liske / needrestart

Restart daemons after library updates.

GNU General Public License v2.0

426 stars 67 forks source link

Failing to check for AMD processor microcode upgrades #249

Closed korrat closed 8 months ago

korrat commented 2 years ago

Whenever I run needrestart (version 3.6) on my machine with an AMD processor, I get the message Failed to check for processor microcode upgrades.

sudo needrestart -v -w output:

[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 cpuid 0x00860f01  (/dev/cpu/0/cpuid)
[uCode/AMD] #0 cpuid 0x00860f01  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x08600103
Use of uninitialized value $processor in concatenation (.) or string at /usr/share/perl5/vendor_perl/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version
[uCode/Intel] #0 current revision: 0x8600103
+ iucode_tool --scan-system
+ grep -oE [^[:space:]]+$
+ sig=processor
+ [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
+ filter=-s processor,0x0
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ imgfiles=
+ [ -r /boot/intel-ucode.img ]
+ [ -r /boot/early_ucode.cpio ]
+ [ -n  ]
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ test  = no
+ [ -r /usr/share/misc/intel-microcode* ]
+ iucode_tool -l -s processor,0x0 --ignore-broken -tb /lib/firmware/intel-ucode
+ grep processor
Use of uninitialized value $processor in concatenation (.) or string at /usr/share/perl5/vendor_perl/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version

Failed to check for processor microcode upgrades.

victor-vc commented 2 years ago

I get the same message Failed to check for processor microcode upgrades. when running needrestart (version 3.6 on Gentoo). Here is the needrestart -v -w output:

[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::Intel
[ucode] using NeedRestart::uCode::AMD
[uCode/Intel] #0 current revision: 0xa001173
++ iucode_tool --scan-system
++ grep -oE '[^[:space:]]+$'
+ sig=processor
+ '[' -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ']'
++ cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
+ filter='-s processor,0x0'
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ imgfiles=
+ for img in /boot/intel-ucode.img /boot/early_ucode.cpio
+ '[' -r /boot/intel-ucode.img ']'
+ for img in /boot/intel-ucode.img /boot/early_ucode.cpio
+ '[' -r /boot/early_ucode.cpio ']'
+ '[' -n '' ']'
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ test '' = no
+ '[' -r '/usr/share/misc/intel-microcode*' ']'
+ iucode_tool -l -s processor,0x0 --ignore-broken -tb /lib/firmware/intel-ucode
+ grep processor
Use of uninitialized value $processor in concatenation (.) or string at /usr/lib64/perl5/vendor_perl/5.34/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version
[uCode/AMD] #0 cpuid 0x00a00f11  (/dev/cpu/0/cpuid)
[uCode/AMD] #0 cpuid 0x00a00f11  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x0a001173
[uCode/AMD] cpuid 0x00100f80: found processor id 0x00001080
[uCode/AMD] cpuid 0x00100f81: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f62: found processor id 0x00001062
[uCode/AMD] cpuid 0x00100f23: found processor id 0x00001022
[uCode/AMD] cpuid 0x00100f43: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f91: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f2a: found processor id 0x00001020
[uCode/AMD] cpuid 0x00100f63: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f42: found processor id 0x00001041
[uCode/AMD] cpuid 0x00300f10: found processor id 0x00003010
[uCode/AMD] cpuid 0x00200f31: found processor id 0x00002031
[uCode/AMD] cpuid 0x00100f52: found processor id 0x00001041
[uCode/AMD] cpuid 0x00100fa0: found processor id 0x000010a0
[uCode/AMD] cpuid 0x00100f53: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f22: found processor id 0x00001022
[uCode/AMD] cpuid 0x00500f10: found processor id 0x00005010
[uCode/AMD] cpuid 0x00500f20: found processor id 0x00005020
[uCode/AMD] processor id 0x00001022: available ucode 0x01000083
[uCode/AMD] processor id 0x00001020: available ucode 0x01000084
[uCode/AMD] processor id 0x00001062: available ucode 0x010000c7
[uCode/AMD] processor id 0x00001043: available ucode 0x010000c8
[uCode/AMD] processor id 0x00001081: available ucode 0x010000d9
[uCode/AMD] processor id 0x00001080: available ucode 0x010000da
[uCode/AMD] processor id 0x00001041: available ucode 0x010000db
[uCode/AMD] processor id 0x000010a0: available ucode 0x010000dc
[uCode/AMD] processor id 0x00002031: available ucode 0x02000032
[uCode/AMD] processor id 0x00003010: available ucode 0x03000027
[uCode/AMD] processor id 0x00005010: available ucode 0x05000029
[uCode/AMD] processor id 0x00005020: available ucode 0x05000119
[uCode/AMD] cpuid 0x00600f20: found processor id 0x00006020
[uCode/AMD] cpuid 0x00610f01: found processor id 0x00006101
[uCode/AMD] cpuid 0x00600f12: found processor id 0x00006012
[uCode/AMD] processor id 0x00006012: available ucode 0x0600063e
[uCode/AMD] processor id 0x00006020: available ucode 0x06000852
[uCode/AMD] processor id 0x00006101: available ucode 0x06001119
[uCode/AMD] cpuid 0x00700f01: found processor id 0x00007001
[uCode/AMD] processor id 0x00007001: available ucode 0x0700010f
[uCode/AMD] cpuid 0x00800f82: found processor id 0x00008082
[uCode/AMD] cpuid 0x00800f12: found processor id 0x00008012
[uCode/AMD] cpuid 0x00830f10: found processor id 0x00008310
[uCode/AMD] processor id 0x00008082: available ucode 0x0800820d
[uCode/AMD] processor id 0x00008012: available ucode 0x0800126e
[uCode/AMD] processor id 0x00008310: available ucode 0x08301055
[uCode/AMD] cpuid 0x00a00f10: found processor id 0x0000a010
[uCode/AMD] cpuid 0x00a00f11: found processor id 0x0000a011
[uCode/AMD] cpuid 0x00a00f12: found processor id 0x0000a012
[uCode/AMD] processor id 0x0000a010: available ucode 0x0a001058
[uCode/AMD] processor id 0x0000a011: available ucode 0x0a001173
[uCode/AMD] processor id 0x0000a012: available ucode 0x0a001229
[uCode/AMD] #0 found ucode 0x0a001173

The processor microcode seems to be up-to-date.

jlc3000 commented 1 year ago

Same message « Failed to check for processor microcode upgrades» when running needrestart (version 3.5 on Ubuntu 22.04.1 LTS, GNU/Linux 5.15.0-53-generic x86_64). Here is the needrestart -v -w output:

[main] eval /etc/needrestart/needrestart.conf [main] needrestart v3.5 [main] running in user mode [Core] Using UI 'NeedRestart::UI::stdio'... [main] systemd detected [ucode] using NeedRestart::uCode::AMD [ucode] using NeedRestart::uCode::Intel [uCode/AMD] #0 cpu vendor id mismatch [uCode/Intel] #0 current revision: 0x010d

iucode_tool --scan-system
grep -oE [^[:space:]]+$
sig=0x00030661
[ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
filter=-s 0x00030661,0x8
test -r /etc/needrestart/iucode.sh
. /etc/needrestart/iucode.sh
type bsdtar
IUCODE_TOOL_EXTRA_OPTIONS=
test -r /etc/default/intel-microcode
. /etc/default/intel-microcode
test = no
[ -r /usr/share/misc/intel-microcode* ]
iucode_tool -l -s 0x00030661,0x8 --ignore-broken -tb /lib/firmware/intel-ucode
grep 0x00030661 [uCode/Intel] #0 did not get available microcode version

Failed to check for processor microcode upgrades.

fritz-fritz commented 1 year ago

I'd be happy to help test.

$ lscpu 
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         48 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  12
  On-line CPU(s) list:   0-11
Vendor ID:               AuthenticAMD
  Model name:            AMD Ryzen 5 5600H with Radeon Graphics
    CPU family:          25
    Model:               80
    Thread(s) per core:  2
    Core(s) per socket:  6
    Socket(s):           1
    Stepping:            0
    Frequency boost:     enabled
    CPU(s) scaling MHz:  30%
    CPU max MHz:         4279.6870
    CPU min MHz:         1200.0000
    BogoMIPS:            6587.69
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr s
                         se sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop
                         _tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 
                         movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a
                          misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext p
                         erfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bm
                         i1 avx2 smep bmi2 erms invpcid cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt x
                         savec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsave
                         erptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasi
                         d decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip pku osp
                         ke vaes vpclmulqdq rdpid overflow_recov succor smca fsrm
Virtualization features: 
  Virtualization:        AMD-V
Caches (sum of all):     
  L1d:                   192 KiB (6 instances)
  L1i:                   192 KiB (6 instances)
  L2:                    3 MiB (6 instances)
  L3:                    16 MiB (1 instance)
NUMA:                    
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-11
Vulnerabilities:         
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Not affected
  Retbleed:              Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Retpolines, IBPB conditional, IBRS_FW, STIBP always-on, RSB filling, PBRSB-eIB
                         RS Not affected
  Srbds:                 Not affected
  Tsx async abort:       Not affected

$ needrestart -v -w
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 Failed to open /dev/cpu/0/cpuid (Missed `modprobe cpuid`?): No such file or directory
[uCode/AMD] #0 cpuid 0x00a50f00  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x0a50000c
[uCode/AMD] cpuid 0x00100f80: found processor id 0x00001080
[uCode/AMD] cpuid 0x00100f81: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f62: found processor id 0x00001062
[uCode/AMD] cpuid 0x00100f23: found processor id 0x00001022
[uCode/AMD] cpuid 0x00100f43: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f91: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f2a: found processor id 0x00001020
[uCode/AMD] cpuid 0x00100f63: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f42: found processor id 0x00001041
[uCode/AMD] cpuid 0x00300f10: found processor id 0x00003010
[uCode/AMD] cpuid 0x00200f31: found processor id 0x00002031
[uCode/AMD] cpuid 0x00100f52: found processor id 0x00001041
[uCode/AMD] cpuid 0x00100fa0: found processor id 0x000010a0
[uCode/AMD] cpuid 0x00100f53: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f22: found processor id 0x00001022
[uCode/AMD] cpuid 0x00500f10: found processor id 0x00005010
[uCode/AMD] cpuid 0x00500f20: found processor id 0x00005020
[uCode/AMD] processor id 0x00001022: available ucode 0x01000083
[uCode/AMD] processor id 0x00001020: available ucode 0x01000084
[uCode/AMD] processor id 0x00001062: available ucode 0x010000c7
[uCode/AMD] processor id 0x00001043: available ucode 0x010000c8
[uCode/AMD] processor id 0x00001081: available ucode 0x010000d9
[uCode/AMD] processor id 0x00001080: available ucode 0x010000da
[uCode/AMD] processor id 0x00001041: available ucode 0x010000db
[uCode/AMD] processor id 0x000010a0: available ucode 0x010000dc
[uCode/AMD] processor id 0x00002031: available ucode 0x02000032
[uCode/AMD] processor id 0x00003010: available ucode 0x03000027
[uCode/AMD] processor id 0x00005010: available ucode 0x05000029
[uCode/AMD] processor id 0x00005020: available ucode 0x05000119
[uCode/AMD] cpuid 0x00600f20: found processor id 0x00006020
[uCode/AMD] cpuid 0x00610f01: found processor id 0x00006101
[uCode/AMD] cpuid 0x00600f12: found processor id 0x00006012
[uCode/AMD] processor id 0x00006012: available ucode 0x0600063e
[uCode/AMD] processor id 0x00006020: available ucode 0x06000852
[uCode/AMD] processor id 0x00006101: available ucode 0x06001119
[uCode/AMD] cpuid 0x00700f01: found processor id 0x00007001
[uCode/AMD] processor id 0x00007001: available ucode 0x0700010f
[uCode/AMD] cpuid 0x00800f82: found processor id 0x00008082
[uCode/AMD] cpuid 0x00800f12: found processor id 0x00008012
[uCode/AMD] cpuid 0x00830f10: found processor id 0x00008310
[uCode/AMD] processor id 0x00008082: available ucode 0x0800820d
[uCode/AMD] processor id 0x00008012: available ucode 0x0800126e
[uCode/AMD] processor id 0x00008310: available ucode 0x08301055
[uCode/AMD] cpuid 0x00a00f10: found processor id 0x0000a010
[uCode/AMD] cpuid 0x00a00f11: found processor id 0x0000a011
[uCode/AMD] cpuid 0x00a00f12: found processor id 0x0000a012
[uCode/AMD] processor id 0x0000a010: available ucode 0x0a001058
[uCode/AMD] processor id 0x0000a011: available ucode 0x0a001173
[uCode/AMD] processor id 0x0000a012: available ucode 0x0a001229
Use of uninitialized value $processor in concatenation (.) or string at /usr/share/perl5/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version
[uCode/Intel] #0 current revision: 0xa50000c
+ iucode_tool --scan-system
+ grep -oE [^[:space:]]+$
+ sig=processor
+ [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
+ filter=-s processor,0x0
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ . /etc/default/intel-microcode
+ test  = no
+ [ -r /usr/share/misc/intel-microcode* ]
+ iucode_tool -l -s processor,0x0 --ignore-broken -tb /lib/firmware/intel-ucode
+ grep processor
Use of uninitialized value $processor in concatenation (.) or string at /usr/share/perl5/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version

Failed to check for processor microcode upgrades.

anarcat commented 1 year ago

I have this bug here as well, on a AMD EPYC 75F3 32-Core Processor. What is truly bizarre with this bug is the behavior varies according to -v is specified or not. For example, without, it fails:

root@tb-build-02:~# needrestart  -w
Scanning processor microcode...                                                                                                                                                                          

Failed to check for processor microcode upgrades.

but with it:

root@tb-build-02:~# needrestart  -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] eval /etc/needrestart/conf.d/overrides.conf
[main] eval /etc/needrestart/conf.d/safe-overrides.conf
[main] needrestart v3.6
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::Intel
[ucode] using NeedRestart::uCode::AMD
[uCode/Intel] #0 current revision: 0xa0011ce
+ iucode_tool --scan-system
+ grep -oE [^[:space:]]+$
+ sig=processor
+ [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
+ filter=-s processor,0x0
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ test  = no
+ [ -r /usr/share/misc/intel-microcode* ]
+ grep processor
+ iucode_tool -l -s processor,0x0 --ignore-broken -tb /lib/firmware/intel-ucode
Use of uninitialized value $processor in concatenation (.) or string at /usr/share/perl5/NeedRestart/uCode.pm line 61.
[ucode] # did not get available microcode version
[uCode/AMD] #0 cpuid 0x00a00f11  (/dev/cpu/0/cpuid)
[uCode/AMD] #0 cpuid 0x00a00f11  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x0a0011ce
[uCode/AMD] cpuid 0x00100f80: found processor id 0x00001080
[uCode/AMD] cpuid 0x00100f81: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f62: found processor id 0x00001062
[uCode/AMD] cpuid 0x00100f23: found processor id 0x00001022
[uCode/AMD] cpuid 0x00100f43: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f91: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f2a: found processor id 0x00001020
[uCode/AMD] cpuid 0x00100f63: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f42: found processor id 0x00001041
[uCode/AMD] cpuid 0x00300f10: found processor id 0x00003010
[uCode/AMD] cpuid 0x00200f31: found processor id 0x00002031
[uCode/AMD] cpuid 0x00100f52: found processor id 0x00001041
[uCode/AMD] cpuid 0x00100fa0: found processor id 0x000010a0
[uCode/AMD] cpuid 0x00100f53: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f22: found processor id 0x00001022
[uCode/AMD] cpuid 0x00500f10: found processor id 0x00005010
[uCode/AMD] cpuid 0x00500f20: found processor id 0x00005020
[uCode/AMD] processor id 0x00001022: available ucode 0x01000083
[uCode/AMD] processor id 0x00001020: available ucode 0x01000084
[uCode/AMD] processor id 0x00001062: available ucode 0x010000c7
[uCode/AMD] processor id 0x00001043: available ucode 0x010000c8
[uCode/AMD] processor id 0x00001081: available ucode 0x010000d9
[uCode/AMD] processor id 0x00001080: available ucode 0x010000da
[uCode/AMD] processor id 0x00001041: available ucode 0x010000db
[uCode/AMD] processor id 0x000010a0: available ucode 0x010000dc
[uCode/AMD] processor id 0x00002031: available ucode 0x02000032
[uCode/AMD] processor id 0x00003010: available ucode 0x03000027
[uCode/AMD] processor id 0x00005010: available ucode 0x05000029
[uCode/AMD] processor id 0x00005020: available ucode 0x05000119
[uCode/AMD] cpuid 0x00600f20: found processor id 0x00006020
[uCode/AMD] cpuid 0x00610f01: found processor id 0x00006101
[uCode/AMD] cpuid 0x00600f12: found processor id 0x00006012
[uCode/AMD] processor id 0x00006012: available ucode 0x0600063e
[uCode/AMD] processor id 0x00006020: available ucode 0x06000852
[uCode/AMD] processor id 0x00006101: available ucode 0x06001119
[uCode/AMD] cpuid 0x00700f01: found processor id 0x00007001
[uCode/AMD] processor id 0x00007001: available ucode 0x0700010f
[uCode/AMD] cpuid 0x00800f82: found processor id 0x00008082
[uCode/AMD] cpuid 0x00830f10: found processor id 0x00008310
[uCode/AMD] cpuid 0x008a0f00: found processor id 0x00008a00
[uCode/AMD] cpuid 0x00800f12: found processor id 0x00008012
[uCode/AMD] processor id 0x00008082: available ucode 0x0800820d
[uCode/AMD] processor id 0x00008310: available ucode 0x0830107a
[uCode/AMD] processor id 0x00008a00: available ucode 0x08a00008
[uCode/AMD] processor id 0x00008012: available ucode 0x0800126e
[uCode/AMD] cpuid 0x00a00f11: found processor id 0x0000a011
[uCode/AMD] cpuid 0x00a00f10: found processor id 0x0000a010
[uCode/AMD] cpuid 0x00a00f12: found processor id 0x0000a012
[uCode/AMD] processor id 0x0000a011: available ucode 0x0a0011d1
[uCode/AMD] processor id 0x0000a010: available ucode 0x0a001079
[uCode/AMD] processor id 0x0000a012: available ucode 0x0a001234
[uCode/AMD] #0 found ucode 0x0a0011d1

Pending processor microcode upgrade!

Diagnostics:
  The currently running processor microcode revision is 0x0a0011ce which is not the expected microcode revision 0x0a0011d1.

Restarting the system to load the new processor microcode will not be handled automatically, so you should consider rebooting. [Return]

... it succeeds! weird no?

skwerlman commented 1 year ago

huh! i am also seeing this behavior! its working for me now on an AMD Threadripper 2950x

a5% sudo needrestart -w  
[sudo] password for sk: 
Scanning processor microcode...

Failed to check for processor microcode upgrades.

a5% sudo needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 cpuid 0x00800f82  (/dev/cpu/0/cpuid)
[uCode/AMD] #0 cpuid 0x00800f82  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x0800820d
[uCode/AMD] cpuid 0x00100f80: found processor id 0x00001080
[uCode/AMD] cpuid 0x00100f81: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f62: found processor id 0x00001062
[uCode/AMD] cpuid 0x00100f23: found processor id 0x00001022
[uCode/AMD] cpuid 0x00100f43: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f91: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f2a: found processor id 0x00001020
[uCode/AMD] cpuid 0x00100f63: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f42: found processor id 0x00001041
[uCode/AMD] cpuid 0x00300f10: found processor id 0x00003010
[uCode/AMD] cpuid 0x00200f31: found processor id 0x00002031
[uCode/AMD] cpuid 0x00100f52: found processor id 0x00001041
[uCode/AMD] cpuid 0x00100fa0: found processor id 0x000010a0
[uCode/AMD] cpuid 0x00100f53: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f22: found processor id 0x00001022
[uCode/AMD] cpuid 0x00500f10: found processor id 0x00005010
[uCode/AMD] cpuid 0x00500f20: found processor id 0x00005020
[uCode/AMD] processor id 0x00001022: available ucode 0x01000083
[uCode/AMD] processor id 0x00001020: available ucode 0x01000084
[uCode/AMD] processor id 0x00001062: available ucode 0x010000c7
[uCode/AMD] processor id 0x00001043: available ucode 0x010000c8
[uCode/AMD] processor id 0x00001081: available ucode 0x010000d9
[uCode/AMD] processor id 0x00001080: available ucode 0x010000da
[uCode/AMD] processor id 0x00001041: available ucode 0x010000db
[uCode/AMD] processor id 0x000010a0: available ucode 0x010000dc
[uCode/AMD] processor id 0x00002031: available ucode 0x02000032
[uCode/AMD] processor id 0x00003010: available ucode 0x03000027
[uCode/AMD] processor id 0x00005010: available ucode 0x05000029
[uCode/AMD] processor id 0x00005020: available ucode 0x05000119
[uCode/AMD] cpuid 0x00600f20: found processor id 0x00006020
[uCode/AMD] cpuid 0x00610f01: found processor id 0x00006101
[uCode/AMD] cpuid 0x00600f12: found processor id 0x00006012
[uCode/AMD] processor id 0x00006012: available ucode 0x0600063e
[uCode/AMD] processor id 0x00006020: available ucode 0x06000852
[uCode/AMD] processor id 0x00006101: available ucode 0x06001119
[uCode/AMD] cpuid 0x00700f01: found processor id 0x00007001
[uCode/AMD] processor id 0x00007001: available ucode 0x0700010f
[uCode/AMD] cpuid 0x00800f82: found processor id 0x00008082
[uCode/AMD] cpuid 0x00830f10: found processor id 0x00008310
[uCode/AMD] cpuid 0x008a0f00: found processor id 0x00008a00
[uCode/AMD] cpuid 0x00800f12: found processor id 0x00008012
[uCode/AMD] processor id 0x00008082: available ucode 0x0800820d
[uCode/AMD] processor id 0x00008310: available ucode 0x0830107a
[uCode/AMD] processor id 0x00008a00: available ucode 0x08a00008
[uCode/AMD] processor id 0x00008012: available ucode 0x0800126e
[uCode/AMD] cpuid 0x00a10f11: found processor id 0x0000a111
[uCode/AMD] cpuid 0x00a10f12: found processor id 0x0000a112
[uCode/AMD] cpuid 0x00aa0f02: found processor id 0x0000aa02
[uCode/AMD] cpuid 0x00a00f11: found processor id 0x0000a011
[uCode/AMD] cpuid 0x00a00f10: found processor id 0x0000a010
[uCode/AMD] cpuid 0x00a00f12: found processor id 0x0000a012
[uCode/AMD] cpuid 0x00aa0f01: found processor id 0x0000aa01
[uCode/AMD] processor id 0x0000a111: available ucode 0x0a10113e
[uCode/AMD] processor id 0x0000a112: available ucode 0x0a10123e
[uCode/AMD] processor id 0x0000aa02: available ucode 0x0aa00212
[uCode/AMD] processor id 0x0000a011: available ucode 0x0a0011d1
[uCode/AMD] processor id 0x0000a010: available ucode 0x0a001079
[uCode/AMD] processor id 0x0000a012: available ucode 0x0a001234
[uCode/AMD] processor id 0x0000aa01: available ucode 0x0aa00116
[uCode/AMD] #0 found ucode 0x0800820d
[uCode/Intel] #0 current revision: 0x800820d
++ iucode_tool --scan-system
++ grep -oE '[^[:space:]]+$'
+ sig=processor
+ '[' -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ']'
++ cat /sys/devices/system/cpu/cpu0/microcode/processor_flags
+ filter='-s processor,0x0'
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ imgfiles=
+ for img in /boot/intel-ucode.img /boot/early_ucode.cpio
+ '[' -r /boot/intel-ucode.img ']'
+ for img in /boot/intel-ucode.img /boot/early_ucode.cpio
+ '[' -r /boot/early_ucode.cpio ']'
+ '[' -n '' ']'
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ test '' = no
+ '[' -r '/usr/share/misc/intel-microcode*' ']'
+ iucode_tool -l -s processor,0x0 --ignore-broken -tb /lib/firmware/intel-ucode
+ grep processor
[ucode] #0 did not get available microcode version

The processor microcode seems to be up-to-date.

dillfrescott commented 1 year ago

Any fixes for this yet?

fritz-fritz commented 12 months ago

I added some debugging code to my AMD.pm to try and figure out why it can't get available microcode version.

      # get microcode version of cpu
      my $ucode = hex( $info->{microcode} );
      printf( STDERR "$LOGPREF #$info->{processor} running ucode 0x%08x\n", $ucode ) if ($debug);

      unless ( defined($_ucodes) ) {
          _scan_ucodes( $debug );
      }

      my %vars = ( CURRENT => sprintf( "0x%08x", $ucode ), );

+    print STDERR "Checking ucodes for cpuid: $cpuid\nScanning _ucodes:\n";
+    foreach my $pkg_cpuid (keys %{$_ucodes->{cpuid}}) {
+        print STDERR "cpuid: $pkg_cpuid, prid: $_ucodes->{cpuid}->{$pkg_cpuid}\n";
+    }

      # check for microcode updates
      if ( exists( $_ucodes->{cpuid}->{$cpuid} ) ) {
          my $prid = $_ucodes->{cpuid}->{$cpuid};
          if ( exists( $_ucodes->{prid}->{$prid} ) ) {
              $vars{AVAIL} = sprintf( "0x%08x", $_ucodes->{prid}->{$prid} ),
              print STDERR "$LOGPREF #$info->{processor} found ucode $vars{AVAIL}\n" if ($debug)
          }
      }

      return %vars;
  }

  1;

which leaves me with the below output:

$ sudo needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 cpuid 0x00a50f00  (/dev/cpu/0/cpuid)
[uCode/AMD] #0 cpuid 0x00a50f00  (/proc/cpuinfo)
[uCode/AMD] #0 running ucode 0x0a50000d
[uCode/AMD] cpuid 0x00100f80: found processor id 0x00001080
[uCode/AMD] cpuid 0x00100f81: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f62: found processor id 0x00001062
[uCode/AMD] cpuid 0x00100f23: found processor id 0x00001022
[uCode/AMD] cpuid 0x00100f43: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f91: found processor id 0x00001081
[uCode/AMD] cpuid 0x00100f2a: found processor id 0x00001020
[uCode/AMD] cpuid 0x00100f63: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f42: found processor id 0x00001041
[uCode/AMD] cpuid 0x00300f10: found processor id 0x00003010
[uCode/AMD] cpuid 0x00200f31: found processor id 0x00002031
[uCode/AMD] cpuid 0x00100f52: found processor id 0x00001041
[uCode/AMD] cpuid 0x00100fa0: found processor id 0x000010a0
[uCode/AMD] cpuid 0x00100f53: found processor id 0x00001043
[uCode/AMD] cpuid 0x00100f22: found processor id 0x00001022
[uCode/AMD] cpuid 0x00500f10: found processor id 0x00005010
[uCode/AMD] cpuid 0x00500f20: found processor id 0x00005020
[uCode/AMD] processor id 0x00001022: available ucode 0x01000083
[uCode/AMD] processor id 0x00001020: available ucode 0x01000084
[uCode/AMD] processor id 0x00001062: available ucode 0x010000c7
[uCode/AMD] processor id 0x00001043: available ucode 0x010000c8
[uCode/AMD] processor id 0x00001081: available ucode 0x010000d9
[uCode/AMD] processor id 0x00001080: available ucode 0x010000da
[uCode/AMD] processor id 0x00001041: available ucode 0x010000db
[uCode/AMD] processor id 0x000010a0: available ucode 0x010000dc
[uCode/AMD] processor id 0x00002031: available ucode 0x02000032
[uCode/AMD] processor id 0x00003010: available ucode 0x03000027
[uCode/AMD] processor id 0x00005010: available ucode 0x05000029
[uCode/AMD] processor id 0x00005020: available ucode 0x05000119
[uCode/AMD] cpuid 0x00600f20: found processor id 0x00006020
[uCode/AMD] cpuid 0x00610f01: found processor id 0x00006101
[uCode/AMD] cpuid 0x00600f12: found processor id 0x00006012
[uCode/AMD] processor id 0x00006012: available ucode 0x0600063e
[uCode/AMD] processor id 0x00006020: available ucode 0x06000852
[uCode/AMD] processor id 0x00006101: available ucode 0x06001119
[uCode/AMD] cpuid 0x00700f01: found processor id 0x00007001
[uCode/AMD] processor id 0x00007001: available ucode 0x0700010f
[uCode/AMD] cpuid 0x00800f82: found processor id 0x00008082
[uCode/AMD] cpuid 0x00830f10: found processor id 0x00008310
[uCode/AMD] cpuid 0x008a0f00: found processor id 0x00008a00
[uCode/AMD] cpuid 0x00800f12: found processor id 0x00008012
[uCode/AMD] processor id 0x00008082: available ucode 0x0800820d
[uCode/AMD] processor id 0x00008310: available ucode 0x0830107a
[uCode/AMD] processor id 0x00008a00: available ucode 0x08a00008
[uCode/AMD] processor id 0x00008012: available ucode 0x0800126e
[uCode/AMD] cpuid 0x00a10f11: found processor id 0x0000a111
[uCode/AMD] cpuid 0x00a10f12: found processor id 0x0000a112
[uCode/AMD] cpuid 0x00aa0f02: found processor id 0x0000aa02
[uCode/AMD] cpuid 0x00a00f11: found processor id 0x0000a011
[uCode/AMD] cpuid 0x00a00f10: found processor id 0x0000a010
[uCode/AMD] cpuid 0x00a00f12: found processor id 0x0000a012
[uCode/AMD] cpuid 0x00aa0f01: found processor id 0x0000aa01
[uCode/AMD] processor id 0x0000a111: available ucode 0x0a10113e
[uCode/AMD] processor id 0x0000a112: available ucode 0x0a10123e
[uCode/AMD] processor id 0x0000aa02: available ucode 0x0aa00212
[uCode/AMD] processor id 0x0000a011: available ucode 0x0a0011d1
[uCode/AMD] processor id 0x0000a010: available ucode 0x0a001079
[uCode/AMD] processor id 0x0000a012: available ucode 0x0a001234
[uCode/AMD] processor id 0x0000aa01: available ucode 0x0aa00116
Checking ucodes for cpuid: 10817280
Scanning _ucodes:
cpuid: 1052576, prid: 4256
cpuid: 8589072, prid: 33552
cpuid: 10489616, prid: 40976
cpuid: 1052545, prid: 4225
cpuid: 6360833, prid: 24833
cpuid: 5246736, prid: 20496
cpuid: 1052458, prid: 4128
cpuid: 8392466, prid: 32786
cpuid: 1052451, prid: 4130
cpuid: 1052544, prid: 4224
cpuid: 10555154, prid: 41234
cpuid: 10555153, prid: 41233
cpuid: 5246752, prid: 20512
cpuid: 9047808, prid: 35328
cpuid: 1052483, prid: 4163
cpuid: 1052482, prid: 4161
cpuid: 2101041, prid: 8241
cpuid: 6295314, prid: 24594
cpuid: 3149584, prid: 12304
cpuid: 11144961, prid: 43521
cpuid: 8392578, prid: 32898
cpuid: 1052515, prid: 4163
cpuid: 10489618, prid: 40978
cpuid: 7343873, prid: 28673
cpuid: 1052514, prid: 4194
cpuid: 10489617, prid: 40977
cpuid: 6295328, prid: 24608
cpuid: 1052450, prid: 4130
cpuid: 1052561, prid: 4225
cpuid: 11144962, prid: 43522
cpuid: 1052499, prid: 4163
cpuid: 1052498, prid: 4161
[ucode] #0 did not get available microcode version
[uCode/Intel] #0 cpu vendor id mismatch

Failed to check for processor microcode upgrades.

Now, this is all pretty new to me but it looks to me like the _ucode_scan is decoding the microcode incorrectly if i can't find a match to my cpuid?

My amd-ucode files look to be up to date:

$ ls -la /lib/firmware/amd-ucode
total 124
drwxr-xr-x  2 root root  4096 Oct 20 02:05 .
drwxr-xr-x 43 root root 32768 Aug 30 18:04 ..
-rw-r--r--  1 root root 12684 Oct 13 00:58 microcode_amd.bin
-rw-r--r--  1 root root  7876 Oct 13 00:58 microcode_amd_fam15h.bin
-rw-r--r--  1 root root  3510 Oct 13 00:58 microcode_amd_fam16h.bin
-rw-r--r--  1 root root 12924 Oct 13 00:58 microcode_amd_fam17h.bin
-rw-r--r--  1 root root 39172 Oct 13 00:58 microcode_amd_fam19h.bin

fritz-fritz commented 12 months ago

Okay after digging further, I verified that none of the patches in the latest amd-ucode cover my CPU.

According to the Arch Wiki this is fairly normal for relatively new CPUs.

226 Changed the default logic for AMD and Intel microcode checks by consolidating the comparison into uCode.pm. Now, if there isn't a uCode patch available, it defaults to NRM_UNKNOWN. This on the surface seems logical, for the mentioned use case where there isn't any microcode patches downloaded to check. However, since a CPU that has never been issued a patch would be considered current and would fail this check winding up as NRM_UNKNOWN, I suggest we rework the CURRENT/UNKNOWN/OBSOLETE methodology and set NRM_CURRENT if there isn't a matching patch but the scan returned patches OR if the current ucode is greater or equal the patch.

I'll submit a pull request shortly.

anarcat commented 11 months ago

FWIW, this has been filed on Debian's side as well:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013285

anarcat commented 11 months ago

285 doesn't fix the issue for us.

anarcat commented 11 months ago

i think i found the problem, and it seems to date from all the way back when AMD checks were implemented, in f3dd146a5236e12965851b745d3a0ef7d3c81df6. Looks closely at this code:

https://github.com/liske/needrestart/blob/f3dd146a5236e12965851b745d3a0ef7d3c81df6/perl/lib/NeedRestart/uCode/AMD.pm#L182-L184

Notice the comma at the end of line 182? That makes the entire assignment there depend on whether or not debug is set! This is why the check works with -v but fails without!

I'll work on a patch now, see #288.

anarcat commented 11 months ago

so there's two situations here:

AMD processors with valid microcode updates fail to report CURRENT because of a flaw in the logic without -v, that is fixed by #288
AMD (and Intel!) processors that do not have any firmware matching their CPU model available report UNKNOWN. I'm not sure we should fix that issue.

To expand on the latter, if we want to not report UNKNOWN on missing "available" firmware, we should do this higher up in the stack, so that Intel and AMD behave the same. that would be like this:

modified   perl/lib/NeedRestart/uCode.pm
@@ -52,18 +52,15 @@ my $LOGPREF = '[ucode]';
 sub compare_ucode_versions {
     my ($debug, $processor, %vars) = @_;

-    unless ( exists( $vars{CURRENT} ) && exists( $vars{AVAIL} ) ) {
+    unless ( exists( $vars{CURRENT} ) ) {
         print STDERR
        "$LOGPREF #$processor did not get current microcode version\n"
        if ( $debug && !exists( $vars{CURRENT} ) );
-        print STDERR
-       "$LOGPREF #$processor did not get available microcode version\n"
-       if ( $debug && !exists( $vars{AVAIL} ) );

         return NRM_UNKNOWN;
     }

-    if ( hex( $vars{CURRENT} ) >= hex( $vars{AVAIL} ) ) {
+    if ( !exists( $vars{AVAIL} ) || hex( $vars{CURRENT} ) >= hex( $vars{AVAIL} ) ) {
         return NRM_CURRENT;
     }

but i'm not sure that's the right approach, as the "UNKNOWN" state for missing available is done quite explicitly here and has been reliably so in the code's history (https://github.com/liske/needrestart/pull/98, https://github.com/liske/needrestart/commit/f3dd146a5236e12965851b745d3a0ef7d3c81df6 and https://github.com/liske/needrestart/pull/226).

so, it's pretty simple: what should we do when we have a CPU but don't have any firmware file for it, out of date or not? right now we report UNKNOWN, deliberately, should that change? if we should, apply the above patch, if not, current behavior is correct, provided that #288 is applied naturlly.

stbuehler commented 11 months ago

so, it's pretty simple: what should we do when we have a CPU but don't have any firmware file for it, out of date or not? right now we report UNKNOWN, deliberately, should that change? if we should, apply the above patch, if not, current behavior is correct, provided that #288 is applied naturlly.

As already said in #274 I think this is quite clear: UNKNOWN in nagios/icinga means you need to fix something. If needrestart continues to report UNKNOWN, the only "fix" is to completely disable the check, meaning you will never get an "outdated microcode" result, even if one day your microcode package starts including microcode for your CPU. I don't see how this behavior could be useful to anyone.

An UNKNOWN for "you should install the appropriate microcode package" on the other hand is fine; even if the package doesn't contain microcode for the CPU yet, you still should install it.

anarcat commented 11 months ago

On 2023-11-18 05:04:15, Stefan Bühler wrote:

so, it's pretty simple: what should we do when we have a CPU but don't have any firmware file for it, out of date or not? right now we report UNKNOWN, deliberately, should that change? if we should, apply the above patch, if not, current behavior is correct, provided that #288 is applied naturlly.

As already said in #274 I think this is quite clear: UNKNOWN in nagios/icinga means you need to fix something. If needrestart continues to report UNKNOWN, the only "fix" is to completely disable the check, meaning you will never get an "outdated microcode" result, even if one day your microcode package starts including microcode for your CPU. I don't see how this behavior could be useful to anyone.

An UNKNOWN for "you should install the appropriate microcode package" on the other hand is fine; even if the package doesn't contain microcode for the CPU yet, you still should install it.

Yeah, I think I actually agree with this.

fritz-fritz commented 11 months ago

Haven’t had time to really dig back into this but wanted to point out that Nagios is not the only place needrestart is used. For example, it runs anytime I do an apt upgrade or install. The change I proposed was to change the logic so that if no microcode exists on the system it reports unknown but if microcode exists and simply doesn’t apply to the cpu then it assumes current. This to my mind follows the logic of the microcode packagers. Clearly, there’s room for this to be wrong though and would need an external source of truth for verification, but should more accurately represent status than just defaulting unknown.

stbuehler commented 11 months ago

When we're talking about UNKNOWN, we're talking about the nagios plugin mode (and the exit status associated with it).

In interactive apt the microcode part is only about what to print to the terminal (afaik there are no actions involved, or at least the UNKNOWN path won't run them) and can use more verbose messages (I don't have strong opinions about those).

anarcat commented 11 months ago

okay, so i've reviewed the patch i quickly wrote above and made another PR (#290) to avoid warning when we don't have available firmware. i think it represents the consensus that's emerging here, but let me know if i'm wrong, preferably in the PR.