Is LTS 4.9.79 patched for spectre

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
deepakdeshp
Level 11
Level 11
Posts: 3928
Joined: Sun Aug 09, 2015 10:00 am

Is LTS 4.9.79 patched for spectre

Post by deepakdeshp » Fri Feb 09, 2018 4:04 am

Hello,
4.9 kernel series is LTS, so is it patched for the vulnerability discovered recently. That is spectre etc.
I am running kernel 4.9.79
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
I am using Mint 19 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Is LTS 4.9.79 patched for spectre

Post by Sir Charles » Fri Feb 09, 2018 4:17 am

Hi deepakdeshp,
Please have a look at:
http://news.softpedia.com/news/linux-ke ... 640.shtml

Edit: you can run grep . /sys/devices/system/cpu/vulnerabilities/* in a terminal to check for these vulnrebalities.
(source: https://www.maketecheasier.com/check-li ... erability/)
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
thx-1138
Level 6
Level 6
Posts: 1275
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Is LTS 4.9.79 patched for spectre

Post by thx-1138 » Fri Feb 09, 2018 4:59 am

deepakdeshp, only the latest 4.4.x & 4.13.x are patched:
https://insights.ubuntu.com/2018/01/12/ ... us-update/

PS: grep . /sys/devices/system/cpu/vulnerabilities/* doesn't exist yet on any patched Ubuntu kernels,
supposedly it will on the next 4.13.33 and above...

Edit: oh, LTS...yes, it should be.

User avatar
michael louwe
Level 9
Level 9
Posts: 2887
Joined: Sun Sep 11, 2016 11:18 pm

Re: Is LTS 4.9.79 patched for spectre

Post by michael louwe » Fri Feb 09, 2018 5:42 am

@ deepakdeshp, .......
deepakdeshp wrote:
Fri Feb 09, 2018 4:04 am
Hello,
4.9 kernel series is LTS, so is it patched for the vulnerability discovered recently. That is spectre etc.
I am running kernel 4.9.79
.
Please refer to this link on why LM/Ubuntu users should not consider Linux kernel 4.9 as LTS, even though kernel.org declares it as LTS ...
viewtopic.php?t=245215
... For LM users, the LTS kernels are 3.13 and 4.4 = 5 years of support from Ubuntu/Canonical Inc, ie support for security updates.

The Retpoline patch for Spectre 2 will likely be coming soon from Ubuntu for kernels 3.13.142, 4.4.113 and 4.13.33 only. LM users on kernel 4.9 will not be getting the Retpoline patch automatically from Ubuntu, ie they will have to get it themselves from kernel.org.

Zorin OS and Puppy Linux are also based on Ubuntu = their developers save on resources. Other Linux distros may follow kernel.org in categorizing their LTS kernels.
Last edited by michael louwe on Fri Feb 09, 2018 6:27 am, edited 3 times in total.

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 5:50 am

michael louwe wrote:
Fri Feb 09, 2018 5:42 am
Please refer to this link on why LM/Ubuntu users should not consider Linux kernel 4.9 as LTS, even though kernel.org declares it as LTS ...
viewtopic.php?t=245215
... For LM users, the LTS kernels are 3.13 and 4.4 = 5 years of support from Ubuntu/Canonical Inc, i.e. support for security updates.
Exactly. It's a common mistake to think that upstream LTS (kernel.org) equals downstream LTS (Ubuntu/Mint).
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

deepakdeshp
Level 11
Level 11
Posts: 3928
Joined: Sun Aug 09, 2015 10:00 am

Re: Is LTS 4.9.79 patched for spectre

Post by deepakdeshp » Fri Feb 09, 2018 7:23 am

michael louwe wrote:
Fri Feb 09, 2018 5:42 am
@ deepakdeshp, .......
deepakdeshp wrote:
Fri Feb 09, 2018 4:04 am
Hello,
4.9 kernel series is LTS, so is it patched for the vulnerability discovered recently. That is spectre etc.
I am running kernel 4.9.79
.
Please refer to this link on why LM/Ubuntu users should not consider Linux kernel 4.9 as LTS, even though kernel.org declares it as LTS ...
viewtopic.php?t=245215
... For LM users, the LTS kernels are 3.13 and 4.4 = 5 years of support from Ubuntu/Canonical Inc, ie support for security updates.

The Retpoline patch for Spectre 2 will likely be coming soon from Ubuntu for kernels 3.13.142, 4.4.113 and 4.13.33 only. LM users on kernel 4.9 will not be getting the Retpoline patch automatically from Ubuntu, ie they will have to get it themselves from kernel.org.

Zorin OS and Puppy Linux are also based on Ubuntu = their developers save on resources. Other Linux distros may follow kernel.org in categorizing their LTS kernels.
I am using Ubuntu update kernel utility to install kernel version 4.9. Does it mean that even though I have installed version 4.9.79, the security patches arent available downstream in Ubuntu but they are only available upstream? Its a bit confusing. One would expect the upstream and downstream versions of 4.79 or any kernel with same number to be the same.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
I am using Mint 19 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 8:19 am

deepakdeshp wrote:
Fri Feb 09, 2018 7:23 am
I am using Ubuntu update kernel utility to install kernel version 4.9. Does it mean that even though I have installed version 4.9.79, the security patches arent available downstream in Ubuntu but they are only available upstream?
Possibly so.
Its a bit confusing. One would expect the upstream and downstream versions of 4.79 or any kernel with same number to be the same.
They're not, and it's indeed confusing.... This is how to compare a downstream kernel number with an upstream kernel number:
https://sites.google.com/site/easylinux ... l-version-
(item 19, right column)
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
thx-1138
Level 6
Level 6
Posts: 1275
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Is LTS 4.9.79 patched for spectre

Post by thx-1138 » Fri Feb 09, 2018 9:10 am

Basically, you can go here, and check the changelogs in question:
eg. from a quick look, i see meltdown mitigations were added in 4.9.75 (Jan 5), and for spectre in 4.9.77 (Jan 17)...
But well, manually digging through past changelogs doesn't exactly make life easier...

deepakdeshp
Level 11
Level 11
Posts: 3928
Joined: Sun Aug 09, 2015 10:00 am

Re: Is LTS 4.9.79 patched for spectre

Post by deepakdeshp » Fri Feb 09, 2018 9:48 am

Pjotr wrote:
Fri Feb 09, 2018 8:19 am
deepakdeshp wrote:
Fri Feb 09, 2018 7:23 am
I am using Ubuntu update kernel utility to install kernel version 4.9. Does it mean that even though I have installed version 4.9.79, the security patches arent available downstream in Ubuntu but they are only available upstream?
Possibly so.
Its a bit confusing. One would expect the upstream and downstream versions of 4.79 or any kernel with same number to be the same.
They're not, and it's indeed confusing.... This is how to compare a downstream kernel number with an upstream kernel number:
https://sites.google.com/site/easylinux ... l-version-
(item 19, right column)
Easylinuxtipsproject is an invaluable site. The lesson today is upstream and downstream kernel numbers do not match.😊
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
I am using Mint 19 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
michael louwe
Level 9
Level 9
Posts: 2887
Joined: Sun Sep 11, 2016 11:18 pm

Re: Is LTS 4.9.79 patched for spectre

Post by michael louwe » Fri Feb 09, 2018 11:00 am

@ deepakdeshp, .......
deepakdeshp wrote:...
.
More information about Ubuntu vs Linux kernels ... https://askubuntu.com/questions/764561/ ... ine-kernel
https://askubuntu.com/questions/37147/w ... tream-kern

AFAIK, kernel 4.9.79 is not available in the Ubuntu/LM repositories. How did you install Linux kernel 4.9.97.? From kernel.org.?

Kernel.org's kernel 4.9 LTS has its EOL in Jan 2019, which is even earlier than Ubuntu's LTS kernel 3.13 = April 2019.

Ubuntu kernel 3.13 LTS and 4.4 LTS should soon be patched for Spectre 2 using the Retpoline feature. At the same time, the Ubuntu repositories and included apps/programs(eg in Software Manager and Synaptic Package Manager) have to be recompiled or updated for Retpoline compatibility.
... If you are running LM on the upstream/mainline Linux kernel 4.9.79 LTS, your Ubuntu repositories and apps/programs will likely not be supported or updated for Retpoline compatibility, even though kernel 4.9.79 has been patched for Spectre 2 with the Retpoline feature by kernel.org.

User avatar
thx-1138
Level 6
Level 6
Posts: 1275
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Is LTS 4.9.79 patched for spectre

Post by thx-1138 » Fri Feb 09, 2018 12:25 pm

Michael, just to note that apps don't 'have' to be recompiled and updated for compatibility - they will still work fine as before with retpoline-built kernels.
As a further extra security measure though, quite a few will probably get recompiled with it enabled (eg. browsers being among the most obvious ones, or say gnome-keyring & password managers etc...)

deepakdeshp
Level 11
Level 11
Posts: 3928
Joined: Sun Aug 09, 2015 10:00 am

Re: Is LTS 4.9.79 patched for spectre

Post by deepakdeshp » Fri Feb 09, 2018 12:36 pm

michael louwe wrote:
Fri Feb 09, 2018 11:00 am
@ deepakdeshp, .......
deepakdeshp wrote:...
.
More information about Ubuntu vs Linux kernels ... https://askubuntu.com/questions/764561/ ... ine-kernel
https://askubuntu.com/questions/37147/w ... tream-kern

AFAIK, kernel 4.9.79 is not available in the Ubuntu/LM repositories. How did you install Linux kernel 4.9.97.? From kernel.org.?

rnel.org's kernel 4.9 LTS has its EOL in Jan 2019, which is even earlier than Ubuntu's LTS kernel 3.13 = April 2019.


...
UKUU utility can see all the kernels, which one can install. It shows installed and running kernels too.Very easy to install kernels using this utility.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
I am using Mint 19 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 1:10 pm

deepakdeshp wrote:
Fri Feb 09, 2018 12:36 pm
UKUU utility can see all the kernels, which one can install. It shows installed and running kernels too.Very easy to install kernels using this utility.
Yes, and very easy to bork your system with them, as well:
By default, Ubuntu systems run with the Ubuntu kernels provided by the Ubuntu repositories. However it is handy to be able to test with unmodified upstream kernels to help locate problems in the Ubuntu kernel patches, or to confirm that upstream has fixed a specific issue. To this end we now offer select upstream kernel builds. These kernels are made from unmodified kernel source but using the Ubuntu kernel configuration files. These are then packaged as Ubuntu .deb files for simple installation.

These kernels are not supported and are not appropriate for production use.
Source: https://wiki.ubuntu.com/Kernel/MainlineBuilds
You should not assume these kernels will be reliable enough for everyday use. You install them at your own risk. Be aware that as these are pure upstream releases they do not include any Ubuntu-specific drivers or patches, nor any proprietary modules or restricted binary drivers.
Source: http://www.omgubuntu.co.uk/2017/02/ukuu ... nel-ubuntu

I think I'll add this UKUU thing to my "ten fatal mistakes" page. It's being used far beyond its intended purpose, namely testing. :shock:
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

deepakdeshp
Level 11
Level 11
Posts: 3928
Joined: Sun Aug 09, 2015 10:00 am

Re: Is LTS 4.9.79 patched for spectre

Post by deepakdeshp » Fri Feb 09, 2018 1:22 pm

@pjotr
Why will the system get borked if a newly installed kernel doesn't work on it? One can always revert back to the working kernel in recovery mode.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
I am using Mint 19 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 1:48 pm

deepakdeshp wrote:
Fri Feb 09, 2018 1:22 pm
@pjotr
Why will the system get borked if a newly installed kernel doesn't work on it? One can always revert back to the working kernel in recovery mode.
That's true. But first of all: one has to know how to boot from an older kernel in case of kernel failure, and secondly: you risk losing important work because of an unstable and unreliable kernel.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
michael louwe
Level 9
Level 9
Posts: 2887
Joined: Sun Sep 11, 2016 11:18 pm

Re: Is LTS 4.9.79 patched for spectre

Post by michael louwe » Fri Feb 09, 2018 2:39 pm

@ deepakdeshp, .......
deepakdeshp wrote:...
.
AFAIK, the Linux kernels from Linus Torvald/kernel.org are the foundation on which all Linux distros are built on, eg Debian(- Ubuntu), ArchLinux, Slack, Fedora, OpenSuse, ChromeOS, Android, etc = like a tall, shiny and beautiful building built on a solid foundation with deep piling, where the users or residents/workers live comfortably and securely.

To save on resources, LM developers rely on the work of Ubuntu developers. To also save on resources, the Ubuntu developers rely on Debian developers and in turn the Debian developers rely on the Linux kernel developers.
... Ubuntu developers worked to make Debian and Linux more user-friendly, especially in terms of GUI. LM is just a fork of Ubuntu, eg forked because of difference in vision or preference.

In deciding which kernel to run, LM users should rely on Ubuntu's decisions and arrangements on how they use and support the Linux kernels from kernel.org. Similarly for users of other Linux distros. Similarly also for the residents/workers in a building. Of course, the residents/workers can choose to move to another building(= like moving to another Linux distro).
... IOW, the Linux users are free to decide on what the Linux distro developers have freely decided on, wrt the Linux kernels from Linus Torvald/kernel.org. Some Linux users have even freely decided to make their own Linux distros but not many succeed.

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 2:46 pm

It's not about freedom. Of course you're free to do as you please, with your own machine and your own Linux Mint. That's not the issue at all. By all means, set your PC on fire if you feel like it. :lol:

The thing is: I want to help people to operate their Linux Mint in such a way, that they can rely on it and that they can enjoy a stable system.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Is LTS 4.9.79 patched for spectre

Post by Sir Charles » Fri Feb 09, 2018 3:13 pm

michael louwe wrote:... IOW, the Linux users are free to decide on what the Linux distro developers have freely decided on, wrt the Linux kernels from Linus Torvald/kernel.org
That's exactly what I did, taking my liberty to choose what kernel to use,
deepakdeshp wrote:UKUU utility can see all the kernels, which one can install. It shows installed and running kernels too.Very easy to install kernels using this utility.
using this very handy tool for installing kernel 4.15 the very day it was released,
Pjotr wrote:The thing is: I want to help people to operate their Linux Mint in such a way, that they can rely on it and that they can enjoy a stable system.
and my system is no less unstable or unreliable than before. What's more, while waiting for the supported kernels to get patched for Spectre 2, I can be running one which is already patched. At least partially, since my CPU won't be receiving any firmware update any time soon, if ever.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Pjotr
Level 20
Level 20
Posts: 11060
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Is LTS 4.9.79 patched for spectre

Post by Pjotr » Fri Feb 09, 2018 3:17 pm

Marziano wrote:
Fri Feb 09, 2018 3:13 pm
and my system is no less unstable or unreliable than before.
Then you're lucky, apparently. But don't think for a minute that your positive experience has any predictive value at all, for other people.

The general advice is valid: do *not* use UKUU for installing kernels for everyday use. Only for testing.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Is LTS 4.9.79 patched for spectre

Post by Sir Charles » Fri Feb 09, 2018 3:29 pm

Pjotr wrote:
Fri Feb 09, 2018 3:17 pm
Then you're lucky, apparently. But don't think for a minute that your positive experience has any predictive value at all, for other people.
The general advice is valid: do *not* use UKUU for installing kernels for everyday use. Only for testing.
I was just giving another perspective based on my positive experience. I don't see what validity the "general advice" has, generalizing from the negativity. If there is statistic data supporting your "general advice", then I can regard my positive experience as a lucky strike :wink:
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Post Reply

Return to “Other topics”