lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aW+SIAYT4A5Rf9VG@intel.com>
Date: Tue, 20 Jan 2026 22:33:04 +0800
From: Zhao Liu <zhao1.liu@...el.com>
To: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, sohil.mehta@...el.com,
	Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>,
	Ingo Molnar <mingo@...hat.com>, Jon Kohler <jon@...anix.com>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	"Peter Zijlstra (Intel)" <peterz@...radead.org>,
	Thomas Gleixner <tglx@...nel.org>, Tony Luck <tony.luck@...el.com>,
	x86@...nel.org
Subject: Re: [PATCH 6/6] x86/microcode: Add platform mask to Intel microcode
 "old" list

On Mon, Jan 19, 2026 at 11:51:00AM -0800, Dave Hansen wrote:
> Date: Mon, 19 Jan 2026 11:51:00 -0800
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> Subject: [PATCH 6/6] x86/microcode: Add platform mask to Intel microcode
>  "old" list
> 
> 
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> Intel sometimes has CPUs with identical family/model/stepping but
> which need different microcode. These CPUs are differentiated with the
> platform ID.
> 
> The Intel "microcode-20250512" release was used to generate the
> existing contents of intel-ucode-defs.h. Use that same release and add
> the platform mask to the definitions.
> 
> This makes the list a few entries longer. For example for the ancient
> Pentium III there are two CPUs that differ only in their platform and
> have two different microcode versions:
> 
> 	{ ..., .model = 0x05, .steppings = 0x0001, .platform_mask = 0x01, .driver_data = 0x40 },
> 	{ ..., .model = 0x05, .steppings = 0x0001, .platform_mask = 0x08, .driver_data = 0x45 },
> 
> These CPUs previously shared a definition.  Another example is the
> state-of-the-art Granite Rapids:
> 
> 	{ ...,  .model = 0xad, .steppings = 0x0002, .platform_mask = 0x20, .driver_data = 0xa0000d1 },
> 	{ ...,  .model = 0xad, .steppings = 0x0002, .platform_mask = 0x95, .driver_data = 0x10003a2 },
> 
> As you can see, this differentiation with platform ID has been
> necessary for a long time and is still relevant today.
> 
> Without the platform matching, the old microcode table is incomplete.
> For instance, it might lead someone with a Pentium III, platform 0x0,
> and microcode 0x40 to think that they should have microcode 0x45,
> which is really only for platform 0x4 (.platform_mask==0x08).
> 
> In practice, this meant that folks with fully updated microcode were
> seeing "Vulnerable" in the "old_microcode" file.
> 
> 1. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
> 
> Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
> Reported-by: Jon Kohler <jon@...anix.com>
> Fixes: 4e2c719782a8 ("x86/cpu: Help users notice when running old Intel microcode")
> Link: https://lore.kernel.org/all/3ECBB974-C6F0-47A7-94B6-3646347F1CC2@nutanix.com/
> Cc: Thomas Gleixner <tglx@...nel.org>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: Borislav Petkov <bp@...en8.de>
> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
> Cc: "H. Peter Anvin" <hpa@...or.com>
> Cc: Tony Luck <tony.luck@...el.com>
> Cc: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> Cc: "Peter Zijlstra (Intel)" <peterz@...radead.org>
> Cc: x86@...nel.org
> ---
> 
>  b/arch/x86/kernel/cpu/microcode/intel-ucode-defs.h |  368 +++++++++++----------
>  1 file changed, 208 insertions(+), 160 deletions(-)

Reproduce the issue:

On a SPR-SP (F-M-S: 06-8f-08) machine, update the microcode to the
latest 20251111 release:

* v6.19.0-rc6 (w/o this series):

# dmesg | grep microcode
[    0.000000] x86/CPU: Running old microcode
[   20.400144] microcode: Current revision: 0x2b000650
[   20.408038] microcode: Updated early from: 0x2b000461

* v6.19.0-rc6 (with this series):

# dmesg | grep microcode
[   20.499999] microcode: Current revision: 0x2b000650
[   20.507562] microcode: Updated early from: 0x2b000461

The false positive complain about old microcode is fixed on my machine.
So,

Tested-by: Zhao Liu <zhao1.liu@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ