Revert OL modifications

.gitignore

@@ -1,4 +1,6 @@
+SOURCES/06-2d-07
 SOURCES/06-4e-03
+SOURCES/06-55-04
 SOURCES/06-5e-03
 SOURCES/microcode-20190918.tar.gz
 SOURCES/microcode-20191115.tar.gz

.microcode_ctl.metadata

@@ -1,4 +1,6 @@
+bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
 06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
+2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz

SOURCES/06-2d-07_config

@@ -0,0 +1,3 @@
+model GenuineIntel 06-2d-07
+path intel-ucode/06-2d-07
+dependency required intel

SOURCES/06-2d-07_disclaimer

@@ -0,0 +1,4 @@
+MDS-related microcode update for Intel Sandy Bridge-EP (family 6, model 45,
+stepping 7; CPUID 0x206d7) CPUs is disabled.
+Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme
+and /usr/share/doc/microcode_ctl/README.caveats for details.

SOURCES/06-2d-07_readme

@@ -0,0 +1,58 @@
+Intel Sandy Bridge-E/EN/EP CPU models (SNB-EP, family 6, model 45, stepping 7)
+had issues with MDS-related microcode update that may lead to a system hang
+after a microcode update[1][2].  In order to address this, microcode update
+to the MDS-related revision 0x718 had been disabled, and the previously
+published microcode revision 0x714 is used by default for the OS-driven
+microcode update.  The revision 0x71a of the microcode is intended to fix
+the aforementioned issue, hence it is enabled by default (but can be disabled
+explicitly; see below).
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
+[2] https://access.redhat.com/solutions/4593951
+
+For the reference, SHA1 checksums of 06-2d-07 microcode files containing
+microcode revisions in question are listed below:
+ * 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430
+ * 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d
+ * 06-2d-07, revision 0x71a: 4512c8149e63e5ed15f45005d7fb5be0041f66f6
+
+Please contact your system vendor for a BIOS/firmware update that contains
+the latest microcode version.  For the information regarding microcode versions
+required for mitigating specific side-channel cache attacks, please refer
+to the following knowledge base articles:
+ * CVE-2017-5715 ("Spectre"):
+   https://access.redhat.com/articles/3436091
+ * CVE-2018-3639 ("Speculative Store Bypass"):
+   https://access.redhat.com/articles/3540901
+ * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
+   https://access.redhat.com/articles/3562741
+ * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
+   ("Microarchitectural Data Sampling"):
+   https://access.redhat.com/articles/4138151
+
+The information regarding disabling microcode update is provided below.
+
+To disable usage of the newer microcode revision for a specific kernel
+version, please create file "disallow-intel-06-2d-07" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
+where microcode will be available for late microcode update, and run
+"dracut -f --kver <kernel_version>", so initramfs for this kernel version
+is regenerated and the microcode can be loaded early, for example:
+
+    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-2d-07
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --kver 3.10.0-862.9.1
+
+To avoid addition of the newer microcode revision for all kernels, please create
+file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07", run
+"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
+and "dracut -f --regenerate-all" for early microcode updates:
+
+    mkdir -p /etc/microcode_ctl/ucode_with_caveats
+    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --regenerate-all
+
+Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
+information.

SOURCES/06-4f-01_config

@@ -1,6 +1,15 @@
 model GenuineIntel 06-4f-01
 path intel-ucode/06-4f-01
-kernel 5.15.0
-kernel 5.14.0
+kernel 4.17.0
+kernel 3.10.0-894
+kernel 3.10.0-862.6.1
+kernel 3.10.0-693.35.1
+kernel 3.10.0-514.52.1
+kernel 3.10.0-327.70.1
+kernel 2.6.32-754.1.1
+kernel 2.6.32-573.58.1
+kernel 2.6.32-504.71.1
+kernel 2.6.32-431.90.1
+kernel 2.6.32-358.90.1
 dependency required intel skip=success match-model-mode=off
-disable late
+disable early late

SOURCES/06-55-04_config

@@ -0,0 +1,12 @@
+model GenuineIntel 06-55-04
+path intel-ucode/06-55-04
+## Bug https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+## affects only SKX-W/X (Workstation and HEDT segments); product segment
+## can be determined by checking bits 5..3 of the CAPID0 field in PCU registers
+## device (see https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
+## for Server/FPGA/Fabric segments description; for SKX-W/X no public
+## documentation seems to be available).  Specific device/function numbers
+## are provided for speeding up the search only, VID:DID is the real selector.
+## Commented out since revision 0x2006906 seems to fix the issue.
+#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
+dependency required intel

SOURCES/06-55-04_disclaimer

@@ -0,0 +1,5 @@
+Microcode revisions 0x2000065 and higher for Intel Skylake-X/W (family 6,
+model 85, stepping 4; CPUID 0x50654) were disabled as they could cause system
+hangs on reboot, so the previous revision 0x2000064 was used instead.
+Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-04_readme
+and /usr/share/doc/microcode_ctl/README.caveats for details.

SOURCES/06-55-04_readme

@@ -0,0 +1,97 @@
+Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
+(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
+of system hangs on reboot when revision 0x2000065 of microcode, that was included
+from microcode-20191112 update up to microcode-20200520 update, was applied[1].
+In order to address this, microcode update to the newer revision had been
+disabled by default on these systems, and the previously published microcode
+revision 0x2000064 is used by default for the OS-driven microcode update.
+
+Since revision 0x2006906 (included with the microcode-20200609 release)
+it is reported that the issue is no longer present, so the newer microcode
+revision is enabled by default now (but can be disabled explicitly; see below).
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+
+For the reference, SHA1 checksums of 06-55-04 microcode files containing
+microcode revisions in question are listed below:
+ * 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
+ * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
+ * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
+ * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
+ * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
+ * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
+ * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
+ * 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f
+ * 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e
+
+Please contact your system vendor for a BIOS/firmware update that contains
+the latest microcode version.  For the information regarding microcode versions
+required for mitigating specific side-channel cache attacks, please refer
+to the following knowledge base articles:
+ * CVE-2017-5715 ("Spectre"):
+   https://access.redhat.com/articles/3436091
+ * CVE-2018-3639 ("Speculative Store Bypass"):
+   https://access.redhat.com/articles/3540901
+ * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
+   https://access.redhat.com/articles/3562741
+ * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
+   ("Microarchitectural Data Sampling"):
+   https://access.redhat.com/articles/4138151
+ * CVE-2019-0117 (Intel SGX Information Leak),
+   CVE-2019-0123 (Intel SGX Privilege Escalation),
+   CVE-2019-11135 (TSX Asynchronous Abort),
+   CVE-2019-11139 (Voltage Setting Modulation):
+   https://access.redhat.com/solutions/2019-microcode-nov
+ * CVE-2020-0543 (Special Register Buffer Data Sampling),
+   CVE-2020-0548 (Vector Register Data Sampling),
+   CVE-2020-0549 (L1D Cache Eviction Sampling):
+   https://access.redhat.com/solutions/5142751
+ * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
+   CVE-2020-8696 (Vector Register Leakage-Active),
+   CVE-2020-8698 (Fast Forward Store Predictor):
+   https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+   CVE-2020-24511 (Improper Isolation of Shared Resources),
+   CVE-2020-24512 (Observable Timing Discrepancy),
+   CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+   https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
+ * CVE-2022-0005 (Informational disclosure via JTAG),
+   CVE-2022-21123 (Shared Buffers Data Read),
+   CVE-2022-21125 (Shared Buffers Data Sampling),
+   CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
+   CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
+   CVE-2022-21136 (Overclocking service access protection),
+   CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
+   CVE-2022-21166 (Device Register Partial Write):
+   https://access.redhat.com/articles/6963124
+ * CVE-2022-21233 (Stale Data Read from legacy xAPIC):
+   https://access.redhat.com/articles/6976398
+
+The information regarding disabling microcode update is provided below.
+
+To disable usage of the newer microcode revision for a specific kernel
+version, please create a file "disallow-intel-06-55-04" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
+used for late microcode updates, and run "dracut -f --kver <kernel_version>"
+so initramfs for this kernel version is regenerated, for example:
+
+    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --kver 3.10.0-862.9.1
+
+To disable usage of the newer microcode revision for all kernels, please create
+file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
+"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
+used for late microcode updates, and run "dracut -f --regenerate-all"
+so initramfs images get regenerated, for example:
+
+    mkdir -p /etc/microcode_ctl/ucode_with_caveats
+    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --regenerate-all
+
+Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
+information.

SOURCES/intel_config

@@ -1,6 +1,8 @@
 path intel-ucode/*
 vendor GenuineIntel
-kernel_early 5.15.0
-kernel_early 5.14.0
-kernel 5.15.0
-kernel 5.14.0
+kernel_early 4.10.0
+kernel_early 3.10.0-930
+kernel_early 3.10.0-862.14.1
+kernel_early 3.10.0-693.38.1
+kernel_early 3.10.0-514.57.1
+kernel_early 3.10.0-327.73.1

SPECS/microcode_ctl.spec

@@ -12,12 +12,18 @@
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
 Version:        20220809
-Release:        2.%{intel_ucode_version}.1.0.1%{?dist}
+Release:        2.%{intel_ucode_version}.1%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
 Source0:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
 
+# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
+Source2:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
+
+# (Pre-20191112) revision 0x2000064 of 06-55-04 microcode
+Source3:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04
+
 # (Pre-20200609) revision 0xd6 of 06-4e-03/06-5e-03 microcode
 Source4:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-4e-03
 Source5:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-5e-03
@@ -60,6 +66,19 @@ Source110:      intel_readme
 Source111:      intel_config
 Source112:      intel_disclaimer
 
+# SNB-EP (CPUID 0x206d7) post-MDS hangs
+# https://bugzilla.redhat.com/show_bug.cgi?id=1758382
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
+Source120:      06-2d-07_readme
+Source121:      06-2d-07_config
+Source122:      06-2d-07_disclaimer
+
+# SKL-SP/W/X (CPUID 0x50654) post-20191112 hangs
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+Source130:      06-55-04_readme
+Source131:      06-55-04_config
+Source132:      06-55-04_disclaimer
+
 # SKL-U/Y (CPUID 0x406e3) post-20200609 hangs
 # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
 Source140:      06-4e-03_readme
@@ -131,6 +150,14 @@ is no longer used for microcode upload and, as a result, no longer provided.
 %setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"
 
 %build
+# replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version
+mv intel-ucode/06-2d-07 intel-ucode-with-caveats/
+cp "%{SOURCE2}" intel-ucode/
+
+# replacing SKL-SP/W/X (CPUID 0x50654) microcode with pre-20191112 version
+mv intel-ucode/06-55-04 intel-ucode-with-caveats/
+cp "%{SOURCE3}" intel-ucode/
+
 # replacing SKL-U/Y (CPUID 0x4063e) microcode with pre-20200609 version
 mv intel-ucode/06-4e-03 intel-ucode-with-caveats/
 cp "%{SOURCE4}" intel-ucode/
@@ -201,7 +228,7 @@ install -m 644 releasenote.md \
 	"%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode"
 
 # caveats
-install -m 644 "%{SOURCE100}" "%{SOURCE110}" \
+install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \
 	       "%{SOURCE140}" "%{SOURCE150}" "%{SOURCE160}" "%{SOURCE170}" \
 	       "%{SOURCE180}" \
 	-t "%{buildroot}/%{_pkgdocdir}/caveats/"
@@ -225,6 +252,22 @@ install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme"
 install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config"
 install -m 644 "%{SOURCE112}" "%{intel_inst_dir}/disclaimer"
 
+# SNB caveat
+%define snb_inst_dir %{buildroot}/%{caveat_dir}/intel-06-2d-07/
+install -m 755 -d "%{snb_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-2d-07 -t "%{snb_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE120}" "%{snb_inst_dir}/readme"
+install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config"
+install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer"
+
+# SKL-SP caveat
+%define skl_sp_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/
+install -m 755 -d "%{skl_sp_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_sp_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE130}" "%{skl_sp_inst_dir}/readme"
+install -m 644 "%{SOURCE131}" "%{skl_sp_inst_dir}/config"
+install -m 644 "%{SOURCE132}" "%{skl_sp_inst_dir}/disclaimer"
+
 # SKL-U/Y caveat
 %define skl_uy_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4e-03/
 install -m 755 -d "%{skl_uy_inst_dir}/intel-ucode"
@@ -330,7 +373,7 @@ exit 0
 # of RPM name and it has its own versioning scheme both in NVR and uname.
 # And there's the kernel package split in RHEL 8, so one should look for *-core
 # and not the main package.
-pkgs="kernel-core kernel-debug-core kernel-rt-core kernel-rt-debug-core kernel-uek-core kernel-uek-debug-core"
+pkgs="kernel-core kernel-debug-core kernel-rt-core kernel-rt-debug-core"
 qf='%%{NAME} %%{VERSION}-%%{RELEASE}.%%{ARCH} %%{installtime}\n'
 : "${MICROCODE_RPM_KVER_LIMIT=2}"
 
@@ -343,12 +386,9 @@ rpm -qa --qf "${qf}" ${pkgs} | sort -r -n -k'3,3' | {
 	while read -r pkgname vra install_ts; do
 		flavour=''
 
-		# Fix the uname for debug kernels
-		case "${pkgname}" in
-			kernel-uek-debug-core) flavour='.debug';;
-			kernel-debug-core) flavour='+debug';;
-			*) ;;
-		esac
+		# For x86, only "debug" flavour exists in RHEL 8
+		[ "x${pkgname%*-debug-core}" = "x${pkgname}" ] \
+			|| flavour='+debug'
 
 		kver_cnt="$((kver_cnt + 1))"
 		kver_uname="${vra}${flavour}"
@@ -505,13 +545,6 @@ rm -rf %{buildroot}
 
 
 %changelog
-* Thu Jun 22 2023 Todd Vierling <todd.vierling@oracle.com> - 4:20220809-2.20230214.1.0.1
-- ensure UEK also rebuilds initramfs [Orabug: 34280058]
-- add support for UEK7 kernels
-- enable early update for 06-4f-01
-- remove no longer appropriate caveats for 06-2d-07 and 06-55-04
-- enable early and late load on RHCK
-
 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2.20230214.1
 - Update Intel CPU microcode to microcode-20230214 release, addresses
   CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171236,
@@ -689,7 +722,6 @@ rm -rf %{buildroot}
   - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x22 up to
     0x2c (old pf 0x3).
 
->>>>>>> 762178550d1d (Import microcode_ctl-20220809-2.20230214.1.el9_2 for 9.2)
 * Tue Oct 25 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2
 - Change the logger severity level to warning to align with the kmsg one
   (#2136506).