Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Enviado do meu iPhone
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On 06/26/2017 03:01 PM, Holger Levsen wrote: On Mon, Jun 26, 2017 at 02:30:24PM +0200, Benjamin Drung wrote: The same complaint can be said about the AMD microcode updates. quite probably, yes. but that doesn't make any crap any better. Yet, afaik, you use Qubes which recommends Intel and AMD and don't even mind other things (nvidia or amd gpus etc). Things are not going to becoming less crappy if we rant about them and other options are simply not there yet for many of people.
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Hello, On Tue, Jun 27, 2017 at 09:37:01AM +0200, Florian Weimer wrote: > > On Mon, 2017-06-26 at 08:34 +, Holger Levsen wrote: > > Other procesors aren't bug-free, they just don't get as many bug fixes. > > And the fixes aren't documented publicly at all. Similar to the time I was affected by problems with all Intel s3610 and s3710 SSDs which they spent a few weeks denying existed and then said was fixed in a firmware update whose release notes do not mention the issue. When pressed as to the details of the fix they just apologised and said that there hadn't been time to include mention of the problem in the release notes. Not even one line. https://communities.intel.com/thread/77801?start=15=0 It was a big hit to my trust in Intel and I stopped buying s3610 SSDs after this, but I don't expect other manufacturers are any better. Cheers, Andy
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
(updated perl script, it now needs the "liblist-moreutils-perl" package)
On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> > This warning advisory is relevant for users of systems with the Intel
> > processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
> > 7th generation Intel Core processors (desktop, embedded, mobile and
> > HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
> > well as select Intel Pentium processor models.
>
> Attached, you will find a perl script that can help detect if your
> system is affected or not. Many thanks to Uwe Kleine-König for
> suggesting, and writing this script.
Uwe Kleine-König was kind enough to update the perl script to fix the
broken hyper-threading detection. The new version is attached.
NOTE: You may need to install the liblist-moreutils-perl package for the
script to work.
--
Henrique Holschuh
#!/usr/bin/perl
# Copyright 2017 Uwe Kleine-König
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation.
use List::MoreUtils 'uniq';
open(my $cpuinfo, ") {
if (/^$/) {
push @cpus, { %cpu };
undef %cpu;
}
$cpu{'cpunum'} = $1 if /^processor\s*:\s(.*)/;
$cpu{'vendor'} = $1 if /^vendor_id\s*:\s(.*)/;
$cpu{'family'} = $1 if /^cpu family\s*:\s(.*)/;
$cpu{'model'} = $1 if /^model\s*:\s(.*)/;
$cpu{'stepping'} = $1 if /^stepping\s*:\s(.*)/;
$cpu{'microcode'} = $1 if /^microcode\s*:\s(.*)/;
$cpu{'core id'} = $1 if /^core id\s*:\s(.*)/;
}
my $num_cpus = @cpus;
my $num_cores = uniq map { $_->{'core id'} } @cpus;
foreach (@cpus) {
print "cpu " . $_->{cpunum} . ": ";
if ($_->{'vendor'} eq "GenuineIntel" and $_->{'family'} == 6) {
my $model = $_->{'model'};
if ($model == 78 or $model == 94) {
if ($_->{'stepping'} eq "3") {
my $microcoderev = $_->{'microcode'};
print "Your CPU is affected, ";
if (hex($microcoderev) >= 0xb9) {
print "but your microcode is new enough\n";
} elsif ($num_cpus == $num_cores) {
print "but hyper threading is off, which works around the problem\n";
} else {
print "you should install the latest intel-microcode\n";
}
} else {
print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n";
}
} elsif ($model == 85 or $model == 142 or $model == 158) {
print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n";
print "Note: Kaby Lake X-series processors (i7-7740X, etc) are not affected\n";
} else {
print "You're likely not affected\n";
}
} else {
print "You're not affected\n";
}
}
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
* Ben Hutchings: > On Mon, 2017-06-26 at 08:34 +, Holger Levsen wrote: >> On Sun, Jun 25, 2017 at 09:19:36AM -0300, Henrique de Moraes Holschuh wrote: >> [...] >> > Apparently, Intel had indeed found the issue, *documented it* (see >> > below) and *fixed it*. There was no direct feedback to the OCaml >> > people, so they only found about it later. > [...] >> so in conclusion: don't buy intel. At least in future. > [...] > > Other procesors aren't bug-free, they just don't get as many bug fixes. And the fixes aren't documented publicly at all.
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
(updates, hopefully the last ones...) On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote: > Fast-forward a few months, and Mark Shinwell noticed the mention of a > possible fix for a microcode defect with unknown hit-ratio in the > intel-microcode package changelog. He matched it to the issues the > OCaml community were observing, verified that the microcode fix indeed > solved the OCaml issue, and contacted the Debian maintainer about it. There are a few factual incorrections in the advisory text, which were entirely my fault, and for which I apologise. The corrections are below: 1. It was one of the OCaml bug reporters (by the handle of ygrek) who first noticed that the 20170511 microcode update could be relevant, and not Mark Shinwell. 2. Various other bug reporters and OCaml developers, some under request from Mark and some by their own volition, helped out and devoted substantial time to investigating the issue. I apologise to those involved: to "ygrek" for misreading the bug report and attributing to Mark Shinwell the correlation between the SKL150 erratum description and the OCaml compiler issue report; and to all members of the OCaml community that worked on the issue both in the bug report and behind the scenes, for not explicitly crediting their effort. The original OCaml bug report is listed in the references section at the end of the advisory (and also in this update). > Related processor signatures and microcode revisions: > Skylake : 0x406e3, 0x506e3 (fixed in revision 0xb9/0xba and later, > public fix in linux microcode 20170511) > Skylake : 0x50654 (no information, erratum listed) > Kaby Lake : 0x806e9, 0x906e9 (defect still exists in revision 0x48, > fix available as a BIOS/UEFI update) The recently launched "Kaby Lake-X" processors (signature 0x906e9, socket LGA2066) are documented by Intel as *NOT* being affected by the KBL095 defect. This information comes from table 16 of the latest revision of the "7th gen. Core Family specification update" (which is listed in the references section). Please note that the "7th gen. Core i7 X-series processors" (Kaby Lake-X) both support hyper-threading and share the processor signature (family, model number and stepping) with "Kaby Lake-H/S" processors. The tests in the advisory (and also the perl script) will *incorrectly* report Kaby Lake-X processors as affected. References: https://caml.inria.fr/mantis/view.php?id=7452 http://metadata.ftp-master.debian.org/changelogs/non-free/i/intel-microcode/unstable_changelog https://www.intel.com/content/www/us/en/processors/core/desktop-6th-gen-core-family-spec-update.html https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v5-spec-update.html https://www.intel.com/content/www/us/en/products/processors/core/6th-gen-x-series-spec-update.html -- Henrique Holschuh
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, 2017-06-26 at 08:34 +, Holger Levsen wrote: > On Sun, Jun 25, 2017 at 09:19:36AM -0300, Henrique de Moraes Holschuh wrote: > [...] > > Apparently, Intel had indeed found the issue, *documented it* (see > > below) and *fixed it*. There was no direct feedback to the OCaml > > people, so they only found about it later. [...] > so in conclusion: don't buy intel. At least in future. [...] Other procesors aren't bug-free, they just don't get as many bug fixes. Ben. -- Ben Hutchings Never put off till tomorrow what you can avoid all together. signature.asc Description: This is a digitally signed message part
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 06:14:36PM +0500, Andrey Rahmatullin wrote: On Mon, Jun 26, 2017 at 02:08:20PM +0100, Jonathan Dowland wrote: > Yet "don't buy anything" is not a good advice. Have we ruled out all ARM vendors yet? :) Are we still talknig about general-purpose computers? In 2017? Sure we are! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄ Please do not CC me, I am subscribed to the list.
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 02:08:20PM +0100, Jonathan Dowland wrote: > > Yet "don't buy anything" is not a good advice. > Have we ruled out all ARM vendors yet? :) Are we still talknig about general-purpose computers? -- WBR, wRAR signature.asc Description: PGP signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 06:04:43PM +0500, Andrey Rahmatullin wrote: Yet "don't buy anything" is not a good advice. Have we ruled out all ARM vendors yet? :) -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄ Please do not CC me, I am subscribed to the list.
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 01:01:51PM +, Holger Levsen wrote: > > The same complaint can be said about the AMD microcode updates. > quite probably, yes. but that doesn't make any crap any better. Yet "don't buy anything" is not a good advice. -- WBR, wRAR signature.asc Description: PGP signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 02:30:24PM +0200, Benjamin Drung wrote: > The same complaint can be said about the AMD microcode updates. quite probably, yes. but that doesn't make any crap any better. -- cheers, Holger signature.asc Description: Digital signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Am Montag, den 26.06.2017, 08:34 + schrieb Holger Levsen: > On Sun, Jun 25, 2017 at 09:19:36AM -0300, Henrique de Moraes Holschuh > wrote: > [...] > > Apparently, Intel had indeed found the issue, *documented it* (see > > below) and *fixed it*. There was no direct feedback to the OCaml > > people, so they only found about it later. > > [...] > > We do not have enough information at this time to know how much > > software > > out there will trigger this specific defect. > > > > One important point is that the code pattern that triggered the > > issue in > > OCaml was present on gcc-generated code. There were extra > > constraints > > being placed on gcc by OCaml, which would explain why gcc > > apparently > > rarely generates this pattern. > > > > The reported effects of the processor defect were: compiler and > > application crashes, incorrect program behavior, including > > incorrect > > program output. > > > > > > What we know about the microcode updates issued by Intel related to > > these specific errata: > > > > Fixes for processors with signatures[1] 0x406E3 and 0x506E3 are > > available in the Intel public Linux microcode release > > 20170511. This > > will fix only Skylake processors with model 78 stepping 3, and > > model 94 > > stepping 3. The fixed microcode for these two processor models > > reports > > revision 0xb9/0xba, or higher. > > > > Apparently, these errata were fixed by microcode updates issued in > > early > > April/2017. Based on this date range, microcode revision 0x5d/0x5e > > (and > > higher) for Kaby Lake processors with signatures 0x806e9 and > > 0x906e9 > > *might* fix the issue. We do not have confirmation about which > > microcode revision fixes Kaby Lake at this time. > > so in conclusion: don't buy intel. At least in future. In conclusion: don't buy AMD or Intel CPUs. AMD processors have bugs too. Just look at the recent changes to the amd64-microcode package. If you are unlucky, there might not even be a workaround and it can take months to reproduce, find the root cause and fix it. Comparing the patch IDs can give you a hint how many iterations were needed. I don't see much difference between AMD and Intel when comparing Henrique's announcement with my first-hand experience with one of the vendors. > I must say I'm utterly disappointed by this crap. "hey there is a hug > bug, we > dont tell you what it is exactly, or how we fixed it, but YOU MUST > INSTALL THIS > BINARY BLOB TO FIX IT. (and btw, this is for skylake, for kaby lake, > ahem, maybe, > we have no idea, but do install that crap^wblob too.") The same complaint can be said about the AMD microcode updates. -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.dr...@profitbricks.com Web: https://www.profitbricks.com Sitz der Gesellschaft: Berlin. Registergericht: Amtsgericht Charlottenburg, HRB 125506B. Geschäftsführer: Achim Weiss. signature.asc Description: This is a digitally signed message part
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 08:39:10AM -0300, Henrique de Moraes Holschuh wrote: > As far as I know, so far OCaml is the only one that was verified to be > caused by the SKL150 erratum. [...] thanks for providing these details. -- cheers, Holger signature.asc Description: Digital signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, 26 Jun 2017, Holger Levsen wrote: > Are there any other public bug reports which got fixed by this, or is the > ocaml issue the only known issue which gets fixed by installing this microcode > update? As far as I know, so far OCaml is the only one that was verified to be caused by the SKL150 erratum. I got some comments about the advisory after it was published. According to a couple of those, the code pattern that triggers SKL150 is one that is usually avoided [by compilers and hand-optimized assembly] due to performance reasons. Apparently, it is explicitly documented as being slow by Intel optimization manuals. That may well mean the pattern is rare enough that nothing else in Debian is affected. -- Henrique Holschuh
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 01:51:25PM +0500, Andrey Rahmatullin wrote: > > but YOU MUST INSTALL THIS BINARY BLOB > How is it worse than the blobs already in your hardware? it opens the door for targeted attacks. -- cheers, Holger signature.asc Description: Digital signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Mon, Jun 26, 2017 at 08:34:57AM +, Holger Levsen wrote: > but YOU MUST INSTALL THIS BINARY BLOB How is it worse than the blobs already in your hardware? -- WBR, wRAR signature.asc Description: PGP signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Sun, Jun 25, 2017 at 09:19:36AM -0300, Henrique de Moraes Holschuh wrote: [...] > Apparently, Intel had indeed found the issue, *documented it* (see > below) and *fixed it*. There was no direct feedback to the OCaml > people, so they only found about it later. [...] > We do not have enough information at this time to know how much software > out there will trigger this specific defect. > > One important point is that the code pattern that triggered the issue in > OCaml was present on gcc-generated code. There were extra constraints > being placed on gcc by OCaml, which would explain why gcc apparently > rarely generates this pattern. > > The reported effects of the processor defect were: compiler and > application crashes, incorrect program behavior, including incorrect > program output. > > > What we know about the microcode updates issued by Intel related to > these specific errata: > > Fixes for processors with signatures[1] 0x406E3 and 0x506E3 are > available in the Intel public Linux microcode release 20170511. This > will fix only Skylake processors with model 78 stepping 3, and model 94 > stepping 3. The fixed microcode for these two processor models reports > revision 0xb9/0xba, or higher. > > Apparently, these errata were fixed by microcode updates issued in early > April/2017. Based on this date range, microcode revision 0x5d/0x5e (and > higher) for Kaby Lake processors with signatures 0x806e9 and 0x906e9 > *might* fix the issue. We do not have confirmation about which > microcode revision fixes Kaby Lake at this time. so in conclusion: don't buy intel. At least in future. I must say I'm utterly disappointed by this crap. "hey there is a hug bug, we dont tell you what it is exactly, or how we fixed it, but YOU MUST INSTALL THIS BINARY BLOB TO FIX IT. (and btw, this is for skylake, for kaby lake, ahem, maybe, we have no idea, but do install that crap^wblob too.") Are there any other public bug reports which got fixed by this, or is the ocaml issue the only known issue which gets fixed by installing this microcode update? (and I hope this were obvious, but I guess it's not, so: I'm saying Intel sold and still is selling us crap here, not Henrique, who tiredlessly tries to help dealing with that crap. Thank you, Henrique, for this, that's really nice of you.) -- cheers, Holger, hardware *is* software… signature.asc Description: Digital signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Minor update on the issue: The check command provided in the advisory to test for hyper-threading doesn't work: it will always report hyper-theading as enabled. A better command is provided below. Note: this also means the perl script will give some false-positives. I apologise for the inconvenience. On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote: > Once you know your processor model name, you can check the two lists > below: > > * List of Intel processors code-named "Skylake": > http://ark.intel.com/products/codename/37572/Skylake > > * List of Intel processors code-named "Kaby Lake": > http://ark.intel.com/products/codename/82879/Kaby-Lake > > Some of the processors in these two lists are not affected because they > lack hyper-threading support. Run the command below in a command line > shell (e.g. xterm), and it will output a message if hyper-threading is > supported/enabled: > > grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \ > echo "Hyper-threading is supported" The above test (using "grep") does not work, and will always report that hyper-threading is enabled. Please use the "lscpu" utility from the util-linux package in a command line shell (e.g. xterm): lscpu If the lscpu output reports: "Thread(s) per core: 2", that means hyper-threading is enabled and supported. If the lscpu output reports: "Thread(s) per core: 1", that means hyper-threading either disabled or not supported. In this case, the specific defect mentioned in the advisory will not trigger. -- Henrique Holschuh
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
For the record: the email with the perl script doesn't contain malware. The "malware" alert came from an extremely badly configured system that violates every best practice in the field: it sends email to every original recipient (and not just to local users), and it FORGES its headers to look like it was sent by the original sender. -- Henrique Holschuh signature.asc Description: Digital signature
Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> This warning advisory is relevant for users of systems with the Intel
> processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
> 7th generation Intel Core processors (desktop, embedded, mobile and
> HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
> well as select Intel Pentium processor models.
Attached, you will find a perl script that can help detect if your
system is affected or not. Many thanks to Uwe Kleine-König for
suggesting, and writing this script.
--
Henrique Holschuh
#!/usr/bin/perl
# Copyright 2017 Uwe Kleine-König
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation.
open(my $cpuinfo, ") {
if (/^$/) {
print "cpu $cpunum: ";
if ($vendor eq "GenuineIntel" and $family == 6) {
if ($model == 78 or $model == 94) {
if ($stepping eq "3") {
print "Your CPU is affected, ";
if (hex($microcoderev) >= 0xb9) {
print "but your microcode is new enough\n";
} elsif ($hyperthreading ne "on") {
print "but hyper threading is off, which works around the problem\n";
} else {
print "you should install the latest intel-microcode\n";
}
} else {
print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n";
}
} elsif ($model == 85 or $model == 142 or $model == 158) {
print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n";
} else {
print "You're likely not affected\n";
}
} else {
print "You're not affected\n";
}
$cpunum = undef;
$vendor = undef;
$family = undef;
$stepping = undef;
$microcoderev = undef;
$hyperthreading = undef;
next;
}
$cpunum = $1 if /^processor\s*:\s(.*)/;
$vendor = $1 if /^vendor_id\s*:\s(.*)/;
$family = $1 if /^cpu family\s*:\s(.*)/;
$model = $1 if /^model\s*:\s(.*)/;
$stepping = $1 if /^stepping\s*:\s(.*)/;
$microcoderev = $1 if /^microcode\s*:\s(.*)/;
if (/^flags\s*:/) {
if (/^flags\s*:.*\bht\b/) {
$hyperthreading = "on";
} else {
$hyperthreading = "off";
}
}
}
[WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix. SO, WHAT IS THIS ALL ABOUT? --- This advisory is about a processor/microcode defect recently identified on Intel Skylake and Intel Kaby Lake processors with hyper-threading enabled. This defect can, when triggered, cause unpredictable system behavior: it could cause spurious errors, such as application and system misbehavior, data corruption, and data loss. It was brought to the attention of the Debian project that this defect is known to directly affect some Debian stable users (refer to the end of this advisory for details), thus this advisory. Please note that the defect can potentially affect any operating system (it is not restricted to Debian, and it is not restricted to Linux-based systems). It can be either avoided (by disabling hyper-threading), or fixed (by updating the processor microcode). Due to the difficult detection of potentially affected software, and the unpredictable nature of the defect, all users of the affected Intel processors are strongly urged to take action as recommended by this advisory. DO I HAVE AN INTEL SKYLAKE OR KABY LAKE PROCESSOR WITH HYPER-THREADING? --- The earliest of these Intel processor models were launched in September 2015. If your processor is older than that, it will not be an Skylake or Kaby Lake processor and you can just ignore this advisory. If you don't know the model name of your processor(s), the command below will tell you their model names. Run it in a command line shell (e.g. xterm): grep name /proc/cpuinfo | sort -u Once you know your processor model name, you can check the two lists below: * List of Intel processors code-named "Skylake": http://ark.intel.com/products/codename/37572/Skylake * List of Intel processors code-named "Kaby Lake": http://ark.intel.com/products/codename/82879/Kaby-Lake Some of the processors in these two lists are not affected because they lack hyper-threading support. Run the command below in a command line shell (e.g. xterm), and it will output a message if hyper-threading is supported/enabled: grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \ echo "Hyper-threading is supported" Alternatively, use the processor lists above to go to that processor's information page, and the information on hyper-threading will be there. If your processor does not support hyper-threading, you can ignore this advisory. WHAT SHOULD I DO IF I DO HAVE SUCH PROCESSORS? -- Kaby Lake: Users of systems with Intel Kaby Lake processors should immediately *disable* hyper-threading in the BIOS/UEFI configuration. Please consult your computer/motherboard's manual for instructions, or maybe contact your system vendor's support line. The Kaby Lake microcode updates that fix this issue are currently only available to system vendors, so you will need a BIOS/UEFI update to get it. Contact your system vendor: if you are lucky, such a BIOS/UEFI update might already be available, or undergoing beta testing. You want your system vendor to provide a BIOS/UEFI update that fixes "Intel processor errata KBL095, KBW095 or the similar one for my Kaby Lake processor". We strongly recommend that you should not re-enable hyper-threading until you install a BIOS/UEFI update with this fix. Skylake: Users of systems with Intel Skylake processors may have two choices: 1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package with base version 3.20170511.1, and reboot the system. THIS IS THE RECOMMENDED SOLUTION FOR THESE SYSTEMS, AS IT FIXES OTHER PROCESSOR ISSUES AS WELL. Run this command in a command line shell (e.g. xterm) to know the model numbers and steppings of your processor. All processors must be either model 78 or 94, and stepping 3, for the intel-microcode fix to work: grep -E 'model|stepping' /proc/cpuinfo | sort -u If you get any lines with a model number that is neither 78 or 94, or the stepping is not 3, you will have to disable hyper-threading as described on choice 2, below. Refer to the section "INSTALLING THE MICROCODE UPDATES FROM NON-FREE" for instructions on how to install the intel-microcode package. 2. For other
