CPU at 100% but no process uses the CPU

vog · July 11, 2023, 5:15pm

Hello, I have been using Qubes OS on a Purism Librem Laptop for the last year and a half and I think it is great.
But I think it still has some issues with stability and maybe even security in extreme cases.

One problem is that sometimes a “phantom” process seems to be using up all the CPU when using Qubes OS 4.1. It happens like this:
-the cpu fan suddenly ramps up to maximum.
-the mouse and the whole system becomes sluggish.
-no vm is above 1% cpu ussage and TOP shows just 2-10% CPU ussage in Dom0.
-I tryed restarting qubes os but the problem persists.
-only fix is to power down the laptop completely and restart the os.

1)Could this be an attack?
2)Is there any way to debug the problem? I can’t seem to find anything in the logs.

Is anyone having similar issues or knows how to debug them?

System: Purism Librem 13 Laptop v3 with disabled the Intel Management engine and coreboot BIOS.
OS: Qubes OS 4.1 (R4.1) Xen 4.14.4

FranklyFlawless · July 11, 2023, 11:55pm

Well the first thing I would do is clean the laptop internals. I had a lot of dust stuck in the fans on my Librem 14.

Another task would be to upgrade Coreboot/PureBoot, and the EC firmware, if not done so already.

If you do not have anything important on Qubes OS, you can reinstall it completely and see if that solves the issue.

vog · July 12, 2023, 6:58am

This problem happened since the first day I started using the laptop so it’s probably not it.

Upgrading Coreboot while having only Qubes OS installed on the system is notoriously difficult but I’m working on it.

I have a lot of data saved in Qubes ATM so I would like to keep reinstalling Qubes as a last resort.

FranklyFlawless · July 12, 2023, 8:36am

Use a live USB with PureOS 10.3 installed for handling low-level tasks like these. Follow the instructions below to update Coreboot.

Well this is a great time to consider external encrypted backups, if you have not done so already. Disconnect from the Internet using the hardware kill switches, and other hardware peripherals before transferring files.

fsflover · July 12, 2023, 5:41pm

Qubes allows easy backup and restore of VMs, so all your data will be kept. Although I doubt that it would solve your original problem.

fsflover · July 12, 2023, 5:43pm

See also: How to update coreboot offline.

This is very insecure, compared to what Qubes OS offers: you directly connect your BIOS to the Internet, while on Qubes you never go online in the Admin VM and never even run there anything.

Privacy2 · July 13, 2023, 2:47pm

Use xentop instead of top and do it using sudo (or as root).

FranklyFlawless · July 14, 2023, 8:06am

Well usually when I do this I also update all firmware, wipe/purge all NVME drives, clean out the hardware, and reconfigure everything from scratch.

fsflover · July 14, 2023, 9:23am

Do you also clean and verify the WiFi firmware? Even if you do, you open a huge attack surface, since vulnerabilities in it are found quite frequently. And the security-critical code in Linux is huge, compared with Qubes.

FranklyFlawless · July 14, 2023, 11:57pm

No, I do not install proprietary firmware unless I have no choice. In this case, “all” firmware means:

Boot firmware
Embedded controller
NVME controller(s)

My rule is that if the hardware already requires proprietary firmware to use it, then I can choose whether or not to upgrade it after reading release notes, and accepting or denying trust in the vendor.