lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260122135655.GA17795@ranerica-svr.sc.intel.com>
Date: Thu, 22 Jan 2026 05:56:55 -0800
From: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
To: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, sohil.mehta@...el.com,
	Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>,
	Ingo Molnar <mingo@...hat.com>, Jon Kohler <jon@...anix.com>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	"Peter Zijlstra (Intel)" <peterz@...radead.org>,
	Thomas Gleixner <tglx@...nel.org>, Tony Luck <tony.luck@...el.com>,
	x86@...nel.org
Subject: Re: [PATCH 0/6] x86/cpu: Take Intel platform into account for old
 microcode checks

On Mon, Jan 19, 2026 at 11:50:47AM -0800, Dave Hansen wrote:
> There was a report[1] that CPUs running updated microcode were being
> reported as running old microcode. The reason is that the old
> microcode list neglects to take the platform ID into account.
> 
> The platform ID is an Intel-only construct that allows CPUs that
> otherwise have the same model/family/stepping to take different
> microcode revisions. The microcode loader itself already checks this.
> Only the recent "old_microcode" checker failed here.
> 
> Treat the platform ID as a peer of model/family/stepping. Store it
> in 'struct cpuinfo_x86', enable matching on it with with 'struct
> x86_cpu_id', and flesh out the 'old_microcode' list with it.
> 
> This fixes the report of an inaccurate, false positive in the
> 'old_microcode' vulnerability file.
> 
> 1. https://lore.kernel.org/all/38660F8F-499E-48CD-B58B-4822228A5941@nutanix.com/

I tested this patchset on two machines:

Alder Lake (F-M-S/PI = 06-9a-04/80). The microcode-20251111 from Intel
lists different versions for platform IDs 0x80 and 0x40 of 06-9a-04. Before
these patches, only the machine with platform ID 0x40 would have falsely
complained about the old microcode. Mine did not, as expected. I applied
this patchset and tweaked the file intel-ucode-defs.h to fake a later
microcode version. I could verify that my machine was identified correctly
and distinguished from 06-9a-04/40.

Kaby Lake (F-M-S/PI = 06-8e-09/80). There are two platform IDs for this
model and stepping, but the latest microcode for both is 0xf6. Neither of
these processors would have reproduced the reported false positive. Again,
I tweaked intel-ucode-defs.h with a fake .data_driver value and could
verify that my stepping and platform ID were identified correctly.

Tested-by: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ