[ale] News: Red Hat slams into reverse on CPU fix for Spectre design blunder

Lightner, Jeffrey JLightner at dsservices.com
Thu Jan 18 14:20:18 EST 2018 

What RHEL (and therefore CentOS) released yesterday reverts to the microcode version before the one they released a week or so ago trying to fix Spectre.   That is to say if you install/update the "patch" you essentially are uninstalling/downgrading the microcode version.

After the microcode downgrade you'd need to get a hardware vendor supplied packages to address Spectre.   Ideally this would come from Intel or AMD but if you are using a 3rd party manufacturer (e.g. Dell, Lenovo, HP) for your system that includes one of the affected processors you would need to get the update from that 3rd party (e.g. a BIOS/Firmware update).

Dell when I checked a week or so ago was only providing an update for the last 2 generations of servers so any older system is in a catch 22 as the Distro thinks the hardware provider should provide the patch,  the chip makers think the folks that built the systems around their chips should provide it to customers who bought those systems and the folks that built the systems feel they have no obligation to provide such updates for otherwise unsupported systems.

Given that this flaw is said to exist in most chips built in the last 10 years I think the chip makers should be the ones providing the updates to end users regardless of whether the systems built around the systems are supported by their makers or not.   I'm sure the lawyers are going to have a field day with refusal to do so.



-----Original Message-----
From: Derek Atkins [mailto:derek at ihtfp.com] 
Sent: Thursday, January 18, 2018 11:30 AM
To: Lightner, Jeffrey; Atlanta Linux Enthusiasts
Subject: Re: [ale] News: Red Hat slams into reverse on CPU fix for Spectre design blunder

It looks like RHEL/CentOS just released yet another microcode/firmware update for 7.4 yesterday.  The previous one from about a week or so ago (Jan 4th).

-derek

On Thu, January 18, 2018 11:21 am, Lightner, Jeffrey via Ale wrote:
> RHEL was issuing both a kernel patch and a microcode update for CPUs.   It
> may be other distros weren't doing the microcode update.  In RHEL's 
> reversal they say they did the microcode as a convenience but view it as
> the chip maker's responsibility.   The reversal was to get rid of the RHEL
> microcode update and take out optimizations to the kernel that relied 
> upon it.
>
> Maybe SUSE and others weren't also providing a microcode update.
>
> Note that without a CPU firmware/microcode update you're not protected 
> against Spectre but may be protected against Meltdown.
>
>
> -----Original Message-----
> From: Ale [mailto:ale-bounces at ale.org] On Behalf Of Beddingfield, 
> Allen via Ale
> Sent: Thursday, January 18, 2018 11:18 AM
> To: Jim Kinney; Atlanta Linux Enthusiasts
> Subject: Re: [ale] News: Red Hat slams into reverse on CPU fix for 
> Spectre design blunder
>
> I'm going to throw the question out to some SUSE folks and see what 
> answer I get.  They would be the other one with the resources for 
> independent testing . . .
>
> On 1/18/18 10:16 AM, Jim Kinney wrote:
>> Please check with other distros! RedHat is probably taking a lead in 
>> building a patch as they have resources. I've seen other distros 
>> issue kernel patches after rhel that are rpm based.
>>
>> On January 18, 2018 11:12:50 AM EST, "Beddingfield, Allen via Ale"
>> <ale at ale.org> wrote:
>>
>>     So, my question at this point:
>>     We haven't heard anything similar out of SUSE, and I haven't 
>> heard of
>>     anything in the Debian/Ubuntu world?  Are we to assume we are "good"
>> if
>>     we have SUSE and Debian/Ubuntu systems patched up, and that it is 
>> just
>>     the RHEL world that can't get their act together?  It seems to me 
>> that
>>     we are likely to hear a "me too" out of the other vendors 
>> following Red
>>     Hat's announcement.  Thoughts?  I'm going to pose the same 
>> question to a
>>     SUSE heavy audience, see what I get, and report back . . .
>>
>>     Allen B.
>>
>>     On 1/18/18 7:23 AM, DJ-Pfulio via Ale wrote:
>>
>>         Red Hat slams into reverse on CPU fix for Spectre design 
>> blunder
>>
>>
>> https://www.theregister.co.uk/2018/01/18/red_hat_spectre_firmware_upd
>> a
>> te_woes/
>>
>>         Be careful out there.
>>
>>         Anyone seen system instabilities from the different layers of
>>         patches?
>>
>>         I've delayed patching the last few weeks to let others find most
>>         of the
>>         issues first. ;)
>>
>> ---------------------------------------------------------------------
>> -
>> --
>>
>>         Ale mailing list
>>         Ale at ale.org
>>         http://mail.ale.org/mailman/listinfo/ale
>>         See JOBS, ANNOUNCE and SCHOOLS lists at
>>         http://mail.ale.org/mailman/listinfo
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. All tyopes are thumb 
>> related and reflect authenticity.
>
> --
> Allen Beddingfield
> Systems Engineer
> Office of Information Technology
> The University of Alabama
> Office 205-348-2251
> allen at ua.edu
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at 
> http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at 
> http://mail.ale.org/mailman/listinfo
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the Ale mailing list