Spectre and Meltdown


#1

So far, every operating system on all devices built in the last 10 years from phones to laptops and desktops to servers are affected by the two processor vulnerabilities, Spectre and Meltdown.
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown?_ga=2.152542201.1536783165.1515144215-1317311919.1511205651
We can expect some GCC and cpu microcode updates soon.

Interesting development at Intel. :slight_smile:


#2

see also http://blog.dustinkirkland.com/2018/01/ubuntu-updates-for-meltdown-spectre.html


#3

Amd is vulnerable only on the first Spectre, Intel on all three. They will try to go around this to soften the vulnerability with the software patches. But we will have to live with the fact that from now on, due to this failure, it will always be possible that when there is a physicall access to the processor and when an appropriate OS without a patch kernel is installed, the memory will be able to be hacked.


#4

Yes, very interesting :slight_smile:


#5

Not only that, but with the current fix, we can expect some decrease in performance. AFAIUI, it should affect mostly cloud/server providers, but still…

Yay for choice: insecure or slow :confused:


#6

I have AMD.

I am sure the next kernel update will address those problems.


#7

I have a question around my head… After this fix, if performance wil decrease, it could be that reduce some innecessary o heavy CPU processes will keep de general speed and performance? Being forced to be more slim? Or any changes that we can do wouldn’t make up for preserve it?
I’m confused…


#8

With this redising in the kernel, every time a program makes a call into the kernel that call will be a little more "expensive". Disk i/o, sending data to the network, opening a file, setting and reading time, device management... If a program does nothing but system calls (like benchmarks) it will take twice as long. Programs that don't make calls that much, maybe 2-3%. Servers maybe 20-30%.


#10

Should give a new lease of life for Ubuntu Mate PowerPC users! No mention of Motorola Power PC chips so far…


#11

@Wimpy

So far nobody has asked the big questions. Why?
Have I missed the news? If so, I am sorry for this post.

Is Ubuntu Mate safe from these problems?
If so which ones?
If not what is being done about it?
When can we expect the fix?

Next let’s quit calling them bugs and call them what they are design flaws.
Plus notice that most of the chip manufactures are drinking from the same cup since they all have the same disease.


#12

Ubuntu are releasing patches tomorrow. You can track progress here:

If you’re interested in this topic I recommend you educate yourselves. The article written by Eben Upton over at the Raspberry Pi Foundation is excellent, and also explains how some CPUs are not actually affected.


#13

Thanks for the link and update.


#14

Running UM16.04 here.
Kernel 4.0.4.108 don't boot in my i3 machine.
Going back to 4.0.4.104 for now...
(Nvidia also updated yesterday, but seems to work fine with 4.0.4.104)


#15

Ubuntu-Mate patches available for most recent releases this morning.

I’ve installed on 17.10 (Kernel 4.13.0-25 after application), with no immediately apparent issues.

However for my 16.04.03 installation there appears to be no Meltdown patches (there are others) available. The 16.04 Meltdown patches apply only to Kernel 4.4 for 16.06 thru 16.04.02.

There appear to be no Meltdown patches for 16.04.03 as this uses the 4.10.0-42 HWE kernel, which is not being patched as it EOL’s next month along with 17.10.

The Rolling HWE will apparently go to 4.13 ‘early’.

But there is no mention of fresh 16.04.03 installs which have 4.10 as the initially installed kernel, and thus presumably is not a Rolling HWE release. Or is it?


#16

Wouldn’t you know it … Just after I posted the above, 4.13 updates came through! Updating now.


#17

Install of 16.04.03 Meltdown update failed with already reported issue Bug #1741671

So I would recommend switching from nVidia to Nouveau driver first - before applying the update.

But if you forget: I was able to switch back to Nouveau before doing the Restart to finish the Security update; then restart, and finally re-enable nVidia 340.012. Without problem.


#18

I never got any update, Im still on 4.10.0-42-generic and it says “No updates available”

I am using Ubuntu Mate LTS 16.04.03

When will my system be getting the patch?


#19

4.0.4.109 boots fine :slight_smile:


#20

As I understand the Ubuntu kernel system, one of these meta packages should have been installed initially:

linux-generic-hwe-16.04-edge (at 4.13.0.26)
linux-generic-hwe-16.04 (at 4.13.0.25)
linux-generic (Original ISO at 4.4.0.109)

The “hwe” ones were at your 4.10 level at one time but should have updated you to 4.13 before these recent changes. I don’t think 4.10 or 4.11 will get any changes.

Perhaps you did something manually or Ubuntu’s system broke some other way. For example, If you remove an active kernel the meta package points to, it will also insist on removing the meta package.

Hope this helps anyone else with similar issues. BTW, no meta package = no kernel updates. The individual version-numbered packages do NOT update by themselves.

HTH


#21

4.4.0.108 on my Dell XPS-8700 desktop tower would NOT shut down power-off or reboot. Today came 4.4.0.109 and that problem is gone. No other issues seen.

It’s against my grain to update kernel AND nVidia drivers at the same time and glad I didn’t. The nVidia change affects boot screens a little bit, nothing important, just different.