sig=0x806ea, pf=0x80, revision=0x96"13:43
stenur"icrocode: Microcode Update Driver: v2.2."13:43
ryuoso what revision is in the microcode?13:44
stenurdunno. does not show up in dmesg.13:46
stenur iucode_tool -l GenuineIntel.bin | grep 0x000806ea13:46
stenursays13:46
stenur 001/167: sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 9830413:46
dbrookeas well as the 3 kernel configs you mention above I also have CONFIG_EXTRA_FIRMWARE="intel-ucode/06-3c-03"13:46
stenuractually that is 2018-05-15; my yesterdays impression was 2019-05-15.  hmm, then MDS cannot be fixed with it anyway13:47
dbrookeand the first line of dmesg is [    0.000000] microcode: microcode updated early to revision 0x25, date = 2018-04-0213:47
ryuomoment.13:47
dbrookebut I've not yet built a kernel with the latest ucode as you can see13:47
stenurdbrooke: CONFIG_EXTRA_FIRMWARE="intel-ucode/06-8e-0a rtlwifi/rtl8822befw.bin rtl_bt/rtl8822b_config.bin rtl_bt/rtl8822b_fw.bin i915/kbl_dmc_ver1_04.bin"13:47
dbrookeOK13:48
stenurno "microcode updated" around here, no. hm.13:48
ryuoi suspect you have an old copy?13:48
ryuoi'll see if i can find something newer.13:49
ryuoyep.13:49
ryuothere's one from April 201913:49
ryuorevision 0xb413:49
ryuoget it from here13:50
ryuohttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-2019051413:50
ryuothen try rebuilding your kernel13:50
dbrookemy intel-ucode directory is in the directory above where I build the kernel, I'm not sure how the build gets the correct path13:50
stenurCONFIG_EXTRA_FIRMWARE_DIR="/usr/src/linux-4.19/.kent-fw/"13:51
dbrookeah yes - CONFIG_EXTRA_FIRMWARE_DIR=".."13:51
ryuoyour firmware dir is probably out of date.13:51
ryuoyou need a newer copy if you want this to work.13:52
stenurryou: pedja updated to -05-14 yesterday13:52
ryuowhere's their port?13:52
ryuodid you rebuild your kernel since?13:53
stenurthank you all :).  dbrooke compiles in, so that is an answer.13:53
ryuough. no wonder. this port doesn't package them as individual firmware... it uses a CPIO only?13:54
dbrookeI didn't know about the github repo, Intel haven't yet updated https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File beyond  Version: Latest (Latest) Date: 8/7/201813:54
ryuoindeed.13:54
ryuoit seems to be a recent thing.13:54
ryuostenur: well, obviously you were getting it from an older source. you need to take the firmware from the CPIO that pedja's port builds. it doesn't put them as a regular file.13:55
ryuoerr part of the system firmware dir.13:55
ryuootherwise kernel can't find it for inclusion afaik13:56
stenurryuo: but i did!13:57
ryuostenur: then i don't know what to tell you. the kernel didn't have an updated version of it seems like.13:58
stenurwell it seems the firmware is a year old; my yesterdays impression was 2019-05-15 thus up-to-the-day, but in fact it is 2018-05-15!14:01
stenurand that revision seems to be present in the CPU already.14:02
ryuoi just checked it. i found this:14:02
ryuo079/001: sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 9932814:02
stenurand therefore the dmesg is so silent, and any other attempt (reload attemts etc as in microcode.txt just do nothing, successfully)14:02
stenurryuo: where this is from?14:02
ryuothe repo i linked to you.14:03
ryuowhich is what pedja's port draws from.14:03
ryuoi have no idea where you got that all in one but the official source has them already split14:03
stenuroh yes! from that repo, intel-ucode directory, directly downloaded, i get a rev 0x00b4 indeed!14:04
stenurwell it is pedja's cpio!14:04
stenurnicely scripted for auto-extraction and in-kernel-build integration. (hack hack hack)14:05
ryuoso either your kernel is old or you compiled it against an old copy of the microcode.14:05
stenuroff for an hour14:05
stenuri used pedjas ball. :)14:05
ryuoyou need to extract it, you can't just use it like it is.14:06
ryuothe cpio version is for initrd use.14:06
ryuosince cpio is what initrds use for their file format..14:06
stenurcpio -i!!14:07
ryuoACTION shrugs.14:07
stenur(out for potatoes half an hour)14:07
dbrookeI've grabbed the tarball from github and rebuilding ...14:08
ryuolol14:08
ryuoon my server i just updated for the MDS14:08
ryuo"SMT disabled"14:08
ryuowell my server CPU lacks SMT support anyway14:08
ryuoso no loss lol14:09
dbrooke8-)14:09
dbrookeprobably will be the same on my desktop here14:10
dbrookebefore update I have: Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled14:11
ryuoMDS: Mitigation: Clear CPU buffers14:13
ryuoseems like Intel took shortcuts and now it's coming to bite them in the ass.14:13
dbrookeand back, with Mitigation: Clear CPU buffers; SMT disabled14:14
dbrookeand dmesg begins [    0.000000] microcode: microcode updated early to revision 0x27, date = 2019-02-2614:15
dbrookeso up from 0x2514:16
dbrookeand that's a total of 6 vulnerabilities mitigated!14:17
ryuo-golfclap-14:18
ryuoseems the intuition was right about meltdown just being the tip of the iceberg.14:18
ryuosince spectre almost all of these new vulnerabilities have been intel exclusive14:19
ryuolast august it was l1tf or w/e14:20
ryuonow this.14:20
ryuodoesn't exactly inspire confidence.14:20
ryuomakes me wonder what the next one will be.14:20
ryuosomewhat amusing how some vulnerabilities get fancy names and others just get plain old CVEs.14:21
ryuoseems to be the case since Heartbleed.14:21
ryuoor was it shellshock?14:22
Anselmounfortunately it seems most of the names dont really convey much of what they're about14:28
Anselmoits just some spooky sounding word that is assigned :P14:29
*** SiFuh has quit IRC14:39
*** SiFuh has joined #crux14:41
stenuri had the impression it is the same single Austrian guy who found also this14:42
stenurwonder what 10000 american and isrealian engineers thought about14:43
stenurmaybe an eye too focused to see now this14:43
*** SiFuh has quit IRC14:46
*** SiFuh has joined #crux14:51
Anselmoah, maybe it is, I dont think it is for aaaaall of the fancy named ones15:09
*** Kruppt has joined #crux15:23
*** onodera has joined #crux15:30
*** onodera has quit IRC15:48
*** guido_rokepo has quit IRC15:56
*** newbie-- has quit IRC16:04
*** Kruppt has quit IRC18:47
*** obarun has joined #crux19:10
joacimstill tempted by those cheap vega 56s on teh market19:16
joacimI really should just stay away :(19:16
*** predivan has joined #crux20:53
predivanit's fun when Esc key is for BIOS, and only Enter works on a laptop keyboard21:04
*** predivan has quit IRC21:31
*** john_cephalopoda has quit IRC23:41
*** john_cephalopoda has joined #crux23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!