With intel-microcode 3.20180312, kernel reports as broken spectre v2 microcode

I see the same issue on my Skylake desktop (sig=0x506e3). The microcode updates at startup (microcode: microcode updated early to revision 0xc2, date = 2017-11-16) but I still get "Intel Spectre v2 broken microcode detected; disabling Speculation Control". I also tested it on Ivy Bridge, Broadwell, and another Skylake system (0x406e3) and it works properly on all those.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1755624

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Would it be possible for those that can reproduced this bug to test the proposed kernel and post back if it resolves this bug?

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed.

Thank you in advance!

4.15.0-12.13-generic, from bionic-proposed, fixes this bug for me due to it containing this upstream commit:

1751342095f0d2b36fa8114d8e12c5688c455ac4

Relevant CPU model info from /proc/cpuinfo:

cpu family : 6
model : 78
model name : Intel(R) Core(TM) m5-6Y54 CPU @ 1.10GHz
stepping : 3
microcode : 0xc2

Model 78 corresponds to 0x4E in hex, which matches this in-kernel model:

#define INTEL_FAM6_SKYLAKE_MOBILE 0x4E

That's one of the models that was removed in the commit mentioned above.

I can also confirm that the flags field of cpuinfo contains "ibpb ibrs stibp".

4.15.0-12.13-generic from bionic-proposed is also working for me. Relevant CPU model info (same as in description):

cpu family : 6
model : 142
model name : Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
stepping : 9
microcode : 0x84

Model 142 corresponds to 0x8E in hex, which the kernel defines as:

  #define INTEL_FAM6_KABYLAKE_MOBILE 0x8E

After booting into the 4.15.0-12.13-generic kernel, /proc/cpuinfo now contains "ibpb ibrs stibp" as well.

Thanks!

From the 4.15.0.12-13 still get the error

oem@ubuntu:~$ journalctl -b | grep microcode
kernel: microcode: microcode updated early to revision 0xc2, date = 2017-11-16
kernel: Intel Spectre v2 broken microcode detected; disabling Speculation Control
kernel: microcode: sig=0x506e3, pf=0x2, revision=0xc2
kernel: microcode: Microcode Update Driver: v2.2.

Something abnormal:

- installed: intel-microcode (3.20180312.0~ubuntu18.04.1) bionic

- but log shows: microcode: microcode updated early to revision 0xc2, date = 2017-11-16

Looks like the latest upgrade is not use by the kernel.

So i have reinstalled both intel-microcode & iucode-tool and then rebooted.
Still get the latest microcode version with the error; even if the reinstall has not displayed warning/error and the kernel rebuilt as expected.

More tests:

- purging intel-microcode & iucode-tool, then rebooting, i get:
kernel: [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0xb2 (or later)

- reinstalling the 2 packages above (3.20180312.0~ubuntu18.04.1) and rebooting, i get:
 kernel: microcode: microcode updated early to revision 0xc2, date = 2017-11-16

As previously, purging then reinstalling still show that old version. Is it an initrd path issue ?

- running: (cpio -t; zcat | cpio -t) < /boot/initrd.img-4.15.0-12-generic

kernel
kernel/x86
kernel/x86/microcode
kernel/x86/microcode/.enuineIntel.align.0123456789abc
kernel/x86/microcode/GenuineIntel.bin
196 blocks
...

Hi dino99,

Microcode rev 0xc2 looks to be the correct revision for your processor:

  $ iucode-tool -L microcode-20180312.dat | grep 506e3
    01/147: sig 0x000506e3, pf mask 0x36, 2017-11-16, rev 0x00c2, size 99328

(You can perform a similar check on the specific microcode for your processor on the file in the installed package:

  $ iucode-tool -L /lib/firmware/intel-ucode/06-5e-03
  microcode bundle 1: /lib/firmware/intel-ucode/06-5e-03
    001/001: sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328

)

And in the detailed description from https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File:

  SKL R0 6-5e-3:36 ba->c2

Processor model 0x5e is defined as

  #define INTEL_FAM6_SKYLAKE_DESKTOP 0x5E

in the kernel, and looking at the upstream kernel, microcode version 0xc2 for INTEL_FAM6_SKYLAKE_DESKTOP is still blacklisted as being unfixed for spectre:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/intel.c#n126

So unfortunately, this all looks correct for your processor.

Thanks Steve for the head up

my cpu is i5-6500 and it seems it should not be blacklisted now (at least the request has been done):
 http://lists-archives.com/linux-kernel/29038556-x86-spectre_v2-remove-0xc2-from-spectre_bad_microcodes.html

Initially i have been confused by the 20180312 vs 2017-11-16 output.

So that case needs some cleaning.

Also discussed here: https://lkml.org/lkml/2018/2/12/123

Now fixed here too, on 4.15.0-14 kernel

oem@ubuntu:~$ journalctl -b | grep Spectre
Apr 04 08:40:23 ubuntu kernel: Spectre V2 : Mitigation: Full generic retpoline
Apr 04 08:40:23 ubuntu kernel: Spectre V2 : Spectre v2 mitigation: Filling RSB on context switch
Apr 04 08:40:23 ubuntu kernel: Spectre V2 : Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier
Apr 04 08:40:23 ubuntu kernel: Spectre V2 : Enabling Restricted Speculation for firmware calls