lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <aW_zXm3dHXyWx7n5@wieczorr-mobl1.localdomain>
Date: Tue, 20 Jan 2026 21:31:31 +0000
From: Maciej Wieczor-Retman <m.wieczorretman@...me>
To: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, sohil.mehta@...el.com, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>, Jon Kohler <jon@...anix.com>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, "Peter Zijlstra (Intel)" <peterz@...radead.org>, Thomas Gleixner <tglx@...nel.org>, Tony Luck <tony.luck@...el.com>, x86@...nel.org
Subject: Re: [PATCH 0/6] x86/cpu: Take Intel platform into account for old microcode checks

Tested the patchset by fabricating the scenario described below. No issues were
observed and the 'Running old microcode' warning has dissapeared after applying
the patches.

Tested-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>

Kind regards
Maciej Wieczór-Retman

On 2026-01-19 at 11:50:47 -0800, Dave Hansen wrote:
>There was a report[1] that CPUs running updated microcode were being
>reported as running old microcode. The reason is that the old
>microcode list neglects to take the platform ID into account.
>
>The platform ID is an Intel-only construct that allows CPUs that
>otherwise have the same model/family/stepping to take different
>microcode revisions. The microcode loader itself already checks this.
>Only the recent "old_microcode" checker failed here.
>
>Treat the platform ID as a peer of model/family/stepping. Store it
>in 'struct cpuinfo_x86', enable matching on it with with 'struct
>x86_cpu_id', and flesh out the 'old_microcode' list with it.
>
>This fixes the report of an inaccurate, false positive in the
>'old_microcode' vulnerability file.
>
>1. https://lore.kernel.org/all/38660F8F-499E-48CD-B58B-4822228A5941@nutanix.com/
>
>Cc: Thomas Gleixner <tglx@...nel.org>
>Cc: Ingo Molnar <mingo@...hat.com>
>Cc: Borislav Petkov <bp@...en8.de>
>Cc: Dave Hansen <dave.hansen@...ux.intel.com>
>Cc: "H. Peter Anvin" <hpa@...or.com>
>Cc: Tony Luck <tony.luck@...el.com>
>Cc: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
>Cc: "Peter Zijlstra (Intel)" <peterz@...radead.org>
>Cc: x86@...nel.org
>Cc: Jon Kohler <jon@...anix.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ